<div dir="ltr"><div>This may help:</div><div><br></div><a href="http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html">http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html</a><br><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner <span dir="ltr"><<a href="mailto:yan@seiner.com" target="_blank">yan@seiner.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm coming back to RT after a few years. I am trying to set up external auth against our AD server.<br>
<br>
I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser.<br>
<br>
The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD:<br>
<br>
$wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" );<br>
<br>
And I can't find anything like that in the RT config.<br>
<br>
Does anyone have a working AD external auth they can share?<br>
<br>
Thanks.<br>
<br>
Here's the logfile snippet:<br>
<br>
[4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)<br>
[4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)<br>
[4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params:<br>
username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)<br>
[4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)<br>
[4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483)<br>
[4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)<br>
[4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)<br>
<br>
And here's the setup in RTSiteConfig.pm:<br>
<br>
Plugin('RT::Authen::ExternalAuth');<br>
Set($ExternalAuthPriority, [ 'My_LDAP' ]);<br>
Set($ExternalInfoPriority, [ 'My_LDAP' ]);<br>
Set($ExternalSettings, {<br>
'My_LDAP' => {<br>
'type' => 'ldap',<br>
'server' => '<a href="http://file_print.hpm.net" rel="noreferrer" target="_blank">file_print.hpm.net</a>',<br>
# By not passing 'user' and 'pass' we are using an anonymous<br>
# bind, which some servers to not allow<br>
'base' => 'dc=hpm,dc=net',<br>
'filter' => '(objectClass=inetOrgPerson)',<br>
# Users are allowed to log in via email address or account<br>
# name<br>
'attr_match_list' => [<br>
'Name',<br>
# 'EmailAddress',<br>
],<br>
# Import the following properties of the user from LDAP upon<br>
# login<br>
'attr_map' => {<br>
'Name' => 'sAMAccountName',<br>
'EmailAddress' => 'mail',<br>
'RealName' => 'cn',<br>
'WorkPhone' => 'telephoneNumber',<br>
'Address1' => 'streetAddress',<br>
'City' => 'l',<br>
'State' => 'st',<br>
'Zip' => 'postalCode',<br>
'Country' => 'co',<br>
},<br>
},<br>
} );<br>
<br>
</blockquote></div><br></div>