[rt-users] ExternalAuth - ActiveDirectory failed login
Horst Kriegers
Horst.Kriegers at loro.ch
Mon Mar 7 09:47:25 EST 2011
Hi list,
I've installed the ExternalAuth extension and cannot find the solution
for my connexion problem to the Active Directory server.
I need your help.
Apache/2.2.6 (Unix)
mod_perl/2.0.4
Perl/v5.8.8
RT : 3.8.8
RT::Authen::ExternalAuth: 0.0.8
RT_SiteConfig.pm :
-------------------------
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, ['My_LDAP']);
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, ['My_LDAP']);
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 0);
# These are the full settings for each external service as a
HashOfHashes
# Note that you may have as many external services as you wish. They
will
# be checked in the order specified in the Priority directives above.
# e.g.
#
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldap.office.loro.swiss',
'user' => 'adit1',
'pass' => 'xxxxxxxxxx',
'base' =>
'OU=LORO,DC=office,DC=loro,DC=swiss',
'filter' => '(objectclass=*)',
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [
version => 3],
'group' => 'DC',
'group_attr' => 'office',
'attr_match_list' => [
'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' =>
'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
APACHE_LOG :
-------------
[Mon Mar 7 13:56:50 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.office.loro.swiss
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
Trace begun at /opt/rt_dev/bin/../lib/RT.pm line 291
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x312cac0)',
'RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj', ': Cannot connect
to', 'ldap.office.loro.swiss') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 437
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj('HASH(0x9e6ef0)')
called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 298
RT::Authen::ExternalAuth::LDAP::UserExists('adit1', 'My_LDAP') called
at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 356
RT::Authen::ExternalAuth::UserExists('adit1', 'My_LDAP') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 106
RT::Authen::ExternalAuth::DoAuth('HASH(0x4399af0)', 'adit1',
'xxxxxxxxxx') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
line 25
HTML::Mason::Commands::__ANON__('pass', 'xxxxxxxxxx', 'user', 'adit1')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x43aeb00)',
'pass', 'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, 'pass', 'xxxxxxxxxx', 'user',
'adit1') called at /opt/rt_dev/bin/../lib/RT/Interface/Web/Request.pm
line 180
RT::Interface::Web::Request::callback('RT::Interface::Web::Request=HASH(0x4490830)',
'pass', 'xxxxxxxxxx', 'user', 'adit1', 'CallbackName', 'Auth',
'CallbackPage', '/autohandler') called at
/opt/rt_dev/bin/../lib/RT/Interface/Web.pm line 202
RT::Interface::Web::HandleRequest('HASH(0x36504d0)') called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::__ANON__('pass', 'xxxxxxxxxx', 'user', 'adit1')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x3653490)',
'pass', 'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'xxxxxxxxxx',
'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x4490830)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x4490830)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x1c13170)',
'Apache2::RequestRec=SCALAR(0xab0e80)') called at
/opt/rt_dev/bin/webmux.pl line 78
eval {...} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler('Apache2::RequestRec=SCALAR(0xab0e80)') called at -e
line 0
eval {...} at -e line 0
[Mon Mar 7 13:56:50 2011] [error]: FAILED LOGIN for adit1 from
192.168.186.157 (/opt/rt_dev/bin/../lib/RT/Interface/Web.pm:424)
Trace begun at /opt/rt_dev/bin/../lib/RT.pm line 291
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x312cac0)', 'FAILED LOGIN
for adit1 from 192.168.186.157') called at
/opt/rt_dev/bin/../lib/RT/Interface/Web.pm line 424
RT::Interface::Web::AttemptPasswordAuthentication('HASH(0x36504d0)')
called at /opt/rt_dev/bin/../lib/RT/Interface/Web.pm line 208
RT::Interface::Web::HandleRequest('HASH(0x36504d0)') called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::__ANON__('pass', 'xxxxxxxxxx', 'user', 'adit1')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x3653490)',
'pass', 'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'xxxxxxxxxx',
'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x4490830)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x4490830)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x1c13170)',
'Apache2::RequestRec=SCALAR(0xab0e80)') called at
/opt/rt_dev/bin/webmux.pl line 78
eval {...} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler('Apache2::RequestRec=SCALAR(0xab0e80)') called at -e
line 0
eval {...} at -e line 0
RT_LOG :
---------
[Mon Mar 7 13:58:32 2011] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Mar 7 13:58:32 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Mar 7 13:58:32 2011] [debug]: Calling UserExists with $username
(adit1) and $service (My_LDAP)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Mar 7 13:58:32 2011] [debug]: UserExists params:
username: adit1 , service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Mar 7 13:58:32 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.office.loro.swiss
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
Trace begun at /opt/rt_dev/bin/../lib/RT.pm line 291
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x312cac0)',
'RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj', ': Cannot connect
to', 'ldap.office.loro.swiss') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 437
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj('HASH(0x9e6ef0)')
called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 298
RT::Authen::ExternalAuth::LDAP::UserExists('adit1', 'My_LDAP') called
at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 356
RT::Authen::ExternalAuth::UserExists('adit1', 'My_LDAP') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 106
RT::Authen::ExternalAuth::DoAuth('HASH(0x439f790)', 'adit1',
'xxxxxxxxxx') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
line 25
HTML::Mason::Commands::__ANON__('Error', 'Votre nom d\'utilisateur ou
votre mot de passe est incorrect', 'pass', 'xxxxxxxxxx', 'user',
'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x43aebc0)',
'Error', 'Votre nom d\'utilisateur ou votre mot de passe est incorrect',
'pass', 'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, 'Error', 'Votre nom
d\'utilisateur ou votre mot de passe est incorrect', 'pass',
'xxxxxxxxxx', 'user', 'adit1') called at
/opt/rt_dev/bin/../lib/RT/Interface/Web/Request.pm line 180
RT::Interface::Web::Request::callback('RT::Interface::Web::Request=HASH(0x1c4b260)',
'Error', 'Votre nom d\'utilisateur ou votre mot de passe est incorrect',
'pass', 'xxxxxxxxxx', 'user', 'adit1', 'CallbackName', 'Auth',
'CallbackPage', '/autohandler') called at
/opt/rt_dev/bin/../lib/RT/Interface/Web.pm line 202
RT::Interface::Web::HandleRequest('HASH(0x3650550)') called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::__ANON__('Error', 'Votre nom d\'utilisateur ou
votre mot de passe est incorrect', 'pass', 'xxxxxxxxxx', 'user',
'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x3653510)',
'Error', 'Votre nom d\'utilisateur ou votre mot de passe est incorrect',
'pass', 'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, 'Error', 'Votre nom
d\'utilisateur ou votre mot de passe est incorrect', 'pass',
'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x1c4b260)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x1c4b260)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x1c13170)',
'Apache2::RequestRec=SCALAR(0xab0e80)') called at
/opt/rt_dev/bin/webmux.pl line 78
eval {...} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler('Apache2::RequestRec=SCALAR(0xab0e80)') called at -e
line 0
eval {...} at -e line 0
[Mon Mar 7 13:58:32 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Mar 7 13:58:32 2011] [error]: FAILED LOGIN for adit1 from
192.168.186.157 (/opt/rt_dev/bin/../lib/RT/Interface/Web.pm:424)
Trace begun at /opt/rt_dev/bin/../lib/RT.pm line 291
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x312cac0)', 'FAILED LOGIN
for adit1 from 192.168.186.157') called at
/opt/rt_dev/bin/../lib/RT/Interface/Web.pm line 424
RT::Interface::Web::AttemptPasswordAuthentication('HASH(0x3650550)')
called at /opt/rt_dev/bin/../lib/RT/Interface/Web.pm line 208
RT::Interface::Web::HandleRequest('HASH(0x3650550)') called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::__ANON__('Error', 'Votre nom d\'utilisateur ou
votre mot de passe est incorrect', 'pass', 'xxxxxxxxxx', 'user',
'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x3653510)',
'Error', 'Votre nom d\'utilisateur ou votre mot de passe est incorrect',
'pass', 'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, 'Error', 'Votre nom
d\'utilisateur ou votre mot de passe est incorrect', 'pass',
'xxxxxxxxxx', 'user', 'adit1') called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {...} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x1c4b260)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x1c4b260)')
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x1c13170)',
'Apache2::RequestRec=SCALAR(0xab0e80)') called at
/opt/rt_dev/bin/webmux.pl line 78
eval {...} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler('Apache2::RequestRec=SCALAR(0xab0e80)') called at -e
line 0
eval {...} at -e line 0
[Mon Mar 7 13:58:32 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Mar 7 13:58:32 2011] [debug]: SSO Failed and no user to test
with. Nexting
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Mar 7 13:58:32 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Mar 7 13:58:32 2011] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Mar 7 13:58:32 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Mar 7 13:58:32 2011] [debug]: SSO Failed and no user to test
with. Nexting
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Mar 7 13:58:32 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
THANKS in advance for your help
Horst
___________________________________________________________
Le contenu de ce courriel est uniquement réservé à la personne ou
l'organisme à qui il est destiné. Si vous n'êtes pas le destinataire
prévu, veuillez nous en informer au plus vite et détruire le présent
courriel. Dans ce cas, il ne vous est pas permis de copier ce courriel,
de le distribuer ou de l'utiliser de quelque manière que ce soit.
The content of this e-mail is intended only and solely for the use
of the named recipient or organisation. If you are not the named
recipient, please inform us immediately and delete the present e-mail.
In this case, you are nor allowed to copy, distribute or use this
e-mail in any way.
___________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110307/d0cc49f7/attachment.htm>
More information about the rt-users
mailing list