cat RT_SiteConfig.pm
Set($ExternalAuthPriority, [ ‘My_LDAP’,] );
Set($ExternalInfoPriority, [ ‘My_LDAP’,] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_LDAP’ => {
'type' => 'ldap',
'server' => 'zeus.mydomain.edu',
'user' => 'CN=LDAPRT,OU=CampusServices,DC=mydomain,DC=mydomain,DC=edu',
'pass' => '*********',
'base' => 'DC=mydomain,DC=mydomain,DC=edu',
'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
‘ssl_version’ => 3,
'net_ldap_args' => [ version => 3 ],
'group' => 'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu',
'group_attr' => 'member',
'attr_match_list' => [ 'Name', 'EmailAddress' ],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
EOF
I do not have Debugging turned on. I am going to need some help turning it on since this is new to me.
Here are some errors from /var/log/messages…
This is a failed attempt…
Feb 1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can’t bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)
Feb 1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95 (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:655)
Here is a successful attemt…
Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): test.account (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
Feb 2 10:14:02 localhost RT: Couldn’t enable user 28 (/opt/rt4/sbin/…/lib/RT/User.pm:1066)
Feb 2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per External Service (, ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: , Country: , EmailAddress: test.account@LCU.EDU, ExternalAuthId: test.account, Gecos: test.account, Name: test.account, Organization: , RealName: Test Account, State: , WorkPhone: , Zip: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Feb 2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)
Van Howell
System Administrator
Lubbock Christian University-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Wednesday, February 01, 2012 5:33 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth using Active Directory 2008
On Wed, Feb 01, 2012 at 11:04:38PM +0000, Howell, Van wrote:
I have added several users into the RTUsers group I set up in AD.
The AD Administrator, a common Domain User called Test.Account that is located in the OU with
all my other users, my personal account also located in the OU with all the other users and an
alternate administrative account I use.
I can logon to RT with the AD Administrator account. I can logon to RT with the Test.Account
and I can log in using my alternate account. But I cannot logon using my personal account. I
also had my assistant test with her account and she cannot log on.
I have studied the problem and cannot find anything unique about the accounts that cannot
logon.
We really need to see your configuration for RT-Authen-ExternalAuth and your logs for the failed login, turned up to debug.
-kevin