[rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP
William Clarke
wclarke at simons-rock.edu
Fri Oct 3 13:50:54 EDT 2014
A little more info after checking rt4 logs:
Oct 3 10:20:16 rtracker6 RT: [16022]
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged:
Oct 3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke:
Could not set user info
Oct 3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from
10.30.2.210
On 10/3/2014 11:06 AM, William Clarke wrote:
> Sorry, I sent that a little prematurely..... RT shows your username or
> password is incorrect : (
>
> On 10/3/2014 10:58 AM, William Clarke wrote:
>> Hi all,
>>
>> CentOS6.5 \ Apache 2.2.15 \ Perl 5.18.2 \ MariaDB 5.5.39
>>
>> I followed these instructions for my RT build:
>> http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html
>>
>> I'm very new to RT. I've read up what I could find on CPAN, wiki and
>> Google and I'm not quite sure which way to go here. RT is connecting
>> to our ldap and a search result is found but the logs in ldap show
>> "closed (connection lost)" so I suspect RT isn't seeing\getting the
>> response back from LDAP. I have some examples below showing RT's LDAP
>> requests with logs as well as the same search run via command line.
>>
>> The main differences I can see in logs so far is command line test
>> sends "scope=2 deref=0" vs RT test "scope=2 deref=2" and also that
>> the RT test doesn't unbind and the connection is lost.
>>
>> Command line: ldapsearch -x -p 389 -h ldap.simons-rock.edu -b
>> ou=People,dc=simons-rock,dc=edu "(&(&(uid=*))(uid=wclarke))" mail uid
>>
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <ou=People,dc=simons-rock,dc=edu> with scope subtree
>> # filter: (&(&(uid=*))(uid=wclarke))
>> # requesting: mail uid
>> #
>>
>> # wclarke, People, simons-rock.edu
>> dn: uid=wclarke,ou=People,dc=simons-rock,dc=edu
>> uid: wclarke
>> mail: wclarke at simons-rock.edu
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> ---------------------------------------------------------------------------------------------------------------
>> Logs from ldap via command line - loglevel 256
>> ---------------------------------------------------------------------------------------------------------------
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 ACCEPT from
>> IP=10.30.2.36:51249 (IP=0.0.0.0:389)
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 BIND dn="" method=128
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 RESULT tag=97
>> err=0 text=
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH
>> base="ou=People,dc=simons-rock,dc=edu" scope=2 deref=0
>> filter="(&(&(uid=*))(uid=wclarke))"
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH attr=mail uid
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=2 UNBIND
>> Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 closed
>> ---------------------------------------------------------------------------------------------------------------
>> Logs from ldap when logging into RT - loglevel 256
>> ---------------------------------------------------------------------------------------------------------------
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 ACCEPT from
>> IP=10.30.2.36:51262 (IP=0.0.0.0:389)
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 BIND dn="" method=128
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 RESULT tag=97
>> err=0 text=
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH
>> base="ou=People,dc=simons-rock,dc=edu" scope=2 deref=2
>> filter="(&(&(uid=*))(uid=wclarke))"
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH attr=uid mail
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 closed
>> (connection lost)
>> ---------------------------------------------------------------------------------------------------------------
>> External Settings from: RT_SiteConfig.pm
>> ---------------------------------------------------------------------------------------------------------------
>> Set( $ExternalSettings, {
>> 'My_LDAP' => {
>> 'type' => 'ldap',
>> 'server' => 'ldap2.simons-rock.edu',
>> 'base' =>
>> 'ou=People,dc=simons-rock,dc=edu',
>> 'filter' => '(objectClass=*)',
>> 'net_ldap_args' => [ version => 3 ],
>>
>> 'attr_match_list' => [
>> 'Name',
>> 'EmailAddress',
>> ],
>> 'attr_map' => {
>> 'Name' => 'uid',
>> 'EmailAddress' => 'mail',
>> },
>> },
>> } );
>>
>> # You must install Plugins on your own, this is only an example
>> # of the correct syntax to use when activating them:
>> # Plugin( "RT::Extension::SLA" );
>> # Plugin( "RT::Authen::ExternalAuth" );
>>
>> Plugin( "RT::Authen::ExternalAuth" );
>> # Plugin( "RT::Extension::Assets" );
>> # plugin( "RT::Extension::Assets::Import::CSV" );
>> 1;
>> --
>>
>> William Clarke
>> ITS System Administrator
>> Bard College at Simon's Rock
>> 84 Alford Road
>> Great Barrington, MA 01230
>> (413) 528-7428 (voice)
>> (413) 528-7405 (fax)
>> wclarke at simons-rock.edu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20141003/7f4596da/attachment.htm>
More information about the rt-users
mailing list