I’m trying to install RT4.4.1-3+deb9u2 on Debian Stretch and it seems that the LDAP authentication doesn’t work. I understand that there is no need to install a plugin anymore because external authentication has been implemented in the core.
I’m able to log in to the computer using one of my LDAP’s users. The error message I get is:
[12054] [Wed Sep 6 13:21:45 2017] [error]: FAILED LOGIN for user1 from 192.168.0.128 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:826)
Your RT configuration looks OK. So I would start by making sure that
your ldap search user account/passsword pair are correct and
that your ldap search filter brings back a user1.
Easiest way to test is by using ldapsearch.
You can also check the ldap server logs to see if they find the user1
user.
Next I would check that your user1 username/password pair are correct.
Again ldapsearch will help.
Thanks a lot for your help. Actually, I already tried ldapsearch using:
ldapsearch -x -W -D “cn=admin,dc=domain,dc=com” -h 192.168.0.1 "uid=user1"
ldapsearch -x -W -D “cn=admin,dc=domain,dc=com” “-h 192.168.0.1 objectClass=posixAccount”
Everything works fine. I’ve also added the follow:
Set( $ExternalAuth, 1 );
Unfortunately it still doesn’t work. The thing is that I’m installing RT from scratch but using the database from my old RT version. I’m getting this warning:
[7201] [Thu Sep 7 08:04:11 2017] [warning]: RT::Handle=HASH(0x5619b8623fc0) couldn’t execute the query 'SELECT main.* FROM CustomRoles main WHERE (main.Disabled = ‘0’) ’ at /usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 599.
DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0x5619b8623fc0), “SELECT main.* FROM CustomRoles main WHERE (main.Disabled = '”…) called at /usr/share/perl5/DBIx/SearchBuilder.pm line 241
DBIx::SearchBuilder::_DoSearch(RT::CustomRoles=HASH(0x5619bbf2fd08)) called at /usr/share/request-tracker4/lib/RT/SearchBuilder.pm line 982
RT::SearchBuilder::_DoSearch(RT::CustomRoles=HASH(0x5619bbf2fd08)) called at /usr/share/perl5/DBIx/SearchBuilder.pm line 513
DBIx::SearchBuilder::Next(RT::CustomRoles=HASH(0x5619bbf2fd08)) called at /usr/share/request-tracker4/lib/RT/CustomRoles.pm line 104
RT::CustomRoles::RegisterRoles(“RT::CustomRoles”) called at /usr/share/request-tracker4/lib/RT.pm line 206
RT::Init(“RT”, “Heavy”, 1) called at /usr/share/request-tracker4/libexec/rt-server.fcgi line 126 (/usr/share/perl/5.24/Carp.pm:170)
Does this warning affect the LDAP authentication?
By the way, I’ve also checked the LDAP logs and there is nothing.
I’ve tried to install RT v4.2 in a VM and then upgraded the whole VM to Stretch so I got RT v 4.4.1 and LDAP authentication worked but the log file is a little but noisy. I get the following error messages:
Sep 11 16:44:04 rt RT: [24779] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24779] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24779] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24779] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24779] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24779] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24777] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24777] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24777] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24779] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24779] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24779] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24777] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24777] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24777] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Is it because the ExternalAuth extension was installed in v4.2 and it is still being used? Should I uninstall it? If yes, how?
My RT_SiteConfig.pm is configured to connect to our LDAP server, and although I can authenticate LDAP users on the system itself, RT consistently denies access with a “FAILED LOGIN” error. It like there’s a hidden configuration step or a subtle issue I’m missing. Has anyone faced a similar problem or can provide insights on fine-tuning LDAP settings for RT?