[rt-users] Can't login to RT using Active Directory

Daniel Schwager Daniel.Schwager at dtnet.de
Wed Sep 14 11:55:17 EDT 2016


Hi,

> I'm 100% sure i am using the correct password, i even tried other test
> accounts i have and know they can authenticate against AD just fine.

try ldapsearch to connect to your AD like

	ldapsearch -x -H ldap://192.168.100.5:389 -D MYUSER -w MYPASS -b "dc=yourdomain,dc=com" "cn=Administrator"

Best regards
Daniel


> -----Original Message-----
> From: rt-users [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of fleon
> Sent: Wednesday, September 14, 2016 4:25 PM
> To: rt-users at lists.bestpractical.com
> Subject: [rt-users] Can't login to RT using Active Directory
> 
> I have been able to use Active Directory as authentication with the
> ExternalAuth plugin, both before and after it was integrated in RT 4.4.
> 
> But today it isn't allowing anyone in, and this is shown in the error logs:
> 
> [8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from
> 192.168.3.57 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
> [8629] [Wed Sep 14 15:29:31 2016] [critical]:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_INVALID_CREDENTIALS 49
> (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678)
> 
> I'm 100% sure i am using the correct password, i even tried other test
> accounts i have and know they can authenticate against AD just fine.
> 
> I am also sure nothing has changed on AD itself or in RT's configuration,
> however this is my current ExternalAuth configuration:
> Set($ExternalAuth, 1);
> Set($ExternalAuthPriority,  [   'My_LDAP']);
> Set($ExternalInfoPriority,  [   'My_LDAP']);
> Set($ExternalServiceUsesSSLorTLS,    0);
> Set($AutoCreateNonExternalUsers,    1);
> Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 });
> 
> Set($ExternalSettings,
> {
> 'My_LDAP'       =>  {
> 'type'                      =>  'ldap',
>  'server'                    =>  '192.168.100.5',
> 'user'                      =>  'MYUSER',
>  'pass'                    =>  'MYPASS',
>  'base'                      =>  'dc=mycompany,dc=com',
> 'filter'                    =>  '(objectClass=person)',
> 'd_filter'                  =>  '(objectClass=FooBarBaz)',
> 'tls'                       =>  0,
> 'ssl_version'               =>  3,
> 'net_ldap_args'             => [    version =>  3   ],
> 'attr_match_list'           => [    'Name',
>   'EmailAddress'
>   ],
> 'attr_map'                  =>  {   'Name' => 'sAMAccountName',
>   'EmailAddress' => 'mail',
>   'Organization' => 'physicalDeliveryOfficeName',
>   'RealName' => 'displayName',
> 'Gecos' => 'sAMAccountName',
>  'WorkPhone' => 'telephoneNumber',
>   'Address1' => 'description',
>   'City' => 'l',
>   'State' => 'st',
>    'Zip' => 'postalCode',
>    'Country' => 'co'
>    }
>    }
>  }
> );
> 
> I am using debian 8 jessie with RT 4.4.1. Thanks
> 
> 
> 
> 
> 
> 
> 
> 
> --
> View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-
> Directory-tp62539.html
> Sent from the Request Tracker - User mailing list archive at Nabble.com.
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training
> * Boston - October 24-26
> * Los Angeles - Q1 2017
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4000 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160914/15d72467/attachment.bin>


More information about the rt-users mailing list