[rt-users] External Users are not authenticated

Ashrock mdashraf.ash at gmail.com
Thu Sep 23 12:48:03 EDT 2010


  The exact error i get is this in Apache:
  [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot 
connect to server.midcontinent.local 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:440)
  [error]: FAILED LOGIN for rmc from 10.10.10.12 
(/opt/rt3/share/html/autohandler:265)

Is it a common error ?
I checked previous posts, but could figure out where i have configured 
wrong.

Any help appreciated. Thanks.

On 9/23/2010 11:06 AM, Ashrock wrote:
> Hi,
>
> If anyone can look at my RT_SiteConfig and suggest if I am doing 
> something wrong. I installed Authen::ExternalAuth and modified 
> UserLocal.pm
>
> I am unable to log in into RT with LDAP Credentials.
>
> Error Log says. _GetBoundObj: Invalid Credentials.
>
> # Any configuration directives you include here will override
>
> # RT's default configuration file, RT_Config.pm
>
> #
>
> # To include a directive here, just copy the equivalent statement
>
> # from RT_Config.pm and change the value. We've included a single
>
> # sample value below.
>
> #
>
> # This file is actually a perl module, so you can include valid
>
> # perl code, as well.
>
> #
>
> # The converse is also true, if this file isn't valid perl, you're
>
> # going to run into trouble. To check your SiteConfig file, use
>
> # this comamnd:
>
> # perl -c /path/to/your/etc/RT_SiteConfig.pm
>
> Set($WebBaseURL,'http://10.10.10.10:443'); Set($WebPath,'');
>
> Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');
>
> Set($DatbaseUser, 'rt_user'); Set($DatabasePassword, 'pass');
>
> Set($rtname,'Ticket'); Set($Organization,"http://www.midcontinent.com");
>
> #Set(@Plugins,(qw(Extension::QuickDelete)));
>
> #Set(@Plguins,(qw(RT::FM)));
>
> Set(@Plugins,(qw(RT::Authen::ExternalAuth)));
>
> #Set($LogToFileNamedl, "rt.log");
>
> #Set($LogToFile, 'debug');
>
> Set($CorrespondAddress, 'rt-its at midcontinent.com');
>
> Set($CommentAddress, 'rt-comment at midcontinent.com');
>
> @MailCommand , 'sendmailpipe';
>
> $SendMailArguments = "-oi -t";
>
> $SendmailPath = "/usr/sbin/sendmail";
>
> $SenderMustExistInExternaDatabase = undef;
>
> #Set($MailCommand, 'sendmail');
>
> #Set($SendMailArguments, "-bm --rt-its at midcontinent.com");
>
> #Set($SendmailPath, "/usr/sbin/exim4");
>
> Set($NotifyActor, 0);
>
> Set($RecordOutgoingEmail, 1);
>
> Set($Timezone, 'US/Central');
>
> $WebURL = $WebBaseURL . $WebPath . "/";
>
> #Set($WebExternalAuth, 1);
>
> #Set($WebFallbackToInternalAuth, true);
>
> # should be used to get information about users. This includes
>
> # RealName, Tel numbers etc, but also whether or not the user
>
> # Should be considered disabled.
>
> # Once user info is found, no more services are checked.
>
> Set ($ExternalAuthPriority, ['My_LDAP']);
>
> Set ($ExternalInfoPriority, ['My_LDAP']);
>
> #Set ($ExternalServiceUsesSSLorTLS, 1);
>
> #If this is set true, then the relevant packages will
>
> #be loaded to use SSL/TLS connections. At the moment,
>
> # this just means "use Net::SSLeay;"
>
> Set ($AutoCreateNonExternalUsers, 1);
>
> #These are full settings for each external service as a HashOfHashes
>
> # Note that you may have as many external services as you wish. They will
>
> #be checked in the order specified in the Priority directives above.
>
> # e.g .
>
> #
>
> Set($ExternalAuthPriority, ['My_LDAP']);
>
> Set($ExternalSettings, {
>
> 'My_LDAP' =>
>
> {
>
> ## GENERIC SECTION
>
> # The type of service (db/ldap/cookie)
>
> 'type' => 'ldap',
>
> 'server' => '10.10.10.10',
>
> 'port' => '389',
>
> # Should the service be used for authentication?
>
> 'auth' => 1,
>
> # Should the service be used for information?
>
> 'info' => 1,
>
> # The server hosting the service
>
> #'server' => 'server.midcontinent.local',
>
> ## SERVICE-SPECIFIC SECTION
>
> # If you can bind to your LDAP server anonymously you should
>
> #remove the user and pass config lines, otherwise specify them here:
>
> # The username RT should be used to connect to the LDAP server
>
> 'user' => 'CN=rmc, ou=users, ou=midcontinent, ou=local',
>
> # The password RT should use to connect to the LDAP server
>
> 'pass' => 'temporarypassword',
>
> # The LDAP search base
>
> 'base' => 'dc=server dc=midcontinent, dc=local',
>
> # The filter to use to match RT-Users
>
> #'filter' => '(uid=*)',
>
> 'filter' => '(objectclass = Person)',
>
> # The filter that will only match disable users
>
> #'d_filter' => '(objectClass=pwdPolicy)',
>
> 'd_filter' => '(userAccountControl : 1.2.840.113556.1.4.803:=2)',
>
> #'d_filter' => '(&(objectCategory=person) 
> (objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))',
>
> # Should we try to use TLS to encrypt connections?
>
> 'tls' => 1,
>
> 'ssl_version' => 3,
>
> # What other args should I pass to Net::LDAP->new($host, @args)?
>
> 'net_ldap_args' => [version => 3],
>
> # Does authentication depend on group membership? What group name?
>
> #'group' =>'',
>
> #what is the attribute for the group object that determines membership?
>
> #'group_attr' => '',
>
> ## RT ATTRIBUTE MATCHING SECTION
>
> #The list of RT attributes that uniquely identify a user
>
> 'attr_match_list' => ['Name','Email Address'],
>
> # The mapping of RT attributes on to LDAP attributes
>
> #'attr_map' => {'Name' => 'uid', 'EmailAddress' => 'mail'}
>
> 'attr_map' => {'Name' => 'sAMAaccountName','EmailAddress' => 
> 'mail','Organization' => 'physicalDeliveryOfficeName','RealName' => 
> 'cn','EternalAuthId'=> 'sAMAccountname',
>
> 'Gecos' => 'sAMAccountName','WorkPhone' => 
> 'telephoneNumber','Address1' => 'streetAddress','City' => '1','State' 
> => 'st','Zip' => 'postalCode','Country' => 'co'
>
> }
>
>  }
>
> }
>
>  );
>
>  1;
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100923/52b596be/attachment.htm>


More information about the rt-users mailing list