[rt-users] External Authentication with LDAPS

Anthony BRODARD brodard.anthony at gmail.com
Mon Aug 2 08:08:25 EDT 2010


And here, another logs generate with debug:


[Mon Aug  2 12:05:00 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Mon Aug  2 12:05:00 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Aug  2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from
10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Mon Aug  2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Aug  2 12:05:01 2010] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Aug  2 12:05:01 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Aug  2 12:05:01 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Aug  2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103)
Software caused connection abort at
/usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020
(/opt/rt3/bin/webmux.pl:168)
[Mon Aug  2 12:05:01 2010] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Aug  2 12:05:01 2010] [debug]: Calling UserExists with $username
(anthony.brodard) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Aug  2 12:05:01 2010] [debug]: UserExists params:
username: anthony.brodard , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Aug  2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103)
Software caused connection abort at
/usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020
(/opt/rt3/bin/webmux.pl:168)


2010/7/29 Mike Johnson <mike.johnson at nosm.ca>

> make sure you reply to the list, very important to share all this so others
> can learn.
>
> The only thing I could think of is your LDAP settings are incorrect
> somewhere.
>
> Some things I found when I was setting things up
>
>
> 1. user = the fully qualified CN of the user(ie CN=Mike
> Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local
> 2. filter and d_filter have to have valid settings
> 3. Group/Group_Attr had to have settings.
>
> I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and
> 2 hold true for any LDAP.
>
> HTH
> Mike.
>
> On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD <
> brodard.anthony at gmail.com> wrote:
>
>> TLS argument is already sets to 1.
>>
>> I don't know how to see if it's the ldap's server which refuses the
>> connection, or it's an other problem.
>>
>>
>>
>> 2010/7/29 Mike Johnson <mike.johnson at nosm.ca>
>>
>>  Oops, looking at it again, i was looking at the mysql config part, not
>>> ldap.
>>>
>>> i think the only way you can adjust what port you are connecting to
>>> through LDAP is specifying if it's TLS or not(I believe TLS is 636? google
>>> to confirm).
>>>
>>> You said you are supposed to be connecting on 636, so set the tls
>>> argument in your LDAP settings to 1.
>>>
>>> restart apache and give it a shot.
>>>
>>> Good luck!
>>> Mike.
>>>
>>>   On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson <mike.johnson at nosm.ca>wrote:
>>>
>>>> If you read the ExternalAuth's RT_SiteConfig.pm in
>>>> /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
>>>>
>>>> It shows you how to set the port you are connecting on.
>>>>
>>>> Set that to the port your LDAP server is listening to.
>>>>
>>>> Good luck
>>>> MIke.
>>>>
>>>>
>>
>
>
> --
> Mike Johnson
> Datatel Programmer/Analyst
> Northern Ontario School of Medicine
> 955 Oliver Road
> Thunder Bay, ON   P7B 5E1
> Phone: (807) 766-7331
> Email: mike.johnson at nosm.ca
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100802/0925114f/attachment.htm>


More information about the rt-users mailing list