LDAP Authentication Problems


#1

I’m using Mike Peachey’s RT-Authen-External installed via c-pan but am
unable to login. I’m running RT3 v 3.6.5

From my log file it appears that sAMAccountName is not getting set, or
the user’s login name is not being passed to RT-Authen-External.

My log:
[Fri Jun 20 20:57:11 2008] [debug]: RT::User::IsExternalPassword Trying External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
[Fri Jun 20 20:57:11 2008] [debug]: Attempting to use external auth service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
[Fri Jun 20 20:57:11 2008] [debug]: LDAP Search === Base: DC=ZeugmaSystems,dc=local == Filter: (&(sAMAccountName=)(objectclass=Person)) == Attrs: dn
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:185)
[Fri Jun 20 20:57:11 2008] [info]: My_LDAP AUTH FAILED: User not found or more than one user found (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:208)
[Fri Jun 20 20:57:11 2008] [info]: RT::User::IsExternalPassword External Auth Failed: (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:294)
[Fri Jun 20 20:57:11 2008] [debug]: RT::User::IsPassword External auth FAILED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:360)
[Fri Jun 20 20:57:11 2008] [info]: RT::User::IsInternalPassword AUTH FAILED (no passwd): (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:305)
[Fri Jun 20 20:57:11 2008] [debug]: RT::User::IsPassword Internal auth FAILED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:366)

My configuration in RT-SiteConfig.pm is as follows

LDAP Settings

Set($ExternalAuthPriority, [ ‘My_LDAP’
]
);
Set($ExternalInfoPriority, [ ‘My_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
’My_LDAP’ => { ## GENERIC SECTION

‘type’ => ‘ldap’,

‘auth’ => 1,

‘info’ => 1,

‘server’ => ‘exchange.zeugmasystems.local’,

‘base’ => 'DC=ZeugmaSystems,dc=local ',

‘filter’ => ‘(objectclass=Person)’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

‘tls’ => 0,

‘net_ldap_args’ => [ version => 3 ],

‘attr_match_list’ => [ ‘Name’,

‘EmailAddress’,

‘RealName’,

‘WorkPhone’,

‘Address2’

],

‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,

‘EmailAddress’ => ‘mail’,

‘Organization’ => ‘physicalDeliveryOfficeName’,

‘RealName’ => ‘cn’,

‘ExternalAuthId’ => ‘sAMAccountName’,

‘Gecos’ => ‘sAMAccountName’,

‘WorkPhone’ => ‘telephoneNumber’,

‘Address1’ => ‘streetAddress’,

‘City’ => ‘l’,

‘State’ => ‘st’,

‘Zip’ => ‘postalCode’,

‘Country’ => ‘co’

}
}
}
);

Thanks in advanced

Lloyd Hughes


#2

Lloyd Hughes wrote:

I’m using Mike Peachey’s RT-Authen-External installed via c-pan but am
unable to login. I’m running RT3 v 3.6.5

From my log file it appears that sAMAccountName is not getting set, or
the user’s login name is not being passed to RT-Authen-External.

My log:
[Fri Jun 20 20:57:11 2008] [debug]: LDAP Search === Base:
DC=ZeugmaSystems,dc=local == Filter:
(&(sAMAccountName=)(objectclass=Person)) == Attrs: dn
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:185)
[Fri Jun 20 20:57:11 2008] [info]: My_LDAP AUTH FAILED: User not
found or more than one user found
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:208)

I don’t quite see where the *s are coming from:
(&(sAMAccountName=)(objectclass=Person))

There definitely shouldn’t be a * before sAMAccountName and the one
after should be an actual user and not a wildcard search.

The config and the debug output dont seem to match up.

Can you make sure that, with the config as it is, you do a full restart:

apachectl stop
rm -rf $RTHOME/var/mason_data/obj/*
apachectl start

and then try again and check that the output is exactly the same?

Also can you confirm you are using v0.05 and you haven’t altered it at all?

If after a full restart everything is the same, you might want to add a
little debug around line 208 in /usr/local/lib/rt3/lib/RT/User_Vendor.pm
to work out where those stars are coming from - I’ve never seen them
before…
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com


#3

Hi Mike

Thanks for the quick response. I did a reinstall of RT and that fixed
the problem. My predecessor must have modified the code at some point.

Lloyd

Mike Peachey wrote: