[rt-users] Transitory error on login (LDAP against AD)
Zhang,Jun
JHZhang at mdanderson.org
Fri Mar 2 15:23:20 EST 2012
I didn't use the real password. Authentication works against AD, does that mean a short user name could be used? Thank you very much for raising the question. At this stage, I'm sure about nothing.
Jun
From: Ryan Backman [mailto:rbackman at georgefox.edu]
Sent: Friday, March 02, 2012 12:56 PM
To: Zhang,Jun
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)
Your My_LDAP 'user' needs to be the fully qualified 'CN=s_dqs_svn,ou=people,dc=mdanderson,dc=edu'. And I hope that is a bogus password! Otherwise, I would change it.
=+=+=+=+=+=+=+=+=+
Ryan Backman
Programmer / Analyst
George Fox University
=+=+=+=+=+=+=+=+=+
On Fri, Mar 2, 2012 at 10:16 AM, Zhang,Jun <JHZhang at mdanderson.org<mailto:JHZhang at mdanderson.org>> wrote:
Thomas,
Since I'm new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
Thanks.
Jun
Set( $DatabaseUser, 'rt_user' );
Set( $CorrespondAddress, 'x2 at mdanderson.org<mailto:x2 at mdanderson.org>' );
Set( $rtname, 'xrt.mdanderson.edu<http://xrt.mdanderson.edu>' );
Set( $DatabaseRequireSSL, '' );
Set( $WebPort, '80' );
Set( $Organization, 'mdanderson.edu<http://mdanderson.edu>' );
Set( $DatabaseType, 'mysql' );
Set( $DatabasePort, '' );
Set( $DatabasePassword, 'password' );
Set( $DatabaseAdmin, 'root' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'xrt.mdanderson.edu<http://xrt.mdanderson.edu>' );
Set( $DatabaseAdminPassword, '' );
Set( $CommentAddress, 'x at mdanderson.org<mailto:x at mdanderson.org>' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $OwnerEmail, 'x2 at mdanderson.org<mailto:x2 at mdanderson.org>' );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ 'My_MySQL',
'My_LDAP'
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_MySQL' => {
'type' => 'db',
'server' => 'dqsrt.mdanderson.edu<http://dqsrt.mdanderson.edu>',
'database' => 'rt4',
'table' => 'Users',
'user' => 'rt_user',
'pass' => 'password',
'port' => '3306',
'dbi_driver' => 'mysql',
'u_field' => 'Name',
'p_field' => 'Password',
'p_enc_pkg' => 'Crypt::MySQL',
'p_enc_sub' => 'password',
'd_field' => 'disabled',
'd_values' => ['0'],
'attr_map' => { 'Name' => 'Name', }
},
'My_LDAP' => {
'type' => 'ldap',
'server' => 'dcpwpdc1.mdanderson.edu<http://dcpwpdc1.mdanderson.edu>',
'user' => 's_dqs_svn',
'pass' => 'Juoo9k88',
'base' => 'ou=people,dc=mdanderson,dc=edu',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_map' => { 'Name' => 'samaccountname',
'EmailAddress' => 'mail',
'Organization' => 'physicaldeliveryofficename',
'RealName' => 'gecos',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'gecos',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com<mailto:rt-users-bounces at lists.bestpractical.com> [mailto:rt-users-bounces at lists.bestpractical.com<mailto:rt-users-bounces at lists.bestpractical.com>] On Behalf Of Thomas Sibley
Sent: Friday, March 02, 2012 11:57 AM
To: rt-users at lists.bestpractical.com<mailto:rt-users at lists.bestpractical.com>
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)
On 03/02/2012 12:48 PM, Zhang,Jun wrote:
> I got the same error and I understand this must be minors, since my AD
> user is authenticated. The Users table in my rt4 database doesn't have
> a column called 'disable'. Removing the d_field line in
> RT_SiteConfig.pm and the error no longer show up. Looks like a bug.
It is a severe misconfiguration to add the internal RT Users table as a DBI auth source in RT::Authen::ExternalAuth. Don't do that.
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 & 6, 2012
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 & 6, 2012
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120302/8bb5e679/attachment.htm>
More information about the rt-users
mailing list