Hello,
About 6 months ago, I set up External Auth to use the ExternalAuth, with
our ldap authentication server. Recently, it stopped working.
I checked the syslog, and turned up the log level, but still did not get
any useful error messages.
Mar 15 13:12:15 hpcrdticket RT: FAILED LOGIN for sandra from
xxx.xxx.xxx.xxx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:457)
The same user was able to authenticate to the ldap service via another
application.
Using TCP dump on the RT server, I don’t see any network traffic between
the RT server and the ldap server, when I try to use ldap
authentication. So, it looks like RT isn’t trying to communicate with
the LDAP server. I am able to see pings between the machines using tcpdump.
Does anyone know how I can get some better log messages? Or better yet,
have some good idea of where/why RT seems to not be enabling the
ExteralAuth? As I mentioned, the config was working a couple weeks ago.
Between when it was working and now, I did install mergeuser, so my
users can use multiple email addresses to create tickets. You think the
two could be interfering? I double checked the settings in
RT_SiteConfig.pm.
Set( @Plugins, (qw(
RT::Authen::ExternalAuth
RT::Extension::LDAPImport
RT::Extension::MergeUsers
RT::Extension::CommandByMail)));
Regards,
Sandra
About 6 months ago, I set up External Auth to use the ExternalAuth,
with our ldap authentication server. Recently, it stopped working.
I checked the syslog, and turned up the log level, but still did not
get any useful error messages.
Mar 15 13:12:15 hpcrdticket RT: FAILED LOGIN for sandra from
xxx.xxx.xxx.xxx
(/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:457)
The same user was able to authenticate to the ldap service via
another application.
Using TCP dump on the RT server, I don’t see any network traffic
between the RT server and the ldap server, when I try to use ldap
authentication. So, it looks like RT isn’t trying to communicate
with the LDAP server. I am able to see pings between the machines
using tcpdump.
Does anyone know how I can get some better log messages? Or better
yet, have some good idea of where/why RT seems to not be enabling
the ExteralAuth? As I mentioned, the config was working a couple
weeks ago.
The usual recommendation is to turn whatever Log you’re using up to
debug (you can read about the Log settings in RT_Config.pm and set the
appropriate ones in RT_SiteConfig.pm)
It’s also useful to tell us what versions of RT and your modules
you’re using.
It also isn’t clear if the login fails for all ldap users or just this
one.
You should also post a sanitized version of your
RT-Authen-ExternalAuth config.
-kevin
Hello,
Turns out my problem was that when I added MergeUsers, I had both:
Set( @Plugins, (qw(
RT::Authen::ExternalAuth
RT::Extension::LDAPImport
RT::Extension::MergeUsers
RT::Extension::CommandByMail)));
And a separate line;
Set(@Plugins, qw(RT::Extension::MergeUsers));
It appears RT was not happy with the duplicate settings. Never found a
useful error message in the logs.
Cheers,
SandraOn 03/15/2012 04:24 PM, Sandra Wittenbrock wrote:
Hello,
About 6 months ago, I set up External Auth to use the ExternalAuth, with
our ldap authentication server. Recently, it stopped working.
I checked the syslog, and turned up the log level, but still did not get
any useful error messages.
Mar 15 13:12:15 hpcrdticket RT: FAILED LOGIN for sandra from
xxx.xxx.xxx.xxx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:457)
The same user was able to authenticate to the ldap service via another
application.
Using TCP dump on the RT server, I don’t see any network traffic between
the RT server and the ldap server, when I try to use ldap
authentication. So, it looks like RT isn’t trying to communicate with
the LDAP server. I am able to see pings between the machines using tcpdump.
Does anyone know how I can get some better log messages? Or better yet,
have some good idea of where/why RT seems to not be enabling the
ExteralAuth? As I mentioned, the config was working a couple weeks ago.
Between when it was working and now, I did install mergeuser, so my
users can use multiple email addresses to create tickets. You think the
two could be interfering? I double checked the settings in
RT_SiteConfig.pm.
Set( @Plugins, (qw(
RT::Authen::ExternalAuth
RT::Extension::LDAPImport
RT::Extension::MergeUsers
RT::Extension::CommandByMail)));
Regards,
Sandra