[rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?

Martin Wheldon martin.wheldon at greenhills-it.co.uk
Wed Oct 19 10:33:40 EDT 2016 

Hi Malcolm,

You are missing the LDAP import configuration, which is separate from 
the External auth config.
The following will help:

   https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html

Best Regards

Martin

On 2016-10-19 13:37, Malcolm Galland wrote:
> I've set up RT, and am testing it with rt-server.  Everything seems to
> be going smoothly except LDAP with RT::Authen::ExternalAuth.  I read
> the docs and have implemented the suggested changes in
> /opt/rt4/etc/RT_SiteConfig.pm like so:
> 
> Set( $ExternalAuthPriority, ["My_LDAP"] );
> Set( $ExternalInfoPriority, ["My_LDAP"] );
> Set($ExternalAuth, 1);
> Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings, {
>     'My_LDAP'       =>  {
>         'type'             =>  'ldap',
>         'server'           =>  'ggdc1.domain.int',
>         'user'             =>  'LDAP_ACCOUNT',
>         'pass'             =>  'LDAP_ACCOUNT_PASS',
>         'base'             =>  'ou=Production,dc=domain,dc=int',
>         'filter'           =>  '(objectClass=inetOrgPerson)',
>         'attr_match_list'  => [
>             'Name',
>             'EmailAddress',
>         ],
>         'attr_map' => {
>                 'Name'         => 'sAMAccountName',
>                 'EmailAddress' => 'mail',
>                 'RealName'     => 'cn',
>                 'WorkPhone'    => 'telephoneNumber',
>                 'Address1'     => 'streetAddress',
>                 'City'         => 'l',
>                 'State'        => 'st',
>                 'Zip'          => 'postalCode',
>                 'Country'      => 'co',
>         },
>     },
> } );
> 
> The issue is when I try to login the users aren't allowed access, and I
> get the following error from rt-server:
> 
> [error]: FAILED LOGIN for username_redacted from IP_REDACTED
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
> 
> Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug
> I get: 
>  [critical]: Expected 'PeerHost' at
> /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164.
> (/opt/rt4/sbin/../lib/RT.pm:390)
> 
> Any ideas?  I read every document I could find, but it's hard to know
> which non-official ones you can trust since RT has been around so long
> and ExternalAuth was just added to the core.  Also, the official docs
> are a bit terse.
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Boston - October 24-26
> * Los Angeles - Q1 2017

More information about the rt-users mailing list