[rt-users] Issue Trying To Get AD Integration Working

Jason Batchelor jxbatchelor at gmail.com
Wed Apr 2 15:44:31 EDT 2014 

Hello Everyone:

I have been trying for sometime to get AD auth working correctly on my
server. I've managed to get most of the way there I think but am
consistently getting hung up on an error.

Below is a sample of my configuration..

--------------------------------------
Plugin("RT::Authen::ExternalAuth");
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
    'My_LDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'ldaps://example.company.org',
        'base'                      =>  'dc=xxxxx,dc=org',
        'filter'                    =>  '(objectClass=*)',
        'd_filter'                  =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
        'tls'                       =>  0,
        'ssl_version'               =>  3,
        'net_ldap_args'             => [ version =>  3 ]
        },
} );
--------------------------------------

I am trying to do this via LDAPS using our root CAs (which I have already
configured via openLDAP). Each time I attempt to authenticate I get the
following error in the logs...

[14177] [Wed Apr  2 19:10:16 2014] [debug]: UserExists params:
username: MY_NTUSERNAME , service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
[14177] [Wed Apr  2 19:10:16 2014] [error]: Can't call method "as_string"
without a package or object reference at
/opt/rt4/local/plugins/RT-Authen-ExternalA
uth/lib/RT/Authen/ExternalAuth/LDAP.pm line 469.
Stack:

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:505]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:255]
  [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:15]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
  [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:309]
  [/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:211)
I found that this line of code pertained to some debugging info and out of
pure curiosity I commented this piece of code out. When I did so the logs
error'd out only this time they stated the user could not be found. After
seeing this I uncommented the debug line :)

* I have verified that I am seeing traffic to/from the LDAP server over 636.
* I have attempted to do this via TLS and SSL with no change in result.
* I have tried adjusting my filters, but in reality they are a catch all as
is.
* I have tried pointing to a different LDAP server, same result.

It is unclear to me at this point what the problem is, although things seem
suggestive of an LDAP query gone awry. After doing some research on my own,
I am unable to determine what exactly is wrong with it. All I want at this
point is to have authentication via AD.

Many thanks in advance for you help!
-Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140402/3030df42/attachment.htm>

More information about the rt-users mailing list