[rt-users] External Authentication
Mike Peachey
mike.peachey at jennic.com
Fri Apr 24 05:06:54 EDT 2009
Thu 23 Apr 2009 21:26:12 GMT
Jeff Lucas wrote:
> I’ve configured a DEV instance of RT 3.8.2 to test AD authentication but
> am getting the following in my rt.log…
>
> *[Thu Apr 23 19:37:58 2009] [error]: FAILED LOGIN for jeff from 10.x.x.x
> (/apps/rt-3.8.2-dev/share/html/autohandler:268)*
You need to turn on debug logging, provide the debug log output, provide
the version ExternalAuth you're using, and provide your Site_Config
>
> I do not admin and therefore do not have access to monitor things on the
> AD side. Is there any way I can further debug the issue via log files,
> etc. on my RT server?
I never use the AD side for debugging, it can all be done from the RT
server.
>
> I know AD is working as I can query it using ldapsearch, however, I’m
> unsure if I’ve configured my "RT_SiteConfig.pm" correctly based on the
> working query.
Which is why you need to provide it.
>
> My ldapsearch command uses the following flags…
>
> -D "CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com" -w <password> -b
> "OU=Eagle Access,DC=eagleinvsys,DC=com"
>
> I’m unsure what my “base” should be set to in RT_SiteConfig.pm since
> I’m using different settings for –D and –b.
This is an LDAP understanding issue. You need to know a little more. The
above search says that your base is "OU=Eagle
Access,DC=eagleinvsys,DC=com" and you do not have anonymous bind enabled
on your AD server suggesting that you need to specify the user "CN=RT
User,OU=Eagle Access,DC=eagleinvsys,DC=com" and the password for that
user inside your external auth config.
>
> Also, does a user have to exist in RT (and have credentials) before the
> user can be authenticated via AD?
No. The user is automatically created inside RT when successful AD
authentication occurs.
--
Kind Regards,
__________________________________________________
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________
More information about the rt-users
mailing list