<div dir="ltr"><div><div><div>The problem ended up being with the field ExternalAuthID which I didn't realize was removed in 4.4.1.<br><br></div>Removing it from the script corrected the issue and allowed both LDAP Import and Authentication to work beyond where I was getting stuck.<br><br></div>I've included my SiteConfig with the working changes below in case anyone runs into the same issue. I've now moved onto an issue where internal users aren't created when ExternalAuth LDAP fails, and LDAP users aren't created with Privileged. I have some legwork to do before requesting help with these new issues though. <br><br># Configuration<br>Set($rtname, '<a href="http://test.com">test.com</a>');<br>Set($Organization, '<a href="http://rt.test.com">rt.test.com</a>');<br>Set($Timezone, 'US/Pacific');<br>Set($WebDomain, '<a href="http://rt.test.com">rt.test.com</a>');<br>Set($WebPort, 443);<br>Set($WebPath, '');<br><br># Set Ticket Database User<br>Set($DatabaseHost, '');<br>Set($DatabaseUser, "rt_user");<br>#Set($DatabaseUser, "root");<br>Set($DatabasePassword, 'password');<br>#Set($DatabasePassword, 'password');<br>Set($DatabaseName, 'rt4');<br>Set($OwnerEmail, '<a href="mailto:rt@test.com">rt@test.com</a>');<br>Set($DatabaseAdmin, "root");<br><br># Logging<br>Set($LogToSTDERR, 'debug');<br>Set($LogToFile, 'debug');<br>Set($LogDir, '/opt/rt4/var/log/');<br>Set($LogToFileNamed, 'rt.log');<br>Set($LogToSyslog, 'debug');<br>Set($LogToScreen, "error");<br><br><br># You must install Plugins on your own, this is only an example<br># of the correct syntax to use when activating them:<br>#     Plugin( "RT::Authen::ExternalAuth" );<br><br>#Set( $WebRemoteUserAutocreate, 1); <br>#Set( $UserAutocreateDefaultsOnLogin, {Privileged => 0}); No way to differentiate between use for external users and LDAP users, or i'm not seeing it (Documentation indicates same core config var for both packages LDAPImport & RemoteWebUser )<br>#Set( $AutoCreateNonExternalUsers, 1); Isn't working for Non-LDAP users.<br><br># Depreciated: <br># Set($ExternalAuth, 1); No Longer Needed as ExternalAuth is now set when External Settings defined.<br><br><br>Set($ExternalAuthPriority, ['LDAP']);<br>Set($ExternalInfoPriority, ['LDAP']);<br><br><br>Set($ExternalServiceUsesSSLorTLS, 0);<br><br><br><br>Set($ExternalSettings, {<br>    'LDAP' => {<br>        'type'    =>    'ldap',<br>        'server'    => '10.0.2.6',<br>        'user'         => 'ldapreader',<br>        'pass'        => 'password',<br>        'base'        => 'ou=branch,dc=test,dc=local',<br>        'filter'    => '(objectClass=*)',<br>        'd_filter'    => '(userAccountControl:1.2.840.113556.1.4.803:=2)',<br>        'tls'        => 0,<br>        'ssl_version'        => 3,<br>        'net_ldap_args'    => [    version => 3    ],<br>        'attr_match_list'    => [<br>             'Name', 'EmailAddress',<br>         ],<br>         'attr_map' => {<br>             'Name' => 'sAMAccountName',<br>             'EmailAddress' =>    'mail',<br>             'Organization' =>    'physicalDeliveryOfficeName',<br>             'RealName' => 'cn',<br>             'Gecos' => 'sAMAccountName',<br>             'WorkPhone' => 'telephoneNumber',<br>             'Address1' =>    'streetAddress',<br>             'City' => 'l',<br>             'State' => 'st',<br>             'Zip' => 'postalCode',<br>             'Country' => 'co',<br></div>             #'ExternalAuthID' => 'sAMAccountName' - Deprecated 4.4.1<br><div><div>             },<br>         #'group' => 'cn=RTUsers',<br>        'group_scope' => 'sub',<br>         #'group_attr' => 'memberOf',<br>        #'group_attr_value' => 'cn=RTUsers,ou=Security Groups,ou=branch,dc=test,dc=local'<br> <br> },<br> } );<br><br>##LDAP Configurations<br>#LDAP Authentication<br>##LDAP USER IMPORT<br>Set($LDAPHost, 'ldap://<a href="http://10.0.2.6">10.0.2.6</a>');<br>Set($LDAPUser, 'ldapreader');<br>Set($LDAPPassword, 'password');<br>Set($LDAPFilter, '(&(cn = users))');<br><br>Set($LDAPUpdateUsers, 1);<br>Set($LDAPCreatePrivileged, 1);<br><br>#<br>Set($LDAPMapping, {Name         => 'sAMAccountName', # required<br>        EmailAddress => 'mail',<br>        RealName     => 'cn',<br>        WorkPhone    => 'telephoneNumber',<br>        Organization => 'physicalDeliveryOfficeName',<br>});<br><br>Set($LDAPBase, "ou=branch,dc=test,dc=local");<br>Set($LDAPSizeLimit, 1000);<br><br><br>1;<br><br><br></div></div></div>