[rt-users] ldap auth failing
Asif Iqbal
vadud3 at gmail.com
Wed May 25 15:28:22 EDT 2011
My ldapsearch works, but ldap auth with RT is failing
# cat /etc/ldap/ldap.conf
TLS_REQCERT never # without this ldap bind fails
# TLS: peer cert untrusted or revoked (0x42)
# TLS: can't connect: (unknown error code).
# ldapsearch -LLL -W -D
"uid=binduser,ou=People,dc=mnet,dc=example,dc=com" -b
"ou=People,dc=mnet,dc=example,dc=com" -H ldaps://192.168.1.7:1636
uid="asif" mail
Enter LDAP Password: <secret>
dn: uid=asif,ou=People,dc=mnet,dc=example,dc=com
mail: Asif.Iqbal at example.com
but RT fails with this error
[Wed May 25 14:51:39 2011] [info] [client 192.168.1.215] (32)Broken
pipe: core_output_filter: writing data to the network
[Wed May 25 14:51:39 2011] [error] [client 192.168.1.215]
Apache2::RequestIO::rflush: (103) Software caused connection abort at
/usr/local/share/perl/5.10.1/Plack/Handler/Apache2.pm line 148
[Wed May 25 14:51:39 2011] [debug] mod_deflate.c(615): [client
192.162.1.215] Zlib: Compressed 0 to 2 : URL /
[Wed May 25 14:51:41 2011] [info] [client 192.168.1.215] Request
header read timeout
[Wed May 25 14:51:41 2011] [info] [client 192.168.1.215] Request
header read timeout
[Wed May 25 14:51:43 2011] [info] [client 192.168.1.215] (32)Broken
pipe: core_output_filter: writing data to the network
[Wed May 25 14:51:43 2011] [error] [client 192.168.1.215]
Apache2::RequestIO::rflush: (103) Software caused connection abort at
/usr/local/share/perl/5.10.1/Plack/Handler/Apache2.pm line 148
[Wed May 25 14:51:43 2011] [debug] mod_deflate.c(615): [client
192.168.1.215] Zlib: Compressed 0 to 2 : URL /
[Wed May 25 14:51:43 2011] [debug] mod_deflate.c(615): [client
192.168.1.215] Zlib: Compressed 0 to 8 : URL /NoAuth/Login.htm
[Wed May 25 14:51:43 2011] [info] [client 192.168.1.215] (32)Broken
pipe: core_output_filter: writing data to the network
[Wed May 25 14:51:47 2011] [debug] mod_deflate.c(615): [client
192.168.1.215] Zlib: Compressed 4232 to 1682 : URL /NoAuth/Login.html,
referer: http://192.168.1.72/NoAuth/Login.html
and apache2/error.log show this
[Wed May 25 18:51:43 2011] [error]: FAILED LOGIN for asif from
192.168.1.215 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:639)
# egrep -v "^[[:space:]]*#|^$" /opt/rt4/etc/RT_SiteConfig.pm
Set( $rtname, 'example.com');
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
1;
# egrep -v "^[[:space:]]*#|^$"
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Set($ExternalAuthPriority, [ 'My_LDAP',
'My_MySQL',
'My_SSO_Cookie'
]
);
Set($ExternalInfoPriority, [ 'My_MySQL',
'My_LDAP'
]
);
Set($ExternalServiceUsesSSLorTLS, 1); # <== set this to `1' for
TLS. tried with `0' as well and failed
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
'My_MySQL' => { ## GENERIC SECTION
'type'
=> 'db',
'server'
=> 'server.domain.tld',
'database'
=> 'DB_NAME',
'table'
=> 'USERS_TABLE',
'user'
=> 'DB_USER',
'pass'
=> 'DB_PASS',
'port'
=> 'DB_PORT',
'dbi_driver'
=> 'DBI_DRIVER',
'u_field'
=> 'username',
'p_field'
=> 'password',
'p_enc_pkg'
=> 'Crypt::MySQL',
'p_enc_sub'
=> 'password',
'd_field'
=> 'disabled',
'd_values'
=> ['0'],
'attr_match_list' => [ 'Gecos',
'Name'
],
'attr_map'
=> { 'Name' => 'username',
'EmailAddress' => 'email',
'ExternalAuthId' => 'username',
'Gecos' => 'userID'
}
},
'My_LDAP' => { ## GENERIC SECTION
'type'
=> 'ldap',
'server'
=> 'ldaps://192.168.1.7:1636',
'user'
=> 'sysldapq',
'pass'
=> 'secret',
'debug' => 255,
'base'
=> 'ou=People,dc=mnet,dc=example,dc=com',
'filter'
=> '(objectclass=mnetperson)',
'd_filter'
=> '(objectclass=blah)',
'tls'
=> 1, # <== set this to `1' for tls. failed with
`0' as well
'ssl_version'
=> 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [ 'Name',
'EmailAddress',
],
'attr_map'
=> { 'Name' => 'uid',
'EmailAddress' => 'mail',
'Organization' => 'companynumber',
'RealName' => 'cn',
'ExternalAuthId' => 'uid',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'street',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode'
'Country' => 'nationname'
}
},
'My_SSO_Cookie' => { # # The type
of service (db/ldap/cookie)
'type'
=> 'cookie',
'name'
=> 'loginCookieValue',
'u_table'
=> 'users',
'u_field'
=> 'username',
'u_match_key'
=> 'userID',
'c_table'
=> 'login_cookie',
'c_field'
=> 'loginCookieValue',
'c_match_key'
=> 'loginCookieUserID',
'db_service_name' => 'My_MySQL'
}
}
);
1;
I can login as root with local password.
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
More information about the rt-users
mailing list