[rt-users] Transitory error on login (LDAP against AD)

Ryan Backman rbackman at georgefox.edu
Fri Mar 2 13:56:18 EST 2012


Your My_LDAP 'user' needs to be the fully qualified 'CN=s_dqs_svn,
ou=people,dc=mdanderson,dc=edu'.  And I hope that is a bogus password!
 Otherwise, I would change it.

=+=+=+=+=+=+=+=+=+
Ryan Backman
Programmer / Analyst
George Fox University
=+=+=+=+=+=+=+=+=+


On Fri, Mar 2, 2012 at 10:16 AM, Zhang,Jun <JHZhang at mdanderson.org> wrote:

> Thomas,
>     Since I'm new to RT, could you please tell where I did wrong in
> configuration? May be I need to change the order of the
> ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
>     Thanks.
>
> Jun
>
> Set( $DatabaseUser, 'rt_user' );
> Set( $CorrespondAddress, 'x2 at mdanderson.org' );
> Set( $rtname, 'xrt.mdanderson.edu' );
> Set( $DatabaseRequireSSL, '' );
> Set( $WebPort, '80' );
> Set( $Organization, 'mdanderson.edu' );
> Set( $DatabaseType, 'mysql' );
> Set( $DatabasePort, '' );
> Set( $DatabasePassword, 'password' );
> Set( $DatabaseAdmin, 'root' );
> Set( $SendmailPath, '/usr/sbin/sendmail' );
> Set( $WebDomain, 'xrt.mdanderson.edu' );
> Set( $DatabaseAdminPassword, '' );
> Set( $CommentAddress, 'x at mdanderson.org' );
> Set( $DatabaseHost, 'localhost' );
> Set( $DatabaseName, 'rt4' );
> Set( $OwnerEmail, 'x2 at mdanderson.org' );
> Set( @Plugins, qw(RT::Authen::ExternalAuth) );
>
> Set($ExternalAuthPriority,  [ 'My_MySQL',
>                              'My_LDAP'
>                            ]
> );
> Set($ExternalServiceUsesSSLorTLS,    0);
> Set($AutoCreateNonExternalUsers,    0);
> Set($ExternalSettings,      {
>                                'My_MySQL'   =>  {
>                                                        'type'
>          =>  'db',
>                                                        'server'
>          =>  'dqsrt.mdanderson.edu',
>                                                        'database'
>          =>  'rt4',
>                                                        'table'
>         =>  'Users',
>                                                        'user'
>          =>  'rt_user',
>                                                        'pass'
>          =>  'password',
>                                                        'port'
>          =>  '3306',
>                                                        'dbi_driver'
>          =>  'mysql',
>                                                        'u_field'
>         =>  'Name',
>                                                        'p_field'
>         =>  'Password',
>                                                        'p_enc_pkg'
>         =>  'Crypt::MySQL',
>                                                        'p_enc_sub'
>         =>  'password',
>                                                        'd_field'
>         =>  'disabled',
>                                                        'd_values'
>          =>  ['0'],
>                                                        'attr_map'
>          =>  {   'Name' => 'Name',
>                                                }
>                                                  },
>                                'My_LDAP'       =>  {
>                                                        'type'
>          =>  'ldap',
>                                                        'server'
>          =>  'dcpwpdc1.mdanderson.edu',
>                                                        'user'
>          =>  's_dqs_svn',
>                                                        'pass'
>        =>  'Juoo9k88',
>                                                        'base'
>          =>  'ou=people,dc=mdanderson,dc=edu',
>                                                        'd_filter'  =>
>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>                                                        'tls'
>         =>  0,
>                                                        'ssl_version'
>        => 3,
>                                                        'net_ldap_args'
>         => [    version =>  3   ],
>                                                        'attr_map'
>          =>  {   'Name' => 'samaccountname',
>
>                  'EmailAddress' => 'mail',
>
>                  'Organization' => 'physicaldeliveryofficename',
>
>                  'RealName' => 'gecos',
>
>                  'ExternalAuthId' => 'sAMAccountName',
>
>                  'Gecos' => 'gecos',
>
>                  'WorkPhone' => 'telephoneNumber',
>
>                  'Address1' => 'streetAddress',
>
>                  'City' => 'l',
>
>                  'State' => 'st',
>
>                  'Zip' => 'postalCode',
>
>                  'Country' => 'co'
>
>              }
>                                                    }
>                                }
> );
> 1;
>
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com [mailto:
> rt-users-bounces at lists.bestpractical.com] On Behalf Of Thomas Sibley
> Sent: Friday, March 02, 2012 11:57 AM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Transitory error on login (LDAP against AD)
>
> On 03/02/2012 12:48 PM, Zhang,Jun wrote:
> > I got the same error and I understand this must be minors, since my AD
> > user is authenticated. The Users table in my rt4 database doesn't have
> > a column called 'disable'. Removing the d_field line in
> > RT_SiteConfig.pm and the error no longer show up. Looks like a bug.
>
> It is a severe misconfiguration to add the internal RT Users table as a
> DBI auth source in RT::Authen::ExternalAuth.  Don't do that.
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston  March 5 & 6, 2012
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120302/ea9da928/attachment.htm>


More information about the rt-users mailing list