[rt-users] RT 3.8 Active Directory integration and single sign-on
Eugene M. Evans
EMEvans at heapy.com
Mon Aug 9 20:38:22 EDT 2010
Mike,
I can telnet to the AD server and I am able to connect to the AD server
through an LDAP browser. The browser I happen to be using is jxplorer.
I found that Jxplorer requires the user DN to be the full first and last
name of the user rather than only the logon name and the 'ou' component
must be included in the field named 'base'. Since that nomenclature
works in the LDAP browser, I modified RT_SiteConfig.pm to match, as
follows,
Was
'user' => 'cn=UserLogonName, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX',
'base' => 'dc=XXXXXX, dc=XXXXXX',
'group' => 'cn=XXXXXX, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX',
Is now
'user' => 'cn=FullNameOfUserSameAsUsedInJxplorer, dc=XXXXXX,
dc=XXXXXX',
'base' => 'ou=XXXXXX, dc=XXXXXX, dc=XXXXXX',
'group' => 'cn=XXXXXX, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX',
I also uncommented the 'ssl_version' line as you suggested. However, in
spite of all these changes I'm still not able to bind -- "Can't bind:
LDAP_INVALID_CREDENTIALS 49" -- when I attempt to login to RT with
either a simple network username and password or the full form username
and password. I've tried logging in with the same account specified as
my LDAP bind account and as various other domain accounts, each with the
same result. I think my next step is to contact the author of the
ExternalAuth extension to see if the directives and attributes that
ExternalAuth adds to RT_SiteConfig.pm are documented. Already checked
the README but did not find a list.
Sincerely,
Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404
________________________________
From: Mike Johnson [mailto:mike.johnson at nosm.ca]
Sent: Monday, August 09, 2010 9:02 AM
To: Eugene M. Evans
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] RT 3.8 Active Directory integration and single
sign-on
Here is your problem,
ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
Something is wrong with your config, ExternalAuth cannot bind with your
LDAP, so any ldap calls after that will fail.
Looking at your config, you don't have to comment out the ssl_version,
that may be throwing the argument list off and messing up your bind.
Check to make sure you can connect to your LDAP on port 389, so you know
it isn't a firewall issue(you can telnet XXX.XXX.XXX.XXX 389).
Download an LDAP browser, and make sure the user you are connecting with
works...
Once you fix the problem of your LDAP bind not working, your error logs
should change, ... hopefully everything works for you after that, but if
not... post the new logs and we'll try to help you out!
Good luck!
Mike.
On Fri, Aug 6, 2010 at 11:00 PM, Eugene M. Evans <EMEvans at heapy.com>
wrote:
I've tried many things today and still don't have
Auth::ExternalAuth working. Could it be because RT's time is not
synched with the Active Directory server? The time RT reports in its
log is hours ahead of the system time on the host. The system is
running NTP and matches the time on the AD server. I don't know why RT
wouldn't be using the system time. The timezone is set correctly in
RT_SiteConfig.pm >>> Set($Timezone , 'US/Eastern');
The log lines below were all created before 10pm on Friday,
August the 6th. If anyone has any ideas about the time difference or
the inability to log into RT using a valid AD account, I'm all ears.
************************************************************************
**************
*** /opt/rt3/var/log/rt.log
***
************************************************************************
**************
[Sat Aug 7 01:42:51 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:42:51 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:42:51 2010] [debug]: Calling UserExists with
$username (ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:42:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:42:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 01:42:51 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:42:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:00 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:43:00 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:43:00 2010] [debug]: Calling UserExists with
$username (hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:43:00 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:43:00 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 01:43:00 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:43:00 2010] [error]: FAILED LOGIN for hhadmin
from 172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:08 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:43:08 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:43:08 2010] [debug]: Calling UserExists with
$username (hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:43:08 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:43:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 01:43:08 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:43:08 2010] [error]: FAILED LOGIN for hhadmin
from 172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:53:14 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:53:14 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:53:14 2010] [debug]: SSO Failed and no user to
test with. Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 01:53:14 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:53:20 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:53:20 2010] [debug]: Calling UserExists with
$username (ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:53:20 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:53:20 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:437)
[Sat Aug 7 01:53:20 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:46 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:00:46 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:00:46 2010] [debug]: Calling UserExists with
$username (ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:00:46 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:00:46 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:437)
[Sat Aug 7 02:00:46 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:00:46 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:51 2010] [debug]: Attempting to use external
auth service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:00:51 2010] [debug]: Calling UserExists with
$username (ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:00:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:00:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:437)
[Sat Aug 7 02:00:51 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:00:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:08 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:01:08 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:01:08 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:01:08 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:01:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:01:08 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:01:08 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:59 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:01:59 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:01:59 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:01:59 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:01:59 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:01:59 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:01:59 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:02 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:02 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:02 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:02:02 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:02:03 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:02:03 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:02:03 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:35 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:35 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:35 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:02:35 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:02:35 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:02:35 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:02:35 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:38 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:38 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:38 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:02:38 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:02:38 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:02:38 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:02:38 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:55 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:55 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:55 2010] [debug]: SSO Failed and no user to
test with. Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 02:02:55 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:03:01 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:03:01 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:03:01 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:03:01 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:03:01 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:08 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:04:08 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:04:08 2010] [debug]: Calling UserExists with
$username (hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:04:08 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:04:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:04:08 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:04:08 2010] [error]: FAILED LOGIN for hhadmin
from 172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:16 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:04:16 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:04:16 2010] [debug]: Calling UserExists with
$username (hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:04:16 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:04:16 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:04:16 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:04:16 2010] [error]: FAILED LOGIN for hhadmin
from 172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:28 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:04:28 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:04:28 2010] [debug]: Calling UserExists with
$username (emevans) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:04:28 2010] [debug]: UserExists params:
username: emevans , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:04:28 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:04:28 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:04:28 2010] [error]: FAILED LOGIN for emevans
from 172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:08:17 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:08:17 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:08:17 2010] [debug]: SSO Failed and no user to
test with. Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 02:08:17 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:08:22 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:08:22 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:08:22 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:08:22 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:08:22 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:26:43 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:26:43 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:26:43 2010] [debug]: SSO Failed and no user to
test with. Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 02:26:43 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [debug]: Reloading RT::User to work
around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:26:51 2010] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:26:51 2010] [debug]: Calling UserExists with
$username (ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:26:51 2010] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
************************************************************************
**************
*** /opt/rt3/etc/RT_SiteConfig.pm
***
************************************************************************
**************
######################
# Custom Site Config #
######################
Set($rtname , "XXX.XXX.XXX");
Set($Organization , "XXX.XXX");
Set($MinimumPasswordLength , "0");
Set($Timezone , 'US/Eastern');
Set(@Plugins, qw(
RT::Authen::ExternalAuth
));
Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);
Set($DatabaseType , 'mysql');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'local');
Set($DatabasePassword , 'XXXXXXX');
Set($DatabaseName , 'XXXXXX');
# OwnerEmail is the account that will manage RT.
# In this case hhadmin. Hhadmin's email is forwarded to
# the email address specified in the Postfix aliases
# file.
Set($OwnerEmail , 'hhadmin');
Set($LoopsToRTOwner , 1);
Set($SendmailPath , "/usr/lib/sendmail.postfix");
Set($SendmailArguments , "-oi -t -f
support\@hpyhdesk.heapy.local");
Set($MaxAttachmentSize , 5000000);
Set($RTAddressRegexp , '^rt\@hpyhdesk.heapy.local$');
Set($CorrespondAddress , 'no-reply at hpyhdesk.heapy.local');
Set($CommentAddress , 'no-reply at hpyhdesk.heapy.local');
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , "\"%s\" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, "\"%s Ticket #%s\":;");
Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);
Set($WebPath , "/ticket");
Set($WebPort , 80);
Set($WebBaseURL , "http://hpyhdesk.heapy.local
<http://hpyhdesk.heapy.local/> ");
Set($WebURL , $WebBaseURL . $WebPath . "/");
# The following two lines support single sign-on.
# Tell RT to trust the webserver to handle
# authentication.
# They are commented out since they are said to conflict with
the ExternalAuth extension.
# See http://wiki.bestpractical.com/view/ExternalAuth.
# Set($WebExternalAuth, 3);
# If the webserver hands RT a user RT is not
# familiar with, RT should just go ahead and
# create an account.
#Set($WebExternalAuto, 1);
Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, "HARD");
Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);
Set($OldestTransactionsFirst, '1');
Set($ShowTransactionImages, 1);
Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);
Set($LogToSyslog, '' ) ; # disable syslog
Set($LogToFile, 'debug' ) ; # set file logging to
include everything
Set($LogDir, '/opt/rt3/var/log' ) ; # path to log
Set($LogToFileNamed , 'rt.log') ; # logfile name
# Include the configuration for the ExternalAuth extension.
# ExternalAuth only adds to the available authentication
mechanisms. It does
# not replace RT's own. Ao, authentication happens in this
order:
# 1. ExternalAuth
# 2. RT-Internal
# And you can have as many ExternalAuth sources as you wish.
# ExternalAuth cannot add a user to any internal RT groups.
This must be
# done by the RT administrator.
Set(@Plugins, qw(RT::Authen::ExternalAuth));
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
# If you want LDAP users to be automatically
# assigned "Let this user be granted rights" then you may do so
by
# setting AutoCreate,{Privileged => 1}. Otherwise it will need
# setting manually along with group membership.
Set($AutoCreate,{Privileged => 1});
1;
************************************************************************
**************
***
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm ***
************************************************************************
**************
Set($ExternalAuthPriority, [ 'My_LDAP' ] );
Set($ExternalInfoPriority, [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'XXX.XXX.XXXl',
'user' =>
'cn=ldap,ou=XXX,dc=XXX,dc=XXX',
'pass' => 'XXX',
'base' =>
'dc=XXX,dc=XXX',
'filter' =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
# 'ssl_version' => 3,
'net_ldap_args' => [ version =>
3 ],
'group' =>
'cn=XXX,ou=XXX,dc=XXX,dc=XXX',
'group_attr' => 'member',
'attr_match_list' => [ 'Name',
'EmailAddress' ],
'attr_map' => { 'Name' =>
'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName'
=> 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' =>
'sAMAccountName',
'WorkPhone'
=> 'telephoneNumber',
'Address1'
=> 'streetAddress',
'City' =>
'l',
'State' =>
'st',
'Zip' =>
'postalCode',
'Country' =>
'co'
}
}
}
);
1;
Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404
Discover RT's hidden secrets with RT Essentials from O'Reilly
Media.
Buy a copy at http://rtbook.bestpractical.com
<http://rtbook.bestpractical.com/>
--
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson at nosm.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100809/60f3cb56/attachment.htm>
More information about the rt-users
mailing list