[rt-users] LDAP External Auth intermittent failure

Trev trevor at onepost.net
Thu May 5 14:33:56 EDT 2016


Good Afternoon... T S.

  I apologize for not reading the back and forth you have already had here
with Lush, in advance. However, I did a post a while back regarding getting
LDAP authentication to work and there may be a couple of items here that
could help.

  My configuration is posted here as well:

  http://trevthorpe.blogspot.com/

  Hope you find this helpful, figured it couldn't hurt.

  Thanks,

Trev

On Thu, May 5, 2016 at 12:05 PM, Lush, Aaron <alush at scentral.k12.in.us>
wrote:

> The only thing that jumps out to me is that under "External Settings" you
> are domain\service name, whereas in Set$(  LDAPUser) you are using the
> DistinguishedName. I had similar issues in my RT 4.4 deployment until I
> made both of those settings follow the DistinguishedName.
>
> Sincerely,
>
> Aaron Lush
> Network Administrator
> South Central Community School Corporation
> (219) 767-2266 ext. 1111
>
> On Thu, May 5, 2016 at 10:05 AM, t s <zzzz67 at hotmail.com> wrote:
>
>> Here you go:
>>
>> By the way, I just changed the line below from
>> 'server'                    =>  'LDAPSERVER:389' to 'server'
>> => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if
>> that has any effect on the error not coming back up or not.
>>
>>
>>
>> Set($WebPath , "");
>> Set($WebBaseURL, "http://rt.servername.companyname.com");
>>
>> Set($RestrictReferrer, '0');
>>
>> Set($DatabaseAdmin, 'root');
>>
>> Set($LogoURL, 'https://bestpractical.com/images/logo.png');
>> Set($WebDefaultStylesheet, 'rudder');
>>
>> Set($LogToFile, 'error');
>>
>> Set($SetOutgoingMailFrom, "RT_Tracker at companyname.com");
>> Set($SMTPFrom, "mail-out.smtp.companyname.com");
>> Set($ParseNewMessageForTicketCcs, 1);
>> Set($HomePageRefreshInterval, 120);
>> Set($NotifyActor,1)
>>
>> Set($SendmailArguments, "-t");
>> Set($MailCommand, "sendmail");
>> Plugin( "RT::Authen::ExternalAuth" );
>> Plugin('RT::Extension::LDAPImport');
>>
>>
>>     Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
>>     Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=
>> companyname,DC=net');
>>     Set($LDAPPassword,'password');
>>     Set($LDAPBase,
>> 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');
>>     Set($LDAPFilter, '(&(objectClass=person))');
>>     Set($LDAPMapping, {Name         => 'sAMAccountName', # required
>>                        EmailAddress => 'mail',
>>                        RealName     => 'cn',
>>                        WorkPhone    => 'telephoneNumber',
>>                        Organization => 'departmentName'});
>> Set($LDAPSizeLimit, 1000);
>>
>>
>> Set($ExternalAuthPriority, ['companynameLDAP']);
>> Set($ExternalInfoPriority, ['companynameLDAP']);
>> Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
>> Set($AutoCreateNonExternalUsers, 1);
>>
>>
>>
>> Set($ExternalSettings, {
>>
>>         'companynameLDAP'       =>  {
>>             'type'                      =>  'ldap',
>>             'server'                    =>  'LDAPSERVER:389',
>>             'user'                      =>  'companyname
>> \\svc.servicename',
>>             'pass'                      =>  'password',
>>             'base'                      =>
>> 'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',
>>             'filter'                    =>  '(objectClass=person)',
>>             'd_filter'                  =>  '(objectClass=asdf)',
>>             'net_ldap_args'             => [    version =>  3   ],
>>             'attr_match_list' => [
>>                  'Name',
>>                  'EmailAddress',
>>             ],
>>             'attr_map' => {
>>                 'Name' => 'sAMAccountName',
>>                 'EmailAddress' => 'mail',
>>                 'Organization' => 'physicalDeliveryOfficeName',
>>                 'RealName' => 'cn',
>>                 'ExternalAuthId' => 'sAMAccountName',
>>                 'Gecos' => 'sAMAccountName',
>>                 'WorkPhone' => 'telephoneNumber',
>>                 'Address1' => 'streetAddress',
>>                 'City' => 'l',
>>                 'State' => 'st',
>>                 'Zip' => 'postalCode',
>>                 'Country' =>
>> 'co'
>> },
>> },
>> } );
>>
>>
>>
>> Set($WebRemoteuserAuth,1);
>> Set($WebRemoteUserContinuous,1);
>> Set($WebFallbackToRTLogin, undef);
>> Set($WebRemoteUserGecos,1);
>> Set($WebRemoteUserAutocreate,1);
>>
>> Set( $rtname, 'CompanyName RT' );
>> Set( $CommentAddress, '' );
>> Set( $CorrespondAddress, '' );
>> Set( $DatabaseHost, 'localhost' );
>> Set( $DatabaseName, 'rt_database' );
>> Set( $DatabasePassword, 'password' );
>> Set( $DatabasePort, '3306' );
>> Set( $DatabaseType, 'mysql' );
>> Set( $DatabaseUser, 'root' );
>> Set( $Organization, 'companyname.com' );
>> Set( $OwnerEmail, 'owner at companyname.com' );
>> Set( $SendmailPath, 'usr/lib/sendmail' );
>> Set( $SendmailArguments, "-t");
>> Set( $MailCommand, "sendmail");
>> Set( $WebDomain, 'rt.servername.companyname.com' );
>> Set( $WebPort, '443' );
>>
>> Set(%CustomFieldGroupings,
>>        'RT::Ticket' => [
>>        'Basics' => ['Trigger Code']
>>    ]
>>    );
>> Set($CanonicalizeRedirectURLs, 0);
>> 1;
>>
>>
>>
>> ------------------------------
>> *From:* Lush, Aaron <alush at scentral.k12.in.us>
>> *Sent:* Thursday, May 5, 2016 10:49 AM
>> *To:* t s
>> *Cc:* rt-users at lists.bestpractical.com
>> *Subject:* Re: [rt-users] LDAP External Auth intermittent failure
>>
>> Would you please post your LDAP configuration in RT_SiteConfig.pm?
>> Omitting any sensitive information, of course.
>>
>> Sincerely,
>>
>> Aaron Lush
>> Network Administrator
>> South Central Community School Corporation
>> (219) 767-2266 ext. 1111
>>
>> On Thu, May 5, 2016 at 8:15 AM, t s <zzzz67 at hotmail.com> wrote:
>>
>>> Getting an intermittent "RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
>>> Can't bind: LDAP_INVALID_CREDENTIALS 49" error very similar to:
>>> http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
>>> .
>>>
>>>
>>> <http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html>
>>> LDAP External Auth intermittent failure - RequestTracker
>>> <http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html>
>>> requesttracker.8502.n7.nabble.com
>>> LDAP External Auth intermittent failure. I'm using RT-4.2.7 installed
>>> from source, on ubuntu 14.04LTS. I've been trying to get the External Auth
>>> (0.23) extension ...
>>>
>>> Almost daily the External Auth will randomly start getting the binding
>>> error above and stop accepting LDAP logins, a simple restart of RT fixes
>>> the problem.  I'm using External Auth 0.25 and RT 4.2.12.  The only
>>> suggestion in the post above is to update RT but these are both recent
>>> stable versions.
>>>
>>>
>>> Anyone ran into this problem?  Is it an RT_SiteConfig problem?  I
>>> wouldn't think so since it works for around 24 hours and then
>>> stops.  Could it be some kind of network connectivity problem?
>>>
>>> ---------
>>> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
>>> * Washington DC - May 23 & 24, 2016
>>>
>>>
>>
>> Email Confidentiality Notice: This email message, including all
>> attachments, is for the sole use of the intended recipient(s) and contains
>> confidential information. If you are not the intended recipient, you may
>> not use, disclose, print, copy or disseminate this information. Please
>> reply and notify the sender, delete the message and any attachments and
>> destroy all copies.
>>
>
>
> Email Confidentiality Notice: This email message, including all
> attachments, is for the sole use of the intended recipient(s) and contains
> confidential information. If you are not the intended recipient, you may
> not use, disclose, print, copy or disseminate this information. Please
> reply and notify the sender, delete the message and any attachments and
> destroy all copies.
>
> ---------
> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
> * Washington DC - May 23 & 24, 2016
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160505/de96464b/attachment.html>


More information about the rt-users mailing list