[rt-users] External Auth using Active Directory 2008
Howell, Van
van.howell at lcu.edu
Thu Feb 2 11:16:53 EST 2012
# cat RT_SiteConfig.pm
Set($ExternalAuthPriority, [ 'My_LDAP',] );
Set($ExternalInfoPriority, [ 'My_LDAP',] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'zeus.mydomain.edu',
'user' => 'CN=LDAPRT,OU=CampusServices,DC=mydomain,DC=mydomain,DC=edu',
'pass' => '*********',
'base' => 'DC=mydomain,DC=mydomain,DC=edu',
'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
# 'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'group' => 'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu',
'group_attr' => 'member',
'attr_match_list' => [ 'Name', 'EmailAddress' ],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
EOF
I do not have Debugging turned on. I am going to need some help turning it on since this is new to me.
Here are some errors from /var/log/messages...
This is a failed attempt...
Feb 1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can't bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)
Feb 1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
Here is a successful attemt....
Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): test.account (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
Feb 2 10:14:02 localhost RT: Couldn't enable user 28 (/opt/rt4/sbin/../lib/RT/User.pm:1066)
Feb 2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per External Service (, ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: , Country: , EmailAddress: test.account at LCU.EDU, ExternalAuthId: test.account, Gecos: test.account, Name: test.account, Organization: , RealName: Test Account, State: , WorkPhone: , Zip: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Feb 2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)
Van Howell
System Administrator
Lubbock Christian University
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Wednesday, February 01, 2012 5:33 PM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008
On Wed, Feb 01, 2012 at 11:04:38PM +0000, Howell, Van wrote:
> I have added several users into the RTUsers group I set up in AD.
>
> The AD Administrator, a common Domain User called Test.Account that is located in the OU with
> all my other users, my personal account also located in the OU with all the other users and an
> alternate administrative account I use.
>
>
>
> I can logon to RT with the AD Administrator account. I can logon to RT with the Test.Account
> and I can log in using my alternate account. But I cannot logon using my personal account. I
> also had my assistant test with her account and she cannot log on.
>
> I have studied the problem and cannot find anything unique about the accounts that cannot
> logon.
We really need to see your configuration for RT-Authen-ExternalAuth and your logs for the failed login, turned up to debug.
-kevin
More information about the rt-users
mailing list