[rt-users] RT-Extension-SaltedPasswords Not Playing Nice with LDAP

[Nick Couchman]

On Fri, 2011-01-21 at 10:37 -0500, Kevin Falcone wrote:
> On Fri, Jan 21, 2011 at 07:48:15AM -0700, Nick Couchman wrote:
> > [Fri Jan 21 03:40:09 2011] [debug]: UPDATED user Nick Couchman from LDAP
> > (/opt/rt3/local/lib/RT/User_Local.pm:628)
> 
> Looks like you're using an old extension that clobbers IsPassword.
> You're going to need to merge that code with the IsPassword in
> SaltedPasswords to handle both cases.
> 
> -kevin

Well, I'm getting closer.  I decided to remove the old LDAP method and
install the RT-Authen-ExternalAuth extension, version 0.05, instead.
Now the log output looks like this:

[Fri Jan 21 17:14:07 2011] [debug]: LDAP Search ===  Base: dc=seakr,dc=com == Filter: (&(objectClass=posixAccount)(cn=Nick Couchman)) == Attrs: l,cn,st,mail,cn,co,physicalDeliveryOfficeName,postalCode,telephoneNumber,cn,o,cn (/opt/rt3/local/lib/RT/User_Vendor.pm:850)
[Fri Jan 21 17:14:07 2011] [debug]: LDAP Search ===  Base: dc=seakr,dc=com == Filter: (&(objectClass=posixAccount)(isDisabled=true)(cn=Nick Couchman)) == Attrs: uid (/opt/rt3/local/lib/RT/User_Vendor.pm:890)
[Fri Jan 21 17:14:07 2011] [info]: ENABLED user  Nick Couchman per External Service (0, That is already the current value) (/opt/rt3/local/lib/RT/User_Vendor.pm:957)
[Fri Jan 21 17:14:07 2011] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /opt/rt3/local/lib/RT/User_Vendor.pm 966 with: Name: Nick Couchman (/opt/rt3/local/lib/RT/User_Vendor.pm:400)
[Fri Jan 21 17:14:07 2011] [debug]: Attempting to get user info using this external service: eDirectory1 (/opt/rt3/local/lib/RT/User_Vendor.pm:408)
[Fri Jan 21 17:14:07 2011] [debug]: Attempting to use this canonicalization key: Name (/opt/rt3/local/lib/RT/User_Vendor.pm:417)
[Fri Jan 21 17:14:07 2011] [debug]: LDAP Search ===  Base: dc=seakr,dc=com == Filter: (&(objectClass=posixAccount)(cn=Nick Couchman)) == Attrs: l,cn,st,mail,cn,co,physicalDeliveryOfficeName,postalCode,telephoneNumber,cn,o,cn (/opt/rt3/local/lib/RT/User_Vendor.pm:538)
[Fri Jan 21 17:14:07 2011] [info]: RT::User::LookupExternalUserInfo : Returning:  Address1: , City: , Country: , EmailAddress: Nick.Couchman at seakr.com, ExternalAuthId: Nick Couchman, Gecos: Nick Couchman, Name: Nick Couchman, Organization: , RealName: Nick Couchman, State: , WorkPhone: , Zip:  (/opt/rt3/local/lib/RT/User_Vendor.pm:703)
[Fri Jan 21 17:14:07 2011] [info]: RT::User::CanonicalizeUserInfo returning Address1: , City: , Country: , EmailAddress: Nick.Couchman at seakr.com, ExternalAuthId: Nick Couchman, Gecos: Nick Couchman, Name: Nick Couchman, Organization: , RealName: Nick Couchman, State: , WorkPhone: , Zip:  (/opt/rt3/local/lib/RT/User_Vendor.pm:444)
[Fri Jan 21 17:14:08 2011] [debug]: UPDATED user  Nick Couchman from External Service (/opt/rt3/local/lib/RT/User_Vendor.pm:990)
[Fri Jan 21 17:14:08 2011] [error]: FAILED LOGIN for Nick Couchman from 192.168.10.71 (/opt/rt3/share/html/autohandler:251)

So, it looks to me like it successfully pulls all of the information
from the LDAP service successfully, but for some reason still fails the
login.  I know I'm typing the correct password - tried that along with
bogus ones a few times.  Any other hints?

Thanks,
Nick



--------
This e-mail may contain confidential and privileged material for the sole use of the intended recipient.  If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information.  In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way.  If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox.  Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.