[rt-users] LDAP External Auth intermittent failure

Lush, Aaron alush at scentral.k12.in.us
Thu May 5 12:05:26 EDT 2016


The only thing that jumps out to me is that under "External Settings" you
are domain\service name, whereas in Set$(  LDAPUser) you are using the
DistinguishedName. I had similar issues in my RT 4.4 deployment until I
made both of those settings follow the DistinguishedName.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

On Thu, May 5, 2016 at 10:05 AM, t s <zzzz67 at hotmail.com> wrote:

> Here you go:
>
> By the way, I just changed the line below from
> 'server'                    =>  'LDAPSERVER:389' to 'server'
> => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if
> that has any effect on the error not coming back up or not.
>
>
>
> Set($WebPath , "");
> Set($WebBaseURL, "http://rt.servername.companyname.com");
>
> Set($RestrictReferrer, '0');
>
> Set($DatabaseAdmin, 'root');
>
> Set($LogoURL, 'https://bestpractical.com/images/logo.png');
> Set($WebDefaultStylesheet, 'rudder');
>
> Set($LogToFile, 'error');
>
> Set($SetOutgoingMailFrom, "RT_Tracker at companyname.com");
> Set($SMTPFrom, "mail-out.smtp.companyname.com");
> Set($ParseNewMessageForTicketCcs, 1);
> Set($HomePageRefreshInterval, 120);
> Set($NotifyActor,1)
>
> Set($SendmailArguments, "-t");
> Set($MailCommand, "sendmail");
> Plugin( "RT::Authen::ExternalAuth" );
> Plugin('RT::Extension::LDAPImport');
>
>
>     Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
>     Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=
> companyname,DC=net');
>     Set($LDAPPassword,'password');
>     Set($LDAPBase,
> 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');
>     Set($LDAPFilter, '(&(objectClass=person))');
>     Set($LDAPMapping, {Name         => 'sAMAccountName', # required
>                        EmailAddress => 'mail',
>                        RealName     => 'cn',
>                        WorkPhone    => 'telephoneNumber',
>                        Organization => 'departmentName'});
> Set($LDAPSizeLimit, 1000);
>
>
> Set($ExternalAuthPriority, ['companynameLDAP']);
> Set($ExternalInfoPriority, ['companynameLDAP']);
> Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
> Set($AutoCreateNonExternalUsers, 1);
>
>
>
> Set($ExternalSettings, {
>
>         'companynameLDAP'       =>  {
>             'type'                      =>  'ldap',
>             'server'                    =>  'LDAPSERVER:389',
>             'user'                      =>  'companyname
> \\svc.servicename',
>             'pass'                      =>  'password',
>             'base'                      =>
> 'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',
>             'filter'                    =>  '(objectClass=person)',
>             'd_filter'                  =>  '(objectClass=asdf)',
>             'net_ldap_args'             => [    version =>  3   ],
>             'attr_match_list' => [
>                  'Name',
>                  'EmailAddress',
>             ],
>             'attr_map' => {
>                 'Name' => 'sAMAccountName',
>                 'EmailAddress' => 'mail',
>                 'Organization' => 'physicalDeliveryOfficeName',
>                 'RealName' => 'cn',
>                 'ExternalAuthId' => 'sAMAccountName',
>                 'Gecos' => 'sAMAccountName',
>                 'WorkPhone' => 'telephoneNumber',
>                 'Address1' => 'streetAddress',
>                 'City' => 'l',
>                 'State' => 'st',
>                 'Zip' => 'postalCode',
>                 'Country' =>
> 'co'
> },
> },
> } );
>
>
>
> Set($WebRemoteuserAuth,1);
> Set($WebRemoteUserContinuous,1);
> Set($WebFallbackToRTLogin, undef);
> Set($WebRemoteUserGecos,1);
> Set($WebRemoteUserAutocreate,1);
>
> Set( $rtname, 'CompanyName RT' );
> Set( $CommentAddress, '' );
> Set( $CorrespondAddress, '' );
> Set( $DatabaseHost, 'localhost' );
> Set( $DatabaseName, 'rt_database' );
> Set( $DatabasePassword, 'password' );
> Set( $DatabasePort, '3306' );
> Set( $DatabaseType, 'mysql' );
> Set( $DatabaseUser, 'root' );
> Set( $Organization, 'companyname.com' );
> Set( $OwnerEmail, 'owner at companyname.com' );
> Set( $SendmailPath, 'usr/lib/sendmail' );
> Set( $SendmailArguments, "-t");
> Set( $MailCommand, "sendmail");
> Set( $WebDomain, 'rt.servername.companyname.com' );
> Set( $WebPort, '443' );
>
> Set(%CustomFieldGroupings,
>        'RT::Ticket' => [
>        'Basics' => ['Trigger Code']
>    ]
>    );
> Set($CanonicalizeRedirectURLs, 0);
> 1;
>
>
>
> ------------------------------
> *From:* Lush, Aaron <alush at scentral.k12.in.us>
> *Sent:* Thursday, May 5, 2016 10:49 AM
> *To:* t s
> *Cc:* rt-users at lists.bestpractical.com
> *Subject:* Re: [rt-users] LDAP External Auth intermittent failure
>
> Would you please post your LDAP configuration in RT_SiteConfig.pm?
> Omitting any sensitive information, of course.
>
> Sincerely,
>
> Aaron Lush
> Network Administrator
> South Central Community School Corporation
> (219) 767-2266 ext. 1111
>
> On Thu, May 5, 2016 at 8:15 AM, t s <zzzz67 at hotmail.com> wrote:
>
>> Getting an intermittent "RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
>> Can't bind: LDAP_INVALID_CREDENTIALS 49" error very similar to:
>> http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
>> .
>>
>>
>> <http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html>
>> LDAP External Auth intermittent failure - RequestTracker
>> <http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html>
>> requesttracker.8502.n7.nabble.com
>> LDAP External Auth intermittent failure. I'm using RT-4.2.7 installed
>> from source, on ubuntu 14.04LTS. I've been trying to get the External Auth
>> (0.23) extension ...
>>
>> Almost daily the External Auth will randomly start getting the binding
>> error above and stop accepting LDAP logins, a simple restart of RT fixes
>> the problem.  I'm using External Auth 0.25 and RT 4.2.12.  The only
>> suggestion in the post above is to update RT but these are both recent
>> stable versions.
>>
>>
>> Anyone ran into this problem?  Is it an RT_SiteConfig problem?  I
>> wouldn't think so since it works for around 24 hours and then
>> stops.  Could it be some kind of network connectivity problem?
>>
>> ---------
>> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
>> * Washington DC - May 23 & 24, 2016
>>
>>
>
> Email Confidentiality Notice: This email message, including all
> attachments, is for the sole use of the intended recipient(s) and contains
> confidential information. If you are not the intended recipient, you may
> not use, disclose, print, copy or disseminate this information. Please
> reply and notify the sender, delete the message and any attachments and
> destroy all copies.
>

-- 
Email Confidentiality Notice: This email message, including all 
attachments, is for the sole use of the intended recipient(s) and contains 
confidential information. If you are not the intended recipient, you may 
not use, disclose, print, copy or disseminate this information. Please 
reply and notify the sender, delete the message and any attachments and 
destroy all copies. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160505/d516ef95/attachment.htm>


More information about the rt-users mailing list