[rt-users] Problems with RT::Authen::ExternalAuth::LDAP after upgrade to 4.4

John Andersen john at yvig.com
Thu Feb 11 00:07:49 EST 2016


Thank you for the response Shawn.   I had rolled back to 4.2.12 but I threw
up a test server based on my current production server and ran through the
upgrade again, this time with your suggestion.  Same result.   What is
maddening is that there don't seem to be any errors or anything.  Other
than telling me "FAILED LOGIN" I can't find anything in the logs that would
point me in the right direction.   In syslog I simply get:


Feb 10 21:02:27 rt RT: [5018] FAILED LOGIN for andersjp from 70.199.131.228



My LDAP config now looks like this:
---------

Set($ExternalSettings,      {   # SCH LDAP Settings
        'LDAP_DIR3'       =>  {   ## GENERIC SECTION

                'type'          =>  'ldap',
                'server'        =>  'dir3.sch.ad',
                'user'          => 'ldapbind at sch.ad',
                'pass'          =>  '********',
                'base'          =>  'dc=sch,dc=ad',


                'filter'   =>  '(mail=*)(sAMAccountType=805306368)',
                'd_filter' =>
 '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)',

                'tls'                       =>  0,
                'ssl_version'               =>  3,
                'net_ldap_args'             => [    version =>  3   ],
                #'group'                     =>  'GROUP',
                #'group_attr'                =>  'GROUP_ATTR',

                'attr_match_list'       => [    'Name',
                                                'EmailAddress'
                ],

                # The mapping of RT attributes on to LDAP attributes
                'attr_map'      =>  {   'Name' => 'sAMAccountName',
                                        'EmailAddress' => 'mail',
                                        'Organization' => 'company',
                                        'RealName' => 'cn',
                                        'WorkPhone' => 'telephoneNumber',
                                        'MobilePhone' => 'mobile',
                }
        }
}
);


-John

On Wed, Feb 10, 2016 at 9:20 AM, Shawn Moore <shawn at bestpractical.com>
wrote:

> Hi John,
>
> On 2016年2月10日 at 2:11:18, John Andersen (john at yvig.com) wrote:
> > For background. this particular installation went live 10 years ago and
> has
> > been carried over (mostly flawlessly I might add) from version to version
> > over that 10 years; I try to stay on the most recent stable version.
>
> I’m very happy to hear that RT has been running smoothly for you for so
> long!
>
> > Set( $ExternalAuthPriority,['LDAP_DIR3']);
> > Set( $ExternalInfoPriority,['LDAP_DIR3']);
> > Set( $ExternalServiceUsesSSLorTLS, 0);
> > Set( $AutoCreateNonExternalUsers, 1);
> > Set($ExternalSettings, {
> > ...
> > );
>
> Could you try adding this as well?
>
> Set( $ExternalAuth, 1 );
>
> > I'd be grateful for any ideas or pointers!
>
> Please let us know if that gets you back up and running. We’ll do a better
> job about this in 4.4.1.
>
> > Thank you,
> > John
>
> Thanks!
> Shawn
>
> ---------
> RT 4.4 and RTIR Training Sessions (
> http://bestpractical.com/services/training.html)
> * Hamburg Germany  March 14 & 15, 2016
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160210/664f1397/attachment.html>


More information about the rt-users mailing list