[rt-users] LDAP ExternalAuth broken after upgrade from 4.0.2 to 4.0.4

Kevin Falcone falcone at bestpractical.com
Wed Nov 23 13:53:22 EST 2011


On Wed, Nov 23, 2011 at 11:46:44AM -0600, Karl Boyken wrote:
> We run RT on RedHat Enterprise Server 6.1, with Perl 5.14.2.  We set
> up RT::ExternalAuth to authenticate against our OpenLDAP server, and
> it works fine with RT 4.0.2.  But after upgrading to RT 4.0.4, LDAP
> authentication breaks.  I'd appreciate any helpful ideas.  Here's
> the relevant log entry--it's an LDAP bind() error:
> 
> 
> Nov 23 11:27:28 serv07 RT:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_OPERATIONS_ERROR 1 (/path_to_our_RT/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)

This usually means that the LDAP server rejected you in some way.
You may find more information in the server logs, you may also set
net_ldap_args => [ debug => 2 or 8 ] in addition to your current args
to get back the full dumps of packets coming over the wire.
Please note that the debug dumps may contain privileged info, so it's
really just a debugging shim.

-kevin

> This is the relevant section of our RT_SiteConfig.pm file (where
> values beginning with "our" have been changed for posting):
> 
> 
> # To enable RT::Authen::ExternalAuth
> Set(@Plugins, qw(RT::Authen::ExternalAuth));
> 
> # RT::Authen::ExternalAuth settings
> # For information on configuring RT::Authen::ExternalAuth, see
> # $RT_HOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
> 
> Set($ExternalAuthPriority, ['DIVMS_LDAP',]);
> Set($ExternalInfoPriority, ['DIVMS_LDAP',]);
> Set($ExternalServiceUsesSSLorTLS, 1);
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings,
>     {
>      'DIVMS_LDAP' => {
>                       'type' => 'ldap',
>                       'server' => 'our_server',
>                       'user' => 'our_cn',
>                       'pass' => 'our_password',
>                       'base' => 'our_base',
>                       'filter' => '(objectClass=*)',
>                       'd_filter' => '(objectClass=FooBarBaz)',
>                       'tls' => 1,
>                       'ssl_version' => 1,
>                       'net_ldap_args' => [ port => 389, version => 3 ],
>                       'group' => '',
>                       'group_attr' => '',
>                       'attr_match_list' => [ 'Name', 'EmailAddress', ],
>                       'attr_map' => {
>                                      'Name' => 'uid',
>                                      'EmailAddress' => 'mail',
>                                      'RealName' => 'gecos',
>                                      'ExternalAuthId' => 'uid',
>                                      'Gecos' => 'uid',
>                                     }
>                      }
>     }
> );
> 
> -- 
> Karl Boyken, system administrator karl-boyken at uiowa.edu
> 303A MLH, Dept. of Comp. Sci. http://www.cs.uiowa.edu/~boyken/
> The U. of Iowa, Iowa City, IA  52242   319-335-2730 (voice)
> 319-335-3668 (fax)
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  Barcelona, Spain  November 28 & 29, 2011
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111123/9420b425/attachment.sig>


More information about the rt-users mailing list