Your My_LDAP 'user' needs to be the fully qualified 'CN=<span class="Apple-style-span" style>s_dqs_svn,</span><span class="Apple-style-span" style>ou=people,dc=mdanderson,dc=</span><span class="Apple-style-span" style>edu'. And I hope that is a bogus password! Otherwise, I would change it.</span><div>
<font class="Apple-style-span" color="#222222" face="arial, sans-serif"><br clear="all"></font>=+=+=+=+=+=+=+=+=+<br>Ryan Backman<br>Programmer / Analyst<br>George Fox University<br>=+=+=+=+=+=+=+=+=+<br>
<br><br><div class="gmail_quote">On Fri, Mar 2, 2012 at 10:16 AM, Zhang,Jun <span dir="ltr"><<a href="mailto:JHZhang@mdanderson.org">JHZhang@mdanderson.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thomas,<br>
Since I'm new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.<br>
Thanks.<br>
<br>
Jun<br>
<br>
Set( $DatabaseUser, 'rt_user' );<br>
Set( $CorrespondAddress, '<a href="mailto:x2@mdanderson.org">x2@mdanderson.org</a>' );<br>
Set( $rtname, '<a href="http://xrt.mdanderson.edu" target="_blank">xrt.mdanderson.edu</a>' );<br>
Set( $DatabaseRequireSSL, '' );<br>
Set( $WebPort, '80' );<br>
Set( $Organization, '<a href="http://mdanderson.edu" target="_blank">mdanderson.edu</a>' );<br>
Set( $DatabaseType, 'mysql' );<br>
Set( $DatabasePort, '' );<br>
Set( $DatabasePassword, 'password' );<br>
Set( $DatabaseAdmin, 'root' );<br>
Set( $SendmailPath, '/usr/sbin/sendmail' );<br>
Set( $WebDomain, '<a href="http://xrt.mdanderson.edu" target="_blank">xrt.mdanderson.edu</a>' );<br>
Set( $DatabaseAdminPassword, '' );<br>
Set( $CommentAddress, '<a href="mailto:x@mdanderson.org">x@mdanderson.org</a>' );<br>
Set( $DatabaseHost, 'localhost' );<br>
Set( $DatabaseName, 'rt4' );<br>
Set( $OwnerEmail, '<a href="mailto:x2@mdanderson.org">x2@mdanderson.org</a>' );<br>
Set( @Plugins, qw(RT::Authen::ExternalAuth) );<br>
<br>
Set($ExternalAuthPriority, [ 'My_MySQL',<br>
'My_LDAP'<br>
]<br>
);<br>
Set($ExternalServiceUsesSSLorTLS, 0);<br>
Set($AutoCreateNonExternalUsers, 0);<br>
Set($ExternalSettings, {<br>
'My_MySQL' => {<br>
'type' => 'db',<br>
'server' => '<a href="http://dqsrt.mdanderson.edu" target="_blank">dqsrt.mdanderson.edu</a>',<br>
'database' => 'rt4',<br>
'table' => 'Users',<br>
'user' => 'rt_user',<br>
'pass' => 'password',<br>
'port' => '3306',<br>
'dbi_driver' => 'mysql',<br>
'u_field' => 'Name',<br>
'p_field' => 'Password',<br>
'p_enc_pkg' => 'Crypt::MySQL',<br>
'p_enc_sub' => 'password',<br>
'd_field' => 'disabled',<br>
'd_values' => ['0'],<br>
'attr_map' => { 'Name' => 'Name', }<br>
},<br>
'My_LDAP' => {<br>
'type' => 'ldap',<br>
'server' => '<a href="http://dcpwpdc1.mdanderson.edu" target="_blank">dcpwpdc1.mdanderson.edu</a>',<br>
'user' => 's_dqs_svn',<br>
'pass' => 'Juoo9k88',<br>
'base' => 'ou=people,dc=mdanderson,dc=edu',<br>
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',<br>
'tls' => 0,<br>
'ssl_version' => 3,<br>
'net_ldap_args' => [ version => 3 ],<br>
'attr_map' => { 'Name' => 'samaccountname',<br>
'EmailAddress' => 'mail',<br>
'Organization' => 'physicaldeliveryofficename',<br>
'RealName' => 'gecos',<br>
'ExternalAuthId' => 'sAMAccountName',<br>
'Gecos' => 'gecos',<br>
'WorkPhone' => 'telephoneNumber',<br>
'Address1' => 'streetAddress',<br>
'City' => 'l',<br>
'State' => 'st',<br>
'Zip' => 'postalCode',<br>
'Country' => 'co'<br>
}<br>
}<br>
}<br>
);<br>
1;<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:rt-users-bounces@lists.bestpractical.com">rt-users-bounces@lists.bestpractical.com</a> [mailto:<a href="mailto:rt-users-bounces@lists.bestpractical.com">rt-users-bounces@lists.bestpractical.com</a>] On Behalf Of Thomas Sibley<br>
Sent: Friday, March 02, 2012 11:57 AM<br>
To: <a href="mailto:rt-users@lists.bestpractical.com">rt-users@lists.bestpractical.com</a><br>
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)<br>
<br>
On 03/02/2012 12:48 PM, Zhang,Jun wrote:<br>
> I got the same error and I understand this must be minors, since my AD<br>
> user is authenticated. The Users table in my rt4 database doesn't have<br>
> a column called 'disable'. Removing the d_field line in<br>
> RT_SiteConfig.pm and the error no longer show up. Looks like a bug.<br>
<br>
It is a severe misconfiguration to add the internal RT Users table as a DBI auth source in RT::Authen::ExternalAuth. Don't do that.<br>
--------<br>
RT Training Sessions (<a href="http://bestpractical.com/services/training.html" target="_blank">http://bestpractical.com/services/training.html</a>)<br>
* Boston March 5 & 6, 2012<br>
--------<br>
RT Training Sessions (<a href="http://bestpractical.com/services/training.html" target="_blank">http://bestpractical.com/services/training.html</a>)<br>
* Boston March 5 & 6, 2012<br>
</blockquote></div><br></div>