[rt-users] RT-Authen-ExternalAuth and AD...

Kevin Falcone falcone at bestpractical.com
Thu Jan 6 11:17:40 EST 2011


On Wed, Jan 05, 2011 at 03:29:01PM -0600, Tollefsen, Lyle wrote:
>    We're running RT 3.8.8 and using RT-Authen-ExternalAuth 0.08 to authenticate against Active
>    Directory. Any new AD account I create can logon to RT, and have corresponding account created
>    in RT, if it is in the necessary security group, but older accounts, mine included, pass the
>    password test, but fail at the group membership test, and fail to logon. The RT account,
>    however, does get created. The log entries look like this...

If you turn on debug logging, you should be able to see the query
being run and you can run it manually from ldapsearch to see what is
going wrong.

-kevin

>    Jan  5 15:12:29 RT388 RT: AD_GROUP2 AUTH FAILED: my-name
>    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
> 
>    Jan  5 15:12:29 RT388 RT: FAILED LOGIN for my-name from 192.168.1.1
>    (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
> 
> 
> 
>    As I said above, older accounts (3 years plus) which are members of the group being tested
>    fail to fully authenticate, while new accounts which are members of the same group,
>    authenticate properly. In fact, If I comment out the group test from RT_SiteConfig.pm, I can
>    logon to RT with my old account.
> 
> 
> 
>    I don't know if this is pertinent, but we upgraded to Exchange 2007 a few months back, and I
>    wonder if the AD schema changes could be affecting things?
> 
> 
> 
>    Lyle.
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110106/abfce710/attachment.sig>


More information about the rt-users mailing list