[rt-users] RT 4.4.1 - ExternalAuth intermittently failing
Shawn M Moore
shawn at bestpractical.com
Fri Dec 2 14:12:47 EST 2016
Hi Michel, Mike,
> On Dec 2, 2016, at 14:02, Michel Daoust <midaoust at nosm.ca> wrote:
> On successful binds, the username/password combination was correct, as specified in our config. We waited for the LDAP bind error to happen and when it did, we found this in the log:
> ldap_user: ldap_user_account, ldap_pass:Password not printed. (literal Password not Printed). This is whats causing the bind to fail. For some reason, RT is sending the masked password string (used in the web ui when looking at system configs), which of course isn't the right password for the bind account.
Thank you for this detailed bug report. I think I've identified the issue; it's indeed what you're describing. When you visit the system configuration page, RT accidentally overwrites the LDAP password in memory as part of obfuscating it. The fix looks straightforward; we'll get it into RT 4.4.2.
More information about the rt-users