ExternalAuth - ActiveDirectory failed login

Horst_Kriegers1 · March 7, 2011, 2:47pm

Hi list,
I’ve installed the ExternalAuth extension and cannot find the solution
for my connexion problem to the Active Directory server.
I need your help.

Apache/2.2.6 (Unix)
mod_perl/2.0.4
Perl/v5.8.8
RT : 3.8.8
RT::Authen::ExternalAuth: 0.0.8

RT_SiteConfig.pm :

The order in which the services defined in ExternalSettings

should be used to authenticate users. User is authenticated

if successfully confirmed by any service - no more services

are checked.

Set($ExternalAuthPriority, [‘My_LDAP’]);

The order in which the services defined in ExternalSettings

should be used to get information about users. This includes

RealName, Tel numbers etc, but also whether or not the user

should be considered disabled.

Once user info is found, no more services are checked.

You CANNOT use a SSO cookie for authentication.

Set($ExternalInfoPriority, [‘My_LDAP’]);

If this is set to true, then the relevant packages will

be loaded to use SSL/TLS connections. At the moment,

this just means “use Net::SSLeay;”

Set($ExternalServiceUsesSSLorTLS, 0);

If this is set to 1, then users should be autocreated by RT

as internal users if they fail to authenticate from an

external service.

Set($AutoCreateNonExternalUsers, 0);

These are the full settings for each external service as a

HashOfHashes

Note that you may have as many external services as you wish. They

will

be checked in the order specified in the Priority directives above.

e.g.

Set(ExternalAuthPriority,[‘My_LDAP’,‘My_MySQL’,‘My_Oracle’,‘SecondaryLDAP’,‘Other-DB’]);
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘ldap.office.loro.swiss’,
‘user’ => ‘adit1’,
‘pass’ => ‘xxxxxxxxxx’,
‘base’ =>
‘OU=LORO,DC=office,DC=loro,DC=swiss’,
‘filter’ => ‘(objectclass=*)’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [
version => 3],
‘group’ => ‘DC’,
‘group_attr’ => ‘office’,
‘attr_match_list’ => [
‘Name’,

‘EmailAddress’,

‘RealName’,

‘WorkPhone’,
‘Address2’
],
# The mapping of RT attributes on to LDAP attributes
’attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

APACHE_LOG :
[Mon Mar 7 13:56:50 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.office.loro.swiss
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
Trace begun at /opt/rt_dev/bin/…/lib/RT.pm line 291
Log::Dispatch::ANON(‘Log::Dispatch=HASH(0x312cac0)’,
‘RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj’, ‘: Cannot connect
to’, ‘ldap.office.loro.swiss’) called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 437
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj(‘HASH(0x9e6ef0)’)
called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 298
RT::Authen::ExternalAuth::LDAP::UserExists(‘adit1’, ‘My_LDAP’) called
at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 356
RT::Authen::ExternalAuth::UserExists(‘adit1’, ‘My_LDAP’) called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 106
RT::Authen::ExternalAuth::DoAuth(‘HASH(0x4399af0)’, ‘adit1’,
‘xxxxxxxxxx’) called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
line 25
HTML::Mason::Commands::ANON(‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x43aeb00)’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, ‘pass’, ‘xxxxxxxxxx’, ‘user’,
‘adit1’) called at /opt/rt_dev/bin/…/lib/RT/Interface/Web/Request.pm
line 180
RT::Interface::Web::Request::callback(‘RT::Interface::Web::Request=HASH(0x4490830)’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’, ‘CallbackName’, ‘Auth’,
‘CallbackPage’, ‘/autohandler’) called at
/opt/rt_dev/bin/…/lib/RT/Interface/Web.pm line 202
RT::Interface::Web::HandleRequest(‘HASH(0x36504d0)’) called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::ANON(‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x3653490)’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, ‘pass’, ‘xxxxxxxxxx’,
‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec(‘RT::Interface::Web::Request=HASH(0x4490830)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec(‘RT::Interface::Web::Request=HASH(0x4490830)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request(‘HTML::Mason::ApacheHandler=HASH(0x1c13170)’,
‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at
/opt/rt_dev/bin/webmux.pl line 78
eval {…} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler(‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at -e
line 0
eval {…} at -e line 0
[Mon Mar 7 13:56:50 2011] [error]: FAILED LOGIN for adit1 from
192.168.186.157 (/opt/rt_dev/bin/…/lib/RT/Interface/Web.pm:424)
Trace begun at /opt/rt_dev/bin/…/lib/RT.pm line 291
Log::Dispatch::ANON(‘Log::Dispatch=HASH(0x312cac0)’, ‘FAILED LOGIN
for adit1 from 192.168.186.157’) called at
/opt/rt_dev/bin/…/lib/RT/Interface/Web.pm line 424
RT::Interface::Web::AttemptPasswordAuthentication(‘HASH(0x36504d0)’)
called at /opt/rt_dev/bin/…/lib/RT/Interface/Web.pm line 208
RT::Interface::Web::HandleRequest(‘HASH(0x36504d0)’) called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::ANON(‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x3653490)’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, ‘pass’, ‘xxxxxxxxxx’,
‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec(‘RT::Interface::Web::Request=HASH(0x4490830)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec(‘RT::Interface::Web::Request=HASH(0x4490830)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request(‘HTML::Mason::ApacheHandler=HASH(0x1c13170)’,
‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at
/opt/rt_dev/bin/webmux.pl line 78
eval {…} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler(‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at -e
line 0
eval {…} at -e line 0

RT_LOG :
[Mon Mar 7 13:58:32 2011] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Mar 7 13:58:32 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Mar 7 13:58:32 2011] [debug]: Calling UserExists with $username
(adit1) and $service (My_LDAP)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Mar 7 13:58:32 2011] [debug]: UserExists params:
username: adit1 , service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Mar 7 13:58:32 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.office.loro.swiss
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
Trace begun at /opt/rt_dev/bin/…/lib/RT.pm line 291
Log::Dispatch::ANON(‘Log::Dispatch=HASH(0x312cac0)’,
‘RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj’, ‘: Cannot connect
to’, ‘ldap.office.loro.swiss’) called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 437
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj(‘HASH(0x9e6ef0)’)
called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 298
RT::Authen::ExternalAuth::LDAP::UserExists(‘adit1’, ‘My_LDAP’) called
at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 356
RT::Authen::ExternalAuth::UserExists(‘adit1’, ‘My_LDAP’) called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 106
RT::Authen::ExternalAuth::DoAuth(‘HASH(0x439f790)’, ‘adit1’,
‘xxxxxxxxxx’) called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
line 25
HTML::Mason::Commands::ANON(‘Error’, ‘Votre nom d’utilisateur ou
votre mot de passe est incorrect’, ‘pass’, ‘xxxxxxxxxx’, ‘user’,
‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x43aebc0)’,
‘Error’, ‘Votre nom d’utilisateur ou votre mot de passe est incorrect’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, ‘Error’, ‘Votre nom
d’utilisateur ou votre mot de passe est incorrect’, ‘pass’,
‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/rt_dev/bin/…/lib/RT/Interface/Web/Request.pm line 180
RT::Interface::Web::Request::callback(‘RT::Interface::Web::Request=HASH(0x1c4b260)’,
‘Error’, ‘Votre nom d’utilisateur ou votre mot de passe est incorrect’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’, ‘CallbackName’, ‘Auth’,
‘CallbackPage’, ‘/autohandler’) called at
/opt/rt_dev/bin/…/lib/RT/Interface/Web.pm line 202
RT::Interface::Web::HandleRequest(‘HASH(0x3650550)’) called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::ANON(‘Error’, ‘Votre nom d’utilisateur ou
votre mot de passe est incorrect’, ‘pass’, ‘xxxxxxxxxx’, ‘user’,
‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x3653510)’,
‘Error’, ‘Votre nom d’utilisateur ou votre mot de passe est incorrect’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, ‘Error’, ‘Votre nom
d’utilisateur ou votre mot de passe est incorrect’, ‘pass’,
‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec(‘RT::Interface::Web::Request=HASH(0x1c4b260)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec(‘RT::Interface::Web::Request=HASH(0x1c4b260)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request(‘HTML::Mason::ApacheHandler=HASH(0x1c13170)’,
‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at
/opt/rt_dev/bin/webmux.pl line 78
eval {…} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler(‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at -e
line 0
eval {…} at -e line 0
[Mon Mar 7 13:58:32 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Mar 7 13:58:32 2011] [error]: FAILED LOGIN for adit1 from
192.168.186.157 (/opt/rt_dev/bin/…/lib/RT/Interface/Web.pm:424)
Trace begun at /opt/rt_dev/bin/…/lib/RT.pm line 291
Log::Dispatch::ANON(‘Log::Dispatch=HASH(0x312cac0)’, ‘FAILED LOGIN
for adit1 from 192.168.186.157’) called at
/opt/rt_dev/bin/…/lib/RT/Interface/Web.pm line 424
RT::Interface::Web::AttemptPasswordAuthentication(‘HASH(0x3650550)’)
called at /opt/rt_dev/bin/…/lib/RT/Interface/Web.pm line 208
RT::Interface::Web::HandleRequest(‘HASH(0x3650550)’) called at
/opt/rt_dev/share/html/autohandler line 53
HTML::Mason::Commands::ANON(‘Error’, ‘Votre nom d’utilisateur ou
votre mot de passe est incorrect’, ‘pass’, ‘xxxxxxxxxx’, ‘user’,
‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x3653510)’,
‘Error’, ‘Votre nom d’utilisateur ou votre mot de passe est incorrect’,
‘pass’, ‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, ‘Error’, ‘Votre nom
d’utilisateur ou votre mot de passe est incorrect’, ‘pass’,
‘xxxxxxxxxx’, ‘user’, ‘adit1’) called at
/opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {…} at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec(‘RT::Interface::Web::Request=HASH(0x1c4b260)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec(‘RT::Interface::Web::Request=HASH(0x1c4b260)’)
called at /opt/perl_dev/lib/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request(‘HTML::Mason::ApacheHandler=HASH(0x1c13170)’,
‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at
/opt/rt_dev/bin/webmux.pl line 78
eval {…} at /opt/rt_dev/bin/webmux.pl line 78
RT::Mason::handler(‘Apache2::RequestRec=SCALAR(0xab0e80)’) called at -e
line 0
eval {…} at -e line 0
[Mon Mar 7 13:58:32 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Mar 7 13:58:32 2011] [debug]: SSO Failed and no user to test
with. Nexting
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Mar 7 13:58:32 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Mar 7 13:58:32 2011] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Mar 7 13:58:32 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Mar 7 13:58:32 2011] [debug]: SSO Failed and no user to test
with. Nexting
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Mar 7 13:58:32 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

THANKS in advance for your help
Horst

Le contenu de ce courriel est uniquement réservé à la personne ou
l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire
prévu, veuillez nous en informer au plus vite et détruire le présent
courriel. Dans ce cas, il ne vous est pas permis de copier ce courriel,
de le distribuer ou de l’utiliser de quelque manière que ce soit.

The content of this e-mail is intended only and solely for the use
of the named recipient or organisation. If you are not the named
recipient, please inform us immediately and delete the present e-mail.
In this case, you are nor allowed to copy, distribute or use this
e-mail in any way.