Re: [rt-users] Problem configuring LDAP with AD

2006-10-24 Thread Andrew Hodgson 

[EMAIL PROTECTED] wrote:


AFAIK, inetOrgPerson doesn't exist in Active Directory.


I've changed it to user, which is one of the choices I can see in 
ADSIEdit (the others are organizationalPerson, top, person.)


Use the LDAPAttrMap I posted to the Wiki at 
http://wiki.bestpractical.com/index.cgi?LdapAttrMap


I have done, thank you for the page. I used this page when I set up the 
LDAP overlay originally.




In your RT_SiteConfig.pm make sure you have the correct MatchList and base:


Check. My base is an OU (ou=ActiveUsers,dc=domain,dc=local).


# A list of RT attrs which can uniquely identify a user,
# # ordered from most to least preferred.
Set($LdapRTAttrMatchList, ['Name', 'ExternalContactInfoId',
   'EmailAddress', 'RealName',
   'WorkPhone', 'Address1']


The final entry was set to Address2, so I've changed it to 1.

snip...all in check

I've doubled checked the configuration and I still get the 
LDAP_OPERATIONS_ERROR 1. I've tried it with different credentials, and 
different settings for objectClass, but as far as I can see there's no 
effect.


Any further help appreciated,

Andrew
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Problem configuring LDAP with AD

2006-10-19 Thread Andrew Hodgson 

Hi again,


I've tweaked LdapFilter and settled on inetOrgPerson, from researches
around the 'net, but I'm still getting the LDAP_OPERATIONS_ERROR 1, so
that might not be the root problem. The first line stumps me somewhat,
talking about object type and id.

I know this problem is essentially solved, I just need a little help
getting over the line! Here's my /etc/request-tracker3.4/RT_SiteConfig.pm:

  
Sorry, perhaps I wasn't specific enough: I'm looking for help 
determining the cause of the LDAP_OPERATIONS_ERROR 1, and anything 
else that might be causing the log output I posted. Here it is again:


Oct 18 12:59:17 tracker RT: Transaction-Create couldn't, as you didn't specify 
an object type and id (/usr/share/request-tracker3.4/lib/RT/Record.pm:1451)
Oct 18 12:59:17 tracker RT: Trying LDAP authentication
Oct 18 12:59:17 tracker RT: RT::User::IsLDAPPassword search for 
((sAMAccountName=Andrew Hodgson)(objectclass=inetOrgPerson)) failed: 
LDAP_OPERATIONS_ERROR 1
Oct 18 12:59:17 tracker RT: RT::User::IsPassword auth method IsLDAPPassword 
FAILED
Oct 18 12:59:17 tracker RT: RT::User::IsInternalPassword AUTH FAILED (no 
passwd): Andrew Hodgson (/usr/share/request-tracker3.4/lib/RT/User_Local.pm:232)
Oct 18 12:59:17 tracker RT: RT::User::IsPassword auth method IsInternalPassword 
FAILED
Oct 18 12:59:17 tracker RT: FAILED LOGIN for Andrew Hodgson from 192.168.0.238 
(/usr/share/request-tracker3.4/html/autohandler:191)

If anyone could give me any pointers, it would be appreciated. I need 
tickets!


Andrew
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

[rt-users] Problem configuring LDAP with AD

2006-10-18 Thread Andrew Hodgson 
Hi there,

I've got RT set up and working fine on Ubuntu 6.06 Server, but we use AD
here (2003 SBS) and I'd like to get user accounts to be created
automatically. I've applied the LDAP overlay and made the changes to the
RT_SiteConfig.pm file (reproduced below), along with the auto-creation
overlay. Unfortunately, I'm still having problems getting it to recognise
my own domain account:

Oct 18 12:59:17 tracker RT: Transaction-Create couldn't, as you didn't
specify an object type and id
(/usr/share/request-tracker3.4/lib/RT/Record.pm:1451)
Oct 18 12:59:17 tracker RT: Trying LDAP authentication
Oct 18 12:59:17 tracker RT: RT::User::IsLDAPPassword search for
((sAMAccountName=Andrew Hodgson)(objectclass=inetOrgPerson)) failed:
LDAP_OPERATIONS_ERROR 1
Oct 18 12:59:17 tracker RT: RT::User::IsPassword auth method
IsLDAPPassword FAILED
Oct 18 12:59:17 tracker RT: RT::User::IsInternalPassword AUTH FAILED (no
passwd): Andrew Hodgson
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:232)
Oct 18 12:59:17 tracker RT: RT::User::IsPassword auth method
IsInternalPassword FAILED
Oct 18 12:59:17 tracker RT: FAILED LOGIN for Andrew Hodgson from
192.168.0.238 (/usr/share/request-tracker3.4/html/autohandler:191)

I've tweaked LdapFilter and settled on inetOrgPerson, from researches
around the 'net, but I'm still getting the LDAP_OPERATIONS_ERROR 1, so
that might not be the root problem. The first line stumps me somewhat,
talking about object type and id.

I know this problem is essentially solved, I just need a little help
getting over the line! Here's my /etc/request-tracker3.4/RT_SiteConfig.pm:


# RT_SiteConfig.pm
#
# These are the bits you absolutely *must* edit.
#
# To find out how, please read
#   /usr/share/doc/request-tracker3.4/INSTALL.Debian

# THE BASICS:

Set($rtname, 'tracker.betgenius.local');
Set($Organization, 'betgenius.com');

Set($CorrespondAddress , '[EMAIL PROTECTED]');
Set($CommentAddress , '[EMAIL PROTECTED]');

Set($Timezone , 'Europe/London'); # obviously choose what suits you

# THE DATABASE:

Set($DatabaseType, 'Pg'); # e.g. Pg or mysql

# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.

Set($DatabaseUser , 'rtuser');
Set($DatabasePassword , 'strongarm');
Set($DatabaseName , 'rtdb');

# THE WEBSERVER:

Set($WebPath , /rt);
Set($WebBaseURL , http://tracker;);

Set($DatabaseHost   , 'localhost');
Set($DatabaseRTHost , 'localhost');

### LDAP Settings
#
# There are two different branches of this: LdapAuth* and LdapInfo*;
# additionally, most of the old Ldap* variables are honored, too.
#
# This means if you only have one LDAP server/config you can just set
# LdapServer, LdapUser, etc. and they will be used for both
# authentication and information

### Enable/Disable LDAP services
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);

### Common Settings: affecting both auth and info services

# Should we create accounts for users who aren't in LDAP?
Set($LdapAutoCreateNonLdapUsers, 1);

# Map RT attributes to LDAP attributes
#
### THE MAPPING BELOW WILL NOT WORK FOR YOU UNLESS YOU CHANGE
### IT TO MATCH YOUR LDAP SCHEMA! See
http://wiki.bestpractical.com/?LdapAttrMap
### to learn how to set this variable properly for either LDAP or Windows
### Active Directory.
Set($LdapAttrMap, {'Name' = 'sAMAccountName',
   'EmailAddress' = 'mail',
   'Organization' = 'physicalDeliveryOfficeName',
   'RealName' = 'cn',
   'ExternalContactInfoId' = 'dn',
   'ExternalAuthId' = 'sAMAccountName',
   'Gecos' = 'sAMAccountName',
   'WorkPhone' = 'telephoneNumber',
   'Address1' = 'streetAddress',
   'City' = '1',
   'State' = 'st',
   'Zip' = 'postalCode',
   'Country' = 'co'}
);

# A list of RT attrs which can uniquely identify a user,
# ordered from most to least preferred.

Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
   'EmailAddress', 'RealName',
   'WorkPhone', 'Address2']
);

# A list of LDAP attrs to examine when canonicalizing email addresses,
# ordered from most to least preferred
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
  'mailAlternateAddress']
);

# A list of prefixes to apply to email address matches.
# Windows 2003 AD uses prefixes or smtp: or SMTP:.
# If not required just leave ''
Set($LdapEmailAttrMatchPrefix, ['', 'smtp:', 'SMTP:'] );

# The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo*
Set($LdapServer, 'officeserver.betgenius.local');
Set($LdapBase, 'ou=Active Users,dc=betgenius,dc=local');
Set($LdapFilter, '(objectclass=inetOrgPerson)');
#   Windows 2003 Active Directory does not allow anonymous LDAP binding
#   thus you must pass Net::LDAP a username and password that has
#   access to read the directory