[rt-users] LDAP External Auth intermittent failure

t s zzzz67 at hotmail.com
Thu May 5 11:05:06 EDT 2016


Here you go:

By the way, I just changed the line below from             'server'                    =>  'LDAPSERVER:389' to 'server'                    => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if that has any effect on the error not coming back up or not.



Set($WebPath , "");
Set($WebBaseURL, "http://rt.servername.companyname.com");

Set($RestrictReferrer, '0');

Set($DatabaseAdmin, 'root');

Set($LogoURL, 'https://bestpractical.com/images/logo.png');
Set($WebDefaultStylesheet, 'rudder');

Set($LogToFile, 'error');

Set($SetOutgoingMailFrom, "RT_Tracker at companyname.com");
Set($SMTPFrom, "mail-out.smtp.companyname.com");
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1)

Set($SendmailArguments, "-t");
Set($MailCommand, "sendmail");
Plugin( "RT::Authen::ExternalAuth" );
Plugin('RT::Extension::LDAPImport');


    Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
    Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=companyname,DC=net');
    Set($LDAPPassword,'password');
    Set($LDAPBase, 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');
    Set($LDAPFilter, '(&(objectClass=person))');
    Set($LDAPMapping, {Name         => 'sAMAccountName', # required
                       EmailAddress => 'mail',
                       RealName     => 'cn',
                       WorkPhone    => 'telephoneNumber',
                       Organization => 'departmentName'});
Set($LDAPSizeLimit, 1000);


Set($ExternalAuthPriority, ['companynameLDAP']);
Set($ExternalInfoPriority, ['companynameLDAP']);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
Set($AutoCreateNonExternalUsers, 1);


Set($ExternalSettings, {

        'companynameLDAP'       =>  {
            'type'                      =>  'ldap',
            'server'                    =>  'LDAPSERVER:389',
            'user'                      =>  'companyname\\svc.servicename',
            'pass'                      =>  'password',
            'base'                      =>  'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',
            'filter'                    =>  '(objectClass=person)',
            'd_filter'                  =>  '(objectClass=asdf)',
            'net_ldap_args'             => [    version =>  3   ],
            'attr_match_list' => [
                 'Name',
                 'EmailAddress',
            ],
            'attr_map' => {
                'Name' => 'sAMAccountName',
                'EmailAddress' => 'mail',
                'Organization' => 'physicalDeliveryOfficeName',
                'RealName' => 'cn',
                'ExternalAuthId' => 'sAMAccountName',
                'Gecos' => 'sAMAccountName',
                'WorkPhone' => 'telephoneNumber',
                'Address1' => 'streetAddress',
                'City' => 'l',
                'State' => 'st',
                'Zip' => 'postalCode',
                'Country' => 'co'                                                           },                                                                              },                                                                            } );


Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, 'CompanyName RT' );
Set( $CommentAddress, '' );
Set( $CorrespondAddress, '' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt_database' );
Set( $DatabasePassword, 'password' );
Set( $DatabasePort, '3306' );
Set( $DatabaseType, 'mysql' );
Set( $DatabaseUser, 'root' );
Set( $Organization, 'companyname.com' );
Set( $OwnerEmail, 'owner at companyname.com' );
Set( $SendmailPath, 'usr/lib/sendmail' );
Set( $SendmailArguments, "-t");
Set( $MailCommand, "sendmail");
Set( $WebDomain, 'rt.servername.companyname.com' );
Set( $WebPort, '443' );

Set(%CustomFieldGroupings,
       'RT::Ticket' => [
       'Basics' => ['Trigger Code']
   ]
   );
Set($CanonicalizeRedirectURLs, 0);
1;



________________________________
From: Lush, Aaron <alush at scentral.k12.in.us>
Sent: Thursday, May 5, 2016 10:49 AM
To: t s
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] LDAP External Auth intermittent failure

Would you please post your LDAP configuration in RT_SiteConfig.pm? Omitting any sensitive information, of course.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

On Thu, May 5, 2016 at 8:15 AM, t s <zzzz67 at hotmail.com<mailto:zzzz67 at hotmail.com>> wrote:

Getting an intermittent "RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49" error very similar to:  http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html.

[http://www.gravatar.com/avatar/26ccab0b62375e40455160ff3e911dc4?s=100&r=pg&d=http%3A%2F%2Fn7.nabble.com%2Fimages%2Favatar100.png]<http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html>

LDAP External Auth intermittent failure - RequestTracker<http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html>
requesttracker.8502.n7.nabble.com<http://requesttracker.8502.n7.nabble.com>
LDAP External Auth intermittent failure. I'm using RT-4.2.7 installed from source, on ubuntu 14.04LTS. I've been trying to get the External Auth (0.23) extension ...


Almost daily the External Auth will randomly start getting the binding error above and stop accepting LDAP logins, a simple restart of RT fixes the problem.  I'm using External Auth 0.25 and RT 4.2.12.  The only suggestion in the post above is to update RT but these are both recent stable versions.


Anyone ran into this problem?  Is it an RT_SiteConfig problem?  I wouldn't think so since it works for around 24 hours and then stops.  Could it be some kind of network connectivity problem?

---------
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016



Email Confidentiality Notice: This email message, including all attachments, is for the sole use of the intended recipient(s) and contains confidential information. If you are not the intended recipient, you may not use, disclose, print, copy or disseminate this information. Please reply and notify the sender, delete the message and any attachments and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160505/837c6bbb/attachment.html>


More information about the rt-users mailing list