[rt-users] (RT::Authen::ExternalAuth) "email exists" problem authenticating trough AD

Maximilien Drouet mdrouet at randco.fr
Wed Aug 21 06:33:28 EDT 2013


Hi Nathan,

After many searchs with your help and our AD Administrator we found that
the account was not authorized.

I was given another one and now, command line binds and authenticate well
but no chance with RT. Here is the command line

ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D 'mydomain\ldapuser'
-W -b ou=FR,dc=mydomain,dc=local uid=mysuer

and the output.


dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
 v
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Firstname Lastname
sn: Lastname
c: FR
l: city
title: myTitle
postalCode: Zipcode
physicalDeliveryOfficeName: z - y - x
telephoneNumber: myTelephonenumber
givenName: FirstName
distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
Clients,OU=mydomain,OU=FR,
 DC=mydomain,DC=local
instanceType: 4
whenCreated: 20100701014148.0Z
whenChanged: 20130821001737.0Z
displayName: Firstname Lastname
uSNCreated: 73679
memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
memberOf:
CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
uSNChanged: 10019507
co: FRANCE
department: z - y - x
streetAddress: myaddress
name: Firstname Lastname
objectGUID:: l8cI/GO3KEOyA0E8neccKA==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 250
badPasswordTime: 130215493735596806
lastLogoff: 0
lastLogon: 130214762950697235
pwdLastSet: 130214610102266437
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAEQz3vwuoUpdtKTGZJPEAAA==
accountExpires: 130251384000000000
logonCount: 197
sAMAccountName: mysuer
sAMAccountType: 805306368
userPrincipalName: mymail
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dSCorePropagationData: 20130524093118.0Z
dSCorePropagationData: 20130523093743.0Z
dSCorePropagationData: 16010101000001.0Z
lastLogonTimestamp: 130214610103032919
uid: mysuer
mail: mymail



I'm quite confused with the RT configuration file and it's option, even
looking at the documentation I'm a litte bit lost, maybe the problem is
there.

Here is the RT_Config extract

# External Authentication Configuration
Set($ExternalAuthPriority,  [ 'My_LDAP']);
Set($ExternalInfoPriority,  [ 'My_LDAP']);
Set($ExternalSettings, {
  # AN EXAMPLE LDAP SERVICE
    'My_LDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'myserver.mydomain.local',
        'user'                      =>  'ldapaccount',
        'pass'                      =>  'ldapaccountpassword',
        'base'                      =>  'ou=FR,dc=mydomain,dc=local',
        'filter'                    =>
 '(&(ObjectCategory=User)(ObjectClass=Person))',
        'd_filter'                  =>
 '(userAccountControl:1.2.840.113556.1.4.803:=2)',
        'group'                     =>  'OU=Users &
Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
        'group_attr'                =>  'member',
        'tls'                       =>  0,
        'ssl_version'               =>  3,
        'net_ldap_args'             => [    version =>  3   ],
        'group_scope'               =>  'base',
        'group_attr_value'          =>  '*',
        'attr_match_list'           => ['Name'],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'Organization' => 'physicalDeliveryOfficeName',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
            'WorkPhone' => 'telephoneNumber',
            'Address1' => 'streetAddress',
            'City' => 'l',
            'State' => 'st',
            'Zip' => 'postalCode',
'Country' => 'co'
        },
    },
} );


Any other Idea ?


-- 
Regards

Maximilien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130821/750a3449/attachment.htm>


More information about the rt-users mailing list