[rt-users] Can't login to RT using Active Directory
Daniel Schwager
Daniel.Schwager at dtnet.de
Wed Sep 14 11:55:17 EDT 2016
Hi,
> I'm 100% sure i am using the correct password, i even tried other test
> accounts i have and know they can authenticate against AD just fine.
try ldapsearch to connect to your AD like
ldapsearch -x -H ldap://192.168.100.5:389 -D MYUSER -w MYPASS -b "dc=yourdomain,dc=com" "cn=Administrator"
Best regards
Daniel
> -----Original Message-----
> From: rt-users [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of fleon
> Sent: Wednesday, September 14, 2016 4:25 PM
> To: rt-users at lists.bestpractical.com
> Subject: [rt-users] Can't login to RT using Active Directory
>
> I have been able to use Active Directory as authentication with the
> ExternalAuth plugin, both before and after it was integrated in RT 4.4.
>
> But today it isn't allowing anyone in, and this is shown in the error logs:
>
> [8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from
> 192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
> [8629] [Wed Sep 14 15:29:31 2016] [critical]:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_INVALID_CREDENTIALS 49
> (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678)
>
> I'm 100% sure i am using the correct password, i even tried other test
> accounts i have and know they can authenticate against AD just fine.
>
> I am also sure nothing has changed on AD itself or in RT's configuration,
> however this is my current ExternalAuth configuration:
> Set($ExternalAuth, 1);
> Set($ExternalAuthPriority, [ 'My_LDAP']);
> Set($ExternalInfoPriority, [ 'My_LDAP']);
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 1);
> Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 });
>
> Set($ExternalSettings,
> {
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'server' => '192.168.100.5',
> 'user' => 'MYUSER',
> 'pass' => 'MYPASS',
> 'base' => 'dc=mycompany,dc=com',
> 'filter' => '(objectClass=person)',
> 'd_filter' => '(objectClass=FooBarBaz)',
> 'tls' => 0,
> 'ssl_version' => 3,
> 'net_ldap_args' => [ version => 3 ],
> 'attr_match_list' => [ 'Name',
> 'EmailAddress'
> ],
> 'attr_map' => { 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'displayName',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'description',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> }
> }
> }
> );
>
> I am using debian 8 jessie with RT 4.4.1. Thanks
>
>
>
>
>
>
>
>
> --
> View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-
> Directory-tp62539.html
> Sent from the Request Tracker - User mailing list archive at Nabble.com.
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training
> * Boston - October 24-26
> * Los Angeles - Q1 2017
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4000 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160914/15d72467/attachment.bin>
More information about the rt-users
mailing list