[rt-users] LDAP issues with new install
Sean W. Mahan
smahan at smwm.com
Wed Jul 5 14:22:28 EDT 2006
Hello all,
I've been having some trouble setting up a new install of 3.6
(on Ubuntu server 6.06) with LDAP authenticating against AD (on 2003 R1
SP1). Login fails for new AD users. I set up an account in RT (with a
different-from-in-AD password) and tried to log in using the AD
password, and the log reported having updated the user information, but
authentication failed. Logging in with the password set in RT seems to
find the user in AD and update info, but IsLDAPPassword fails. One
mystery is the "Transaction->Create couldn't, as you didn't specify an
object type and id" error. The other is that LDAP lookups seem to be
working - although LookupExternalUserInfo doesn't report the values for
any of the fields - but authentication does not. At this point, I
really don't know if my problem is in AD somewhere, or in my RT config.
Apologies for the lengthy, log-filled email, but can anyone offer any
hints? Thanks,
-Sean
** Here's the LDAP sections of my SiteConfig **
Set($AuthMethods, ['LDAP','Internal']);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'company',
'RealName' => 'cn',
'ExternalContactInfoId' => 'dn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'}
);
Set($LdapRTAttrMatchList, ['Name','ExternalContactInfoId',
'EmailAddress', 'RealName']
);
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
'mailAlternateAddress']
);
Set($LdapServer, '[DC ip address]');
Set($LdapBase, 'CN=users,DC=smwm,DC=com');
#Set($LdapBase, 'CN=SMWM,OU=SMWMSF Distribution Lists,DC=smwm,DC=com');
Set($LdapFilter, "(objectclass=sAMAccountName)");
Set($LdapUser, '[user]@smwm.com');
Set($LdapPass, '[password]');
Set($LdapSSLVersion, 3);
Now some logs:
**First off, a search to make sure LDAP is actually working, DNs are
correct, etc**
ldapsearch -x -h [ip address] -b "CN=users,DC=smwm,DC=com" -D
"SMWMSF\[user]" -w "[password]" "sn=smahan"
# extended LDIF
#
# LDAPv3
# base <CN=users,DC=smwm,DC=com> with scope sub
# filter: sn=smahan
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
**Logging in as a user in AD, but not yet in RT**
[Wed Jul 5 17:55:07 2006] [warning]: Transaction->Create couldn't, as
you didn't specify an object type and id
(/opt/rt3/lib/RT/Record.pm:1467)
[Wed Jul 5 17:55:07 2006] [debug]: Trying LDAP authentication
(/opt/rt3/local/lib/RT/User_Local.pm:155)
[Wed Jul 5 17:55:07 2006] [info]: RT::User::IsLDAPPassword AUTH FAILED:
smahan (/opt/rt3/local/lib/RT/User_Local.pm:184)
[Wed Jul 5 17:55:07 2006] [debug]: RT::User::IsPassword auth method
IsLDAPPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 17:55:07 2006] [info]: RT::User::IsInternalPassword AUTH
FAILED (no passwd): smahan (/opt/rt3/local/lib/RT/User_Local.pm:234)
[Wed Jul 5 17:55:07 2006] [debug]: RT::User::IsPassword auth method
IsInternalPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 17:55:07 2006] [error]: FAILED LOGIN for smahan from
172.16.1.170 (/opt/rt3/share/html/autohandler:238)
**Logging in as a domain user manually added to RT, using the AD
password**
[Wed Jul 5 18:05:26 2006] [debug]: RT::User::CanonicalizeUserInfo
called by RT::User /opt/rt3/local/lib/RT/User_Local.pm 608 with: Name:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:373)
[Wed Jul 5 18:05:26 2006] [debug]: RT::User::LookupExternalUserInfo
called with baseDN "CN=users,DC=smwm,DC=com" and filter
"sAMAccountName=officelaptop" by RT::User
/opt/rt3/local/lib/RT/User_Local.pm 388
(/opt/rt3/local/lib/RT/User_Local.pm:503)
[Wed Jul 5 18:05:26 2006] [info]: RT::User::LookupExternalUserInfo :
CN=users,DC=smwm,DC=com sAMAccountName=officelaptop => EmailAddress: ,
Name: , RealName: (/opt/rt3/local/lib/RT/User_Local.pm:558)
[Wed Jul 5 18:05:26 2006] [info]: RT::User::CanonicalizeUserInfo
returning Name: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:406)
[Wed Jul 5 18:05:26 2006] [debug]: UPDATED user officelaptop from LDAP
(/opt/rt3/local/lib/RT/User_Local.pm:617)
[Wed Jul 5 18:05:26 2006] [debug]: RT::User::CanonicalizeUserInfo
called by RT::User /opt/rt3/local/lib/RT/User_Local.pm 608 with: Name:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:373)
[Wed Jul 5 18:05:26 2006] [debug]: RT::User::LookupExternalUserInfo
called with baseDN "CN=users,DC=smwm,DC=com" and filter
"sAMAccountName=officelaptop" by RT::User
/opt/rt3/local/lib/RT/User_Local.pm 388
(/opt/rt3/local/lib/RT/User_Local.pm:503)
[Wed Jul 5 18:05:27 2006] [info]: RT::User::LookupExternalUserInfo :
CN=users,DC=smwm,DC=com sAMAccountName=officelaptop => EmailAddress: ,
Name: , RealName: (/opt/rt3/local/lib/RT/User_Local.pm:558)
[Wed Jul 5 18:05:27 2006] [info]: RT::User::CanonicalizeUserInfo
returning Name: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:406)
[Wed Jul 5 18:05:27 2006] [debug]: UPDATED user officelaptop from LDAP
(/opt/rt3/local/lib/RT/User_Local.pm:617)
[Wed Jul 5 18:05:27 2006] [debug]: Trying LDAP authentication
(/opt/rt3/local/lib/RT/User_Local.pm:155)
[Wed Jul 5 18:05:27 2006] [info]: RT::User::IsLDAPPassword AUTH FAILED:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:184)
[Wed Jul 5 18:05:27 2006] [debug]: RT::User::IsPassword auth method
IsLDAPPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 18:05:27 2006] [info]: RT::User::IsInternalPassword AUTH
FAILED: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:257)
[Wed Jul 5 18:05:27 2006] [debug]: RT::User::IsPassword auth method
IsInternalPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 18:05:27 2006] [debug]: Trying LDAP authentication
(/opt/rt3/local/lib/RT/User_Local.pm:155)
[Wed Jul 5 18:05:27 2006] [info]: RT::User::IsLDAPPassword AUTH FAILED:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:184)
[Wed Jul 5 18:05:27 2006] [debug]: RT::User::IsPassword auth method
IsLDAPPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 18:05:27 2006] [info]: RT::User::IsInternalPassword AUTH
FAILED: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:257)
[Wed Jul 5 18:05:27 2006] [debug]: RT::User::IsPassword auth method
IsInternalPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 18:05:27 2006] [error]: FAILED LOGIN for officelaptop from
172.16.1.170 (/opt/rt3/share/html/autohandler:238)
**Logging in as a domain user manually added to RT, using the RT
password**
[Wed Jul 5 18:09:06 2006] [debug]: RT::User::CanonicalizeUserInfo
called by RT::User /opt/rt3/local/lib/RT/User_Local.pm 608 with: Name:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:373)
[Wed Jul 5 18:09:06 2006] [debug]: RT::User::LookupExternalUserInfo
called with baseDN "CN=users,DC=smwm,DC=com" and filter
"sAMAccountName=officelaptop" by RT::User
/opt/rt3/local/lib/RT/User_Local.pm 388
(/opt/rt3/local/lib/RT/User_Local.pm:503)
[Wed Jul 5 18:09:06 2006] [info]: RT::User::LookupExternalUserInfo :
CN=users,DC=smwm,DC=com sAMAccountName=officelaptop => EmailAddress: ,
Name: , RealName: (/opt/rt3/local/lib/RT/User_Local.pm:558)
[Wed Jul 5 18:09:06 2006] [info]: RT::User::CanonicalizeUserInfo
returning Name: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:406)
[Wed Jul 5 18:09:06 2006] [debug]: UPDATED user officelaptop from LDAP
(/opt/rt3/local/lib/RT/User_Local.pm:617)
[Wed Jul 5 18:09:06 2006] [debug]: RT::User::CanonicalizeUserInfo
called by RT::User /opt/rt3/local/lib/RT/User_Local.pm 608 with: Name:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:373)
[Wed Jul 5 18:09:06 2006] [debug]: RT::User::LookupExternalUserInfo
called with baseDN "CN=users,DC=smwm,DC=com" and filter
"sAMAccountName=officelaptop" by RT::User
/opt/rt3/local/lib/RT/User_Local.pm 388
(/opt/rt3/local/lib/RT/User_Local.pm:503)
[Wed Jul 5 18:09:06 2006] [info]: RT::User::LookupExternalUserInfo :
CN=users,DC=smwm,DC=com sAMAccountName=officelaptop => EmailAddress: ,
Name: , RealName: (/opt/rt3/local/lib/RT/User_Local.pm:558)
[Wed Jul 5 18:09:06 2006] [info]: RT::User::CanonicalizeUserInfo
returning Name: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:406)
[Wed Jul 5 18:09:06 2006] [debug]: UPDATED user officelaptop from LDAP
(/opt/rt3/local/lib/RT/User_Local.pm:617)
[Wed Jul 5 18:09:06 2006] [debug]: Trying LDAP authentication
(/opt/rt3/local/lib/RT/User_Local.pm:155)
[Wed Jul 5 18:09:06 2006] [info]: RT::User::IsLDAPPassword AUTH FAILED:
officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:184)
[Wed Jul 5 18:09:06 2006] [debug]: RT::User::IsPassword auth method
IsLDAPPassword FAILED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 18:09:06 2006] [info]: RT::User::IsInternalPassword AUTH
OKAY: officelaptop (/opt/rt3/local/lib/RT/User_Local.pm:241)
[Wed Jul 5 18:09:06 2006] [debug]: RT::User::IsPassword auth method
IsInternalPassword SUCCEEDED (/opt/rt3/local/lib/RT/User_Local.pm:293)
[Wed Jul 5 18:09:06 2006] [info]: Successful login for officelaptop
from 172.16.1.170
(/opt/rt3/local/html/Callbacks/LDAP/autohandler/Auth:46)
Sean W. Mahan
IT Services
smahan at smwm.com
SMWM
989 Market Street, 3rd Floor
San Francisco, CA 94103
415.882.3092 D
415.882.7098 F
www.smwm.com
This e-mail is intended only for use and/or review of the
individual or entity to whom it is addressed and may be
for a limited purpose and/or confidential and/or privileged
communication protected by law. Any unauthorized use,
dissemination, distribution, disclosure or copying is strictly
prohibited. If you have received this communication in
error, please notify us immediately by return e-mail and
kindly delete this message from your system. Thank you in
advance for your cooperation.
More information about the rt-users
mailing list