I just did a fresh install of RT 5.0.1 served via Apache2, on Ubuntu 20.04.
I installed from source, and made sure to get all dependencies noted by a ‘make testdeps’ installed and all is well, I can login with the root user, and everything seems to be working properly.
However, when trying to get LDAP authentication working, I just can’t seem to figure out what I’m missing. I read through the documentation, but I’m unable to login at the RT login page with an LDAP user.
The RT log shows:
…[debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:364)
[debug]: Calling UserExists with $username (myldapuser) and $service (My_LDAP) (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:405)
[debug]: UserExists params: username: myldapuser , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:527)
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:719)
[debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[error]: FAILED LOGIN for myldapuser from 10.105.1.100 (/opt/rt5/sbin/…/lib/RT/Interface/Web.pm:840)…
My SiteConfig file (/opt/rt5/etc/RT_SiteConfig.pm) has:
Set( $rtname, ‘my-domain-here’);
Set( $Organization, ‘my-domain-here’ );
Set( $WebDomain, ‘my-webdomain-here’ );1;
Set($LogToFile, ‘debug’);
Set($LogToFileNamed, ‘help.example.net.log’);
Set($LogDir, ‘/var/log/rt5’);
Then I put a file in for my LDAP config (/opt/rt5/etc/RT_SiteConfig.d/LDAP_Config.pm), and it has:
Set($ExternalAuthPriority, [ ‘My_LDAP’,
‘My_MySQL’,
‘My_SSO_Cookie’
]
);Set($ExternalInfoPriority, [ ‘My_LDAP’,
‘My_MySQL’,
]
);Set($LDAPHost, ‘my-ldap-server-fqdn-here’);
Set($LDAPUser, ‘CN=binduser,DC=users,DC=example,DC=net’);
Set($LDAPPassword, ‘binduserpassword’);Set($LDAPBase, ‘CN=Users,DC=example,DC=net’);
Set($LDAPFilter, ‘(&(objectClass=person))’);
Set($LDAPMapping, {Name => ‘userPrincipalName’,
EmailAddress => ‘mail’,
RealName => ‘name’});
Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);Make users created from LDAP Privileged
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1});
Users should still be autocreated by RT as internal users if they
fail to exist in an external service; this is so requestors (who
are not in LDAP) can still be created when they email in.
#Set($AutoCreateNonExternalUsers, 1);
LDAP configuration
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘tls’ => 0,
‘server’ => ‘my-ldap-server-fqdn-here’,
‘user’ => ‘CN=binduser,DC=users,DC=example,DC=net’,
‘pass’ => ‘binduserpassword’,
‘base’ => ‘CN=users,dc=example,dc=net’,
‘filter’ => ‘(objectClass=*)’,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘userPrincipalName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘name’,
},
},
});
If anyone has any ideas on what my issue could be, I would be very grateful for your input.
Thanks.