[rt-users] (RT::Authen::ExternalAuth) "email exists" problem authenticating trough AD
Maximilien Drouet
mdrouet at randco.fr
Wed Aug 21 06:33:28 EDT 2013
Hi Nathan,
After many searchs with your help and our AD Administrator we found that
the account was not authorized.
I was given another one and now, command line binds and authenticate well
but no chance with RT. Here is the command line
ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D 'mydomain\ldapuser'
-W -b ou=FR,dc=mydomain,dc=local uid=mysuer
and the output.
dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
v
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Firstname Lastname
sn: Lastname
c: FR
l: city
title: myTitle
postalCode: Zipcode
physicalDeliveryOfficeName: z - y - x
telephoneNumber: myTelephonenumber
givenName: FirstName
distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
Clients,OU=mydomain,OU=FR,
DC=mydomain,DC=local
instanceType: 4
whenCreated: 20100701014148.0Z
whenChanged: 20130821001737.0Z
displayName: Firstname Lastname
uSNCreated: 73679
memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
memberOf:
CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
uSNChanged: 10019507
co: FRANCE
department: z - y - x
streetAddress: myaddress
name: Firstname Lastname
objectGUID:: l8cI/GO3KEOyA0E8neccKA==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 250
badPasswordTime: 130215493735596806
lastLogoff: 0
lastLogon: 130214762950697235
pwdLastSet: 130214610102266437
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAEQz3vwuoUpdtKTGZJPEAAA==
accountExpires: 130251384000000000
logonCount: 197
sAMAccountName: mysuer
sAMAccountType: 805306368
userPrincipalName: mymail
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dSCorePropagationData: 20130524093118.0Z
dSCorePropagationData: 20130523093743.0Z
dSCorePropagationData: 16010101000001.0Z
lastLogonTimestamp: 130214610103032919
uid: mysuer
mail: mymail
I'm quite confused with the RT configuration file and it's option, even
looking at the documentation I'm a litte bit lost, maybe the problem is
there.
Here is the RT_Config extract
# External Authentication Configuration
Set($ExternalAuthPriority, [ 'My_LDAP']);
Set($ExternalInfoPriority, [ 'My_LDAP']);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => {
'type' => 'ldap',
'server' => 'myserver.mydomain.local',
'user' => 'ldapaccount',
'pass' => 'ldapaccountpassword',
'base' => 'ou=FR,dc=mydomain,dc=local',
'filter' =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'group' => 'OU=Users &
Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
'group_attr' => 'member',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'group_scope' => 'base',
'group_attr_value' => '*',
'attr_match_list' => ['Name'],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
} );
Any other Idea ?
--
Regards
Maximilien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130821/750a3449/attachment.htm>
More information about the rt-users
mailing list