<div dir="ltr">I seem to be getting closer. I'm down to only the "FAILED LOGIN for user from..." error.<div><br></div><div>I've found that in order to get down to just that I have to include the domain in the username either as</div>
<div><ul><li>domain\user</li><li>domain.local\user</li><li>user@domain</li><li>user@domain.local</li></ul><div>However, if I use just the username I get</div></div><div><br></div><div><div>[3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607)</div>
<div>[3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:611)</div>
<div>[3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:613)</div>
<div>[3221] [Sat Oct 19 00:44:37 2013] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)</div>
<div>[3221] [Sat Oct 19 00:44:37 2013] [error]: Couldn't create user user: Could not set user info (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:278)</div><div>[3221] [Sat Oct 19 00:44:37 2013] [error]: FAILED LOGIN for user from 192.168.236.119 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814)</div>
<div><br></div><div>The domain does not seem to be getting passed as part of the username when I attempt to log in. Interestingly, though, when I don't use the domain, I do get the info line in the log which contains bits of information that wouldn't otherwise be returned from AD. If I do use the domain that doesn't get returned, but I'm still unable to log in.</div>
</div><div><br></div><div>I know my credentials are accurate because they are the same as I use to log into our VPN and that is tied to AD.</div><div><br></div><div>My current settings:</div><div><br></div><div><div>Set($ExternalAuthPriority, [ 'AD' ] );</div>
<div>Set($ExternalServiceUsesSSLorTLS, 0);</div><div>Set($AutoCreateNonExternalUsers, 0);</div><div>Set($ExternalSettings, {</div><div> 'AD' => {</div><div> 'type' => 'ldap',</div>
<div> 'server' => 'dc1.domain.local',</div><div> 'base' => 'dc=domain,dc=local',</div><div> 'user' => 'rtuser',</div>
<div> 'pass' => 'xxxxxxxx',</div><div> 'filter' => '(ObjectClass=*)',</div><div> 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803=2)',</div>
<div> 'group_scope' => 'base',</div><div> 'tls' => 0,</div><div> 'ssl_version' => 3,</div><div> 'net_ldap_args' => [ version => 3 ],</div>
<div> 'attr_match_list' => [</div><div> 'Name',</div><div> ],</div><div> 'attr_map' => {</div><div> 'Name' => 'sAMAccountName',</div>
<div> 'EmailAddress' => 'mail',</div><div> 'Organization' => 'physicalDeliveryOfficeName',</div><div> 'RealName' => 'cn',</div><div>
'ExternalAuthId' => 'sAMAccountName',</div><div> 'Gecos' => 'sAMAccountName',</div><div> 'WorkPhone' => 'telephoneNumber',</div><div>
'Address1' => 'streetAddress',</div><div> 'City' => 'l',</div><div> 'State' => 'st',</div><div> 'Zip' => 'postalCode',</div>
<div> 'Country' => 'co'</div><div> },</div><div> },</div><div>} );</div></div><div><br></div><div>Further assistance will be appreciated.</div><div class="gmail_extra"><br clear="all">
<div>-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<div><br></div><div>"<span style="line-height:18px;font-size:13px;font-family:arial,sans-serif">We'll get along much better once you accept that you're wrong and neither am I." - Me</span></div>
</div>
<br><br><div class="gmail_quote">On Fri, Oct 18, 2013 at 8:08 PM, Mathew Snyder <span dir="ltr"><<a href="mailto:mathew.snyder@gmail.com" target="_blank">mathew.snyder@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I've actually been trying to get debugging turned on for a few days now. I've set all of the variables:<div><br></div><div><div>Set( $LogToSTDERR, 'debug' );</div><div>Set( $LogToFile, 'debug' );</div>
<div>Set( $LogDir, '/var/log/' );</div><div>Set( $LogToFileNamed, 'rt.log' );</div><div>Set( $LogToSyslog, 'debug' );</div></div><div><br></div><div>I'm not getting any detailed information at all. In fact, the rt.log file isn't even being created. I had tried to set the directory to /opt/rt4/log, but the file wasn't being created there, either.</div>
<div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><div><br clear="all"><div>-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<div>
<br></div><div>"<span style="line-height:18px;font-size:13px;font-family:arial,sans-serif">We'll get along much better once you accept that you're wrong and neither am I." - Me</span></div>
</div>
<br><br></div><div><div><div class="gmail_quote">On Fri, Oct 18, 2013 at 7:51 AM, Parish, Brent <span dir="ltr"><<a href="mailto:bparish@cognex.com" target="_blank">bparish@cognex.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi Matthew<u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">It sounds to me like you were authenticating ok initially, but getting an error in creating the user.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">And to answer your initial question about the group and group_attr settings, I don’t use those at all and it works fine for me.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I would recommend putting things back to how you first had them (to generate the error your originally posted), turn the log level up to debug, and try again.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">There are some debug statements within that method that may help identify where it is choking.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>-<span style="font:7.0pt "Times New Roman""> </span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Brent<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div><div><div><div><div><div><div><div><div><div><div><div><p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a"> </span><u></u><u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Mathew Snyder [mailto:<a href="mailto:mathew.snyder@gmail.com" target="_blank">mathew.snyder@gmail.com</a>] <br>
<b>Sent:</b> Thursday, October 17, 2013 1:50 PM</span><u></u><u></u></p><div><p class="MsoNormal" style="margin-left:.5in"><br><b>To:</b> Jeff Solberg<br><b>Cc:</b> <a href="mailto:rt-users@lists.bestpractical.com" target="_blank">rt-users@lists.bestpractical.com</a><u></u><u></u></p>
</div><p class="MsoNormal" style="margin-left:.5in"><b>Subject:</b> Re: [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please<u></u><u></u></p></div></div><div><div><div><p class="MsoNormal" style="margin-left:.5in">
<u></u><u></u></p><div><p class="MsoNormal" style="margin-left:.5in">I found another thread that indicated that the solution to the second problem was to add @domain to the end of the username. That just reverted to the previous list of errors with a couple new ones.<u></u><u></u></p>
<div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42.<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611.<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613.<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 16:47:50 zen-rt RT: [24673] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged: <u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not set user info<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from 192.168.236.102<u></u><u></u></p></div></div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div></div></div><div><div><div><div><div>
<div>
<div><div><p class="MsoNormal" style="margin-left:.5in"><br clear="all"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a"> </span><u></u><u></u></p><p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546a"> </span><u></u><u></u></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal" style="margin-left:.5in">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:rt-users-bounces@lists.bestpractical.com" target="_blank">rt-users-bounces@lists.bestpractical.com</a> [mailto:<a href="mailto:rt-users-bounces@lists.bestpractical.com" target="_blank">rt-users-bounces@lists.bestpractical.com</a>] <b>On Behalf Of </b>Mathew Snyder</span></p>
<div><div><br><b>Sent:</b> Thursday, October 17, 2013 1:19 PM<br><b>To:</b> <a href="mailto:rt-users@lists.bestpractical.com" target="_blank">rt-users@lists.bestpractical.com</a><br><b>Subject:</b> [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please</div>
</div><u></u><u></u><p></p></div><div><div><div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p><div><p class="MsoNormal" style="margin-left:.5in">These are the settings I've started with:<u></u><u></u></p>
<div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><div><p class="MsoNormal" style="margin-left:.5in">Set($ExternalSettings, {<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
'AD' => {<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'type' => 'ldap',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
'server' => '<a href="http://domain_controller.example.com" target="_blank">domain_controller.example.com</a>',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
'base' => 'dc=example,dc=com',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'user' => 'rtuser',<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in"> 'pass' => '********',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'filter' => '(ObjectClass=*)',<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in"> 'tls' => 0,<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'ssl_version' => 3,<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in"> 'net_ldap_args' => [ version => 3 ],<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'attr_match_list' => [<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in"> 'EmailAddress',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> ],<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
'attr_map' => {<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'Name' => 'sAMAccountName',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
'EmailAddress' => 'mail',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> 'RealName' => 'cn',<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
},<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">They aren't working. Whenever someone attempts an initial login with just their username (which should create their RT account) the following error is logged:<u></u><u></u></p>
</div><div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613.<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 15:02:29 zen-rt RT: [23131] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged:<u></u><u></u></p>
</div></div><div><div><p class="MsoNormal" style="margin-left:.5in">Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not set user info<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from 192.168.236.102<u></u><u></u></p></div></div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
When initial logins are attempted with either example\username or <a href="http://example.com" target="_blank">example.com</a>\username only the FAILED LOGIN line is displayed.<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">We also have our Openfire Jabber server authenticating successfully. Those settings are<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
ldap.autoFollowAliasReferrals = true<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.autoFollowReferrals = false<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.baseDN = dc=example,dc=com<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">ldap.connectionPoolEnabled = true<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.debugEnabled = false<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
ldap.emailField = mail<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.encloseDNs = true<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.groupDescriptionField = description<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">ldap.groupMemberField = member<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.groupNameField = cn<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
ldap.groupSearchFilter = (objectClass=group)<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.host = <a href="http://domain_controller.example.com" target="_blank">domain_controller.example.com</a><u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in">ldap.ldapDebugEnabled = false<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.nameField = cn<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">
ldap.port = 389<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.searchFilter = (objectClass=*)<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">ldap.usernameField = sAMAccountName<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">I know they don't match up exactly in terms of what Openfire calls the settings vs. what RT does, but I'm hoping someone can help me sort out what should be plugged in where on the RT side. For example, I don't know what the group_attr or group_attr_value setting should contain (if anything) in the RT_SiteConfig.pm file. Basically, anything from the "group" settings.<u></u><u></u></p>
</div><div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<u></u><u></u></p>
<div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div><div><p class="MsoNormal" style="margin-left:.5in">"<span style="font-size:10.0pt;font-family:"Arial","sans-serif";background:white">We'll get along much better once you accept that you're wrong and neither am I." - Me</span><u></u><u></u></p>
</div></div></div></div></div></div></div></div></div></div></div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div></div></div></div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p>
</div>
</div></div></div></div></div><p class="MsoNormal" style="margin-left:.5in"> <u></u><u></u></p></div></div></div></div></div></div><p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p></div></div></div></div>
</blockquote>
</div><br></div></div></div>
</blockquote></div><br></div></div>