<div dir="ltr">Good Afternoon... T S.<div><br></div><div>  I apologize for not reading the back and forth you have already had here with Lush, in advance. However, I did a post a while back regarding getting LDAP authentication to work and there may be a couple of items here that could help.</div><div><br></div><div>  My configuration is posted here as well:</div><div><br></div><div>  <a href="http://trevthorpe.blogspot.com/">http://trevthorpe.blogspot.com/</a></div><div><br></div><div>  Hope you find this helpful, figured it couldn't hurt.</div><div><br></div><div>  Thanks,</div><div><br>Trev</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 5, 2016 at 12:05 PM, Lush, Aaron <span dir="ltr"><<a href="mailto:alush@scentral.k12.in.us" target="_blank">alush@scentral.k12.in.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:georgia,serif;font-size:small">The only thing that jumps out to me is that under "External Settings" you are domain\service name, whereas in Set$(  LDAPUser) you are using the DistinguishedName. I had similar issues in my RT 4.4 deployment until I made both of those settings follow the DistinguishedName. </div></div><div class="gmail_extra"><span class=""><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><font face="georgia, serif">Sincerely,</font><div><font face="georgia, serif"><br></font></div><div><font face="georgia, serif">Aaron Lush</font></div><div><font face="georgia, serif">Network Administrator</font></div><div><font face="georgia, serif">South Central Community School Corporation</font></div><div><font face="georgia, serif"><a href="tel:%28219%29%20767-2266%20ext.%201111" value="+12197672266" target="_blank">(219) 767-2266 ext. 1111</a></font></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On Thu, May 5, 2016 at 10:05 AM, t s <span dir="ltr"><<a href="mailto:zzzz67@hotmail.com" target="_blank">zzzz67@hotmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




<div dir="ltr">
<div style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:Calibri,Arial,Helvetica,sans-serif">
<p></p>
<p>Here you go:</p>
<p>By the way, I just changed the line below from <span>            'server'                    =>  'LDAPSERVER:389' to
<span>'server'                    => </span>'<a href="http://LDAPSERVER.CORP.COMPANYNAME.NET:389" target="_blank">LDAPSERVER.CORP.COMPANYNAME.NET:389</a>' and restarted so I will see if that has any effect on the error not coming back up or not.</span></p>
<p><span><br>
</span></p>
<p><br>
</p>
<p>Set($WebPath , "");<br>
Set($WebBaseURL, "<a href="http://rt.servername.companyname.com" target="_blank">http://rt.servername.companyname.com</a>");<br>
<br>
Set($RestrictReferrer, '0'); </p>
<p>Set($DatabaseAdmin, 'root');</p>
<p>Set($LogoURL, '<a href="https://bestpractical.com/images/logo.png'" target="_blank">https://bestpractical.com/images/logo.png'</a>);<br>
Set($WebDefaultStylesheet, 'rudder');</p>
<p>Set($LogToFile, 'error');</p>
<p>Set($SetOutgoingMailFrom, "<a href="mailto:RT_Tracker@companyname.com" target="_blank">RT_Tracker@companyname.com</a>");<br>
Set($SMTPFrom, "<a href="http://mail-out.smtp.companyname.com" target="_blank">mail-out.smtp.companyname.com</a>");<br>
Set($ParseNewMessageForTicketCcs, 1);<br>
Set($HomePageRefreshInterval, 120);<br>
Set($NotifyActor,1)<br>
</p>
<p>Set($SendmailArguments, "-t");<br>
Set($MailCommand, "sendmail");<br>
Plugin( "RT::Authen::ExternalAuth" );<br>
Plugin('RT::Extension::LDAPImport');</p>
<p><br>
</p>
<p>    Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');<br>
    Set($LDAPUser,'cn=<span>companyname</span>\\svc.servicename,cn=Users,dc=Corp,DC=<span>companyname</span>,DC=net');<br>
    Set($LDAPPassword,'password');<br>
    Set($LDAPBase, 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');<br>
    Set($LDAPFilter, '(&(objectClass=person))');<br>
    Set($LDAPMapping, {Name         => 'sAMAccountName', # required<br>
                       EmailAddress => 'mail',<br>
                       RealName     => 'cn',<br>
                       WorkPhone    => 'telephoneNumber',<br>
                       Organization => 'departmentName'});<br>
Set($LDAPSizeLimit, 1000);<br>
        <br>
</p>
<p>Set($ExternalAuthPriority, ['<span>companyname</span>LDAP']);<br>
Set($ExternalInfoPriority, ['<span>companyname</span>LDAP']);<br>
Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );<br>
Set($AutoCreateNonExternalUsers, 1);</p>
<p><br>
</p>
<p><br>
Set($ExternalSettings, {<br>
        <br>
        'companynameLDAP'       =>  {<br>
            'type'                      =>  'ldap',<br>
            'server'                    =>  'LDAPSERVER:389',<br>
            'user'                      =>  '<span>companyname</span>\\svc.servicename',<br>
            'pass'                      =>  'password',<br>
            'base'                      =>  'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',<br>
            'filter'                    =>  '(objectClass=person)',<br>
            'd_filter'                  =>  '(objectClass=asdf)',<br>
            'net_ldap_args'             => [    version =>  3   ],<br>
            'attr_match_list' => [<br>
                 'Name',<br>
                 'EmailAddress',<br>
            ],<br>
            'attr_map' => {<br>
                'Name' => 'sAMAccountName',<br>
                'EmailAddress' => 'mail',<br>
                'Organization' => 'physicalDeliveryOfficeName',<br>
                'RealName' => 'cn',<br>
                'ExternalAuthId' => 'sAMAccountName',<br>
                'Gecos' => 'sAMAccountName',<br>
                'WorkPhone' => 'telephoneNumber',<br>
                'Address1' => 'streetAddress',<br>
                'City' => 'l',<br>
                'State' => 'st',<br>
                'Zip' => 'postalCode',<br>
                'Country' => 'co'                                                           },                                                                              },                                                                            } );</p>
<p><br>
             <br>
Set($WebRemoteuserAuth,1);<br>
Set($WebRemoteUserContinuous,1);<br>
Set($WebFallbackToRTLogin, undef);<br>
Set($WebRemoteUserGecos,1);<br>
Set($WebRemoteUserAutocreate,1);</p>
<p>Set( $rtname, 'C<span>ompanyName</span> RT' );<br>
Set( $CommentAddress, '' );<br>
Set( $CorrespondAddress, '' );<br>
Set( $DatabaseHost, 'localhost' );<br>
Set( $DatabaseName, 'rt_database' );<br>
Set( $DatabasePassword, 'password' );<br>
Set( $DatabasePort, '3306' );<br>
Set( $DatabaseType, 'mysql' );<br>
Set( $DatabaseUser, 'root' );<br>
Set( $Organization, '<span>companyname</span>.com' );<br>
Set( $OwnerEmail, '<a href="mailto:owner@companyname.com" target="_blank">owner@companyname.com</a>' );<br>
Set( $SendmailPath, 'usr/lib/sendmail' );<br>
Set( $SendmailArguments, "-t");<br>
Set( $MailCommand, "sendmail");<br>
Set( $WebDomain, 'rt.servername.<span>companyname</span>.com' );<br>
Set( $WebPort, '443' );<br>
</p>
<p>Set(%CustomFieldGroupings,<br>
       'RT::Ticket' => [<br>
       'Basics' => ['Trigger Code']<br>
   ]<br>
   );<br>
Set($CanonicalizeRedirectURLs, 0); <br>
1;<br>
</p>
<br>
<p></p>
<br>
<br>
<div style="color:rgb(0,0,0)">
<hr style="width:98%;display:inline-block">
<div dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> Lush, Aaron <<a href="mailto:alush@scentral.k12.in.us" target="_blank">alush@scentral.k12.in.us</a>><br>
<b>Sent:</b> Thursday, May 5, 2016 10:49 AM<br>
<b>To:</b> t s<br>
<b>Cc:</b> <a href="mailto:rt-users@lists.bestpractical.com" target="_blank">rt-users@lists.bestpractical.com</a><br>
<b>Subject:</b> Re: [rt-users] LDAP External Auth intermittent failure</font>
<div> </div>
</div>
<div><div><div>
<div dir="ltr">
<div class="gmail_default" style="font-family:georgia,serif;font-size:small">
Would you please post your LDAP configuration in RT_SiteConfig.pm? Omitting any sensitive information, of course. </div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font face="georgia, serif">Sincerely,</font>
<div><font face="georgia, serif"><br>
</font></div>
<div><font face="georgia, serif">Aaron Lush</font></div>
<div><font face="georgia, serif">Network Administrator</font></div>
<div><font face="georgia, serif">South Central Community School Corporation</font></div>
<div><font face="georgia, serif"><a href="tel:%28219%29%20767-2266%20ext.%201111" value="+12197672266" target="_blank">(219) 767-2266 ext. 1111</a></font></div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, May 5, 2016 at 8:15 AM, t s <span dir="ltr"><<a href="mailto:zzzz67@hotmail.com" target="_blank">zzzz67@hotmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div dir="ltr">
<div style="color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255)">
<p>Getting an intermittent "<span>RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49</span>" error very similar to: 
<a href="http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html" target="_blank">
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html</a>.</p>
<p></p>
<div style="width:100%;text-indent:0px;overflow:auto;margin-bottom:20px;display:inline-block">
<table style="width:90%;overflow:auto;padding-top:20px;padding-bottom:20px;margin-top:20px;border-top-color:rgb(200,200,200);border-bottom-color:rgb(200,200,200);border-top-width:1px;border-bottom-width:1px;border-top-style:dotted;border-bottom-style:dotted;background-color:rgb(255,255,255)" cellspacing="0">
<tbody>
<tr valign="top" style="border-spacing:0px">
<td style="width:250px;padding-right:20px;display:table-cell" colspan="1">
<div style="margin:auto;width:100px;display:table;min-height:100px;background-color:rgb(255,255,255)">
<a style="text-align:center;display:table-cell" href="http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html" target="_blank"><img width="100" height="100" style="border-width:0px;width:100px;margin-right:auto;margin-left:auto;vertical-align:bottom;display:inline-block;min-height:100px;max-height:250px;max-width:250px" src="http://www.gravatar.com/avatar/26ccab0b62375e40455160ff3e911dc4?s=100&r=pg&d=http%3A%2F%2Fn7.nabble.com%2Fimages%2Favatar100.png"></a></div>
</td>
<td style="padding:0px;vertical-align:top;display:table-cell" colspan="2">
<div style="float:right"></div>
<div style="color:rgb(0,120,215);line-height:21px;font-family:"wf_segoe-ui_light","Segoe UI Light","Segoe WP Light","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;font-size:21px;font-weight:400">
<a title="http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
Ctrl+Click or tap to follow the link" style="text-decoration:none" href="http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html" target="_blank">LDAP
 External Auth intermittent failure - RequestTracker</a></div>
<div style="margin:10px 0px 16px;color:rgb(102,102,102);line-height:14px;font-family:"wf_segoe-ui_normal","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;font-size:14px;font-weight:400">
<a href="http://requesttracker.8502.n7.nabble.com" target="_blank">requesttracker.8502.n7.nabble.com</a></div>
<div style="color:rgb(102,102,102);line-height:20px;overflow:hidden;font-family:"wf_segoe-ui_normal","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;font-size:14px;font-weight:400;display:block;max-height:100px">
LDAP External Auth intermittent failure. I'm using RT-4.2.7 installed from source, on ubuntu 14.04LTS. I've been trying to get the External Auth (0.23) extension ...</div>
</td>
</tr>
</tbody>
</table>
</div>
<p></p>
<p>Almost daily the External Auth will randomly start getting the binding error above and stop accepting LDAP logins, a simple restart of RT fixes the problem.  I'm using External Auth 0.25 and RT 4.2.12.  The only suggestion in the post above is to update
 RT but these are both recent stable versions.   </p>
<p><br>
</p>
<p>Anyone ran into this problem?  Is it an RT_SiteConfig problem?  I wouldn't think so since it works for around 24 hours and then stops.  Could it be some kind of network connectivity problem?<br>
</p>
</div>
</div>
<br>
---------<br>
RT 4.4 and RTIR Training Sessions <a title="https://bestpractical.com/training
Ctrl+Click or tap to follow the link" href="https://bestpractical.com/training" rel="noreferrer" target="_blank">
https://bestpractical.com/training</a><br>
* Washington DC - May 23 & 24, 2016<br>
<br>
</blockquote>
</div>
<br>
</div>
<br></div></div>
Email Confidentiality Notice: This email message, including all attachments, is for the sole use of the intended recipient(s) and contains confidential information. If you are not the intended recipient, you may not use, disclose, print, copy or disseminate
 this information. Please reply and notify the sender, delete the message and any attachments and destroy all copies.
<br>
</div>
</div>
</div>
</div>

</blockquote></div><br></div></div></div><div class="HOEnZb"><div class="h5">

<br>
Email Confidentiality Notice: This email message, including all attachments, is for the sole use of the intended recipient(s) and contains confidential information. If you are not the intended recipient, you may not use, disclose, print, copy or disseminate this information. Please reply and notify the sender, delete the message and any attachments and destroy all copies. <br></div></div><br>---------<br>
RT 4.4 and RTIR Training Sessions <a href="https://bestpractical.com/training" rel="noreferrer" target="_blank">https://bestpractical.com/training</a><br>
* Washington DC - May 23 & 24, 2016<br>
<br></blockquote></div><br></div>