[rt-users] Regarding External Authentication using LDAP

bharath reddy vangoor.bharath at gmail.com
Thu Oct 15 12:23:55 EDT 2015


Hi Bob,

I'm using RT version greater than 4.2 but I don't think that line is
causing the issue. I found following in the log file :

[1755] [Thu Oct 15 16:04:59 2015] [debug]: Attempting to use external auth
service: My_LDAP
(/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[1755] [Thu Oct 15 16:04:59 2015] [debug]: SSO Failed and no user to test
with. Nexting
(/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[1755] [Thu Oct 15 16:04:59 2015] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/rt/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

The user is not getting passed to LDAP I guess.

Thanks,
Bharath.

On Wed, Oct 14, 2015 at 8:53 AM, Bob Shaker <rshaker at ardencompanies.com>
wrote:

> What Version of RT are you running? If you are using 4.2 or greater (you
> should be if you’re setting up a new instance) you need to
>
> Replace this line
>
> Set(@Plugins, qw(RT::Authen::ExternalAuth) );
>
> With this line
>
> Plugin('RT::Authen::ExternalAuth');
>
>
>
> *From:* rt-users [mailto:rt-users-bounces at lists.bestpractical.com] *On
> Behalf Of *bharath reddy
> *Sent:* Tuesday, October 13, 2015 10:38 PM
> *To:* Anton Panetta <anton.panetta at haircareaust.com>
> *Cc:* RT-List <rt-users at lists.bestpractical.com>
> *Subject:* Re: [rt-users] Regarding External Authentication using LDAP
>
>
>
> Hi Anton,
>
>
>
> I used following block in my RT_SiteConfig :
>
>
>
> Set(@Plugins, qw(RT::Authen::ExternalAuth) );
>
> Set($ExternalAuthPriority, ["My_LDAP"]);
>
> Set($ExternalInfoPriority, ["My_LDAP"]);
>
> Set($AutoCreateNonExternalUsers,    1);
>
>
>
> Set($ExternalSettings, {
>
>                          'My_LDAP'       =>  {   ## GENERIC SECTION
>
>                                                   'type'    =>  'ldap',
>
>                                                   'server'  =>  '
> vmns1.cs.sunysb.edu',
>
>                                                    'user'  =>  'CN=Recruit
> LDAP user,OU=Service Accounts,OU=SBCS,DC=cs,DC=stonybrook,DC=edu',
>
>                                                    'pass'   =>  '*******',
>
>                                                    'base'   =>
> 'ou=SBCS,dc=cs,dc=stonybrook,DC=edu',
>
>                                                  #  'filter'   =>
> '((&(objectCategory=Users)))',
>
>                                                     filter =>
> '(objectClass=*)',
>
>                                                    'd_filter'  =>
> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>
>                                                 #    'd_filter' =>
> '(&(objectCategory=User) (ObjectClass=Person))' ,
>
>                                                    'tls'      =>  1,
>
>                                                    'ssl_version' =>  3,
>
>                                                    'net_ldap_args' => [
>   version =>  3   ],
>
>                                                  #  'group'        =>
> 'CN=Domain Users,CN=Users,DC=cs,DC=stonybrook,DC=edu',
>
>                                                  #  'group_attr'   =>
> 'member',
>
>                                                    'attr_match_list'  =>
> [    'Name',
>
>
>     'EmailAddress'
>
>                                                                          ],
>
>                                                    'attr_map'         =>
> {   'Name' => 'sAMAccountName',
>
>
>     'EmailAddress' => 'mail'  }
>
>                                               }
>
>                    }
>
>    );
>
>
>
> Is anything that I'm missing ?
>
>
>
> Thanks,
>
> Bharath.
>
>
>
>
>
> On Tue, Oct 13, 2015 at 8:04 PM, Anton Panetta <
> anton.panetta at haircareaust.com> wrote:
>
> Whats the block you put in your RT_SiteConfig relating to external auth?
>
>
>
>
>
>
>
> *From:* rt-users [mailto:rt-users-bounces at lists.bestpractical.com] *On
> Behalf Of *bharath reddy
> *Sent:* Wednesday, 14 October 2015 3:58 AM
> *To:* RT-List <rt-users at lists.bestpractical.com>
> *Subject:* [rt-users] Regarding External Authentication using LDAP
>
>
>
> Dear All,
>
>
>
> I followed the link https://metacpan.org/pod/RT::Authen::ExternalAuth and
> made required changes and then restarted my apache server. But when I'm
> logging into the RT from web it fails with :
>
> "*Your username or password is incorrect*"
>
>
>
> But user exists in the LDAP.
>
>
>
> Log file contains :
>
> [22441] [Tue Oct 13 16:58:25 2015] [error]: FAILED LOGIN for
> <my_user_name> from 130.245.10.107 (/rt/lib//RT/Interface/Web.pm:810)
>
>
>
> From the code(/rt/lib//RT/Interface/Web.pm) it fails at this point :
>
>
>
>     unless ( $user_obj->id && $user_obj->IsPassword( $ARGS->{pass} ) ) {
>
>         $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from
> $ENV{'REMOTE_ADDR'}");
>
>
>
> Can any one help me how to change the flow to authenticate from LDAP i.e
> it should check the username and password against the LDAP and not from DB.
>
>
>
> Any help or pointers to this issue will be appreciated.
>
>
>
> Thanks,
>
> Bharath.
>
> The information contained in this email message and any attachments may be
> confidential information. If you are not the intended recipient, any use,
> interference with, disclosure or copying of this material is unauthorised
> and prohibited. If you have received this email in error, please advise us
> immediately and delete the email and all copies. The content and opinions
> in non-business email are not necessarily those of Haircare Australia. [image:
> Image removed by sender.]
>
>
>
> ------------------------------
>
> ARDEN
> A Global Company
> Celebrating over 50 years of making your life more comfortable!
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message.
>
> This OUTBOUND E-mail and Document(s) has been scanned by an Antivirus
> Server.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151015/9d41ccbb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20151015/9d41ccbb/attachment.jpg>


More information about the rt-users mailing list