[rt-users] Regarding External Authentication using LDAP

bharath reddy vangoor.bharath at gmail.com
Tue Oct 13 22:38:29 EDT 2015


Hi Anton,

I used following block in my RT_SiteConfig :

Set(@Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, ["My_LDAP"]);

Set($ExternalInfoPriority, ["My_LDAP"]);

Set($AutoCreateNonExternalUsers,    1);


Set($ExternalSettings, {

                         'My_LDAP'       =>  {   ## GENERIC SECTION

                                                  'type'    =>  'ldap',

                                                  'server'  =>  '
vmns1.cs.sunysb.edu',

                                                   'user'  =>  'CN=Recruit
LDAP user,OU=Service Accounts,OU=SBCS,DC=cs,DC=stonybrook,DC=edu',

                                                   'pass'   =>  '*******',

                                                   'base'   =>
'ou=SBCS,dc=cs,dc=stonybrook,DC=edu',

                                                 #  'filter'   =>
'((&(objectCategory=Users)))',

                                                    filter =>
'(objectClass=*)',

                                                   'd_filter'  =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',

                                                #    'd_filter' =>
'(&(objectCategory=User) (ObjectClass=Person))' ,

                                                   'tls'      =>  1,

                                                   'ssl_version' =>  3,

                                                   'net_ldap_args' => [
version =>  3   ],

                                                 #  'group'        =>
'CN=Domain Users,CN=Users,DC=cs,DC=stonybrook,DC=edu',

                                                 #  'group_attr'   =>
'member',

                                                   'attr_match_list'  => [
  'Name',


  'EmailAddress'

                                                                         ],

                                                   'attr_map'         =>  {
  'Name' => 'sAMAccountName',


  'EmailAddress' => 'mail'  }

                                              }

                   }

   );

Is anything that I'm missing ?

Thanks,
Bharath.


On Tue, Oct 13, 2015 at 8:04 PM, Anton Panetta <
anton.panetta at haircareaust.com> wrote:

> Whats the block you put in your RT_SiteConfig relating to external auth?
>
>
>
>
>
>
>
> *From:* rt-users [mailto:rt-users-bounces at lists.bestpractical.com] *On
> Behalf Of *bharath reddy
> *Sent:* Wednesday, 14 October 2015 3:58 AM
> *To:* RT-List <rt-users at lists.bestpractical.com>
> *Subject:* [rt-users] Regarding External Authentication using LDAP
>
>
>
> Dear All,
>
>
>
> I followed the link https://metacpan.org/pod/RT::Authen::ExternalAuth and
> made required changes and then restarted my apache server. But when I'm
> logging into the RT from web it fails with :
>
> "*Your username or password is incorrect*"
>
>
>
> But user exists in the LDAP.
>
>
>
> Log file contains :
>
> [22441] [Tue Oct 13 16:58:25 2015] [error]: FAILED LOGIN for
> <my_user_name> from 130.245.10.107 (/rt/lib//RT/Interface/Web.pm:810)
>
>
>
> From the code(/rt/lib//RT/Interface/Web.pm) it fails at this point :
>
>
>
>     unless ( $user_obj->id && $user_obj->IsPassword( $ARGS->{pass} ) ) {
>
>         $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from
> $ENV{'REMOTE_ADDR'}");
>
>
>
> Can any one help me how to change the flow to authenticate from LDAP i.e
> it should check the username and password against the LDAP and not from DB.
>
>
>
> Any help or pointers to this issue will be appreciated.
>
>
>
> Thanks,
>
> Bharath.
> The information contained in this email message and any attachments may be
> confidential information. If you are not the intended recipient, any use,
> interference with, disclosure or copying of this material is unauthorised
> and prohibited. If you have received this email in error, please advise us
> immediately and delete the email and all copies. The content and opinions
> in non-business email are not necessarily those of Haircare Australia.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151013/84691997/attachment.html>


More information about the rt-users mailing list