[rt-users] Transitory error on login (LDAP against AD)
Ryan Backman
rbackman at georgefox.edu
Fri Mar 2 13:56:18 EST 2012
Your My_LDAP 'user' needs to be the fully qualified 'CN=s_dqs_svn,
ou=people,dc=mdanderson,dc=edu'. And I hope that is a bogus password!
Otherwise, I would change it.
=+=+=+=+=+=+=+=+=+
Ryan Backman
Programmer / Analyst
George Fox University
=+=+=+=+=+=+=+=+=+
On Fri, Mar 2, 2012 at 10:16 AM, Zhang,Jun <JHZhang at mdanderson.org> wrote:
> Thomas,
> Since I'm new to RT, could you please tell where I did wrong in
> configuration? May be I need to change the order of the
> ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
> Thanks.
>
> Jun
>
> Set( $DatabaseUser, 'rt_user' );
> Set( $CorrespondAddress, 'x2 at mdanderson.org' );
> Set( $rtname, 'xrt.mdanderson.edu' );
> Set( $DatabaseRequireSSL, '' );
> Set( $WebPort, '80' );
> Set( $Organization, 'mdanderson.edu' );
> Set( $DatabaseType, 'mysql' );
> Set( $DatabasePort, '' );
> Set( $DatabasePassword, 'password' );
> Set( $DatabaseAdmin, 'root' );
> Set( $SendmailPath, '/usr/sbin/sendmail' );
> Set( $WebDomain, 'xrt.mdanderson.edu' );
> Set( $DatabaseAdminPassword, '' );
> Set( $CommentAddress, 'x at mdanderson.org' );
> Set( $DatabaseHost, 'localhost' );
> Set( $DatabaseName, 'rt4' );
> Set( $OwnerEmail, 'x2 at mdanderson.org' );
> Set( @Plugins, qw(RT::Authen::ExternalAuth) );
>
> Set($ExternalAuthPriority, [ 'My_MySQL',
> 'My_LDAP'
> ]
> );
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, {
> 'My_MySQL' => {
> 'type'
> => 'db',
> 'server'
> => 'dqsrt.mdanderson.edu',
> 'database'
> => 'rt4',
> 'table'
> => 'Users',
> 'user'
> => 'rt_user',
> 'pass'
> => 'password',
> 'port'
> => '3306',
> 'dbi_driver'
> => 'mysql',
> 'u_field'
> => 'Name',
> 'p_field'
> => 'Password',
> 'p_enc_pkg'
> => 'Crypt::MySQL',
> 'p_enc_sub'
> => 'password',
> 'd_field'
> => 'disabled',
> 'd_values'
> => ['0'],
> 'attr_map'
> => { 'Name' => 'Name',
> }
> },
> 'My_LDAP' => {
> 'type'
> => 'ldap',
> 'server'
> => 'dcpwpdc1.mdanderson.edu',
> 'user'
> => 's_dqs_svn',
> 'pass'
> => 'Juoo9k88',
> 'base'
> => 'ou=people,dc=mdanderson,dc=edu',
> 'd_filter' =>
> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
> 'tls'
> => 0,
> 'ssl_version'
> => 3,
> 'net_ldap_args'
> => [ version => 3 ],
> 'attr_map'
> => { 'Name' => 'samaccountname',
>
> 'EmailAddress' => 'mail',
>
> 'Organization' => 'physicaldeliveryofficename',
>
> 'RealName' => 'gecos',
>
> 'ExternalAuthId' => 'sAMAccountName',
>
> 'Gecos' => 'gecos',
>
> 'WorkPhone' => 'telephoneNumber',
>
> 'Address1' => 'streetAddress',
>
> 'City' => 'l',
>
> 'State' => 'st',
>
> 'Zip' => 'postalCode',
>
> 'Country' => 'co'
>
> }
> }
> }
> );
> 1;
>
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com [mailto:
> rt-users-bounces at lists.bestpractical.com] On Behalf Of Thomas Sibley
> Sent: Friday, March 02, 2012 11:57 AM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Transitory error on login (LDAP against AD)
>
> On 03/02/2012 12:48 PM, Zhang,Jun wrote:
> > I got the same error and I understand this must be minors, since my AD
> > user is authenticated. The Users table in my rt4 database doesn't have
> > a column called 'disable'. Removing the d_field line in
> > RT_SiteConfig.pm and the error no longer show up. Looks like a bug.
>
> It is a severe misconfiguration to add the internal RT Users table as a
> DBI auth source in RT::Authen::ExternalAuth. Don't do that.
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston March 5 & 6, 2012
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston March 5 & 6, 2012
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120302/ea9da928/attachment.htm>
More information about the rt-users
mailing list