[rt-users] Need assistance with rt authentication to Active Directory

m0bilitee m0bilitee at gmail.com
Mon Mar 14 11:46:59 EDT 2011


That definitely did the trick for making it fire off, thanks Thomas. Now I
can't seem to get authenticated however.  Here's output from the debug
rt.log:

[Mon Mar 14 15:40:45 2011] [debug]: Calling UserExists with $username
(steve) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Mar 14 15:40:45 2011] [debug]: UserExists params:
username: steve , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Mar 14 15:40:45 2011] [debug]: LDAP Search ===  Base:
dc=mydomain,DC=internal == Filter:
(&(&(ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=steve)) ==
Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Mon Mar 14 15:40:45 2011] [debug]: Password validation required for service
- Executing...
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Mon Mar 14 15:40:45 2011] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Mon Mar 14 15:40:45 2011] [debug]: LDAP Search ===  Base:
dc=mydomain,DC=internal == Filter:
(&(sAMAccountName=steve)(&(ObjectCategory=User)(ObjectClass=Person))) ==
Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Mon Mar 14 15:40:45 2011] [debug]: Found LDAP DN: CN=Steve,OU=Information
Technology,OU=Main,OU=Offices,DC=mydomain,DC=internal
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Mon Mar 14 15:40:45 2011] [debug]: LDAP Search ===  Base:
dc=mydomain,DC=internal == Filter: (member=CN=Steve,OU=Information
Technology,OU=Main,OU=Offices,DC=mydomain,DC=internal) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Mon Mar 14 15:40:45 2011] [critical]: Search for
(member=CN=Steve,OU=Information
Technology,OU=Main,OU=Offices,DC=mydomain,DC=internal) failed:
LDAP_NO_SUCH_OBJECT 32
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:116)
[Mon Mar 14 15:40:45 2011] [debug]: LDAP password validation result: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Mon Mar 14 15:40:45 2011] [debug]: Password Validation Check Result:  0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Mon Mar 14 15:40:45 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, Password Invalid)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Mon Mar 14 15:40:45 2011] [error]: FAILED LOGIN for steve from 192.168.X.X
(/opt/rt3/bin/../lib/RT/Interface/Web.pm:555)


So I'm closer, it find my users because it finds the LDAP DN, but then it's
fails with LDAP_NO_SUCH_OBJECT 32. It seems odd it wouldn't find the object
it located in the previous LDAP search?

I'm sure I'm missing something silly here, any additional help is
appreciated!

- Steve


On Wed, Mar 9, 2011 at 6:59 PM, Thomas Sibley <trs at bestpractical.com> wrote:

> On 09 Mar 2011 17:57, m0bilitee wrote:
> > Hi folks, I'm trying to run rt 3.8.9 on CentOS 5.5, talking to Active
> > Directory on a Windows Server 2003 domain controller.  I followed the
> > guide at the wiki
> > at http://requesttracker.wikia.com/wiki/CentOS5InstallPlusSome and got
> > everything working up to the external plugin.
>
> RT 3.8.9 broke version 0.08 of ExternalAuth.  0.08_01 is the developer
> release which fixes the issue.  You probably have 0.08.
>
> http://search.cpan.org/~falcone/RT-Authen-ExternalAuth-0.08_01/
>
> Thomas
>



-- 
    The music business is a cruel and shallow money trench, a long plastic
hallway where thieves and pimps run free, and good men die like dogs.
There’s also a negative side. - Hunter S. Thompson

Enjoy the documented stupidity at http://beatdown.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110314/8d8f2100/attachment.htm>


More information about the rt-users mailing list