<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1308630684;
mso-list-type:hybrid;
mso-list-template-ids:-1521611836 -1092694172 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1
{mso-list-id:1497845494;
mso-list-template-ids:317381170;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If this is working for you as expected, then that’s wonderful and congratulations!<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>You are correct in your original thinking – I have the AutoCreateNonExternalUsers turned on, but that’s not required to authenticate against AD.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>That setting is used if you want to go ahead and create the new user in RT when they first hit RT, <i>even if they don’t currently exist in AD</i>.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>With this turned on, I can now add tickets for new hires, with the new hire as the requestor, even though I have not created their account in AD yet.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Then I use the LDAPImport extension to sync the account details later, after they have been added to AD.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>As to logging:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I created a log directory under /opt/rt4/var for all my logs. I then touched the rt.log file to create it and I changed owner and group of the log dir (and rt.log file) so that the web server could write to it.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Set($LogToFile, 'debug');<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Set($LogDir, '/opt/rt4/var/log');<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Set($LogToFileNamed, "rt.log");<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Good luck, glad to hear you are making progress!<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Brent<o:p></o:p></span></p><p class=MsoListParagraph><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Mathew Snyder [mailto:mathew.snyder@gmail.com] <br><b>Sent:</b> Friday, October 18, 2013 9:10 PM<br><b>To:</b> Parish, Brent<br><b>Cc:</b> rt-users@lists.bestpractical.com<br><b>Subject:</b> Re: [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please<o:p></o:p></span></p></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><div><p class=MsoNormal style='margin-left:.5in'>I have solved this problem!<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>I had the $AutoCreateNonExternalUsers set to 0. I changed it to 1.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>I completely misinterpreted this setting. I have an AD account which I thought would be considered internal and therefore be created when I first logged in.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Frankly, I'm still confused about what I was thinking. Either way, it works.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'><br clear=all><o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'>-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>"<span style='font-size:10.0pt;font-family:"Arial","sans-serif";background:white'>We'll get along much better once you accept that you're wrong and neither am I." - Me</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in'><o:p> </o:p></p><div><p class=MsoNormal style='margin-left:.5in'>On Fri, Oct 18, 2013 at 8:57 PM, Mathew Snyder <<a href="mailto:mathew.snyder@gmail.com" target="_blank">mathew.snyder@gmail.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'>I seem to be getting closer. I'm down to only the "FAILED LOGIN for user from..." error.<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>I've found that in order to get down to just that I have to include the domain in the username either as<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>domain\user<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>domain.local\user<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]>user@domain<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in;text-indent:-.25in;mso-list:l1 level1 lfo1'><![if !supportLists]><span style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><a href="mailto:user@domain.local">user@domain.local</a><o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'>However, if I use just the username I get<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'>[3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607)<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>[3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:611)<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>[3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:613)<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>[3221] [Sat Oct 19 00:44:37 2013] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>[3221] [Sat Oct 19 00:44:37 2013] [error]: Couldn't create user user: Could not set user info (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:278)<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>[3221] [Sat Oct 19 00:44:37 2013] [error]: FAILED LOGIN for user from 192.168.236.119 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814)<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>The domain does not seem to be getting passed as part of the username when I attempt to log in. Interestingly, though, when I don't use the domain, I do get the info line in the log which contains bits of information that wouldn't otherwise be returned from AD. If I do use the domain that doesn't get returned, but I'm still unable to log in.<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>I know my credentials are accurate because they are the same as I use to log into our VPN and that is tied to AD.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>My current settings:<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'>Set($ExternalAuthPriority, [ 'AD' ] );<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Set($ExternalServiceUsesSSLorTLS, 0);<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Set($AutoCreateNonExternalUsers, 0);<o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'>Set($ExternalSettings, {<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'AD' => {<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'type' => 'ldap',<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'> 'server' => 'dc1.domain.local',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'base' => 'dc=domain,dc=local',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'user' => 'rtuser',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'pass' => 'xxxxxxxx',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'filter' => '(ObjectClass=*)',<o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'> 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803=2)',<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'> 'group_scope' => 'base',<o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'> 'tls' => 0,<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'ssl_version' => 3,<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'net_ldap_args' => [ version => 3 ],<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'attr_match_list' => [<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'> 'Name',<o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'> ],<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'attr_map' => {<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'Name' => 'sAMAccountName',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'EmailAddress' => 'mail',<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'> 'Organization' => 'physicalDeliveryOfficeName',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'RealName' => 'cn',<o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'> 'ExternalAuthId' => 'sAMAccountName',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'Gecos' => 'sAMAccountName',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'WorkPhone' => 'telephoneNumber',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'Address1' => 'streetAddress',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'City' => 'l',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'State' => 'st',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'Zip' => 'postalCode',<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> 'Country' => 'co'<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> },<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'> },<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'>} );<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Further assistance will be appreciated.<o:p></o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'><br clear=all><o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'>-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>"<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>We'll get along much better once you accept that you're wrong and neither am I." - Me</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in'><o:p> </o:p></p></div><div><div><div><p class=MsoNormal style='margin-left:.5in'>On Fri, Oct 18, 2013 at 8:08 PM, Mathew Snyder <<a href="mailto:mathew.snyder@gmail.com" target="_blank">mathew.snyder@gmail.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'>I've actually been trying to get debugging turned on for a few days now. I've set all of the variables:<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><div><p class=MsoNormal style='margin-left:.5in'>Set( $LogToSTDERR, 'debug' );<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Set( $LogToFile, 'debug' );<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Set( $LogDir, '/var/log/' );<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Set( $LogToFileNamed, 'rt.log' );<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>Set( $LogToSyslog, 'debug' );<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>I'm not getting any detailed information at all. In fact, the rt.log file isn't even being created. I had tried to set the directory to /opt/rt4/log, but the file wasn't being created there, either.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div><div><div><p class=MsoNormal style='margin-left:.5in'><br clear=all><o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'>-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<o:p></o:p></p><div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:.5in'>"<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>We'll get along much better once you accept that you're wrong and neither am I." - Me</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in'><o:p> </o:p></p></div><div><div><div><p class=MsoNormal style='margin-left:.5in'>On Fri, Oct 18, 2013 at 7:51 AM, Parish, Brent <<a href="mailto:bparish@cognex.com" target="_blank">bparish@cognex.com</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Matthew</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It sounds to me like you were authenticating ok initially, but getting an error in creating the user.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>And to answer your initial question about the group and group_attr settings, I don’t use those at all and it works fine for me.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I would recommend putting things back to how you first had them (to generate the error your originally posted), turn the log level up to debug, and try again.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>There are some debug statements within that method that may help identify where it is choking.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p style='margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>-</span><span style='font-size:7.0pt;color:#1F497D'> </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Brent</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.75in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><div><div><div><div><div><div><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A'> </span><o:p></o:p></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Mathew Snyder [mailto:<a href="mailto:mathew.snyder@gmail.com" target="_blank">mathew.snyder@gmail.com</a>] <br><b>Sent:</b> Thursday, October 17, 2013 1:50 PM</span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><br><b>To:</b> Jeff Solberg<br><b>Cc:</b> <a href="mailto:rt-users@lists.bestpractical.com" target="_blank">rt-users@lists.bestpractical.com</a><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><b>Subject:</b> Re: [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please<o:p></o:p></p></div></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>I found another thread that indicated that the solution to the second problem was to add @domain to the end of the username. That just reverted to the previous list of errors with a couple new ones.<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:47:50 zen-rt RT: [24673] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged: <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not set user info<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from 192.168.236.102<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div></div></div><div><div><div><div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><br clear=all><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#44546A'> </span><o:p></o:p></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <a href="mailto:rt-users-bounces@lists.bestpractical.com" target="_blank">rt-users-bounces@lists.bestpractical.com</a> [mailto:<a href="mailto:rt-users-bounces@lists.bestpractical.com" target="_blank">rt-users-bounces@lists.bestpractical.com</a>] <b>On Behalf Of </b>Mathew Snyder</span><o:p></o:p></p><div><div><p class=MsoNormal style='margin-left:.5in'><br><b>Sent:</b> Thursday, October 17, 2013 1:19 PM<br><b>To:</b> <a href="mailto:rt-users@lists.bestpractical.com" target="_blank">rt-users@lists.bestpractical.com</a><br><b>Subject:</b> [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please<o:p></o:p></p></div></div></div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>These are the settings I've started with:<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Set($ExternalSettings, {<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'AD' => {<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'type' => 'ldap',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'server' => '<a href="http://domain_controller.example.com" target="_blank">domain_controller.example.com</a>',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'base' => 'dc=example,dc=com',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'user' => 'rtuser',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'pass' => '********',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'filter' => '(ObjectClass=*)',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'tls' => 0,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'ssl_version' => 3,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'net_ldap_args' => [ version => 3 ],<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'attr_match_list' => [<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'EmailAddress',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> ],<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'attr_map' => {<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'Name' => 'sAMAccountName',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'EmailAddress' => 'mail',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> 'RealName' => 'cn',<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> },<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>They aren't working. Whenever someone attempts an initial login with just their username (which should create their RT account) the following error is logged:<o:p></o:p></p></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 15:02:29 zen-rt RT: [23131] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged:<o:p></o:p></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not set user info<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from 192.168.236.102<o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>When initial logins are attempted with either example\username or <a href="http://example.com" target="_blank">example.com</a>\username only the FAILED LOGIN line is displayed.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>We also have our Openfire Jabber server authenticating successfully. Those settings are<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.autoFollowAliasReferrals = true<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.autoFollowReferrals = false<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.baseDN = dc=example,dc=com<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.connectionPoolEnabled = true<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.debugEnabled = false<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.emailField = mail<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.encloseDNs = true<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.groupDescriptionField = description<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.groupMemberField = member<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.groupNameField = cn<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.groupSearchFilter = (objectClass=group)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.host = <a href="http://domain_controller.example.com" target="_blank">domain_controller.example.com</a><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.ldapDebugEnabled = false<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.nameField = cn<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.port = 389<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.searchFilter = (objectClass=*)<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>ldap.usernameField = sAMAccountName<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>I know they don't match up exactly in terms of what Openfire calls the settings vs. what RT does, but I'm hoping someone can help me sort out what should be plugged in where on the RT side. For example, I don't know what the group_attr or group_attr_value setting should contain (if anything) in the RT_SiteConfig.pm file. Basically, anything from the "group" settings.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>-Mathew<br><br>"When you do things right, people won't be sure you've done anything at all." - God; Futurama<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'>"<span style='font-size:10.0pt;font-family:"Arial","sans-serif";background:white'>We'll get along much better once you accept that you're wrong and neither am I." - Me</span><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div></div></div></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in'> <o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div></div></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p></div></div></body></html>