I think I got it to work, changed LdapFilter to * rather than just commenting
the line out. I knew we didn't have posixAccount in that attribute but didn't
know I would actually need it enabled.
sorry for the wasted bandwidth,
Kevin
At 02:19 PM 3/19/2008, Kevin Sheen wrote:
>Hi,
>
>I'm trying to get our rt install to authenticate with Active Directory.
>
>I've got the configuration from these two links into our RT_SiteConfig.pm:
>
>http://wiki.bestpractical.com/view/LDAP
>
>http://wiki.bestpractical.com/view/LdapSiteConfigSettingsForActiveDirectory
>
>At this point, I'm just trying to get authentication to work, I'm not trying
>to add create users or anything like that. I've stripped the configuration
>down to a minimum and I'm still getting:
>
>[Wed Mar 19 17:57:02 2008] [debug]: Trying LDAP authentication
>(/usr/local/rt/local/lib/RT/User_Local.pm:155)
>[Wed Mar 19 17:57:02 2008] [debug]: RT::User::IsPassword auth method
>IsLDAPPassword FAILED (/usr/local/rt/local/lib/RT/User_Local.pm:293)
>[Wed Mar 19 17:57:02 2008] [info]: RT::User::IsInternalPassword AUTH FAILED:
>FOO (/usr/local/rt/local/lib/RT/User_Local.pm:257)
>[Wed Mar 19 17:57:02 2008] [debug]: RT::User::IsPassword auth method
>IsInternalPassword FAILED (/usr/local/rt/local/lib/RT/User_Local.pm:293)
>[Wed Mar 19 17:57:02 2008] [error]: FAILED LOGIN for FOO from 172.16.9.188
>(/usr/local/rt/share/html/autohandler:251)
>
>I've increased the logging level to debug but it isn't pointing me any closer
>to a resolution. Is there any increased logging that I can enable to attempt
>to find the actual problem?
>
>I can still login to rt using the internal authentication method just not LDAP.
>
>I've got the utility called Active Directory Explorer from sysinternals.com -
>there are three attributes named badPwdCount, badPasswordTime and logonCount
>stored in Active Directory. None of those three have changed in all of my
>testing.
>
>I did make a slight change to $LdapUser and started getting an additional
>error in the log that led me to believe that I had at least that parameter and
>LdapPass correct (again, I'm using my userid to view AD).
>
>
>Thanks in advance,
>
>Kevin
>
>
>___
>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
>Community help: http://wiki.bestpractical.com
>Commercial support: [EMAIL PROTECTED]
>
>
>Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>Buy a copy at http://rtbook.bestpractical.com
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com