[rt-users] Can't login to RT using Active Directory

fleon fleon at seguroscatatumbo.com
Wed Sep 14 10:25:15 EDT 2016


I have been able to use Active Directory as authentication with the
ExternalAuth plugin, both before and after it was integrated in RT 4.4.

But today it isn't allowing anyone in, and this is shown in the error logs:

[8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from
192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
[8629] [Wed Sep 14 15:29:31 2016] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678)

I'm 100% sure i am using the correct password, i even tried other test
accounts i have and know they can authenticate against AD just fine.

I am also sure nothing has changed on AD itself or in RT's configuration,
however this is my current ExternalAuth configuration:
Set($ExternalAuth, 1);
Set($ExternalAuthPriority,  [   'My_LDAP']);
Set($ExternalInfoPriority,  [   'My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    1);
Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 });

Set($ExternalSettings,
{
'My_LDAP'       =>  {
'type'                      =>  'ldap',
 'server'                    =>  '192.168.100.5',
'user'                      =>  'MYUSER',
 'pass'                    =>  'MYPASS',
 'base'                      =>  'dc=mycompany,dc=com',
'filter'                    =>  '(objectClass=person)',
'd_filter'                  =>  '(objectClass=FooBarBaz)',
'tls'                       =>  0,
'ssl_version'               =>  3,
'net_ldap_args'             => [    version =>  3   ],
'attr_match_list'           => [    'Name',
  'EmailAddress'
  ],
'attr_map'                  =>  {   'Name' => 'sAMAccountName',
  'EmailAddress' => 'mail',
  'Organization' => 'physicalDeliveryOfficeName',
  'RealName' => 'displayName',
'Gecos' => 'sAMAccountName',
 'WorkPhone' => 'telephoneNumber',
  'Address1' => 'description',
  'City' => 'l',
  'State' => 'st',
   'Zip' => 'postalCode',
   'Country' => 'co'
   }
   }
 }
);

I am using debian 8 jessie with RT 4.4.1. Thanks








--
View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.



More information about the rt-users mailing list