Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with group
Ah! That's it. I forgot to change and test the filter ($LDAPFilter) used for the User import - not enough coffee this morning, I guess. The example used in the documentation is not applicable to Active Directory. Changing it from '(&(cn = users))' to '(&(objectclass=person)(!(objectclass=computer)))' allowed the User import to run successfully followed by the Group Import. Thanks all! > -Original Message- > From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- > boun...@lists.bestpractical.com] On Behalf Of Nathan Cutler > Sent: Monday, August 05, 2013 10:20 AM > To: rt-users@lists.bestpractical.com > Subject: Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with > group > > Hi Kevin, > > > I’ve confirmed > > that my filter works with ldapsearch. > > Can you send the working ldapsearch command? Seems suspicious to me > that the initial search for the user comes up empty.
Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with group
On Mon, Aug 05, 2013 at 05:45:58PM +, Elliott, Kevin C (DOR) wrote: >[Mon Aug 5 17:10:47 2013] [error]: LDAP search failed Can't contact LDAP > server > > (/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:1237) > >LDAP search failed Can't contact LDAP server > >Looking at the perl for LDAPImport.pm shows me that the _run_search method > is generating the >"LDAP search failed" part of the debugging output. I'm assuming this means > that Net::LDAP is >generating the "Can't contact LDAP server" from $result->code. I feel this > hypothesis is >further supported by the fact that a `grep "contact" LDAPImport.pm' turn > up nothing. It looks >like Net:LDAP just gets the base and filter and off it goes. I've > confirmed that my filter >works with ldapsearch. Correct - those errors come from Net::LDAP->error(). What do the logs on your LDAP server say? -kevin pgph0HD7HN_pD.pgp Description: PGP signature
Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with group
Hi Kevin, > I’ve confirmed > that my filter works with ldapsearch. Can you send the working ldapsearch command? Seems suspicious to me that the initial search for the user comes up empty.
[rt-users] LDAPImport succeds with user LDAP bind but fails with group
Continuing onwards with my attempt to pull groups and their members from Active Directory into Request Tracker I've made some progress. However, I'm currently stymied - LDAPImport will successfully connect and search for users but when re-using the LDAP connection it fails to connect for the group search. Here's the debugging information from an rtldapimport run: Running test import, no data will be changed Rerun command with --import to perform the import Rerun command with --debug for more information connecting to ldap://domaincontroller.alaska.gov binding as CN=dor-requesttracker,OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov searching with: base => 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov' control => 'Net::LDAP::Control::Paged=HASH(0x524cd80)' filter => '(&(cn = users))' search found 0 objects No results found, no import Testing group import searching with: base => 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov' control => 'Net::LDAP::Control::Paged=HASH(0x86973b8)' filter => '(|(CN=dor-requesttracker-admins)(CN=dor-asd-rt-staff))' [Mon Aug 5 17:10:47 2013] [error]: LDAP search failed Can't contact LDAP server (/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:1237) LDAP search failed Can't contact LDAP server search found 0 objects No results found, no group import Finished test Looking at the perl for LDAPImport.pm shows me that the _run_search method is generating the "LDAP search failed" part of the debugging output. I'm assuming this means that Net::LDAP is generating the "Can't contact LDAP server" from $result->code. I feel this hypothesis is further supported by the fact that a 'grep "contact" LDAPImport.pm' turn up nothing. It looks like Net:LDAP just gets the base and filter and off it goes. I've confirmed that my filter works with ldapsearch. I there something different I need to do get a successful LDAP bind when looking performing the group import? --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314
