[rt-users] I can't authenticate via LDAP; I don't see the log messages I expect
Micah R Ledbetter
mledbetter at neuric.com
Tue Mar 8 18:57:17 EST 2011
On 3/8/2011 5:37 PM, Mark Farver wrote:
> You might turn up the log level, add:
>
> Set($LogToScreen , 'debug');
>
> And see if anything interesting turns up in the Apache logs.
>
> You could also try using the same credentials, hostname etc with
> ldapsearch on the command line to verify that you have AD configured
> correctly.
>
> Mark
Actually, LogToScreen is already set in my RT_SiteConfig.pm and the only
thing I get out of Apache's error.log is this stuff:
> [Tue Mar 08 17:45:27 2011] [info] [client 192.168.55.133] Connection
> to child 5 established (server alpha:443)
> [Tue Mar 08 17:45:27 2011] [info] Seeding PRNG with 648 bytes of entropy
> [Tue Mar 08 17:45:27 2011] [info] Initial (No.1) HTTPS request
> received for child 5 (server alpha:443)
> [Tue Mar 8 23:45:27 2011] [error]: FAILED LOGIN for mledbetter from
> 192.168.55.133 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
> [Tue Mar 08 17:45:27 2011] [info] Subsequent (No.2) HTTPS request
> received for child 5 (server alpha:443)
> [Tue Mar 08 17:45:27 2011] [info] [client 192.168.55.133] Spelling
> fix: /rt/NoAuth/RichText/fckeditor.js: 1 candidates from
> https://alpha/rt/, referer: https://alpha/rt/
> [Tue Mar 08 17:45:27 2011] [info] Subsequent (No.3) HTTPS request
> received for child 5 (server alpha:443)
> [Tue Mar 08 17:45:27 2011] [info] [client 192.168.55.133] Spelling
> fix: /rt/NoAuth/RichText/fckeditor.js: 1 candidates from
> https://alpha/rt/, referer: https://alpha/rt/
> [Tue Mar 08 17:45:42 2011] [info] [client 192.168.55.133] (70007)The
> timeout specified has expired: SSL input filter read failed.
> [Tue Mar 08 17:45:42 2011] [info] [client 192.168.55.133] Connection
> closed to child 5 with standard shutdown (server alpha:443)
And I'm not even sure that those [info] lines don't come from apache
itself anyway. At any rate, there is no evidence that it's even trying
LDAP authentication.
As for running ldapsearch with the credentials in my RT_SiteConfig.pm,
I've already tried that and it works. If I run this command:
> ldapsearch -h fattire -p 3268 -D rtldap -w 'PASSWORD' \
> -b 'ou=Services,dc=neuric,dc=internal'
And it will return my RT Users group:
> dn: CN=RT Users,OU=Services,DC=neuric,DC=internal
> ... etc ...
I've tried setting the 'user' in $ExternalSettings to 'rtldap' and the
full 'cn=rtldap,ou=Services,dc=internal,dc=local' because I've seen it
both ways online, but neither one works, or produces any different log
output.
However, going any further toward debugging this without any LDAP
related logging at all is obviously no fun, and I'd really like to
actually get logging working before jumping ahead and trying to just
troubleshoot through a black box.
Thanks for your suggestions.
- Micah
More information about the rt-users
mailing list