eDirectory authentication and creation

Hi all,

I’m having a few issues setting up LDAP/eDirectory authentication and user
creation with RT3.4 on Ubuntu Dapper.

I’ve followed the instructions on http://wiki.bestpractical.com/index.cgi?
LDAP, and am using it purely for authentication, and then user creation if
the user does not exist in the RT database.

When I go to log in as a valid eDir user, I get the following error
messages…

Oct 11 17:12:53 ticketbox RT: Trying LDAP authentication
Oct 11 17:12:53 ticketbox RT: RT::User::IsLDAPPassword AUTH FAILED: KyleG
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:182)
Oct 11 17:12:53 ticketbox RT: RT::User::IsPassword auth method
IsLDAPPassword FAILED
Oct 11 17:12:53 ticketbox RT: RT::User::IsInternalPassword AUTH FAILED (no
passwd): KyleG (/usr/share/request-tracker3.4/lib/RT/User_Local.pm:232)
Oct 11 17:12:53 ticketbox RT: RT::User::IsPassword auth method
IsInternalPassword FAILED
Oct 11 17:12:53 ticketbox RT: FAILED LOGIN for KyleG from 10.30.213.156
(/usr/share/request-tracker3.4/html/autohandler:191)

I’ve posted the RT_SiteConfig.pm to
http://lodge.glasgownet.com/~bagpuss/RT_SiteConfig.pm.txt, if anyone is
interested in it. Where would be the best place to start looking for the
failure reason? I’m confident the user and pass is correct :slight_smile:

Regards

Kyle

I’m having a few issues setting up LDAP/eDirectory authentication and
user
creation with RT3.4 on Ubuntu Dapper.

Kyle,

I’ve got a similar setup and I was having some problems too. I’ve
discovered that each time I authenticate to eDirectory through RT, our
Novell system is registering a failed login attempt even though the
authentication was successful. That was decrementing my grace logins
until they expired, at which point authentication via RT would fail. I
ended up turning off that feature so that I have an unlimited number of
login attempts. Further, we discovered that the problem wasn’t uniform.
Some users aren’t affected and some are. It appears that users created
with the pre-ConsoleOne admin tool behave differently than newer users.
We haven’t nailed everything down yet.

-Tim

Tim Wilson, Director of Technology
Buffalo-Hanover-Montrose Schools
214 1st Ave NE Buffalo, MN 55313
ph: 763.682.8740 fax: 763.682.8743 http://www.buffalo.k12.mn.us

I’m having a few issues setting up LDAP/eDirectory authentication and

user

creation with RT3.4 on Ubuntu Dapper.

Kyle,

I’ve got a similar setup and I was having some problems too. I’ve
discovered that each time I authenticate to eDirectory through RT, our
Novell system is registering a failed login attempt even though the
authentication was successful. That was decrementing my grace logins
until they expired, at which point authentication via RT would fail. I
ended up turning off that feature so that I have an unlimited number of
login attempts. Further, we discovered that the problem wasn’t uniform.
Some users aren’t affected and some are. It appears that users created
with the pre-ConsoleOne admin tool behave differently than newer users.
We haven’t nailed everything down yet.

Hey,

Thanks for the info. My grace login count is at the level it should be, and
intruder lockout is disabled - so all appears to be good from that angle.

I’m going to sleep on it and see what I come up with tomorrow :slight_smile:

Regards

Kyle

Well, it mostly works now. I left if for a while and came back to it late on
Friday night. After some random tests, I decided to ignore the
documentation… Where Jim Meyer had suggested using
Set($LdapServer, ‘foo.bar’);, it actually needed $LdapServer=“foo.bar”;.
Rinse and repeat for the rest of the relevant directives.

I don’t know if this qualifies as a bug, but at least the information is out
there now.

KyleOn Wednesday 11 October 2006 18:46, Kyle Gordon wrote:

On Wednesday 11 October 2006 18:29, Tim Wilson wrote:

On Wed, Oct 11, 2006 at 11:39 AM, in message 4b29d1a62d352b35e030c2187a3388bd@lovelace.midden.org.uk, Kyle Gordon kyle@lodge.glasgownet.com wrote:
I’m having a few issues setting up LDAP/eDirectory authentication and

user

creation with RT3.4 on Ubuntu Dapper.

Kyle,

I’ve got a similar setup and I was having some problems too. I’ve
discovered that each time I authenticate to eDirectory through RT, our
Novell system is registering a failed login attempt even though the
authentication was successful. That was decrementing my grace logins
until they expired, at which point authentication via RT would fail. I
ended up turning off that feature so that I have an unlimited number of
login attempts. Further, we discovered that the problem wasn’t uniform.
Some users aren’t affected and some are. It appears that users created
with the pre-ConsoleOne admin tool behave differently than newer users.
We haven’t nailed everything down yet.

Hey,

Thanks for the info. My grace login count is at the level it should be, and
intruder lockout is disabled - so all appears to be good from that angle.

I’m going to sleep on it and see what I come up with tomorrow :slight_smile:

Regards

Kyle


The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Well, it mostly works now. I left if for a while and came back to it late on
Friday night. After some random tests, I decided to ignore the
documentation… Where Jim Meyer had suggested using
Set($LdapServer, ‘foo.bar’);, it actually needed $LdapServer=“foo.bar”;.
Rinse and repeat for the rest of the relevant directives.

I don’t know if this qualifies as a bug, but at least the information is out
there now.

Were I a betting man, I’d guess that the syntax difference is due to
RT3.4; the LDAP extension is intended for RT3.5.x and greater.

Can anyone confirm that?

–j
Jim Meyer, Geek at Large purp@acm.org