[rt-users] SOLVED? LDAP_INVALID_CREDENTIALS error with 'ExternalAuth' extension

Mike Peachey mike.peachey at jennic.com
Thu Apr 10 14:36:50 EDT 2008 

Pedro Lobo S. da Rocha wrote:
> Mike,
> 
> I change somethings on my configuration and it seems almost right. I am 
> now receiving the following log messages:
> 
 > 18. [Thu Apr 10 17:38:19 2008] [debug]: LDAP Search ===  Base: 
dc=DOMAIN,dc=com == Filter: (&(objectclass=*)(sAMAccountName=teste)) == 
Attrs: uid (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:890)
 > 19. [Thu Apr 10 17:38:19 2008] [info]: DISABLED user  teste per 
External Service (1, Disabled changed from (no value) to "1")
> 
> I don't know whats happening at line 19. Do you?
> 


Err... bugger! You've just found a bug.

I will fix this tomorrow morning when I get to work. The problem is that 
I hadn't programmed for the possibility of there being no d_filter, 
therefore, if you don't specify a d_filter (disable filter) it will 
consider ALL of your users disabled instead of none of them.

Whoops.

You can fix this temporarily in one of two ways:

1. Specify a disable filter.
2. Edit User_Vendor.pm manually.

HOWTO:

1. Since you're using Active Directory, the simplest way for you to sort 
this out is to use the Active Directory disable filter since I doubt 
there's any reason you would want someone to still be able to access RT 
if you've set their account to disabled in Active Directory.

To do this, add this line to your LDAP settings (add it under 'filter'):

'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',


2. If you want to allow access to RT to users that have been disabled in 
Active Directory, change line 904 in $RTHOME/local/lib/RT/UserVendor.pm 
from this:

                $user_disabled = 1;
to this:
                $user_disabled = 0;

And it will then be overwritten with a fix once I update the code and 
release v0.06 tomorrow.

P.S. Please join the RT-Users mailing list and then CC 
rt-users at lists.bestpractical.com in any replies if you can so that 
others may benefit.
--
Kind Regards,

___________________________________________________

Mike Peachey, IT
Tel: +44 (0) 114 281 2655
Fax: +44 (0) 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT,  UK
http://www.jennic.com
Confidential
___________________________________________________

More information about the rt-users mailing list