LDAP Authentication failed - RT 5

haroonrasheed · November 6, 2023, 6:54am

I have installed RT 5.0.4 and restored my existing backup of RT4.2.5.

I got my login screen, when i try to login im getting login successful on log but its not moving up to next page, i have attached the log below. It would be more appreciated if someone can help to fix this below issue!!

LOG:
[135368] [debug]: LDAP Search === Base: dc=xxx,dc=local == Filter: (&(objectclass=person)(sAMAccountName=ZZZZZZ)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[135368] [debug]: Password validation required for service - Executing… (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:460)
[135368] [debug]: Trying external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:218)
[135368] [debug]: LDAP Search === Base: dc=xxx,dc=local == Filter: (&(objectclass=person)(sAMAccountName=ZZZZZZ)) == Attrs: dn (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:261)
[135368] [debug]: Found LDAP DN: CN=ZZZZZZ,OU=XXXXYYY,DC=xxx,DC=local (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:303)
[135368] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): ZZZZZZ (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:384)
[135368] [debug]: LDAP password validation result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:646)
[135368] [debug]: Password Validation Check Result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:464)
[135368] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:488)
[135368] [info]: Successful login for ZZZZZZ from 111.111.111.11 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:529)
[135368] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt5/share/html/Elements/DoAuth:58)
[135368] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[135368] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[135368] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[135368] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[135368] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[135368] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)

GreenJimll · November 15, 2023, 8:57am

Do you have:

Set( $WebRemoteUserAutocreate, 1);

in your RT_SiteConfig.pm?

haroonrasheed · November 15, 2023, 11:49am

Yes I have added and tried still its same.
Please find the below conf file.

Plugin(‘RT::Extension::CommandByMail’);
Plugin(‘RT::Extension::ActivityReports’);
Plugin(‘RT::Extension::JSGantt’);
Plugin(‘RT::Extension::FormTools’);
Plugin(‘RT::Extension::ExtractCustomFieldValues’);

Set(@MailPlugins, qw(Auth::MailFrom Action::CommandByMail));

Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($AutoCreateNonExternalUsers, 1);
Set($WebRemoteUserAutocreate, 1);

Set($ExternalAuthPriority, [ ‘My_LDAP’] );
Set($ExternalServiceUsesSSLorTLS, 1);
Set($ExternalSettings, {
‘My_LDAP’ => {
#Here i have my LDAP configuration
});

GreenJimll · November 15, 2023, 12:53pm

Try adding:

Set( $ExternalInfoPriority, [ 'My_LDAP', ] );

haroonrasheed · November 15, 2023, 1:12pm

After adding the above property im getting this error

[282225] [Wed Nov 15 13:11:53 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[282225] [Wed Nov 15 13:11:53 2023] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[282225] [Wed Nov 15 13:11:53 2023] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[282225] [Wed Nov 15 13:11:53 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[282225] [Wed Nov 15 13:11:53 2023] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[282225] [Wed Nov 15 13:11:53 2023] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Calling UserExists with $username (xxxxxxx) and $service (My_LDAP) (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:407)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: UserExists params:
username: xxxxxxx , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: LDAP Search === Base: dc=yyyy,dc=local == Filter: (&(objectclass=person)(sAMAccountName=xxxxxxx)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Password validation required for service - Executing… (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:460)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Trying external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:218)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: LDAP Search === Base: dc=yyyy,dc=local == Filter: (&(objectclass=person)(sAMAccountName=xxxxxxxx)) == Attrs: dn (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:261)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Found LDAP DN: CN=Test,OU=Test-Users,DC=yyyy,DC=local (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:303)
[282225] [Wed Nov 15 13:12:00 2023] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): xxxxxxx (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:384)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: LDAP password validation result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:646)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Password Validation Check Result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:464)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:488)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: UserExists params:
username: xxxxxxx , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: LDAP Search === Base: dc=yyyy,dc=local == Filter: (&(objectclass=person)(sAMAccountName=xxxxxxx)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: UserExists params:
username: xxxxxxx , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: LDAP Search === Base: dc=yyyy,dc=local == Filter: (&(objectclass=person)(sAMAccountName=xxxxxxx)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: No d_filter specified for this LDAP service ( My_LDAP ), so considering all users enabled (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:689)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt5/sbin/…/lib/RT/User.pm 872 with: Name: xxxxxxx (/opt/rt5/sbin/…/lib/RT/User.pm:906)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt5/sbin/…/lib/RT/User.pm:914)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Attempting to use this canonicalization key: Name (/opt/rt5/sbin/…/lib/RT/User.pm:923)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: LDAP Search === Base: dc=yyyy,dc=local == Filter: (&(objectclass=person)(sAMAccountName=xxxxxxx)) == Attrs: physicalDeliveryOfficeName,o,uid,uid,telephoneNumber,mail,cn,sAMAccountName,streetAddress (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[282225] [Wed Nov 15 13:12:00 2023] [debug]: Found one matching record (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:490)
[282225] [Wed Nov 15 13:12:00 2023] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Address1: , Address2: , EmailAddress: , ExternalAuthId: , Gecos: , Name: xxxxxxx, Organization: , RealName: Haroon Rasheed, WorkPhone: (/opt/rt5/sbin/…/lib/RT/User.pm:981)
[282225] [Wed Nov 15 13:12:00 2023] [error]: RT::User::ExternalAuthId Unimplemented in RT::Record. (/opt/rt5/sbin/…/lib/RT/Record.pm line 964)

Stack:
[/usr/local/share/perl5/DBIx/SearchBuilder/Record.pm:493]
[/opt/rt5/sbin/…/lib/RT/Record.pm:964]
[/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:609]
[/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:512]
[/opt/rt5/share/html/Elements/DoAuth:57]
[/opt/rt5/sbin/…/lib/RT/Interface/Web.pm:360]
[/opt/rt5/share/html/autohandler:53] (/opt/rt5/sbin/…/lib/RT/Interface/Web/Handler.pm:216)

GreenJimll · November 15, 2023, 4:53pm

Have you got ExternalAuthId in your LDAP mapping? If so, you might want to remove it according to this previous thread on the forum.

haroonrasheed · November 16, 2023, 6:52am

Thanks for the prompted response.

I have commented the ExternalAuthId as mentioned on the thread, but it started with the beginning issue, not loading to next page once successful login.

Log:

[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Calling UserExists with $username (test) and $service (My_LDAP) (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:407)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UserExists params:
username: test , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=test)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Password validation required for service - Executing… (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:460)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Trying external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:218)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=test)) == Attrs: dn (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:261)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Found LDAP DN: CN=Test,OU=test-Users,DC=test,DC=local (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:303)
[295506] [Thu Nov 16 06:48:39 2023] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): test (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:384)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP password validation result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:646)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Password Validation Check Result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:464)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:488)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UserExists params:
username: test , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=test)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UserExists params:
username: test , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=test)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: No d_filter specified for this LDAP service ( My_LDAP ), so considering all users enabled (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:689)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt5/sbin/…/lib/RT/User.pm 872 with: Name: test (/opt/rt5/sbin/…/lib/RT/User.pm:906)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt5/sbin/…/lib/RT/User.pm:914)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use this canonicalization key: Name (/opt/rt5/sbin/…/lib/RT/User.pm:923)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=test)) == Attrs: sAMAccountName,streetAddress,uid,o,telephoneNumber,cn,physicalDeliveryOfficeName,mail (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Found one matching record (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:490)
[295506] [Thu Nov 16 06:48:39 2023] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Address1: , Address2: , EmailAddress: , Gecos: , Name: test, Organization: , RealName: Test, WorkPhone: (/opt/rt5/sbin/…/lib/RT/User.pm:981)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UPDATED user ( test ) from External Service (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:619)
[295506] [Thu Nov 16 06:48:39 2023] [info]: Successful login for test from 10.10.101.146 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:529)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt5/share/html/Elements/DoAuth:58)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)

Config:
Set($ExternalAuthPriority, [ ‘My_LDAP’] );
Set($ExternalInfoPriority, [“My_LDAP”] );
Set($ExternalServiceUsesSSLorTLS, 1);
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘10.10.x.x’,
‘user’ => ‘admin@test.local’,
‘pass’ => ‘admin123’,
‘base’ => ‘dc=test,dc=local’,
‘filter’ => ‘(objectclass=person)’,

‘d_filter’ => ‘(FILTER_STRING)’,

‘group’ => ‘(memberof=CN=RTUsers,CN=Users,DC=test,DC=local)’,

‘group_attr’ => ‘GROUP_ATTR’,

    'tls'                       =>  0,
    'ssl_version'               =>  3,
    'net_ldap_args'             => [    version =>  3   ],

‘group_scope’ => ‘base’,

‘group_attr_value’ => ‘GROUP_ATTR_VALUE’,

    'attr_match_list' => [
        'Name',
        'EmailAddress',
        'RealName',
    ],
    'attr_map' => {

‘Name’ => ‘uid’,

        'Name' => 'sAMAccountName',
        'EmailAddress' => 'mail',
        'Organization' => 'o',
        'RealName' => 'cn',

‘ExternalAuthId’ => ‘uid’,

        'Gecos' => 'uid',
        'WorkPhone' => 'telephoneNumber',
        'Address1' => 'streetAddress',
        'Address2' => 'physicalDeliveryOfficeName'
    },
},

} );

Appreciated for your response!!

GreenJimll · November 16, 2023, 9:15am

Weird - it looks from that log like it has succeeded, and then failed.

haroonrasheed · November 16, 2023, 9:29am

Please find the log with other user.

LOG:

[295506] [Thu Nov 16 06:48:39 2023] [debug]: Calling UserExists with $username (haroon.rasheed) and $service (My_LDAP) (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:407)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UserExists params:
username: haroon.rasheed , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=Test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=haroon.rasheed)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Password validation required for service - Executing… (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:460)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Trying external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:218)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=Test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=haroon.rasheed)) == Attrs: dn (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:261)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Found LDAP DN: CN=Haroon Rasheed,OU=Test-Users,DC=Test,DC=local (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:303)
[295506] [Thu Nov 16 06:48:39 2023] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): haroon.rasheed (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:384)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP password validation result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:646)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Password Validation Check Result: 1 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:464)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:488)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UserExists params:
username: haroon.rasheed , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=Test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=haroon.rasheed)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UserExists params:
username: haroon.rasheed , service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:566)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=Test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=haroon.rasheed)) == Attrs: sAMAccountName,mail,cn,sAMAccountName (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:611)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: No d_filter specified for this LDAP service ( My_LDAP ), so considering all users enabled (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:689)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt5/sbin/…/lib/RT/User.pm 872 with: Name: haroon.rasheed (/opt/rt5/sbin/…/lib/RT/User.pm:906)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt5/sbin/…/lib/RT/User.pm:914)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use this canonicalization key: Name (/opt/rt5/sbin/…/lib/RT/User.pm:923)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: LDAP Search === Base: dc=Test,dc=local == Filter: (&(objectclass=person)(sAMAccountName=haroon.rasheed)) == Attrs: sAMAccountName,streetAddress,uid,o,telephoneNumber,cn,physicalDeliveryOfficeName,mail (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Found one matching record (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:490)
[295506] [Thu Nov 16 06:48:39 2023] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Address1: , Address2: , EmailAddress: , Gecos: , Name: haroon.rasheed, Organization: , RealName: Haroon Rasheed, WorkPhone: (/opt/rt5/sbin/…/lib/RT/User.pm:981)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: UPDATED user ( haroon.rasheed ) from External Service (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:619)
[295506] [Thu Nov 16 06:48:39 2023] [info]: Successful login for haroon.rasheed from 10.10.65.146 (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:529)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt5/share/html/Elements/DoAuth:58)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[295506] [Thu Nov 16 06:48:39 2023] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)

Barnes_Andrew_barnes · November 20, 2023, 9:00pm

Getting the same on just one of my 4 nodes behind a load balancer. All ldap configs are identical.

haroonrasheed · January 14, 2024, 2:06pm

@GreenJimll
Could you please help us on this!!!

GreenJimll · January 15, 2024, 8:43am

I’m afraid I’m out of ideas. Sorry.

haroonrasheed · January 15, 2024, 9:22am

Uh!!

Till RT5.0.3 its working without any issue, when it comes to 5.0.4 & 5.0.5 LDAP authentication has issue with retry authentication.
[153014] [Mon Jan 15 09:15:41 2024] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt5/share/html/Elements/DoAuth:58)
[153014] [Mon Jan 15 09:15:41 2024] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[153014] [Mon Jan 15 09:15:41 2024] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[153014] [Mon Jan 15 09:15:41 2024] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[153014] [Mon Jan 15 09:15:41 2024] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[153014] [Mon Jan 15 09:15:41 2024] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[153014] [Mon Jan 15 09:15:41 2024] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)

GreenJimll · January 15, 2024, 4:36pm

So there’s some change between 5.0.3 and 5.0.4 that is breaking it for you? Hmm. I had a look on BP’s RT github and the only thing I could spot that might be causing it is this:

github.com/bestpractical/rt

Add LDAP email authentication

committed 09:37PM - 03 Feb 21 UTC

renderorange

+154 -96

This commit updates the LDAP authentication flow to allow users to authenticate …using email address as well as username. The LDAP filter string was previously hardcoded to only query LDAP using the mapped Name field. RT will now attempt to query LDAP using each of the defined keys in attr_match_list. After a match is found on the LDAP server, RT will now load the User object by either Name or EmailAddress, depending on what key returned the match.

I wonder if you could test it by only having Name in the attr_match_list in your RT config? If that worked then it might well be that this patch has changed the behaviour of the LDAP external authen.

A long shot but its all I’ve got for you I’m afraid.

haroonrasheed · January 15, 2024, 8:21pm

Yes thats right something is breaking!!

I have changed the configuration but i couldnt login, it throw same message.

GreenJimll · January 16, 2024, 8:33am

You could try taking the lib/RT/Authen/ExternalAuth.pm from a 5.0.3 RT distro and putting it into /opt/rt5/local/lib/RT/Authen (you’ll have to make that directory hierarchy by hand most probably), flush your Mason cache and then see if that works. That would let you know if its is the 5.0.4/5.0.5 version of that file that is causing you issues.

haroonrasheed · January 16, 2024, 8:43am

I tried as you mentioned but i couldnt find any luck.

[180829] [Tue Jan 16 08:38:13 2024] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt5/share/html/Elements/DoAuth:58)
[180829] [Tue Jan 16 08:38:13 2024] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[180829] [Tue Jan 16 08:38:13 2024] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[180829] [Tue Jan 16 08:38:13 2024] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)
[180829] [Tue Jan 16 08:38:13 2024] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:365)
[180829] [Tue Jan 16 08:38:13 2024] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt5/sbin/…/lib/RT/Authen/ExternalAuth.pm:394)
[180829] [Tue Jan 16 08:38:13 2024] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt5/share/html/Elements/DoAuth:58)

GreenJimll · January 16, 2024, 11:11am

In which case it probably is not a change in that file from 5.0.3 to 5.0.4/5 that is causing your problems. At least that’s one source of the problem you can tick off your list.

Andrew_Ruthven · January 17, 2024, 10:08am

That SSO Failed error is coming from this line: https://github.com/bestpractical/rt/blob/3332d262eab27fcbcd080eeb2e81f7ea3b86849e/lib/RT/Authen/ExternalAuth.pm#L394

So $given_name isn’t set, which is the username which has been entered into the login form.

Looking at the log lines, I wonder if the authentication cookie isn’t been set or stored correctly. What cookies do you have in your browser for your login?

Are you using HTTPS? Do you have WebSecureCookies set?

haroonrasheed · February 9, 2024, 10:26pm

Yes im using HTTPS and enabled websecure cookie