[rt-users] RT 3.6.5 Setup / LDAP
Edward Kovarski
edward.kovarski at groupkae.com
Fri Oct 19 17:39:02 EDT 2007
David,
Have you looked inside the security event log on the active directory
server to see what Windows sees coming in from your Unix box?
Also, have you tried to use the new Windows domain notation,
"myuser at mydomain"? For example, if you log into the "AD" domain, your
login would be "myuser at ad". I tend to favour his notation in
configuration files as it is simpler to type and less error prone.
Lastly, are there any spaces in your username or any of the OUs?
Ed
On 19-Oct-07, at 5:23 PM, David ROBERT wrote:
> Some more info about my LDAP troubles:
>
> - I went through the RHEL4 + FastCGI Install guide. It works fine for
> RHEL6 + RT 3.6.5 (some minor glitches but got it working properly
> in the
> end).
> - Once I checked that I could log into RT using accounts defined in
> RT I
> proceeded with LDAP Auth using :
> . LDAP Overlay (http://wiki.bestpractical.com/view/LdapOverlay)
> . used the updated User_Local.pm
> (http://www.justatheory.com/computers/programming/perl/rt/
> User_Local.pm.
> ldap)
> . chmode 755 the User_Local.pm and activated DEBUG (use constant
> DEBUG
> => 1)
> . activated debug in my RT_SiteConfig.pm
> . chmod 777 the /opt/rt3/var/log directory
>
> When I try to log into RT using an ActiveDirectory account, I only
> get a
> LOGIN FAILED messages from the autohandler, nothing else.
> I checked all the LDAP info used with ldapsearch and I can properly
> connected and browse LDAP. Note that I have to use the -x option for
> LDAPSEARCH as other connection methods fail.
>
> Any ideas?
>
> Some info about my config:
>
> tail of /etc/httpd/conf/httpd.conf
> ***************************************
> <VirtualHost *:80>
> ServerAdmin root
> ServerName itsupport.generix.fr
> DocumentRoot /opt/rt3/share/html/
> AddDefaultCharset UTF-8
> # Adding the following for RT (the ticket tracker)
> AddHandler fastcgi-script .fcgi
> <Directory "/opt/rt3/share/html">
> Options FollowSymLinks ExecCGI
> AllowOverride None
> </Directory>
> # Pass through requests to for noauth
> Alias /NoAuth/images /opt/rt3/share/html/NoAuth/images
> ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
> LogLevel debug
> </VirtualHost>
> ***************************************
>
> RT_SiteConfig.pm
> ***************************************
> # To check your SiteConfig file, use this comamnd:
> # perl -c /path/to/your/etc/RT_SiteConfig.pm
>
> Set($rtname, 'generix.fr');
> Set($WebBaseURL, "http://itsupport.generix.fr:80");
> Set($WebPath, "");
>
> Set($LogToFile, 'debug');
> Set($LogDir, '/opt/rt3/var/log');
> Set($LogToFileNamed , "rt.log");
>
> Set($LDAPExternalAuth, 1);
> Set($LdapExternalInfo, 1);
> Set($LdapAutoCreateNonLdapUsers, 0);
> Set($AutoCreate, {Privileged => 1});
>
> # Map RT attributes to LDAP attributes
> # The mapping below is known to work in Windows 2003 w/Active
> Directory
> Set( $LdapAttrMap, {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalContactInfoId' => 'dn',
> 'ExternalAuthId' => 'sAMAccountName',
> 'Gecos' => 'sAMAccountName',
> 'HomePhone' => 'homePhone',
> 'WorkPhone' => 'telephoneNumber',
> 'MobilePhone' => 'mobile',
> 'PagerPhone' => 'pager',
> 'Address1' => 'streetAddress',
> 'Address2' => 'postOfficeBox',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co',
> 'FreeformContactInfo' => 'info',
> });
>
> # A list of RT attrs which can uniquely identify a user,
> # ordered from most to least preferred.
> Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
> 'EmailAddress', 'RealName',
> 'WorkPhone', 'Address2']
> );
>
> # A list of LDAP attrs to examine when canonicalizing email addresses,
> # ordered from most to least preferred
> Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
> 'mailAlternateAddress']
> );
>
>
> Set($LdapServer, 'hydrogene.generix.fr');
> Set($LdapUser, 'CN=TheLdapUser,OU=TheMainUsersOU,DC=generix,DC=fr');
> Set($LdapPass, 'ThePassForLdapUser');
> Set($LdapBase, 'OU=TheMainUsersOU,DC=generix,DC=fr');
> Set(LdapUidAttr, 'sAMAccountName');
> Set($LdapFilter, '(objectclass=*)');
> Set($LdapTLS, 0);
> #$LdapGroup ="cn=RT,ou=Group,dc=example,dc=com";
> #$LdapGroupAttribute = 'uniqueMember';
> #$LdapSSLVersion = 3;
> 1;
> ***************************************
>
> /var/log/httpd/error_log after HTTPD restart and failed login
> ***************************************
> [Fri Oct 19 23:07:01 2007] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Fri Oct 19 23:07:01 2007] [warn] module fastcgi_module is already
> loaded, skipping
> [Fri Oct 19 23:07:01 2007] [notice] Digest: generating secret for
> digest
> authentication ...
> [Fri Oct 19 23:07:01 2007] [notice] Digest: done
> [Fri Oct 19 23:07:01 2007] [notice] FastCGI: process manager
> initialized
> (pid 3212)
> [Fri Oct 19 23:07:01 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3213)
> [Fri Oct 19 23:07:02 2007] [notice] mod_python: Creating 4 session
> mutexes based on 256 max processes and 0 max threads.
> [Fri Oct 19 23:07:02 2007] [notice] Apache/2.2.3 (Red Hat)
> configured --
> resuming normal operations
> [Fri Oct 19 23:07:02 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3223)
> [Fri Oct 19 23:07:03 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3227)
> [Fri Oct 19 23:07:04 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3228)
> [Fri Oct 19 23:07:06 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3231)
> [Fri Oct 19 23:07:07 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3234)
> [Fri Oct 19 23:07:08 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3235)
> [Fri Oct 19 23:07:09 2007] [warn] FastCGI: server
> "/opt/rt3/bin/mason_handler.fcgi" started (pid 3239)
> [Fri Oct 19 23:07:42 2007] [error] [client XXX.XXX.XXX.XXX] FastCGI:
> server "/opt/rt3/bin/mason_handler.fcgi" stderr: [Fri Oct 19 21:07:42
> 2007] [error]: FAILED LOGIN for infointerne from XXX.XXX.XXX.XXX
> (/opt/rt3/share/html/autohandler:251), referer:
> http://itsupport.generix.fr/
> ***************************************
> Notice how the 2 error lines are merged in one... dunno why
>> From the look of it, the LDAP User_Local.pm file is not used.
>> dunno why
>
> /opt/rt3/var/log/rt.log after failed login
> ***************************************
> [Fri Oct 19 21:07:42 2007] [error]: FAILED LOGIN for infointerne from
> XXX.XXX.XXX.XXX (/opt/rt3/share/html/autohandler:251)
> ***************************************
>
> RT System Config (warning... very long)
> ***************************************
> Perl v5.8.8 under linux
> Apache::Session v1.84;
> Apache::Session::Generate::MD5 v2.1;
> Apache::Session::Lock::MySQL v1.00;
> Apache::Session::MySQL v1.01;
> Apache::Session::Serialize::Storable v1.01;
> Apache::Session::Store::DBI v1.02;
> Apache::Session::Store::MySQL v1.04;
> AutoLoader v5.60;
> base v2.07;
> bytes v1.02;
> Cache::Simple::TimedExpiry v0.27;
> capitalization v0.03;
> Carp v1.04;
> CGI v3.29;
> CGI::Cookie v1.28;
> CGI::Fast v1.07;
> CGI::Util v1.5;
> Class::Container v0.12;
> Class::Data::Inheritable v0.06;
> Class::ReturnValue v0.55;
> Clone v0.28;
> constant v1.05;
> Convert::ASN1 v0.21;
> Cwd v3.25;
> Data::Dumper v2.121_08;
> Date::Format v2.22;
> Date::Parse v2.27;
> DBD::mysql v3.0007;
> DBI v1.59;
> DBIx::SearchBuilder v1.49;
> DBIx::SearchBuilder::Union v0;
> DBIx::SearchBuilder::Unique v0.01;
> Devel::StackTrace v1.15;
> Devel::StackTraceFrame v0.6;
> Devel::Symdump v2.08;
> Digest::base v1.00;
> Digest::MD5 v2.36;
> DynaLoader v1.05;
> Encode v2.12;
> Encode::Alias v2.04;
> Encode::Config v2.01;
> Encode::Encoding v2.02;
> Errno v1.1;
> Exception::Class v1.23;
> Exception::Class::Base v1.2;
> Exporter v5.58;
> Exporter::Heavy v5.58;
> FCGI v0.67;
> Fcntl v1.05;
> File::Basename v2.74;
> File::Glob v1.05;
> File::Path v1.08;
> File::Spec v3.25;
> File::Spec::Unix v1.5;
> File::Temp v0.18;
> FileHandle v2.01;
> HTML::Element v3.23;
> HTML::Entities v1.35;
> HTML::Formatter v2.04;
> HTML::FormatText v2.04;
> HTML::Mason v1.37;
> HTML::Mason::CGIHandler v1.00;
> HTML::Mason::Exception v1.1;
> HTML::Mason::Exception::Abort v1.1;
> HTML::Mason::Exception::Compilation v1.1;
> HTML::Mason::Exception::Compilation::IncompatibleCompiler v1.1;
> HTML::Mason::Exception::Compiler v1.1;
> HTML::Mason::Exception::Decline v1.1;
> HTML::Mason::Exception::Params v1.1;
> HTML::Mason::Exception::Syntax v1.1;
> HTML::Mason::Exception::System v1.1;
> HTML::Mason::Exception::TopLevelNotFound v1.1;
> HTML::Mason::Exception::VirtualMethod v1.1;
> HTML::Mason::Exceptions v1.43;
> HTML::Parser v3.55;
> HTML::Scrubber v0.08;
> HTML::Tagset v3.10;
> HTML::TreeBuilder v3.23;
> HTTP::Date v1.47;
> I18N::LangTags v0.35;
> integer v1.00;
> IO v1.22;
> IO::File v1.13;
> IO::Handle v1.25;
> IO::InnerFile v2.110;
> IO::Lines v2.110;
> IO::ScalarArray v2.110;
> IO::Seekable v1.1;
> IO::Select v1.17;
> IO::Socket v1.29;
> IO::Socket::INET v1.29;
> IO::Socket::UNIX v1.22;
> IO::WrapTie v2.110;
> IPC::Open2 v1.02;
> IPC::Open3 v1.02;
> lib v0.5565;
> List::Util v1.19;
> Locale::Maketext v1.10;
> Locale::Maketext::Fuzzy v0.10;
> Locale::Maketext::Lexicon v0.64;
> Locale::Maketext::Lexicon::Gettext v0.15;
> Log::Dispatch v2.18;
> Log::Dispatch::Base v1.09;
> Log::Dispatch::File v1.22;
> Log::Dispatch::Output v1.26;
> Log::Dispatch::Screen v1.17;
> Log::Dispatch::Syslog v1.18;
> Mail::Address v1.77;
> Mail::Field v1.77;
> Mail::Field::AddrList v1.77;
> Mail::Field::Date v1.77;
> Mail::Header v1.77;
> Mail::Internet v1.77;
> MIME::Base64 v3.07;
> MIME::Body v5.423;
> MIME::Decoder v5.423;
> MIME::Entity v5.423;
> MIME::Field::ContDisp v5.423;
> MIME::Field::ConTraEnc v5.423;
> MIME::Field::ContType v5.423;
> MIME::Field::ParamVal v5.423;
> MIME::Head v5.423;
> MIME::Parser v5.423;
> MIME::QuotedPrint v3.07;
> MIME::Tools v5.423;
> MIME::Words v5.423;
> Module::Versions::Report v1.03;
> Net::LDAP v0.34;
> Net::LDAP::ASN v0.04;
> Net::LDAP::Constant v0.04;
> Net::LDAP::Filter v0.15;
> Net::LDAP::Message v1.09;
> Net::LDAP::Util v0.11;
> overload v1.04;
> Params::Validate v0.88;
> POSIX v1.09;
> re v0.05;
> Regexp::Common v2.120;
> Regexp::Common::delimited v2.104;
> RT v3.6.5;
> RT::Interface::Email v2;
> Scalar::Util v1.19;
> SelectSaver v1.01;
> Socket v1.78;
> Storable v2.16;
> strict v1.03;
> Symbol v1.06;
> Sys::Syslog v0.13;
> Text::Template v1.44;
> Text::Wrapper v1.01;
> Tie::Hash v1.02;
> Time::HiRes v1.9708;
> Time::JulianDay v2003.1125;
> Time::Local v1.11;
> Time::ParseDate v2006.0814;
> Time::Timezone v2006.0814;
> Time::Zone v2.22;
> UNIVERSAL v1.01;
> UNIVERSAL::require v0.11;
> URI v1.35;
> URI::Escape v3.28;
> utf8 v1.06;
> vars v1.01;
> warnings v1.05;
> warnings::register v1.01;
> XSLoader v0.06;
>
>
> Variables de RT
> RT::AmbiguousDayInPast 1
> RT::BasePath /opt/rt3
> RT::BinPath /opt/rt3/bin
> RT::CORE_CONFIG_FILE /opt/rt3/etc/RT_Config.pm
> RT::CommentAddress RT_CommentAddressNotSet
> RT::CorrespondAddress RT_CorrespondAddressNotSet
> RT::DatabaseHost localhost
> RT::DatabaseName rt3
> RT::DatabasePassword Password not printed
> RT::DatabaseRTHost localhost
> RT::DatabaseType mysql
> RT::DatabaseUser rt_user
> RT::DateDayBeforeMonth 1
> RT::DefaultSearchResultFormat '<B><A
> HREF="/Ticket/Display.html?id=__id__">__id__</a></B>/TITLE:#', '<B><A
> HREF="/Ticket/Display.html?id=__id__">__Subject__</a></B>/
> TITLE:Subject'
> , Status, QueueName, OwnerName, Priority, '__NEWLINE__', '',
> '<small>__Requestors__</small>', '<small>__CreatedRelative__</small>',
> '<small>__ToldRelative__</small>',
> '<small>__LastUpdatedRelative__</small>', '<small>__TimeLeft__</
> small>'
>
> RT::DefaultSummaryRows 10
> RT::EmailOutputEncoding utf-8
> RT::EtcPath /opt/rt3/etc
> RT::FriendlyFromLineFormat "%s via RT" <%s>
> RT::FriendlyToLineFormat "%s of generix.fr Ticket #%s":;
> RT::LDAPExternalAuth 1
> RT::LdapBase OU=TheMainUsersOU,DC=generix,DC=fr
> RT::LdapExternalInfo 1
> RT::LdapFilter (objectclass=*)
> RT::LdapPass ThePassForLdapUser
> RT::LdapServer hydrogene.generix.fr
> RT::LdapUser CN=TheLdapUser,OU=TheMainUsersOU,DC=generix,DC=fr
> RT::LocalEtcPath /opt/rt3/local/etc
> RT::LocalLexiconPath /opt/rt3/local/po
> RT::LocalPath /opt/rt3/local
> RT::LogDir /opt/rt3/var/log
> RT::LogToFile debug
> RT::LogToFileNamed rt.log
> RT::LogToScreen error
> RT::LogToSyslog debug
> RT::LogoURL /NoAuth/images/bplogo.gif
> RT::LoopsToRTOwner 1
> RT::MailCommand sendmailpipe
> RT::MasonComponentRoot /opt/rt3/share/html
> RT::MasonDataDir /opt/rt3/var/mason_data
> RT::MasonLocalComponentRoot /opt/rt3/local/html
> RT::MasonSessionDir /opt/rt3/var/session_data
> RT::MaxAttachmentSize 10000000
> RT::MaxInlineBody 13456
> RT::MessageBoxWidth 72
> RT::MessageBoxWrap HARD
> RT::MinimumPasswordLength 5
> RT::OldestTransactionsFirst 1
> RT::Organization example.com
> RT::OwnerEmail root
> RT::RTAddressRegexp ^rt\@example.com$
> RT::RecordOutgoingEmail 1
> RT::RedistributeAutoGeneratedMessages privileged
> RT::SITE_CONFIG_FILE /opt/rt3/etc/RT_SiteConfig.pm
> RT::SendmailArguments -oi -t
> RT::SendmailBounceArguments -f "<>"
> RT::SendmailPath /usr/sbin/sendmail
> RT::ShowTransactionImages 1
> RT::StrictLinkACL 1
> RT::Timezone US/Eastern
> RT::UseFriendlyFromLine 1
> RT::VERSION 3.6.5
> RT::VarPath /opt/rt3/var
> RT::WebBaseURL http://itsupport.generix.fr:80
> RT::WebDefaultStylesheet 3.5-default
> RT::WebFlushDbCacheEveryRequest 1
> RT::WebImagesURL /NoAuth/images/
> RT::WebPort 80
> RT::WebURL http://itsupport.generix.fr:80/
> RT::rtname generix.fr
>
> Configuration de Perl
> Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
> Platform:
> osname=linux, osvers=2.6.9-34.elsmp,
> archname=i386-linux-thread-multi
> uname='linux hs20-bc2-2.build.redhat.com 2.6.9-34.elsmp #1 smp fri
> feb 24 16:56:28 est 2006 i686 i686 i386 gnulinux '
> config_args='-des -Doptimize=-O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
> -fasynchronous-unwind-tables -Dversion=5.8.8 -Dmyhostname=localhost
> -Dperladmin=root at localhost -Dcc=gcc -Dcf_by=Red Hat, Inc.
> -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux
> -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads
> -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db
> -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio
> -Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly
> -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -
> Ud_endhostent_r_proto
> -Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto
> -Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.7
> 5.8.6 5.8.5 -Dscriptdir=/usr/bin'
> hint=recommended, useposix=true, d_sigaction=define
> usethreads=define use5005threads=undef useithreads=define
> usemultiplicity=define
> useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> use64bitint=undef use64bitall=undef uselongdouble=undef
> usemymalloc=n, bincompat5005=undef
> Compiler:
> cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-
> aliasing
> -pipe -Wdeclaration-after-statement -I/usr/local/include
> -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
> optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
> -mtune=generic -fasynchronous-unwind-tables',
> cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe
> -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/
> gdbm'
> ccversion='', gccversion='4.1.1 20060928 (Red Hat 4.1.1-28)',
> gccosandvers=''
> intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
> d_longlong=define, longlongsize=8, d_longdbl=define,
> longdblsize=12
> ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
> lseeksize=8
> alignbytes=4, prototype=define
> Linker and Libraries:
> ld='gcc', ldflags =' -L/usr/local/lib'
> libpth=/usr/local/lib /lib /usr/lib
> libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread
> -lc
> perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
> libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so
> gnulibc_version='2.5'
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
> -Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE'
> cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
> -fasynchronous-unwind-tables -L/usr/local/lib'
> ***************************************
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
More information about the rt-users
mailing list