[rt-users] Problem with AD auth, error on new accounts.

Max León mleon at wirewatchers.com
Tue Mar 31 13:58:45 EDT 2009


Hi again,

I have manage with help from the group to get RT to authenticate againsta an
AD 2003 box, now I have very unusual problem.
I was using user A for testing and once I was able to authenticate with it
and get to the dashboard screen I thought the problem was resolved, now here
is the odd part, every new user from the AD that tries to authenticate gets
this error message (root and that 1 AD account have no problems):

Can't locate object method "host" via package "URI::_generic" at
/opt/rt3/bin/../lib/RT/Interface/Web.pm line 190, line 514

Which takes me to this sub routine:
sub Redirect {
    my $redir_to = shift;
    untie $HTML::Mason::Commands::session;
    my $uri = URI->new($redir_to);
    my $server_uri = URI->new( RT->Config->Get('WebURL') );

    # If the user is coming in via a non-canonical
    # hostname, don't redirect them to the canonical host,
    # it will just upset them (and invalidate their credentials)
    # don't do this if $RT::CanoniaclRedirectURLs is true
    if (   !RT->Config->Get('CanonicalizeRedirectURLs')   <-- THIS IS THE
LINE OF THE ERROR   This is line 190.
        && $uri->host eq $server_uri->host
        && $uri->port eq $server_uri->port )
    {
        if ( defined $ENV{HTTPS} and $ENV{'HTTPS'} eq 'on' ) {
            $uri->scheme('https');
        }
        else {
            $uri->scheme('http');
        }

        # [rt3.fsck.com #12716] Apache recommends use of $SERVER_HOST
        $uri->host( $ENV{'SERVER_HOST'} || $ENV{'HTTP_HOST'} );
        $uri->port( $ENV{'SERVER_PORT'} );
    }



While on the RT log I can see this:

[Thu Mar 26 20:35:31 2009] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)

[Thu Mar 26 20:35:31 2009] [debug]: Calling UserExists with $username
(evol.johnson) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)

[Thu Mar 26 20:35:31 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 20:35:31 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 20:35:31 2009] [debug]: Password validation required for service
- Executing...
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)

[Thu Mar 26 20:35:31 2009] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)

[Thu Mar 26 20:35:31 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(sAMAccountName=evol.johnson)(objectClass=*)) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)

[Thu Mar 26 20:35:31 2009] [debug]: Found LDAP DN: CN=Evol
Johnson,CN=Users,DC=cr,DC=digitalarbor,DC=com
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)

[Thu Mar 26 20:35:31 2009] [info]: My_LDAP AUTH FAILED evol.johnson (can't
bind: LDAP_INVALID_CREDENTIALS 49 )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)

[Thu Mar 26 20:35:31 2009] [debug]: LDAP password validation result: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)

[Thu Mar 26 20:35:31 2009] [debug]: Password Validation Check Result:  0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)

[Thu Mar 26 20:35:31 2009] [debug]: Autohandler called ExternalAuth.
Response: (0, Password Invalid)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

[Thu Mar 26 20:35:31 2009] [error]: FAILED LOGIN for evol.johnson from
192.168.0.71 (/opt/rt3/share/html/autohandler:268)
[Thu Mar 26 20:35:40 2009] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)

[Thu Mar 26 20:35:40 2009] [debug]: Calling UserExists with $username
(evol.johnson) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)

[Thu Mar 26 20:35:40 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 20:35:40 2009] [debug]: Password validation required for service
- Executing...
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)

[Thu Mar 26 20:35:40 2009] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(sAMAccountName=evol.johnson)(objectClass=*)) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)

[Thu Mar 26 20:35:40 2009] [debug]: Found LDAP DN: CN=Evol
Johnson,CN=Users,DC=cr,DC=digitalarbor,DC=com
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)

[Thu Mar 26 20:35:40 2009] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth
External Auth OK ( My_LDAP ): evol.johnson
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP password validation result: 1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)

[Thu Mar 26 20:35:40 2009] [debug]: Password Validation Check Result:  1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)

[Thu Mar 26 20:35:40 2009] [debug]: Authentication successful. Now updating
user information and attempting login.
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)

[Thu Mar 26 20:35:40 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 20:35:40 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(objectClass=nomatch)(sAMAccountName=evol.johnson)) ==
Attrs: uid
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:398)
[Thu Mar 26 20:35:40 2009] [info]: User marked as ENABLED ( evol.johnson )
per External Service (0, That is already the current value)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
[Thu Mar 26 20:35:40 2009] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 with:
Name: evol.johnson
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Thu Mar 26 20:35:40 2009] [debug]: Attempting to get user info using this
external service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Thu Mar 26 20:35:40 2009] [debug]: Attempting to use this canonicalization
key: Name
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search ===  Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu Mar 26 20:35:40 2009] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: ,
Country: , EmailAddress: , ExternalAuthId: evol.johnson, Gecos:
evol.johnson, Name: evol.johnson, Organization: , RealName: Evol
Johnson,State: , WorkPhone: , Zip:
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Thu Mar 26 20:35:40 2009] [debug]: UPDATED user ( evol.johnson ) from
External Service
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:307)
[Thu Mar 26 20:35:40 2009] [info]: Successful login for evol.johnson from
192.168.0.71
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)
[Thu Mar 26 20:35:40 2009] [debug]: Autohandler called ExternalAuth.
Response: (1, Successful login)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)


If anyone has any clue, it will be more than welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090331/1f3e4c40/attachment.htm>


More information about the rt-users mailing list