[rt-users] RT 4.4.1 LDAP Authentication issue.
Claude EDUMA
claudeduma at gmail.com
Fri Dec 9 05:11:18 EST 2016
Hi everyone.
First sorry for my english i'm french.
I try a couple of week to have LDAP authentication with my fresh RT 4.4.1
installation.
All seem good but login still fail.
As you ca see in logs, if it's first time that user try to login, he is
create in RT but and all cheks seem to be OK but user is not granted access.
below RT_Siteconfig.pm and logs.
Thank you for your help.
------------------
RT_Siteconfig.pm
-----------------
Set($MaxAttachmentSize , 10000000);
Set($FriendlyFromLineFormat, "\"%s\" <%s>");
Set($Timezone, "Europe/Paris");
Set($DisableGD, 0);
Set( $DisableGraphViz, 1 );
Set($LogToFile , 'debug');
Set($LogDir, '/var/log');
Set($LogToFileNamed , "rt.log");
Set($WebDomain, 'dmycopr');
Set($WebPort, 82);
Set($Organization, 'mycopr.com');
Set($CorrespondAddress , 'alert at mycoprservices.com');
Set($CommentAddress , 'alert at mycoprservices.com');
Set($SendmailPath, "/usr/lib/sendmail");
Set($SendmailArguments, "-t");
Set($OwnerEmail, "alert\@mycoprservices.com"); #who to email errors to
Set($UseTransactionBatch, '1');
# Use the below LDAP source for both authentication, as well as user
# information
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalServiceUsesSSLorTLS, 1);
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 0);
# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldaps://ypmycoprldap.corp.mycopr.com',
'user' =>
'uid=mycopr-rtir-reader,ou=applicationAccounts,o=corp.mycopr.com',
'pass' =>
'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' => 'o=corp.mycopr.com',
'filter' => '(objectClass=privperson)',
'tls' => { verify => "require", cafile =>
"/etc/pki/tls/mycopr_CERTIFICATE_CHAIN.crt" },
'net_ldap_args' => [ version => 3, debug => 8 ],
'attr_match_list' => [
'Name',
'EmailAddress',
],
# Import the following properties of the user from LDAP upon
# login
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);
1;
------
First login :
-----
[13619] [Wed Dec 7 16:42:02 2016] [debug]: UserExists params:
username: 20006587 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:487)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: LDAP Search === Base:
o=corp.mycorp.com == Filter: (&(objectClass=privperson)(uid=20006587)) ==
Attrs: cn,mail,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:517)
[13619] [Wed Dec 7 16:42:02 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos:
20006587, Name: 20006587, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Attempting to get user info
using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: LDAP Search === Base:
o=corp.mycorp.com == Filter: (&(objectClass=privperson)(uid=20006587)) ==
Attrs: cn,mail,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:405)
[13619] [Wed Dec 7 16:42:02 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Disabled: ,
EmailAddress: user at ext.mycorp.com, Gecos: 20006587, Name: 20006587,
Privileged: 1, RealName: user (/opt/rt4/sbin/../lib/RT/User.pm:811)
[13619] [Wed Dec 7 16:42:02 2016] [info]: Autocreated external user
20006587 ( 716 ) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:358)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Loading new user ( 20006587 )
into current session (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:364)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Password validation required for
service - Executing... (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:381)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Trying external auth service:
My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: LDAP Search === Base:
o=corp.mycorp.com == Filter: (&(uid=20006587)(objectClass=privperson)) ==
Attrs: dn (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Found LDAP DN:
uid=20006587,ou=people,ou=GO-LM,o=corp.mycorp.com
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:268)
[13619] [Wed Dec 7 16:42:02 2016] [info]:
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ):
20006587 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:349)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: LDAP password validation result:
1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:560)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Password Validation Check
Result: 1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:385)
[13619] [Wed Dec 7 16:42:02 2016] [debug]: Autohandler called ExternalAuth.
Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58)
[13619] [Wed Dec 7 16:42:02 2016] [error]: FAILED LOGIN for 20006587 from
10.1.29.3 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: Attempting to use external auth
service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:288)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: Calling UserExists with
$username (20006587) and $service (My_LDAP)
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:329)
-------
User is know by RT
-------
[13620] [Wed Dec 7 16:42:10 2016] [debug]: UserExists params:
username: 20006587 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:487)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: LDAP Search === Base:
o=corp.mycopr.com == Filter: (&(objectClass=privperson)(uid=20006587)) ==
Attrs: cn,mail,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:517)
[13620] [Wed Dec 7 16:42:10 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos:
20006587, Name: 20006587, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: Attempting to get user info
using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: LDAP Search === Base:
o=corp.mycopr.com == Filter: (&(objectClass=privperson)(uid=20006587)) ==
Attrs: cn,mail,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:405)
[13620] [Wed Dec 7 16:42:10 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Disabled: ,
EmailAddress: user at ext.mycopr.com, Gecos: 20006587, Name: 20006587,
Privileged: 1, RealName: user (/opt/rt4/sbin/../lib/RT/User.pm:811)
[13620] [Wed Dec 7 16:42:10 2016] [error]: Couldn't create user 20006587:
Email address in use (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:355)
[13620] [Wed Dec 7 16:42:10 2016] [debug]: Autohandler called ExternalAuth.
Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58)
[13620] [Wed Dec 7 16:42:10 2016] [error]: FAILED LOGIN for 20006587 from
10.1.29.3 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20161209/35e21cab/attachment.htm>
More information about the rt-users
mailing list