Failed use LDAP service

*Dear All,

I failed use LDAP service, I already done steps below:
1. Install RT-Authen-ExternalAuth
*2. Uncomment Set(@Plugins,(qw(RT::Authen::ExternAuth))); on
/opt/rt3/etc/RT_SiteConfig.pm
3. cp
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth

*4. apply the following patch to
User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm:

— local/lib/RT/User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm~
2008-04-09 10:40:44.000000000 +0200 +++
./local/lib/RT/User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm
2008-08-04 17:46:32.000000000 +0200 @@ -348,7 +348,7 @@ return (undef); }

so, recently file User_Vendor.pm is like below:
no warnings qw(redefine);
use strict;
use RT::Authen::ExternalAuth;

{{{ sub CanonicalizeUserInfo

=head2 CanonicalizeUserInfo HASHREF

Get all ExternalDB attrs listed in $RT::ExternalDBAttrMap and put them into
the hash referred to by HASHREF.

returns true (1) if ExternalDB lookup was successful, false (undef)
in all other cases.

=cut

sub CanonicalizeUserInfo {
my $self = shift;
my $args = shift;
return(RT::Authen::ExternalAuth::CanonicalizeUserInfo($self,$args));
}

}}}

— local/lib/RT/User_Vendor.pm~ 2008-04-09 10:40:44.000000000 +0200 +++
./local/lib/RT/User_Vendor.pm 2008-08-04 17:46:32.000000000 +0200 @@ -348,7
+348,7 @@ return (undef); }

  • if ( $self->PrincipalObj->Disabled ) { + if ( $self->PrincipalObj and
    $self->PrincipalObj->Disabled ) { $RT::Logger->info(“Disabled user " .
    $self->Name . " tried to log in” ); return (undef); -->

1;

*5. Restart apache2
*But, I still can not login by user on active directory.

What should I do?

Thanks,
ns*

Dear All,

Need your help.

I see in error.log is like below:

[Wed Apr 22 10:10:28 2009] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Wed Apr 22 10:10:28 2009] [error]: FAILED LOGIN for user test from
test-desk (/opt/rt3/share/html/autohandler:265)

What is the problem and what Should I do?

Thanks,
ns---------- Forwarded message ----------
From: nast linux nastlinux@gmail.com
Date: Wed, 22 Apr 2009 13:50:08 +0700
Subject: Failed use LDAP service
To: rt-users rt-users@lists.bestpractical.com

*Dear All,

I failed use LDAP service, I already done steps below:
1. Install RT-Authen-ExternalAuth
*2. Uncomment Set(@Plugins,(qw(RT::Authen::ExternAuth))); on
/opt/rt3/etc/RT_SiteConfig.pm
3. cp
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth

*4. apply the following patch to
User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm:

— local/lib/RT/User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm~
2008-04-09 10:40:44.000000000 +0200 +++
./local/lib/RT/User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm
2008-08-04 17:46:32.000000000 +0200 @@ -348,7 +348,7 @@ return (undef); }

so, recently file User_Vendor.pm is like below:
no warnings qw(redefine);
use strict;
use RT::Authen::ExternalAuth;

{{{ sub CanonicalizeUserInfo

=head2 CanonicalizeUserInfo HASHREF

Get all ExternalDB attrs listed in $RT::ExternalDBAttrMap and put them into
the hash referred to by HASHREF.

returns true (1) if ExternalDB lookup was successful, false (undef)
in all other cases.

=cut

sub CanonicalizeUserInfo {
my $self = shift;
my $args = shift;
return(RT::Authen::ExternalAuth::CanonicalizeUserInfo($self,$args));
}

}}}

— local/lib/RT/User_Vendor.pm~ 2008-04-09 10:40:44.000000000 +0200 +++
./local/lib/RT/User_Vendor.pm 2008-08-04 17:46:32.000000000 +0200 @@ -348,7
+348,7 @@ return (undef); }

  • if ( $self->PrincipalObj->Disabled ) { + if ( $self->PrincipalObj and
    $self->PrincipalObj->Disabled ) { $RT::Logger->info(“Disabled user " .
    $self->Name . " tried to log in” ); return (undef); -->

1;

*5. Restart apache2
*But, I still can not login by user on active directory.

What should I do?

Thanks,
ns*

Dear All,

Need your help.

I see in error.log is like below:

[Wed Apr 22 10:10:28 2009] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Wed Apr 22 10:10:28 2009] [error]: FAILED LOGIN for user test from
test-desk (/opt/rt3/share/html/autohandler:265)

What is the problem and what Should I do?

Thanks,
ns
---------- Forwarded message ----------
From: nast linuxnastlinux@gmail.com
Date: Wed, 22 Apr 2009 13:50:08 +0700
Subject: Failed use LDAP service
To: rt-usersrt-users@lists.bestpractical.com

*Dear All,

I failed use LDAP service, I already done steps below:
*
1. Install RT-Authen-ExternalAuth
*2. Uncomment Set(@Plugins,(qw(RT::Authen::ExternAuth))); on
/opt/rt3/etc/RT_SiteConfig.pm
*
3. cp
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth

*4. apply the following patch to
User_Vendorhttp://wiki.bestpractical.com/view/User_Vendor.pm:
*

The error "

Can’t bind:
LDAP_INVALID_CREDENTIALS 49

"
Seems to be your problem. From memory, AD requires authenticated
credentials for ldap queries.
A windows guru could help here.
In your RT_SiteConfig.pm, where you have specified
Set( $ExternalSettings, {

‘user’ => ‘User goes here’,
‘pass’ => ‘Password here’,

}

You could try using ldapsearch from the command line on the server
to check that the user can bind and do lookups, e.g.
ldapsearch -D “cn=fred, etc” -w “Password”-h ldap.example.com -b
"ou=People, etc." cn=*
or something similar, man ldapsearch could be your friend.

Regards,
Lachlan

Thu 23 Apr 2009 03:10:30 GMT
Lachlan Webb wrote:

I see in error.log is like below:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49

What is the problem and what Should I do?

The error "

Can’t bind:
LDAP_INVALID_CREDENTIALS 49

"
Seems to be your problem. From memory, AD requires authenticated
credentials for ldap queries.

AD allows anonymous bind if it has been told to.

Set( $ExternalSettings, {

‘user’ => ‘User goes here’,
‘pass’ => ‘Password here’,

}

Precisely.

Either you have invalid bind credentials specified or you have none
specified but LDAP is not configured for anonymous bind.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com