[rt-users] Problem with RT-Authen-ExternalAuth when a CN name has a comma in it

Kevin Falcone falcone at bestpractical.com
Tue Jun 30 16:32:34 EDT 2009 

On Jun 29, 2009, at 2:53 PM, Wes Topping wrote:

> I am not sure what is happening here. All I know is that if a user  
> in AD is created without a comma in the container name they log in  
> just fine. When someone that does have a comma in their CN name  
> tries to authenticate this is what happens.

I'd be curious to see the group/group_attr part of your configuration  
(and
to know if you're trying to enforce group membership to log in to RT)

It appears Net::LDAP::Filter is throwing away \s, so it may be worth  
trying to forcibly
escape the \, on line 98ish before passing to new(), but without a  
system exhibiting
this problem, its hard to test a change like that.

-kevin

>
> [Fri Jun 26 20:29:58 2009] [debug]: Attempting to use external auth  
> service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/ 
> RT/Authen/ExternalAuth.pm:64)
> [Fri Jun 26 20:29:58 2009] [debug]: Calling UserExists with  
> $username (smellring) and $service (My_LDAP) (/opt/rt3/local/plugins/ 
> RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
> [Fri Jun 26 20:29:58 2009] [debug]: UserExists params:
> username: smellring , service: My_LDAP (/opt/rt3/local/plugins/RT- 
> Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
> [Fri Jun 26 20:29:58 2009] [debug]: LDAP Search ===  Base:  
> DC=starkbrosfulfillment,DC=com == Filter: (&(objectClass=*) 
> (sAMAccountName=smellring)) == Attrs:  
> l 
> ,st 
> ,mail 
> ,sAMAccountName 
> ,co 
> ,streetAddress 
> ,postalCode 
> ,telephoneNumber 
> ,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt3/ 
> local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/ 
> LDAP.pm:304)
> [Fri Jun 26 20:29:58 2009] [debug]: Password validation required for  
> service - Executing... (/opt/rt3/local/plugins/RT-Authen- 
> ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
> [Fri Jun 26 20:29:58 2009] [debug]: Trying external auth service:  
> My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ 
> ExternalAuth/LDAP.pm:16)
> [Fri Jun 26 20:29:58 2009] [debug]: LDAP Search ===  Base:  
> DC=starkbrosfulfillment,DC=com == Filter:  
> (&(sAMAccountName=smellring)(objectClass=*)) == Attrs: dn (/opt/rt3/ 
> local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/ 
> LDAP.pm:43)
> [Fri Jun 26 20:29:58 2009] [debug]: Found LDAP DN: CN=Mellring\,  
> Scott A.,OU=IS,OU=Users,OU=HQ,DC=starkbrosfulfillment,DC=com (/opt/ 
> rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/ 
> LDAP.pm:75)
> [Fri Jun 26 20:29:58 2009] [debug]: LDAP Search ===  Base:  
> DC=starkbrosfulfillment,DC=com == Filter: (member=CN=Mellring, Scott  
> A.,OU=IS,OU=Users,OU=HQ,DC=starkbrosfulfillment,DC=com) == Attrs: dn  
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ 
> ExternalAuth/LDAP.pm:100)
> [Fri Jun 26 20:29:58 2009] [info]: My_LDAP AUTH FAILED: smellring (/ 
> opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ 
> ExternalAuth/LDAP.pm:127)
> [Fri Jun 26 20:29:58 2009] [debug]: LDAP password validation result:  
> 0 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ 
> ExternalAuth.pm:334)
> [Fri Jun 26 20:29:58 2009] [debug]: Password Validation Check  
> Result:  0 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/ 
> Authen/ExternalAuth.pm:159)
> [Fri Jun 26 20:29:58 2009] [debug]: Autohandler called ExternalAuth.  
> Response: (0, Password Invalid) (/opt/rt3/local/plugins/RT-Authen- 
> ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
> [Fri Jun 26 20:29:58 2009] [error]: FAILED LOGIN for smellring from  
> 10.31.4.90 (/opt/rt3/share/html/autohandler:268)
>
>
> The password is valid.
>
> Even though the authentication fails the user is created in RT.
>
> Any ideas would be greatly appreciated.
>
>
>
> <image001.gif>
> Wes Topping
> Director of Enterprise Technology
> 317.713.8687
> 317.631.6585 fax
> wtopping at sigma-micro.com
> <image002.gif>
> www.sigma-micro.com
> <image003.gif>
> <image001.gif>
> <image004.gif>
> Sigma Micro LLC, 6720 Parkdale Place, Indianapolis, IN 46254
> Confidentiality Notice
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com

More information about the rt-users mailing list