[rt-users] External Auth using Active Directory 2008

Howell, Van van.howell at lcu.edu
Thu Feb 2 11:16:53 EST 2012


# cat RT_SiteConfig.pm
Set($ExternalAuthPriority,           [ 'My_LDAP',] );
Set($ExternalInfoPriority,           [ 'My_LDAP',] );
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,     0);

Set($ExternalSettings,      {
                     'My_LDAP'  =>  {

                                'type'              =>  'ldap',
                                'server'            =>  'zeus.mydomain.edu',
                                'user'              =>  'CN=LDAPRT,OU=CampusServices,DC=mydomain,DC=mydomain,DC=edu',
                                'pass'              =>  '*********',
                                'base'              =>  'DC=mydomain,DC=mydomain,DC=edu',

                                'filter'            =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
                                'd_filter'          =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',

                                'tls'               =>  0,
#                               'ssl_version'       =>  3,

                                'net_ldap_args'     => [ version => 3 ],
                                'group'             =>  'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu',
                                'group_attr'        =>  'member',

                                'attr_match_list'   => [   'Name', 'EmailAddress'   ],
                                'attr_map'          => {   'Name' => 'sAMAccountName',
                                                           'EmailAddress' => 'mail',
                                                           'Organization' => 'physicalDeliveryOfficeName',
                                                           'RealName' => 'cn',
                                                           'ExternalAuthId' => 'sAMAccountName',
                                                           'Gecos' => 'sAMAccountName',
                                                           'WorkPhone' => 'telephoneNumber',
                                                           'Address1' => 'streetAddress',
                                                           'City' => 'l',
                                                           'State' => 'st',
                                                           'Zip' => 'postalCode',
                                                           'Country' => 'co'
                                                        }
                                        }

                            }
);

1;
EOF


I do not have Debugging turned on. I am going to need some help turning it on since this is new to me.

Here are some errors from /var/log/messages...

This is a failed attempt...

Feb  1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can't bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)
Feb  1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)

Here is a successful attemt....

Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): test.account (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
Feb  2 10:14:02 localhost RT: Couldn't enable user 28 (/opt/rt4/sbin/../lib/RT/User.pm:1066)
Feb  2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per External Service (, ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
Feb  2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: , Country: , EmailAddress: test.account at LCU.EDU, ExternalAuthId: test.account, Gecos: test.account, Name: test.account, Organization: , RealName: Test Account, State: , WorkPhone: , Zip:  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Feb  2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)

Van Howell
System Administrator
Lubbock Christian University

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Wednesday, February 01, 2012 5:33 PM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008

On Wed, Feb 01, 2012 at 11:04:38PM +0000, Howell, Van wrote:
>    I have added several users into the RTUsers group I set up in AD.
> 
>    The AD Administrator, a common Domain User called Test.Account that is located in the OU with
>    all my other users, my personal account also located in the OU with all the other users and an
>    alternate administrative account I use.
> 
> 
> 
>    I can logon to RT with the AD Administrator account. I can logon to RT with the Test.Account
>    and I can log in using my alternate account. But I cannot logon using my personal account. I
>    also had my assistant test with her account and she cannot log on.
> 
>    I have studied the problem and cannot find anything unique about the accounts that cannot
>    logon.

We really need to see your configuration for RT-Authen-ExternalAuth and your logs for the failed login, turned up to debug.

-kevin




More information about the rt-users mailing list