[rt-users] Transitory error on login (LDAP against AD)

Zhang,Jun JHZhang at mdanderson.org
Fri Mar 2 13:16:15 EST 2012


Thomas,
     Since I'm new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
     Thanks.

Jun

Set( $DatabaseUser, 'rt_user' );
Set( $CorrespondAddress, 'x2 at mdanderson.org' );
Set( $rtname, 'xrt.mdanderson.edu' );
Set( $DatabaseRequireSSL, '' );
Set( $WebPort, '80' );
Set( $Organization, 'mdanderson.edu' );
Set( $DatabaseType, 'mysql' );
Set( $DatabasePort, '' );
Set( $DatabasePassword, 'password' );
Set( $DatabaseAdmin, 'root' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'xrt.mdanderson.edu' );
Set( $DatabaseAdminPassword, '' );
Set( $CommentAddress, 'x at mdanderson.org' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $OwnerEmail, 'x2 at mdanderson.org' );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority,  [ 'My_MySQL',
                              'My_LDAP'
                            ]
);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    0);
Set($ExternalSettings,      {
                                'My_MySQL'   =>  {     
                                                        'type'                      =>  'db',
                                                        'server'                    =>  'dqsrt.mdanderson.edu',
                                                        'database'                  =>  'rt4',
                                                        'table'                     =>  'Users',
                                                        'user'                      =>  'rt_user',
                                                        'pass'                      =>  'password',
                                                        'port'                      =>  '3306',
                                                        'dbi_driver'                =>  'mysql',
                                                        'u_field'                   =>  'Name',
                                                        'p_field'                   =>  'Password',
                                                        'p_enc_pkg'                 =>  'Crypt::MySQL',
                                                        'p_enc_sub'                 =>  'password',
                                                        'd_field'                   =>  'disabled',
                                                        'd_values'                  =>  ['0'],
                                                        'attr_map'                  =>  {   'Name' => 'Name',                                                                                        }
                                                  },
                                'My_LDAP'       =>  {   
                                                        'type'                      =>  'ldap',
                                                        'server'                    =>  'dcpwpdc1.mdanderson.edu',
                                                        'user'                      =>  's_dqs_svn',
                                                        'pass'                    =>  'Juoo9k88',
                                                        'base'                      =>  'ou=people,dc=mdanderson,dc=edu',
                                                        'd_filter'  =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                                        'tls'                       =>  0,
                                                        'ssl_version'              => 3,
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        'attr_map'                  =>  {   'Name' => 'samaccountname',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'physicaldeliveryofficename',
                                                                                            'RealName' => 'gecos',
                                                                                            'ExternalAuthId' => 'sAMAccountName',
                                                                                            'Gecos' => 'gecos',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    }
                                }
);
1;

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Friday, March 02, 2012 11:57 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)

On 03/02/2012 12:48 PM, Zhang,Jun wrote:
> I got the same error and I understand this must be minors, since my AD 
> user is authenticated. The Users table in my rt4 database doesn't have 
> a column called 'disable'. Removing the d_field line in 
> RT_SiteConfig.pm and the error no longer show up. Looks like a bug.

It is a severe misconfiguration to add the internal RT Users table as a DBI auth source in RT::Authen::ExternalAuth.  Don't do that.
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5 & 6, 2012



More information about the rt-users mailing list