[rt-users] My_LDAP AUTH FAILED error with ExternalAuth

Tamas McCoy tamas.mccoy at mclendons.com
Thu Nov 14 17:33:18 EST 2013


I'm not very familiar with Linux or Perl and have mostly been following guides that I can find from Google in getting RT set up for my company. I'm running a Ubuntu 13.10 server with RT 4.2 and ExternalAuth (installed via CPAN) to connect to Active Directory. I've run into roadblocks nearly every step of the way but I feel like I'm almost there. I was able to log on with AD credentials at one point (taking me to an error page first but I was logged in when returning to the main page) but once I added the 'group' and 'group_attr' settings, it's now not letting me log in.

Apache's error log when attempting to log in:

[10263] [Thu Nov 14 20:01:23 2013] [info]: My_LDAP AUTH FAILED: tamas.mccoy (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:289)
[10263] [Thu Nov 14 20:01:23 2013] [error]: FAILED LOGIN for tamas.mccoy from 192.168.1.68 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814)

My RT_SiteConfig.pm:

Set( $rtname, 'McLendon Hardware');
Set( $Organization, 'corp.mclendons.com');
Set( $Timezone, 'US/Pacific');
Set( $WebDomain, 'snip');
Set( $WebPort, 80);
Set( $WebPath, '');
Set( $DatabasePassword, 'snip');
Set( $LogoLinkURL, 'snip');
Set( $LogToSyslog, 'debug');

Set(@Plugins, qw (
        RT::Extension::MandatorySubject
        RT::Authen::ExternalAuth
));

### ACTIVE DIRECTORY CONNECTION
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    0);
Set($ExternalSettings, {
    'My_LDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  '192.168.100.215',
        'user'                      =>  'MCLENDONS/snip',
        'pass'                      =>  'snip',
        'base'                      =>  'dc=corp,dc=mclendons,dc=com',
        'filter'                    =>  '(objectClass=*)',
        'd_filter'                  =>  'UserAccountControl:1.2.840.113556.1.4.803:=2',
        'group'                     =>  'CN=Domain Users,CN=Users,DC=corp,DC=mclendons,DC=com',
        'group_attr'                =>  'memberOf',
        'tls'                       =>  0,
        'ssl_version'               =>  3,
        'net_ldap_args'             => [    version =>  3, port => 3268   ],
#        'group_scope'               =>  'base',
#        'group_attr_value'          =>  'GROUP_ATTR_VALUE',
        'attr_match_list' => [
            'Name',
            'EmailAddress',
            'RealName',
        ],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'Organization' => 'physicalDeliveryOfficeName',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
            'WorkPhone' => 'telephoneNumber',
            'Address1' => 'streetAddress',
            'City' => 'l',
            'State' => 'st',
            'Zip' => 'postalCode',
            'Country' => 'co'
        },
    },
} );


1;

Tamas McCoy
IT Assistant
McLendon Hardware, Inc.
tamas.mccoy at mclendons.com<mailto:tamas.mccoy at mclendons.com>



All email sent via the McLendon Hardware Email System is for business use
only.

Using this email system for any other purpose is strictly prohibited. This email
and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. 

If you are not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this information
is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20131114/33a5958d/attachment.html>


More information about the rt-users mailing list