Hi.
I am updating to the current debian Buster release. That comes with Request-Tracker 4.4.3-2 (upgrading from 4.4.1-3).
Prior to the update, external auth worked fine. Now, it is giving me the error:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_LOCAL_ERROR 82
I’m running with a mysql(mariadb) backend. There are no other errors. When I login with a local root account, everything in the system seems to be working fine… it is just the LDAP authentication that is having the problem.
I have checked using ldapsearch using the same credentials I have set up in my RT config files – and it works just fine. The problem seems to lie only within RT.
I set the log to debug. The full output upon a login attempt is as follows:
Feb 25 09:13:51 RTSERVER RT: [4566] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.
pm:288)
Feb 25 09:13:51 RTSERVER RT: [4566] Calling UserExists with $username (root) and $service (My_LDAP) (/usr/share/request-tracker4/lib/RT/Authe
n/ExternalAuth.pm:329)
Feb 25 09:13:51 RTSERVER RT: [4566] UserExists params:#012username: root , service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/Extern
alAuth/LDAP.pm:486)
Feb 25 09:13:56 RTSERVER RT: [4566] RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_LOCAL_ERROR 82
Feb 25 09:13:56 RTSERVER RT: [4566] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth
:58)
I have made no changes in my config files (which worked under 4.4.1-3). My RT_SiteConfig:
Set($WebDomain, 'rtserver.mydomain.com');
Set($LDAPHost, 'theDomainController.mydomain.com');
Set($ExternalAuthPriority, [ 'My_LDAP',
]
);
Set($ExternalInfoPriority, [ 'My_LDAP'
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalAuthPriority,['My_LDAP']);
'type' => 'ldap',
'server' => 'theDomainController.mydomain.com',
'user' => 'aduser@mydomain.com',
'pass' => 'MyOtherFunkyPa$$',
'base' => 'ou=MyUsers,dc=mydomain,dc=com',
'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' => '',
'tls' => 1,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
},
}
);
1;
my $zone = "UTC";
$zone=`/bin/cat /etc/timezone`
if -f "/etc/timezone";
chomp $zone;
Set($Timezone, $zone);
Set($rtname, 'rtserver.mydomain.com');
Set($Organization, 'rtserver.mydomain.com');
Set(@ReferrerWhitelist, qw(rtserver.mydomain.com:443));
Set($CorrespondAddress , 'rt@rtserver.mydomain.com');
Set($CommentAddress , 'rt@rtserver.mydomain.com');
Set($WebPath , "/rt");
Set($WebBaseURL , "https://rtserver.mydomain.com");
Set($WebPort, "443");
Set($LogToSyslog , 'debug');
Set($LogToSTDERR , 'info');
Set($LogDir, '/var/log/request-tracker4');
Set($SendmailPath, "/usr/lib/sendmail");
Set($SendmailArguments, "-t");
my %typemap = (
mysql => 'mysql',
pgsql => 'Pg',
sqlite3 => 'SQLite',
);
Set($DatabaseType, $typemap{mysql} || "UNKNOWN");
Set($DatabaseHost, 'localhost');
Set($DatabasePort, '');
Set($DatabaseUser , 'aduser');
Set($DatabasePassword , 'MyFunkyPa$$');
my $dbc_dbname = 'rtdb'; if ( "mysql" eq "sqlite3" ) { Set ($DatabaseName, '' . '/' . $dbc_dbname); } else { Set ($DatabaseName, $dbc_dbname); }
Set($LogToFile , undef);
Set($LogDir, '/var/log/request-tracker4');
Set($LogToSyslog, 'debug');
1;
Thank you, I appreciate your help.