[rt-users] ExternalAuth Installed but not working
Mike Johnson
mike.johnson at nosm.ca
Fri Dec 9 16:25:38 EST 2011
I'm by no means an expert at this at all but I see you are using
sAMAccountName which leads me to believe you are connecting to Active
Directory.
I had to use the bitmask version of the d_filter for the ldap search to
filter out disabled users...
not sure if this has anything to do with why you aren't able to login, but
it's just something that stood out to me.
My d_filter line is below
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
Ken is also accurate in that you are missing a right parenthesis on your
filter line.
My filter line is below(so you can see how to use the (& <stuff> <more
stuff>)
'filter' => '(&(objectCategory=User) (ObjectClass=Person))',
Hope that helps!
Mike.
On Thu, Dec 8, 2011 at 7:41 PM, Ryan Backman <rbackman at georgefox.edu> wrote:
> I'm having a bit of trouble getting ExternalAuth to work. I've scoured
> the archives and the net and found many suggestions, but none have made any
> changes.
>
> - I've setup logging to go to a seperate file, but all I get is a Login
> Failure message in this file when I try to login:
>
> [Thu Dec 8 23:38:32 2011] [error]: FAILED LOGIN for rbackman from
> xx.xx.xx.xx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:424)
>
> - I'm seeing correct values in the online configuration view inside RT
> indicating that ExternalAuth is loaded as a Plugin and that
> ExternalAuthPriority is My_LDAP.
>
> - I can use the ldapsearch tool with the same variables on the same box
> successfully
>
> Any help is much appreciated.
>
> Below is my configuration:
>
> Set( @Plugins, qw(RT::Authen::ExternalAuth) );
>
> Set ( $ExternalAuthPriority, [ 'My_LDAP' ] );
> Set ( $ExternalInfoPriority, [ 'My_LDAP' ] );
>
> Set($ExternalServiceUsesSSLorTLS, 0);
>
> Set($AutoCreateNonExternalUsers, 0);
>
> Set($ExternalSettings, {
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'server' => 'server.domain.edu',
> 'user' => 'CN=user,OU=admin...',
> 'pass' => 'pass',
> 'base' => 'dc=domain,...',
> 'filter' =>
> '(&(objectClass=user)(memberOf=CN=Staff...)',
> 'd_filter' => '(userAccountControl=514)',
> 'tls' => 0,
> 'ssl_version' => 3,
> 'net_ldap_args' => [ version => 3 ],
> 'group' => 'CN=All Users,...',
> 'group_attr' => 'member',
> 'attr_match_list' => [ 'Name',
> 'EmailAddress'
> ],
> 'attr_map' => { 'Name' =>
> 'sAMAccountName',
> 'EmailAddress' =>
> 'mail',
> 'ExternalAuthId'
> => 'sAMAccountName',
> 'Gecos' =>
> 'sAMAccountName'
> }
> }
> }
> );
>
> 1;
>
>
> =+=+=+=+=+=+=+=+=+
> Ryan Backman
> Programmer / Analyst
> George Fox University
> 503.554.2576
> =+=+=+=+=+=+=+=+=+
>
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston — March 5 & 6, 2012
>
--
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson at nosm.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111209/f7e80ba1/attachment.htm>
More information about the rt-users
mailing list