[rt-users] RT::Authen::ExternalAuth problem

David Mackintosh David.Mackintosh at xdroop.com
Fri Sep 19 15:40:51 EDT 2008 

Hi Folks,

I've been passed a working RT 3.6.6 and asked to add the LDAP
component so that we can authenticate against an Active Directory
server.  

So I've installed the RT::Authen::ExternalAuth module from CPAN and
used my google-fu to get the configuration started, however at this
point I'm stymied.

Right now local users authenticate, but AD users do not.

When I attempt to authenticate as a AD user, I get these errors:

Sep 19 15:25:59 rt RT: Transaction->Create couldn't, as you didn't specify an object type and id (/opt/rt3/lib/RT/Record.pm:1486)
Sep 19 15:25:59 rt RT: My_LDAP AUTH FAILED: gridwayAdmin User not found or more than one user found (/opt/rt3/local/lib/RT/User_Vendor.pm:208)
Sep 19 15:25:59 rt RT: RT::User::IsExternalPassword External Auth Failed: gridwayAdmin (/opt/rt3/local/lib/RT/User_Vendor.pm:294)
Sep 19 15:25:59 rt RT: RT::User::IsInternalPassword AUTH FAILED (no passwd): gridwayAdmin (/opt/rt3/local/lib/RT/User_Vendor.pm:305)

I know that RT is connecting to teh AD because when I change the connecting
password, I get the error:

Sep 19 15:24:47 rt RT: RT::User::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)

So I'm presuming I have either incorrectly defined my my 'base', my
'filter' my 'd_filter', or my 'group'.

Here's what I have.  I have a domain, abcsystems.com.  Inside
abcsystems.com I have a folder ABC, and under there a folder Users
which is where all the users are.  I want to restrict access to users
who are members in the group 'Request Tracker Users'.

So my definitions look like:

[...]

    'base' => 'ou=Users,ou=ABC,dc=abcsystems,dc=com',
    'filter' => '(objectclass=Person)',
    'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
    'group' => 'Request Tracker Users',

[...]

I'm probably doing something trivially wrong here since I'm not
familiar with LDAP or AD in any depth.

Can someone point me at a web page that can get me started to
figure this out?

Thank you.

-- 
 /\oo/\
/ /()\ \ David Mackintosh | 
         dave at xdroop.com  | http://www.xdroop.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080919/5dc138e9/attachment.sig>

More information about the rt-users mailing list