[rt-users] External Authentication

Mike Peachey mike.peachey at jennic.com
Fri Apr 24 05:06:54 EDT 2009

Thu 23 Apr 2009 21:26:12 GMT
Jeff Lucas wrote:
> I’ve configured a DEV instance of RT 3.8.2 to test AD authentication but
> am getting the following in my rt.log…
> *[Thu Apr 23 19:37:58 2009] [error]: FAILED LOGIN for jeff from 10.x.x.x
> (/apps/rt-3.8.2-dev/share/html/autohandler:268)*

You need to turn on debug logging, provide the debug log output, provide
the version ExternalAuth you're using, and provide your Site_Config

> I do not admin and therefore do not have access to monitor things on the
> AD side.  Is there any way I can further debug the issue via log files,
> etc. on my RT server?

I never use the AD side for debugging, it can all be done from the RT

> I know AD is working as I can query it using ldapsearch, however, I’m
> unsure if I’ve configured my "RT_SiteConfig.pm" correctly based on the
> working query.

Which is why you need to provide it.

> My ldapsearch command uses the following flags…
> -D "CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com" -w <password> -b
> "OU=Eagle Access,DC=eagleinvsys,DC=com"
> I’m unsure what my “base”  should be set to in RT_SiteConfig.pm since
> I’m using different settings for –D and –b.

This is an LDAP understanding issue. You need to know a little more. The
above search says that your base is "OU=Eagle
Access,DC=eagleinvsys,DC=com" and you do not have anonymous bind enabled
on your AD server suggesting that you need to specify the user "CN=RT
User,OU=Eagle Access,DC=eagleinvsys,DC=com" and the password for that
user inside your external auth config.

> Also, does a user have to exist in RT (and have credentials) before the
> user can be authenticated via AD?

No. The user is automatically created inside RT when successful AD
authentication occurs.
Kind Regards,


Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

More information about the rt-users mailing list