<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body text="#000000" bgcolor="#ffffff">
Val,<br>
Have you verified that ldapsearch works for you on this box?<br>
<br>
I used something like this to test:<br>
<br>
<br>
ldapsearch -LLL -x -H <a class="moz-txt-link-freetext" href="ldap://">ldap://</a><ldap server>:389 -b
'DC=corp,DC=something,DC=com' -D '<a class="moz-txt-link-abbreviated" href="mailto:ldapuser@corp.something.com">ldapuser@corp.something.com</a>' -w
'<ldapuser password>'
'(&(ObjectClass=Person)(cn=<username to search for))'<br>
<br>
<br>
I had to request from our Windows AD guys to allow the ldapuser to
be able to read all user information. I also had to have them open
the firewall to our server, because by default, they only allow
certain servers to query the AD servers.<br>
<br>
John<br>
<br>
<br>
<br>
On 09/27/2010 10:14 AM, Val Polyakov wrote:
<blockquote
cite="mid:029f31b13c62ce489fa45d1befde1da9.squirrel@yoda.im"
type="cite">
<pre wrap="">Trying to get my RT 3.8.8 on RHEL5 to authenticate against our corporate AD.
I followed this guide here:
<a class="moz-txt-link-freetext" href="http://wiki.bestpractical.com/view/CentOS5InstallPlusSome">http://wiki.bestpractical.com/view/CentOS5InstallPlusSome</a>
I also checked that apache has access to over here (RT-Authen-ExternalAuth
dir was chgrp -R'ed and chmod -R 770'ed):
[root@rt plugins]# pwd
/opt/rt3/local/plugins
[root@rt plugins]# ls -ltr
total 4
drwxrwx--- 5 root apache 4096 Sep 13 14:16 RT-Authen-ExternalAuth
[root@rt plugins]# ps awwwux |grep httpd
root 2313 0.1 4.1 348008 83360 ? Ss 10:32 0:02
/usr/sbin/httpd
apache 2317 0.0 4.1 350272 82612 ? S 10:32 0:00
/usr/sbin/httpd
apache 2318 0.0 4.1 350272 82616 ? S 10:32 0:00
/usr/sbin/httpd
apache 2319 0.0 4.0 348204 82216 ? S 10:32 0:00
/usr/sbin/httpd
apache 2320 0.0 4.1 350272 82684 ? S 10:32 0:00
/usr/sbin/httpd
apache 2321 0.0 4.1 350928 83388 ? S 10:32 0:00
/usr/sbin/httpd
apache 2322 0.0 4.1 350272 82616 ? S 10:32 0:00
/usr/sbin/httpd
apache 2323 0.0 4.1 350272 82616 ? S 10:32 0:00
/usr/sbin/httpd
apache 2324 0.0 4.1 350668 83172 ? S 10:32 0:00
/usr/sbin/httpd
root 3537 0.0 0.0 61148 708 pts/0 R+ 11:06 0:00 grep httpd
[root@rt plugins]#
when I set this up and tried to login with my AD account for the first
time, here's what I saw in /var/log/httpd/error_log :
[root@rt autohandler]# tail -f /var/log/httpd/error_log
[Mon Sep 27 14:32:29 2010] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: 101
Truman Avenue, City: Yonkers, Country: United States, Disabled: 0,
EmailAddress: <a class="moz-txt-link-abbreviated" href="mailto:vpolyakov@consumer.org">vpolyakov@consumer.org</a>, ExternalAuthId: POLYVA, Gecos:
POLYVA, Name: POLYVA, Organization: 1-8D, Privileged: 0, RealName:
Polyakov, Valeriy, State: NY, WorkPhone: (914) 378-2577, Zip: 10703
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Mon Sep 27 14:32:29 2010] [info]: Autocreated external user POLYVA ( 36 )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:132)
[Mon Sep 27 14:32:29 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
....
And ever since then when I try to login I only see this:
[Mon Sep 27 14:52:31 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Mon Sep 27 14:52:31 2010] [error]: FAILED LOGIN for polyva from
192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
my /opt/rt3/etc/RT_SiteConfig.pm and
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc are attached
Any suggestions?
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year -- Learn how to get the most out of RT!</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
John Alberts
Hosted Services
Exlibris USA
<a class="moz-txt-link-abbreviated" href="mailto:john.alberts@exlibrisgroup.com">john.alberts@exlibrisgroup.com</a>
cell: 1-508-878-2197</pre>
</body>
</html>