[rt-users] Regarding External Authentication using LDAP
bharath reddy
vangoor.bharath at gmail.com
Thu Oct 15 12:23:55 EDT 2015
Hi Bob,
I'm using RT version greater than 4.2 but I don't think that line is
causing the issue. I found following in the log file :
[1755] [Thu Oct 15 16:04:59 2015] [debug]: Attempting to use external auth
service: My_LDAP
(/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[1755] [Thu Oct 15 16:04:59 2015] [debug]: SSO Failed and no user to test
with. Nexting
(/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[1755] [Thu Oct 15 16:04:59 2015] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/rt/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
The user is not getting passed to LDAP I guess.
Thanks,
Bharath.
On Wed, Oct 14, 2015 at 8:53 AM, Bob Shaker <rshaker at ardencompanies.com>
wrote:
> What Version of RT are you running? If you are using 4.2 or greater (you
> should be if you’re setting up a new instance) you need to
>
> Replace this line
>
> Set(@Plugins, qw(RT::Authen::ExternalAuth) );
>
> With this line
>
> Plugin('RT::Authen::ExternalAuth');
>
>
>
> *From:* rt-users [mailto:rt-users-bounces at lists.bestpractical.com] *On
> Behalf Of *bharath reddy
> *Sent:* Tuesday, October 13, 2015 10:38 PM
> *To:* Anton Panetta <anton.panetta at haircareaust.com>
> *Cc:* RT-List <rt-users at lists.bestpractical.com>
> *Subject:* Re: [rt-users] Regarding External Authentication using LDAP
>
>
>
> Hi Anton,
>
>
>
> I used following block in my RT_SiteConfig :
>
>
>
> Set(@Plugins, qw(RT::Authen::ExternalAuth) );
>
> Set($ExternalAuthPriority, ["My_LDAP"]);
>
> Set($ExternalInfoPriority, ["My_LDAP"]);
>
> Set($AutoCreateNonExternalUsers, 1);
>
>
>
> Set($ExternalSettings, {
>
> 'My_LDAP' => { ## GENERIC SECTION
>
> 'type' => 'ldap',
>
> 'server' => '
> vmns1.cs.sunysb.edu',
>
> 'user' => 'CN=Recruit
> LDAP user,OU=Service Accounts,OU=SBCS,DC=cs,DC=stonybrook,DC=edu',
>
> 'pass' => '*******',
>
> 'base' =>
> 'ou=SBCS,dc=cs,dc=stonybrook,DC=edu',
>
> # 'filter' =>
> '((&(objectCategory=Users)))',
>
> filter =>
> '(objectClass=*)',
>
> 'd_filter' =>
> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>
> # 'd_filter' =>
> '(&(objectCategory=User) (ObjectClass=Person))' ,
>
> 'tls' => 1,
>
> 'ssl_version' => 3,
>
> 'net_ldap_args' => [
> version => 3 ],
>
> # 'group' =>
> 'CN=Domain Users,CN=Users,DC=cs,DC=stonybrook,DC=edu',
>
> # 'group_attr' =>
> 'member',
>
> 'attr_match_list' =>
> [ 'Name',
>
>
> 'EmailAddress'
>
> ],
>
> 'attr_map' =>
> { 'Name' => 'sAMAccountName',
>
>
> 'EmailAddress' => 'mail' }
>
> }
>
> }
>
> );
>
>
>
> Is anything that I'm missing ?
>
>
>
> Thanks,
>
> Bharath.
>
>
>
>
>
> On Tue, Oct 13, 2015 at 8:04 PM, Anton Panetta <
> anton.panetta at haircareaust.com> wrote:
>
> Whats the block you put in your RT_SiteConfig relating to external auth?
>
>
>
>
>
>
>
> *From:* rt-users [mailto:rt-users-bounces at lists.bestpractical.com] *On
> Behalf Of *bharath reddy
> *Sent:* Wednesday, 14 October 2015 3:58 AM
> *To:* RT-List <rt-users at lists.bestpractical.com>
> *Subject:* [rt-users] Regarding External Authentication using LDAP
>
>
>
> Dear All,
>
>
>
> I followed the link https://metacpan.org/pod/RT::Authen::ExternalAuth and
> made required changes and then restarted my apache server. But when I'm
> logging into the RT from web it fails with :
>
> "*Your username or password is incorrect*"
>
>
>
> But user exists in the LDAP.
>
>
>
> Log file contains :
>
> [22441] [Tue Oct 13 16:58:25 2015] [error]: FAILED LOGIN for
> <my_user_name> from 130.245.10.107 (/rt/lib//RT/Interface/Web.pm:810)
>
>
>
> From the code(/rt/lib//RT/Interface/Web.pm) it fails at this point :
>
>
>
> unless ( $user_obj->id && $user_obj->IsPassword( $ARGS->{pass} ) ) {
>
> $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from
> $ENV{'REMOTE_ADDR'}");
>
>
>
> Can any one help me how to change the flow to authenticate from LDAP i.e
> it should check the username and password against the LDAP and not from DB.
>
>
>
> Any help or pointers to this issue will be appreciated.
>
>
>
> Thanks,
>
> Bharath.
>
> The information contained in this email message and any attachments may be
> confidential information. If you are not the intended recipient, any use,
> interference with, disclosure or copying of this material is unauthorised
> and prohibited. If you have received this email in error, please advise us
> immediately and delete the email and all copies. The content and opinions
> in non-business email are not necessarily those of Haircare Australia. [image:
> Image removed by sender.]
>
>
>
> ------------------------------
>
> ARDEN
> A Global Company
> Celebrating over 50 years of making your life more comfortable!
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message.
>
> This OUTBOUND E-mail and Document(s) has been scanned by an Antivirus
> Server.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151015/9d41ccbb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151015/9d41ccbb/attachment.jpg>
More information about the rt-users
mailing list