[rt-users] Regarding External Authentication using LDAP

Bob Shaker rshaker at ARDENCOMPANIES.COM
Wed Oct 14 08:53:32 EDT 2015


What Version of RT are you running? If you are using 4.2 or greater (you should be if you’re setting up a new instance) you need to
Replace this line

Set(@Plugins, qw(RT::Authen::ExternalAuth) );
With this line
Plugin('RT::Authen::ExternalAuth');

From: rt-users [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of bharath reddy
Sent: Tuesday, October 13, 2015 10:38 PM
To: Anton Panetta <anton.panetta at haircareaust.com>
Cc: RT-List <rt-users at lists.bestpractical.com>
Subject: Re: [rt-users] Regarding External Authentication using LDAP

Hi Anton,

I used following block in my RT_SiteConfig :


Set(@Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, ["My_LDAP"]);

Set($ExternalInfoPriority, ["My_LDAP"]);

Set($AutoCreateNonExternalUsers,    1);



Set($ExternalSettings, {

                         'My_LDAP'       =>  {   ## GENERIC SECTION

                                                  'type'    =>  'ldap',

                                                  'server'  =>  'vmns1.cs.sunysb.edu<http://vmns1.cs.sunysb.edu>',

                                                   'user'  =>  'CN=Recruit LDAP user,OU=Service Accounts,OU=SBCS,DC=cs,DC=stonybrook,DC=edu',

                                                   'pass'   =>  '*******',

                                                   'base'   =>  'ou=SBCS,dc=cs,dc=stonybrook,DC=edu',

                                                 #  'filter'   =>  '((&(objectCategory=Users)))',

                                                    filter => '(objectClass=*)',

                                                   'd_filter'  =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',

                                                #    'd_filter' => '(&(objectCategory=User) (ObjectClass=Person))' ,

                                                   'tls'      =>  1,

                                                   'ssl_version' =>  3,

                                                   'net_ldap_args' => [    version =>  3   ],

                                                 #  'group'        =>  'CN=Domain Users,CN=Users,DC=cs,DC=stonybrook,DC=edu',

                                                 #  'group_attr'   =>  'member',

                                                   'attr_match_list'  => [    'Name',

                                                                              'EmailAddress'

                                                                         ],

                                                   'attr_map'         =>  {   'Name' => 'sAMAccountName',

                                                                              'EmailAddress' => 'mail'  }

                                              }

                   }

   );

Is anything that I'm missing ?

Thanks,
Bharath.


On Tue, Oct 13, 2015 at 8:04 PM, Anton Panetta <anton.panetta at haircareaust.com<mailto:anton.panetta at haircareaust.com>> wrote:
Whats the block you put in your RT_SiteConfig relating to external auth?



From: rt-users [mailto:rt-users-bounces at lists.bestpractical.com<mailto:rt-users-bounces at lists.bestpractical.com>] On Behalf Of bharath reddy
Sent: Wednesday, 14 October 2015 3:58 AM
To: RT-List <rt-users at lists.bestpractical.com<mailto:rt-users at lists.bestpractical.com>>
Subject: [rt-users] Regarding External Authentication using LDAP

Dear All,

I followed the link https://metacpan.org/pod/RT::Authen::ExternalAuth and made required changes and then restarted my apache server. But when I'm logging into the RT from web it fails with :
"Your username or password is incorrect"

But user exists in the LDAP.

Log file contains :
[22441] [Tue Oct 13 16:58:25 2015] [error]: FAILED LOGIN for <my_user_name> from 130.245.10.107 (/rt/lib//RT/Interface/Web.pm:810)

From the code(/rt/lib//RT/Interface/Web.pm) it fails at this point :

    unless ( $user_obj->id && $user_obj->IsPassword( $ARGS->{pass} ) ) {
        $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from $ENV{'REMOTE_ADDR'}");

Can any one help me how to change the flow to authenticate from LDAP i.e it should check the username and password against the LDAP and not from DB.

Any help or pointers to this issue will be appreciated.

Thanks,
Bharath.
The information contained in this email message and any attachments may be confidential information. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. If you have received this email in error, please advise us immediately and delete the email and all copies. The content and opinions in non-business email are not necessarily those of Haircare Australia. [Image removed by sender.]


________________________________

ARDEN
A Global Company
Celebrating over 50 years of making your life more comfortable!

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.

This OUTBOUND E-mail and Document(s) has been scanned by an Antivirus Server.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151014/63548f9b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151014/63548f9b/attachment.jpg>


More information about the rt-users mailing list