I’m trying to stand up a fresh RT 4.4.3 instance using AD authentication, and am failing but can’t tell why.
Running rt-server with debug-level console logging shows that ExternalAuth::LDAP is never even invoked during (failed) authentication attempts. I believe I’ve followed all the instructions, correctly, and I’ve verified that my LDAP URI, credentials, base DN, etc. are all correct (using ldapsearch(1)).
My RT_SiteConfig.pm:
Set( $rtname, 'rt.merlin.mb.ca' );
Set( $Organization, 'merlin.mb.ca' );
Set( $WebDomain, 'rt.merlin.mb.ca' );
Set( $Timezone, 'America/Winnipeg' );
Set( $DatabaseType, 'Pg' );
Set( $DatabaseHost, 'XXX' );
Set( $DatabaseRTHost, 'XXX' );
Set( $DatabaseUser, 'XXX' );
Set( $DatabasePassword, 'XXX' );
Set( $DatabaseName, 'XXX' );
Set( $LogToScreen, 'debug' );
Set( $LogStackTraces, 'debug');
Set( $StatementLog, 'debug' );
Set( $CorrespondAddress, 'rt@merlin.mb.ca');
Set( $CommentAddress, 'rt@merlin.mb.ca');
Set( $OwnerEmail, 'athompson@merlin.mb.ca');
Set( $ExternalAuthPriority, ['My_LDAP'] );
Set( $ExternalInfoPriority, ['My_LDAP'] );
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set( $AutoCreateNonExternalUsers, 1);
Set( $ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'merlinoffice.local',
'tls' => 1,
'user' => 'CN=Request Tracker,OU=Service Accounts,OU=Staff,DC=MERLINOffice,DC=local',
'pass' => 'XXXX',
'base' => 'OU=Staff,DC=MERLINOffice,DC=local',
'filter' => '(objectClass=inetOrgPerson)',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'attr_match_list' => [ 'Name', 'EmailAddress', ],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co',
},
},
} );
1;
and the console output from rt-server:
rt@rt$ rt-server --port 8080
[6919] [Mon Jan 28 19:01:23 2019] [error]: FAILED LOGIN for athompson from 10.1.1.150 (/var/www/rt/sbin/../lib/RT/Interface/Web.pm:827)
Trace begun at /var/www/rt/sbin/../lib/RT.pm line 313
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x3338edba78)', 'FAILED LOGIN for athompson from 10.1.1.150') called at /var/www/rt/sbin/../lib/RT/Interface/Web.pm line 827
RT::Interface::Web::AttemptPasswordAuthentication('HASH(0x32d2e22028)') called at /var/www/rt/share/html/NoAuth/Login.html line 49
HTML::Mason::Commands::__ANON__('user', 'athompson', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'pass', 'XXXXX') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x334ffcddf0)', 'user', 'athompson', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'pass', 'XXXXX') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 1302
eval {...} at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 1292
HTML::Mason::Request::comp(undef, undef, undef, 'user', 'athompson', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'pass', 'XXXXX') called at /var/www/rt/sbin/../lib/RT/Interface/Web.pm line 606
RT::Interface::Web::MaybeShowNoAuthPage('HASH(0x332a995448)') called at /var/www/rt/sbin/../lib/RT/Interface/Web.pm line 317
RT::Interface::Web::HandleRequest('HASH(0x332a995448)') called at /var/www/rt/share/html/autohandler line 53
HTML::Mason::Commands::__ANON__('pass', 'XXXXX', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'user', 'athompson') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x332a995730)', 'pass', 'XXXXX', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'user', 'athompson') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 1300
eval {...} at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 1292
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'XXXXX', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'user', 'athompson') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 481
eval {...} at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 481
eval {...} at /usr/local/libdata/perl5/site_perl/HTML/Mason/Request.pm line 433
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x338c598dd8)') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 96
eval {...} at /usr/local/libdata/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 96
HTML::Mason::Request::PSGI::exec('RT::Interface::Web::Request=HASH(0x338c598dd8)') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/Interp.pm line 342
HTML::Mason::Interp::exec(undef, undef, 'pass', 'XXXXX', 'next', 'd59eeede8a37d57070a5e3e5cd6164b0', 'user', 'athompson') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 59
eval {...} at /usr/local/libdata/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 59
HTML::Mason::PSGIHandler::invoke_mason('HTML::Mason::PSGIHandler::Streamy=HASH(0x337cf6b850)', 'HASH(0x32cdaac280)', 'HASH(0x333f5a1460)') called at /usr/local/libdata/perl5/site_perl/HTML/Mason/PSGIHandler/Streamy.pm line 52
HTML::Mason::PSGIHandler::Streamy::__ANON__('CODE(0x334ffcd730)') called at /usr/local/libdata/perl5/site_perl/Plack/Util.pm line 339
Plack::Util::__ANON__('CODE(0x32d3904ce8)') called at /usr/local/libdata/perl5/site_perl/Starlet/Server.pm line 377
Starlet::Server::handle_connection('Plack::Handler::Starlet=HASH(0x334ac41f70)', 'HASH(0x32d3904868)', 'IO::Socket::INET=GLOB(0x32d39043b8)', 'CODE(0x330f85ffa0)', '', '', '') called at /usr/local/libdata/perl5/site_perl/Starlet/Server.pm line 190
Starlet::Server::accept_loop('Plack::Handler::Starlet=HASH(0x334ac41f70)', 'CODE(0x330f85ffa0)', 100) called at /usr/local/libdata/perl5/site_perl/Plack/Handler/Starlet.pm line 80
Plack::Handler::Starlet::run('Plack::Handler::Starlet=HASH(0x334ac41f70)', 'CODE(0x330f85ffa0)') called at /usr/local/libdata/perl5/site_perl/Plack/Loader.pm line 84
Plack::Loader::run('Plack::Loader=HASH(0x3386742a78)', 'Plack::Handler::Starlet=HASH(0x334ac41f70)') called at /usr/local/libdata/perl5/site_perl/Plack/Runner.pm line 277
Plack::Runner::run('RT::PlackRunner=HASH(0x33970c3748)') called at /var/www/rt/sbin/../lib/RT/PlackRunner.pm line 150
eval {...} at /var/www/rt/sbin/../lib/RT/PlackRunner.pm line 150
RT::PlackRunner::run('RT::PlackRunner=HASH(0x33970c3748)') called at /var/www/rt/sbin/rt-server line 162
Can anyone spot what on earth I’ve missed?
Thanks in advance,
-Adam