[rt-users] ldap externalauth problem
John Alberts
John.Alberts at exlibrisgroup.com
Mon Sep 27 12:01:20 EDT 2010
Val,
Have you verified that ldapsearch works for you on this box?
I used something like this to test:
ldapsearch -LLL -x -H ldap://<ldap server>:389 -b 'DC=corp,DC=something,DC=com' -D 'ldapuser at corp.something.com' -w '<ldapuser password>' '(&(ObjectClass=Person)(cn=<username to search for))'
I had to request from our Windows AD guys to allow the ldapuser to be able to read all user information. I also had to have them open the firewall to our server, because by default, they only allow certain servers to query the AD servers.
John
On 09/27/2010 10:14 AM, Val Polyakov wrote:
Trying to get my RT 3.8.8 on RHEL5 to authenticate against our corporate AD.
I followed this guide here:
http://wiki.bestpractical.com/view/CentOS5InstallPlusSome
I also checked that apache has access to over here (RT-Authen-ExternalAuth
dir was chgrp -R'ed and chmod -R 770'ed):
[root at rt plugins]# pwd
/opt/rt3/local/plugins
[root at rt plugins]# ls -ltr
total 4
drwxrwx--- 5 root apache 4096 Sep 13 14:16 RT-Authen-ExternalAuth
[root at rt plugins]# ps awwwux |grep httpd
root 2313 0.1 4.1 348008 83360 ? Ss 10:32 0:02
/usr/sbin/httpd
apache 2317 0.0 4.1 350272 82612 ? S 10:32 0:00
/usr/sbin/httpd
apache 2318 0.0 4.1 350272 82616 ? S 10:32 0:00
/usr/sbin/httpd
apache 2319 0.0 4.0 348204 82216 ? S 10:32 0:00
/usr/sbin/httpd
apache 2320 0.0 4.1 350272 82684 ? S 10:32 0:00
/usr/sbin/httpd
apache 2321 0.0 4.1 350928 83388 ? S 10:32 0:00
/usr/sbin/httpd
apache 2322 0.0 4.1 350272 82616 ? S 10:32 0:00
/usr/sbin/httpd
apache 2323 0.0 4.1 350272 82616 ? S 10:32 0:00
/usr/sbin/httpd
apache 2324 0.0 4.1 350668 83172 ? S 10:32 0:00
/usr/sbin/httpd
root 3537 0.0 0.0 61148 708 pts/0 R+ 11:06 0:00 grep httpd
[root at rt plugins]#
when I set this up and tried to login with my AD account for the first
time, here's what I saw in /var/log/httpd/error_log :
[root at rt autohandler]# tail -f /var/log/httpd/error_log
[Mon Sep 27 14:32:29 2010] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: 101
Truman Avenue, City: Yonkers, Country: United States, Disabled: 0,
EmailAddress: vpolyakov at consumer.org, ExternalAuthId: POLYVA, Gecos:
POLYVA, Name: POLYVA, Organization: 1-8D, Privileged: 0, RealName:
Polyakov, Valeriy, State: NY, WorkPhone: (914) 378-2577, Zip: 10703
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Mon Sep 27 14:32:29 2010] [info]: Autocreated external user POLYVA ( 36 )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:132)
[Mon Sep 27 14:32:29 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
....
And ever since then when I try to login I only see this:
[Mon Sep 27 14:52:31 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Mon Sep 27 14:52:31 2010] [error]: FAILED LOGIN for polyva from
192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
my /opt/rt3/etc/RT_SiteConfig.pm and
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc are attached
Any suggestions?
RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year -- Learn how to get the most out of RT!
--
John Alberts
Hosted Services
Exlibris USA
john.alberts at exlibrisgroup.com
cell: 1-508-878-2197
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100927/d246df02/attachment.htm>
More information about the rt-users
mailing list