I have been able to use Active Directory as authentication with the
ExternalAuth plugin, both before and after it was integrated in RT 4.4.
But today it isn’t allowing anyone in, and this is shown in the error logs:
[8629] [Wed Sep 14 15:28:49 2016] [error]: FAILED LOGIN for fleon from
192.168.3.57 (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:826)
[8629] [Wed Sep 14 15:29:31 2016] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:678)
I’m 100% sure i am using the correct password, i even tried other test
accounts i have and know they can authenticate against AD just fine.
I am also sure nothing has changed on AD itself or in RT’s configuration,
however this is my current ExternalAuth configuration:
Set($ExternalAuth, 1);
Set($ExternalAuthPriority, [ ‘My_LDAP’]);
Set($ExternalInfoPriority, [ ‘My_LDAP’]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);
Set($UserAutocreateDefaultsOnLogin, {Privileged => 0 });
Set($ExternalSettings,
{
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘192.168.100.5’,
‘user’ => ‘MYUSER’,
‘pass’ => ‘MYPASS’,
‘base’ => ‘dc=mycompany,dc=com’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘(objectClass=FooBarBaz)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘displayName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘description’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);
I am using debian 8 jessie with RT 4.4.1. Thanks
View this message in context: http://requesttracker.8502.n7.nabble.com/Can-t-login-to-RT-using-Active-Directory-tp62539.html