I can do the following with ldapsearch notice the filter: Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=eiuad,dc=eiu,dc=edu> with scope subtree # filter: (&(sAMAccountName=blmurphy)) # requesting: ALL #
# Murphy\2C Brian, ITS Employees, Employee Accounts, EIU USERS, eiuad.eiu.edu dn: CN=Murphy\, Brian,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=ei uad,DC=eiu,DC=edu objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Murphy, Brian sn: Murphy title: Associate Director description: Information Technology Services physicalDeliveryOfficeName: Technical Support & Operations telephoneNumber: 581-7618 givenName: Brian distinguishedName: CN=Murphy\, Brian,OU=ITS Employees,OU=Employee Accounts,OU= EIU USERS,DC=eiuad,DC=eiu,DC=edu instanceType: 4 whenCreated: 20011219230613.0Z whenChanged: 20110829133938.0Z displayName: Murphy, Brian uSNCreated: 43124 info: Associate Director - higher limits allowed memberOf: CN=RT_Access,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Outlook SSL Change,OU=GPO Scripting Groups,OU=Groups,DC=eiuad,DC= eiu,DC=edu memberOf: CN=Hyperic Administrators,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Global Psynch Helpdesk Staff,OU=ITS Groups,OU=Business Affairs Re source Sharing Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Xythos Users,OU=Groups,DC=eiuad,DC=eiu,DC=edu memberOf: CN=ITS group for Xythos sharing,OU=ITS Groups,OU=Business Affairs Re source Sharing Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=BannerINBJavaUpdater,OU=Groups,DC=eiuad,DC=eiu,DC=edu memberOf: CN=ITS PLs Prgmrs,OU=ITS Groups,OU=Business Affairs Resource Sharing Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=ITSDEPT,OU=ITS Groups,OU=Business Affairs Resource Sharing Groups ,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Tech Support,OU=ITS Groups,OU=Business Affairs Resource Sharing G roups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Systems & Tech Supt,OU=ITS Groups,OU=Business Affairs Resource Sh aring Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Server Ops,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu memberOf: CN=ONORDER,OU=ITS Groups,OU=Business Affairs Resource Sharing Groups ,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=ILOM Admins,OU=Infrastructure Management,OU=Groups,DC=eiuad,DC=ei u,DC=edu memberOf: CN=Brian Murphys Group,OU=ITS Groups,OU=Business Affairs Resource Sh aring Groups,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Others,OU=EISE Project,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC =eiu,DC=edu memberOf: CN=Degree Audit Process Team,OU=EISE Project,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=EIU Faculty and Staff for Citrix Access,OU=Citrix,DC=eiuad,DC=eiu ,DC=edu memberOf: CN=DISASTER,OU=ITS Groups,OU=Business Affairs Resource Sharing Group s,OU=EIU RESOURCE SHARING GROUPS,DC=eiuad,DC=eiu,DC=edu memberOf: CN=SECURITY,OU=Lumpkin Hall Computer Labs,DC=eiuad,DC=eiu,DC=edu memberOf: CN=Backup Operators,CN=Builtin,DC=eiuad,DC=eiu,DC=edu uSNChanged: 12145001 department: Information Technology Services company: Eastern Illinois University streetAddress:: U3R1ZGVudCBTZXJ2aWNlcyBCdWlsZGluZw0KQjk= directReports: CN=Bensley\, Brett,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu directReports: CN=Clayton\, Allen,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu directReports: CN=Wilson\, Julie,OU=Net Admin OU,OU=Sensitive,DC=eiuad,DC=eiu, DC=edu name: Murphy, Brian objectGUID:: RlmmJv+FGEWZvik8YlZYmw== userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 129495066522016517 lastLogoff: 0 lastLogon: 129591191145074682 logonHours:: //////////////////////////// pwdLastSet: 129470205541973909 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAkDCgJUtYtjLperlb6gMAAA== adminCount: 1 accountExpires: 0 logonCount: 122 sAMAccountName: blmurphy sAMAccountType: 805306368 userPrincipalName: blmur...@eiuad.eiu.edu lockoutTime: 0 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=eiuad,DC=eiu,DC=edu dSCorePropagationData: 20110809183717.0Z dSCorePropagationData: 20110803191151.0Z dSCorePropagationData: 20110628195950.0Z dSCorePropagationData: 20110525205317.0Z dSCorePropagationData: 16010714223651.0Z lastLogonTimestamp: 129590987787492303 mail: blmur...@eiu.edu # search reference ref: ldap://DomainDnsZones.eiuad.eiu.edu/DC=DomainDnsZones,DC=eiuad,DC=eiu,DC= edu # search reference ref: ldap://ForestDnsZones.eiuad.eiu.edu/DC=ForestDnsZones,DC=eiuad,DC=eiu,DC= edu # search reference ref: ldap://eiuad.eiu.edu/CN=Configuration,DC=eiuad,DC=eiu,DC=edu # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 1 # numReferences: 3 ----- Original Message ----- From: "Brian Murphy" <blmur...@eiu.edu> To: rt-users@lists.bestpractical.com Sent: Tuesday, August 30, 2011 10:08:56 AM Subject: Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl A bit confused about that whole filter thing. If I specify objectClass=person and the sAMAccountName on the same filter it does not work with ldapsearch. if I use either one by titself, I get back my user record from AD. Brian ----- Original Message ----- From: "Kevin Falcone" <falc...@bestpractical.com> To: rt-users@lists.bestpractical.com Sent: Tuesday, August 30, 2011 9:41:57 AM Subject: Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl On Tue, Aug 30, 2011 at 09:35:39AM -0500, Brian Murphy wrote: > I am making progress in that I am at least now getting some indication that > the code is trying to authenticate my user in my active directory. > I now receive the following after I upgraded my RT::Auth::External to 0.09. Yes, you must use the newest version (0.09) for it to work with RT4 > [Tue Aug 30 14:32:12 2011] [debug]: LDAP Search === Base: ou=its > employees,ou=employee accounts,ou=eiu users,dc=eiuad,dc=eiu.dc=edu == Filter: > (&(objectClass=person)(sAMAccountName=blmurphy)) == Attrs: sAMAccountName > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304) Is that the right OU and Filter? Does that OU and Filter work from ldapsearch? -kevin -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA � September 26 & 27, 2011 * San Francisco, CA, USA � October 18 & 19, 2011 * Washington DC, USA � October 31 & November 1, 2011 * Melbourne VIC, Australia � November 28 & 29, 2011 * Barcelona, Spain � November 28 & 29, 2011 -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011 -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011