LDAP authentication doesn't work!

Hi,

I’m trying to install RT4.4.1-3+deb9u2 on Debian Stretch and it seems that the LDAP authentication doesn’t work. I understand that there is no need to install a plugin anymore because external authentication has been implemented in the core.

Here is my RT_SiteConfig.pm
Set( $ExternalAuthPriority, [“My_LDAP”] );
Set( $ExternalInfoPriority, [“My_LDAP”] );
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘192.168.0.1’,
‘user’ => ‘cn=admin,dc=domain,dc=com’,
‘pass’ => ‘mypass’,
‘base’ => ‘ou=People,dc=domain,dc=com’,
‘filter’ => ‘(objectClass=posixAccount)’,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
},
},
} );

I’m able to log in to the computer using one of my LDAP’s users. The error message I get is:
[12054] [Wed Sep 6 13:21:45 2017] [error]: FAILED LOGIN for user1 from 192.168.0.128 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:826)

Could you please enlighten me?

1 Like

Hi,

Your RT configuration looks OK. So I would start by making sure that
your ldap search user account/passsword pair are correct and
that your ldap search filter brings back a user1.

Easiest way to test is by using ldapsearch.
You can also check the ldap server logs to see if they find the user1
user.

Next I would check that your user1 username/password pair are correct.
Again ldapsearch will help.

Hope that helps.

Best Regards

Martin

1 Like

Hi Martin,

Thanks a lot for your help. Actually, I already tried ldapsearch using:
ldapsearch -x -W -D “cn=admin,dc=domain,dc=com” -h 192.168.0.1 "uid=user1"
ldapsearch -x -W -D “cn=admin,dc=domain,dc=com” “-h 192.168.0.1 objectClass=posixAccount”

Everything works fine. I’ve also added the follow:
Set( $ExternalAuth, 1 );

Unfortunately it still doesn’t work. The thing is that I’m installing RT from scratch but using the database from my old RT version. I’m getting this warning:
[7201] [Thu Sep 7 08:04:11 2017] [warning]: RT::Handle=HASH(0x5619b8623fc0) couldn’t execute the query 'SELECT main.* FROM CustomRoles main WHERE (main.Disabled = ‘0’) ’ at /usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 599.
DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0x5619b8623fc0), “SELECT main.* FROM CustomRoles main WHERE (main.Disabled = '”…) called at /usr/share/perl5/DBIx/SearchBuilder.pm line 241
DBIx::SearchBuilder::_DoSearch(RT::CustomRoles=HASH(0x5619bbf2fd08)) called at /usr/share/request-tracker4/lib/RT/SearchBuilder.pm line 982
RT::SearchBuilder::_DoSearch(RT::CustomRoles=HASH(0x5619bbf2fd08)) called at /usr/share/perl5/DBIx/SearchBuilder.pm line 513
DBIx::SearchBuilder::Next(RT::CustomRoles=HASH(0x5619bbf2fd08)) called at /usr/share/request-tracker4/lib/RT/CustomRoles.pm line 104
RT::CustomRoles::RegisterRoles(“RT::CustomRoles”) called at /usr/share/request-tracker4/lib/RT.pm line 206
RT::Init(“RT”, “Heavy”, 1) called at /usr/share/request-tracker4/libexec/rt-server.fcgi line 126 (/usr/share/perl/5.24/Carp.pm:170)

Does this warning affect the LDAP authentication?

By the way, I’ve also checked the LDAP logs and there is nothing.

1 Like

Hi KKK02,

Thanks a lot for your help. Sorry but I didn’t get what you said. Could you please elaborate?

1 Like

Hi,

I’ve tried to install RT v4.2 in a VM and then upgraded the whole VM to Stretch so I got RT v 4.4.1 and LDAP authentication worked but the log file is a little but noisy. I get the following error messages:
Sep 11 16:44:04 rt RT: [24779] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24779] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24779] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24779] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24779] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24779] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24777] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24777] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24777] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24779] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24779] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24779] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
Sep 11 16:44:04 rt RT: [24777] Attempting to use external auth service: My_LDAP (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:288)
Sep 11 16:44:04 rt RT: [24777] SSO Failed and no user to test with. Nexting (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:316)
Sep 11 16:44:04 rt RT: [24777] Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)

Is it because the ExternalAuth extension was installed in v4.2 and it is still being used? Should I uninstall it? If yes, how?

Thanks a lot for your help.

1 Like