[rt-users] RT 3.6.5 LDAP authentication and Active Directory

[Kevin Sheen]

Hi,

I'm trying to get our rt install to authenticate with Active Directory.

I've got the configuration from these two links into our RT_SiteConfig.pm:

http://wiki.bestpractical.com/view/LDAP

http://wiki.bestpractical.com/view/LdapSiteConfigSettingsForActiveDirectory

At this point, I'm just trying to get authentication to work, I'm not trying to add create users or anything like that.  I've stripped the configuration down to a minimum and I'm still getting:

[Wed Mar 19 17:57:02 2008] [debug]: Trying LDAP authentication (/usr/local/rt/local/lib/RT/User_Local.pm:155)
[Wed Mar 19 17:57:02 2008] [debug]: RT::User::IsPassword auth method IsLDAPPassword FAILED (/usr/local/rt/local/lib/RT/User_Local.pm:293)
[Wed Mar 19 17:57:02 2008] [info]: RT::User::IsInternalPassword AUTH FAILED: FOO (/usr/local/rt/local/lib/RT/User_Local.pm:257)
[Wed Mar 19 17:57:02 2008] [debug]: RT::User::IsPassword auth method IsInternalPassword FAILED (/usr/local/rt/local/lib/RT/User_Local.pm:293)
[Wed Mar 19 17:57:02 2008] [error]: FAILED LOGIN for FOO from 172.16.9.188 (/usr/local/rt/share/html/autohandler:251)

I've increased the logging level to debug but it isn't pointing me any closer to a resolution.  Is there any increased logging that I can enable to attempt to find the actual problem?

I can still login to rt using the internal authentication method just not LDAP.

I've got the utility called Active Directory Explorer from sysinternals.com - there are three attributes named badPwdCount, badPasswordTime and logonCount stored in Active Directory.  None of those three have changed in all of my testing.

I did make a slight change to $LdapUser and started getting an additional error in the log that led me to believe that I had at least that parameter and LdapPass correct (again, I'm using my userid to view AD).


Thanks in advance,

Kevin