[rt-users] Can't authenticate with ExternalAuth
Mikhail.Gorbunov at cetelem.ru
Mikhail.Gorbunov at cetelem.ru
Mon May 26 09:49:31 EDT 2008
Hello,
We have RT-3.6.6 and RT::Authen::ExternalAuth. ExternalAuth is installed
and configured to the extent that it is able to bind to LDAP, request
and receive info on the user, trying to login. But each time we receive
"Your username or password is incorrect ".
Looking at the traces I can't see anything related to password checking
against LDAP. May be I'm missing something.
Thank you for your input.
Mikhail.
Here are RT_SiteConfig.pm and RT_SiteConfig_ExtAuth.pm, which is
included from RT_SiteConfig.pm
RT_SiteConfig.pm
=============
# Any configuration directives you include here will override
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
# perl -c /path/to/your/etc/RT_SiteConfig.pm
Set( $rtname, 'CTLMRT' );
Set( $WebBaseURL , "http://company.com:$WebPort" );
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalGecos , 0);
require "/opt/rt3/etc/RT_SiteConfig_ExtAuth.pm";
1;
RT_SiteConfig_ExtAuth.pm
====================
Set( $ExternalAuthPriority, ['LDAP'] );
Set( $ExternalInfoPriority, ['LDAP'] );
Set( $ExternalServiceUsesSSLorTLS, 0 );
Set( $ExternalSettings,
{ 'LDAP' =>
{
'type' => 'ldap',
'auth' => 1,
'info' => 1,
'server' => 'ldapsrv',
'user' => 'ldap_user',
'pass' => 'ldap_user_pass',
'base' => 'OU=users,DC=company,DC=com',
# The filter to use to match RT-Users
# The filter that will only match disabled users
'filter' => '',
'd_filter' => '',
# Should we try to use TLS to encrypt connections?
# What other args should I pass to Net::LDAP->new($host, at args)?
'tls' => 0,
'net_ldap_args' => [version => 3],
# Does authentication depend on group membership? What group name?
# What is the attribute for the group object that determines membership?
#'group' => 'GROUP_NAME',
#'group_attr' => 'GROUP_ATTR',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
'attr_match_list' =>
[
'Name'
#'EmailAddress',
#'RealName',
#'WorkPhone',
#'Address2'
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' =>
{
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
} # close 'attr_map'
} # close 'LDAP'
} # close $ExternalSettings
); # close Set $ExternalSettings
1;
More information about the rt-users
mailing list