[rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP

William Clarke wclarke at simons-rock.edu
Fri Oct 3 13:50:54 EDT 2014


A little more info after checking rt4 logs:
Oct  3 10:20:16 rtracker6 RT: [16022] 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , 
EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged:
Oct  3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke: 
Could not set user info
Oct  3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from 
10.30.2.210

On 10/3/2014 11:06 AM, William Clarke wrote:
> Sorry, I sent that a little prematurely..... RT shows your username or 
> password is incorrect : (
>
> On 10/3/2014 10:58 AM, William Clarke wrote:
>> Hi all,
>>
>> CentOS6.5 \ Apache 2.2.15 \ Perl 5.18.2 \ MariaDB 5.5.39
>>
>> I followed these instructions for my RT build:
>> http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html
>>
>> I'm very new to RT. I've read up what I could find on CPAN, wiki and 
>> Google and I'm not quite sure which way to go here. RT is connecting 
>> to our ldap and a search result is found but the logs in ldap show 
>> "closed (connection lost)" so I suspect RT isn't seeing\getting the 
>> response back from LDAP. I have some examples below showing RT's LDAP 
>> requests with logs as well as the same search run via command line.
>>
>> The main differences I can see in logs so far is command line test 
>> sends "scope=2 deref=0" vs RT test "scope=2 deref=2" and also that 
>> the RT test doesn't unbind and the connection is lost.
>>
>> Command line: ldapsearch -x -p 389 -h ldap.simons-rock.edu -b 
>> ou=People,dc=simons-rock,dc=edu "(&(&(uid=*))(uid=wclarke))" mail uid
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <ou=People,dc=simons-rock,dc=edu> with scope subtree
>> # filter: (&(&(uid=*))(uid=wclarke))
>> # requesting: mail uid
>> #
>>
>> # wclarke, People, simons-rock.edu
>> dn: uid=wclarke,ou=People,dc=simons-rock,dc=edu
>> uid: wclarke
>> mail: wclarke at simons-rock.edu
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> ---------------------------------------------------------------------------------------------------------------
>> Logs from ldap via command line - loglevel 256
>> ---------------------------------------------------------------------------------------------------------------
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 ACCEPT from 
>> IP=10.30.2.36:51249 (IP=0.0.0.0:389)
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 BIND dn="" method=128
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 RESULT tag=97 
>> err=0 text=
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH 
>> base="ou=People,dc=simons-rock,dc=edu" scope=2 deref=0 
>> filter="(&(&(uid=*))(uid=wclarke))"
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH attr=mail uid
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SEARCH RESULT 
>> tag=101 err=0 nentries=1 text=
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=2 UNBIND
>> Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 closed
>> ---------------------------------------------------------------------------------------------------------------
>> Logs from ldap when logging into RT - loglevel 256
>> ---------------------------------------------------------------------------------------------------------------
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 ACCEPT from 
>> IP=10.30.2.36:51262 (IP=0.0.0.0:389)
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 BIND dn="" method=128
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 RESULT tag=97 
>> err=0 text=
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH 
>> base="ou=People,dc=simons-rock,dc=edu" scope=2 deref=2 
>> filter="(&(&(uid=*))(uid=wclarke))"
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH attr=uid mail
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SEARCH RESULT 
>> tag=101 err=0 nentries=1 text=
>> Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 closed 
>> (connection lost)
>> ---------------------------------------------------------------------------------------------------------------
>> External Settings from: RT_SiteConfig.pm
>> ---------------------------------------------------------------------------------------------------------------
>> Set( $ExternalSettings, {
>>         'My_LDAP'       =>  {
>>             'type'                      =>  'ldap',
>>             'server'                    => 'ldap2.simons-rock.edu',
>>             'base'                      => 
>> 'ou=People,dc=simons-rock,dc=edu',
>>             'filter'                    => '(objectClass=*)',
>>             'net_ldap_args'             => [    version =>  3   ],
>>
>>             'attr_match_list' => [
>>                 'Name',
>>                 'EmailAddress',
>>             ],
>>             'attr_map' => {
>>                 'Name' => 'uid',
>>                 'EmailAddress' => 'mail',
>>             },
>>         },
>>     } );
>>
>> # You must install Plugins on your own, this is only an example
>> # of the correct syntax to use when activating them:
>> #       Plugin( "RT::Extension::SLA" );
>> #       Plugin( "RT::Authen::ExternalAuth" );
>>
>>         Plugin( "RT::Authen::ExternalAuth" );
>> #       Plugin( "RT::Extension::Assets" );
>> #       plugin( "RT::Extension::Assets::Import::CSV" );
>> 1;
>> -- 
>>
>> William Clarke
>> ITS System Administrator
>> Bard College at Simon's Rock
>> 84 Alford Road
>> Great Barrington, MA  01230
>> (413) 528-7428 (voice)
>> (413) 528-7405 (fax)
>> wclarke at simons-rock.edu
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20141003/7f4596da/attachment.htm>


More information about the rt-users mailing list