[rt-users] (RT::Authen::ExternalAuth) "email exists" problem authenticating trough AD

Maximilien Drouet mdrouet at randco.fr
Mon Sep 2 08:30:01 EDT 2013


Hi,


After many searches, it works for some of my users and don't work for some
others.
Is it possible that parameter $RTAddressRegexp interfers with
RT::Authen::ExternalAuth
?

On Active directory side no error, only successes logs.

Do you no about any other debug options I could use ?




Thanks


On Wed, Aug 21, 2013 at 12:33 PM, Maximilien Drouet <mdrouet at randco.fr>wrote:

> Hi Nathan,
>
> After many searchs with your help and our AD Administrator we found that
> the account was not authorized.
>
> I was given another one and now, command line binds and authenticate well
> but no chance with RT. Here is the command line
>
> ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D
> 'mydomain\ldapuser' -W -b ou=FR,dc=mydomain,dc=local uid=mysuer
>
> and the output.
>
>
> dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
> Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
>  v
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Firstname Lastname
> sn: Lastname
> c: FR
> l: city
> title: myTitle
> postalCode: Zipcode
> physicalDeliveryOfficeName: z - y - x
> telephoneNumber: myTelephonenumber
> givenName: FirstName
> distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
> Clients,OU=mydomain,OU=FR,
>  DC=mydomain,DC=local
> instanceType: 4
> whenCreated: 20100701014148.0Z
> whenChanged: 20130821001737.0Z
> displayName: Firstname Lastname
> uSNCreated: 73679
> memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
> memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
> memberOf:
> CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
> uSNChanged: 10019507
> co: FRANCE
> department: z - y - x
> streetAddress: myaddress
> name: Firstname Lastname
> objectGUID:: l8cI/GO3KEOyA0E8neccKA==
> userAccountControl: 544
> badPwdCount: 0
> codePage: 0
> countryCode: 250
> badPasswordTime: 130215493735596806
> lastLogoff: 0
> lastLogon: 130214762950697235
> pwdLastSet: 130214610102266437
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAEQz3vwuoUpdtKTGZJPEAAA==
> accountExpires: 130251384000000000
> logonCount: 197
> sAMAccountName: mysuer
> sAMAccountType: 805306368
> userPrincipalName: mymail
> lockoutTime: 0
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
> dSCorePropagationData: 20130524093118.0Z
> dSCorePropagationData: 20130523093743.0Z
> dSCorePropagationData: 16010101000001.0Z
> lastLogonTimestamp: 130214610103032919
> uid: mysuer
> mail: mymail
>
>
>
> I'm quite confused with the RT configuration file and it's option, even
> looking at the documentation I'm a litte bit lost, maybe the problem is
> there.
>
> Here is the RT_Config extract
>
> # External Authentication Configuration
> Set($ExternalAuthPriority,  [ 'My_LDAP']);
> Set($ExternalInfoPriority,  [ 'My_LDAP']);
> Set($ExternalSettings, {
>
>   # AN EXAMPLE LDAP SERVICE
>     'My_LDAP'       =>  {
>         'type'                      =>  'ldap',
>         'server'                    =>  'myserver.mydomain.local',
>         'user'                      =>  'ldapaccount',
>         'pass'                      =>  'ldapaccountpassword',
>         'base'                      =>  'ou=FR,dc=mydomain,dc=local',
>         'filter'                    =>
>  '(&(ObjectCategory=User)(ObjectClass=Person))',
>
>         'd_filter'                  =>
>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>         'group'                     =>  'OU=Users &
> Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
>         'group_attr'                =>  'member',
>         'tls'                       =>  0,
>         'ssl_version'               =>  3,
>
>         'net_ldap_args'             => [    version =>  3   ],
>         'group_scope'               =>  'base',
>         'group_attr_value'          =>  '*',
>         'attr_match_list'           => ['Name'],
>         'attr_map' => {
>             'Name' => 'sAMAccountName',
>             'EmailAddress' => 'mail',
>             'Organization' => 'physicalDeliveryOfficeName',
>             'RealName' => 'cn',
>             'ExternalAuthId' => 'sAMAccountName',
>             'Gecos' => 'sAMAccountName',
>             'WorkPhone' => 'telephoneNumber',
>             'Address1' => 'streetAddress',
>             'City' => 'l',
>             'State' => 'st',
>             'Zip' => 'postalCode',
> 'Country' => 'co'
>         },
>     },
> } );
>
>
> Any other Idea ?
>
>
> --
> Regards
>
> Maximilien
>
>
>
>
>


-- 
Regards


Maximilien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130902/1b464102/attachment.html>


More information about the rt-users mailing list