Help with Active Directory Auth on 4.2.2

RT Users
1

Hi,

I need some help from you whom have already Request Tracker with Active Directory!

After struggle for some days trying to authenticate Active Directory users with the External Auth module I bring you my Apache Log and configuration of the Plugin. May someone help me with advices??? I would love to see my Request Tracker linked to the Active Directory of the company.

My Operational Systems are:
Request Tracker 4.2.2 - Ubuntu 13.10
Active Directory - Windows 2008 Server

Well after trying to figure out how the Plugin Works I wanted to make sure my Active Directory was acessible and the Bind account was working. So I check with the command:

ldapsearch -x -h pdcsti.stitelecom.local -p 389 -D “cn=rt-ldap,cn=Users,dc=stitelecom,dc=local” -w secret -s sub -b ‘cn=Users,dc=stitelecom,dc=local’ “(&(objectClass=*))”

When I do it the output is a loto f Users, Groups and other objects from the AD. So I suppose the AD is ready right??

Follow the RT part…

+++++In the /var/log/apache2/error.log++++++

[4638] [Thu Feb 6 14:41:01 2014] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: rtop@stitelecom.com.br, ExternalAuthId: rtop, Gecos: rtop, Name: rtop, Privileged: , RealName: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
[4638] [Thu Feb 6 14:41:01 2014] [info]: Autocreated external user rtop ( 118 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:281)
[4638] [Thu Feb 6 14:41:01 2014] [info]: My_LDAP AUTH FAILED rtop (can’t bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:227)
[4638] [Thu Feb 6 14:41:01 2014] [error]: FAILED LOGIN for rtop from 10.10.1.137 (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:814)

++++++ In the RT_Siteconfig.pm: +++++++

Plugin( “RT::Authen::ExternalAuth” );
Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {

‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘pdcsti.stitelecom.local’,
‘user’ => ‘cn=rt-ldap,cn=Users,dc=stitelecom,dc=local’,
‘pass’ => ‘secret’,
‘base’ => ‘dc=stitelecom,dc=local’,
‘filter’ => ‘(objectclass=*)’,
‘group’ => ‘cn=RTUsers,ou=RT4,ou=STI,dc=stitelecom,dc=local’,
‘group_attr’ => ‘uniqueMember’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘ExternalAuthId’ => ‘sAMAccountName’,
},
},
} );
1;

THANK YOU IN ADVANCE!

[Diego2013]

2

Here is mine which is working great

WorkingLDAP Connection

'Connect_LDAP'  =>  {
   'type'              =>  'ldap',
   'server'            =>  '192.168.250.49',
   'user'              =>  'CN=Secret,OU=Users_Special,OU=Copesan,DC=Copesan,DC=local',
   'pass'              =>  Secret,
   'base'              =>  'DC=copesan,DC=local',
   'filter'            =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
   'd_filter'          =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
   'tls'               =>  0,

‘ssl_version’ => 3,

   'net_ldap_args'     => [ version => 3 ],

‘group’ => ‘CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu’,

‘group_attr’ => ‘member’,

   'attr_match_list'   => [   'Name', 'EmailAddress'   ],
   'attr_map'          => {   'Name' => 'sAMAccountName',
                      'EmailAddress' => 'mail',
                      'Organization' => 'physicalDeliveryOfficeName',
                          'RealName' => 'cn',
                    'ExternalAuthId' => 'sAMAccountName',
                             'Gecos' => 'sAMAccountName',
                         'WorkPhone' => 'telephoneNumber',
                          'Address1' => 'streetAddress',
                              'City' => 'l',
                             'State' => 'st',
                               'Zip' => 'postalCode',
                           'Country' => 'co'
            }
     }
 }

I would question the conical name of the user the log email address is different from the name .local versus .com.br. Should the local have a .br as well? Also in the conical name you do not have an OU in the path.

Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 * 262-783-6261 ext. 2296
bbaker@copesan.commailto:cstephan@copesan.com
www.copesan.comhttp://www.copesan.com/
"Servicing North America with Local Care"From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Diego Andrade
Sent: Thursday, February 06, 2014 11:46 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Help with Active Directory Auth on 4.2.2

Hi,

I need some help from you whom have already Request Tracker with Active Directory!

After struggle for some days trying to authenticate Active Directory users with the External Auth module I bring you my Apache Log and configuration of the Plugin. May someone help me with advices??? I would love to see my Request Tracker linked to the Active Directory of the company.

My Operational Systems are:
Request Tracker 4.2.2 - Ubuntu 13.10
Active Directory - Windows 2008 Server

Well after trying to figure out how the Plugin Works I wanted to make sure my Active Directory was acessible and the Bind account was working. So I check with the command:

ldapsearch -x -h pdcsti.stitelecom.local -p 389 -D “cn=rt-ldap,cn=Users,dc=stitelecom,dc=local” -w secret -s sub -b ‘cn=Users,dc=stitelecom,dc=local’ “(&(objectClass=*))”

When I do it the output is a loto f Users, Groups and other objects from the AD. So I suppose the AD is ready right??

Follow the RT part…

+++++In the /var/log/apache2/error.log++++++

[4638] [Thu Feb 6 14:41:01 2014] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: rtop@stitelecom.com.brmailto:rtop@stitelecom.com.br, ExternalAuthId: rtop, Gecos: rtop, Name: rtop, Privileged: , RealName: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
[4638] [Thu Feb 6 14:41:01 2014] [info]: Autocreated external user rtop ( 118 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:281)
[4638] [Thu Feb 6 14:41:01 2014] [info]: My_LDAP AUTH FAILED rtop (can’t bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:227)
[4638] [Thu Feb 6 14:41:01 2014] [error]: FAILED LOGIN for rtop from 10.10.1.137 (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:814)

++++++ In the RT_Siteconfig.pm: +++++++

Plugin( “RT::Authen::ExternalAuth” );
Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {

‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘pdcsti.stitelecom.local’,
‘user’ => ‘cn=rt-ldap,cn=Users,dc=stitelecom,dc=local’,
‘pass’ => ‘secret’,
‘base’ => ‘dc=stitelecom,dc=local’,
‘filter’ => ‘(objectclass=*)’,
‘group’ => ‘cn=RTUsers,ou=RT4,ou=STI,dc=stitelecom,dc=local’,
‘group_attr’ => ‘uniqueMember’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘ExternalAuthId’ => ‘sAMAccountName’,
},
},
} );
1;

THANK YOU IN ADVANCE!

[Diego2013]