[rt-users] Bad AD or is it my config?

Robert Munsch Munsch at phillycarshare.org
Thu Nov 20 17:56:59 EST 2008


Trying to simulate this via ldapsearch but can't figure it out.  All the
docs I see say that 'userpassword is only accepted for auth, and
unicodepwd is not readable by ldap.'  I was hoping to run an ldapsearch
to retrieve a given user's password to see where this is breaking, but
I'm not sure how.

 

I'm binding ok and can run all sorts of searches, but nothing that will
list or show me passwords.  How does RT do it..?  My perl-fu is weak
:-(.

 

Thanks,

 

Rob

 

Subject: [rt-users] Bad AD or is it my config?

 

Ok, narrowing this down.

 

Have a user "rtbind" with the creative password "tickets."  Running
ldapsearch from the command line with this user's credentials gets me
results as expected.

 

Logging in to the web interface using this same user and password gets
me

 

[Thu Nov 20 18:13:23 2008] [debug]: $pass defined (tickets), Running
IsPassword
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:69)

[Thu Nov 20 18:13:23 2008] [debug]: Password Incorrect
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:74)

[Thu Nov 20 18:13:23 2008] [error]: FAILED LOGIN for rtbind from
192.168.1.34 (/opt/rt3/share/html/autohandler:265)

 

So now I'm *really* confused.  It's finding the rtbind user in AD and
accepting that (I tested by entering a bogus user (literally), and I see
the expected 

            [debug]: User Check Failed :: ( AD_LDAP ) bogus User not
found

 So the user lookup is okay).

 

Just for laughs, I made rtbind a domain admin.  I assumed that would
remove permission to check passwords in AD as a factor.  Was I wrong, or
is there still something dumb in my config somewhere?

 

I've been using Softerra's LDAP Browser (freeware) to check structure.
I'm not sure what I'm missing at this point :-(.

 

 

------------------------

Rob Munsch

IT Administrator

http://www.PhillyCarShare.org <http://www.PhillyCarShare.org> 

Our wheels.  Your freedom.

215-730-0988 x138

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081120/f76cb0cc/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Robert Munsch.vcf
Type: text/x-vcard
Size: 141 bytes
Desc: Robert Munsch.vcf
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081120/f76cb0cc/attachment.vcf>


More information about the rt-users mailing list