LDAP External Auth intermittent failure

I’m using RT-4.2.7 installed from source, on ubuntu 14.04LTS. I’ve been
trying to get the External Auth (0.23) extension working properly with AD.
I can login to RT using the local admin account root. I can login to RT
using my AD account with the ExternalAuth config I have. But, when I
return to login again, I get an error. And the AD login fails. I can
then restart the RT process and it will work again.

Below is a snippet from logs I’m having problems with.

Sep 25 16:42:19 b890cf44e25f RT: [526] Configuration option AutoCreate is
deprecated, and will be removed in RT 4.4. You should use
UserAutocreateDefaultsOnLogin instead.
Sep 25 16:42:19 b890cf44e25f RT: [526]
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ):
myusername
Sep 25 16:42:19 b890cf44e25f RT: [526] Successful login for myusername from
172.17.0.75
Sep 25 16:42:55 b890cf44e25f RT: [526] Successful login for root from
172.17.0.75
Sep 25 16:47:47 b890cf44e25f RT: [526]
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
Sep 25 16:47:47 b890cf44e25f RT: [526] FAILED LOGIN for myusername from
172.17.0.75
Sep 25 16:47:52 b890cf44e25f RT: [526]
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
Sep 25 16:47:52 b890cf44e25f RT: [526] FAILED LOGIN for myusername from
172.17.0.75

Restart the RT process and it works again:
Sep 25 16:50:30 b890cf44e25f RT: [547] Configuration option AutoCreate is
deprecated, and will be removed in RT 4.4. You should use
UserAutocreateDefaultsOnLogin instead.
Sep 25 16:50:30 b890cf44e25f RT: [547]
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ):
myusername
Sep 25 16:50:30 b890cf44e25f RT: [547] Successful login for myusername from
172.17.0.75

Testing, I deliberately used the wrong password for my account.
Sep 25 16:53:55 b890cf44e25f RT: [547] My_LDAP AUTH FAILED myusername
(can’t bind: LDAP_INVALID_CREDENTIALS 49 )

I don’t understand the _GetBoundLdapObj error message, The bind username
and password are correct as we can see from the 1st login attempt being
successful. It’s not the error message from an invalid password being
entered for the user account. Is this related to a bug (
https://rt.cpan.org/Public/Bug/Display.html?id=69500 ) where different
credentials are being used to bind to the ldap server for a query?

i had this issue when i had debian on virtualbox, but when i moved rt to a
real box it went away.

even that or an update to rt (or maybe even the plugin) and i haven’t seen
it again.

View this message in context: http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-tp58611p58612.html

Getting an intermittent “RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind: LDAP_INVALID_CREDENTIALS 49” error very similar to: http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html.

[http://www.gravatar.com/avatar/26ccab0b62375e40455160ff3e911dc4?s=100&r=pg&d=http%3A%2F%2Fn7.nabble.com%2Fimages%2Favatar100.png]http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html

LDAP External Auth intermittent failure - RequestTrackerhttp://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
requesttracker.8502.n7.nabble.com
LDAP External Auth intermittent failure. I’m using RT-4.2.7 installed from source, on ubuntu 14.04LTS. I’ve been trying to get the External Auth (0.23) extension …

Almost daily the External Auth will randomly start getting the binding error above and stop accepting LDAP logins, a simple restart of RT fixes the problem. I’m using External Auth 0.25 and RT 4.2.12. The only suggestion in the post above is to update RT but these are both recent stable versions.

Anyone ran into this problem? Is it an RT_SiteConfig problem? I wouldn’t think so since it works for around 24 hours and then stops. Could it be some kind of network connectivity problem?

Would you please post your LDAP configuration in RT_SiteConfig.pm? Omitting
any sensitive information, of course.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111On Thu, May 5, 2016 at 8:15 AM, t s zzzz67@hotmail.com wrote:

Getting an intermittent “RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
Can’t bind: LDAP_INVALID_CREDENTIALS 49” error very similar to:
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
.

http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
LDAP External Auth intermittent failure - RequestTracker
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
requesttracker.8502.n7.nabble.com
LDAP External Auth intermittent failure. I’m using RT-4.2.7 installed from
source, on ubuntu 14.04LTS. I’ve been trying to get the External Auth
(0.23) extension …

Almost daily the External Auth will randomly start getting the binding
error above and stop accepting LDAP logins, a simple restart of RT fixes
the problem. I’m using External Auth 0.25 and RT 4.2.12. The only
suggestion in the post above is to update RT but these are both recent
stable versions.

Anyone ran into this problem? Is it an RT_SiteConfig problem? I wouldn’t
think so since it works for around 24 hours and then stops. Could it be
some kind of network connectivity problem?


RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Here you go:

By the way, I just changed the line below from ‘server’ => ‘LDAPSERVER:389’ to ‘server’ => ‘LDAPSERVER.CORP.COMPANYNAME.NET:389’ and restarted so I will see if that has any effect on the error not coming back up or not.

Set($WebPath , “”);
Set($WebBaseURL, “http://rt.servername.companyname.com”);

Set($RestrictReferrer, ‘0’);

Set($DatabaseAdmin, ‘root’);

Set($LogoURL, ‘https://bestpractical.com/images/logo.png’);
Set($WebDefaultStylesheet, ‘rudder’);

Set($LogToFile, ‘error’);

Set($SetOutgoingMailFrom, "RT_Tracker@companyname.com");
Set($SMTPFrom, “mail-out.smtp.companyname.com”);
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1)

Set($SendmailArguments, “-t”);
Set($MailCommand, “sendmail”);
Plugin( “RT::Authen::ExternalAuth” );
Plugin(‘RT::Extension::LDAPImport’);

Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=companyname,DC=net');
Set($LDAPPassword,'password');
Set($LDAPBase, 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {Name         => 'sAMAccountName', # required
                   EmailAddress => 'mail',
                   RealName     => 'cn',
                   WorkPhone    => 'telephoneNumber',
                   Organization => 'departmentName'});

Set($LDAPSizeLimit, 1000);

Set($ExternalAuthPriority, [‘companynameLDAP’]);
Set($ExternalInfoPriority, [‘companynameLDAP’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {

    'companynameLDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'LDAPSERVER:389',
        'user'                      =>  'companyname\\svc.servicename',
        'pass'                      =>  'password',
        'base'                      =>  'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',
        'filter'                    =>  '(objectClass=person)',
        'd_filter'                  =>  '(objectClass=asdf)',
        'net_ldap_args'             => [    version =>  3   ],
        'attr_match_list' => [
             'Name',
             'EmailAddress',
        ],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'Organization' => 'physicalDeliveryOfficeName',
            'RealName' => 'cn',
            'ExternalAuthId' => 'sAMAccountName',
            'Gecos' => 'sAMAccountName',
            'WorkPhone' => 'telephoneNumber',
            'Address1' => 'streetAddress',
            'City' => 'l',
            'State' => 'st',
            'Zip' => 'postalCode',
            'Country' => 'co'                                                           },                                                                              },                                                                            } );

Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, ‘CompanyName RT’ );
Set( $CommentAddress, ‘’ );
Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt_database’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘3306’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘root’ );
Set( $Organization, ‘companyname.com’ );
Set( $OwnerEmail, ‘owner@companyname.com’ );
Set( $SendmailPath, ‘usr/lib/sendmail’ );
Set( $SendmailArguments, “-t”);
Set( $MailCommand, “sendmail”);
Set( $WebDomain, ‘rt.servername.companyname.com’ );
Set( $WebPort, ‘443’ );

Set(%CustomFieldGroupings,
‘RT::Ticket’ => [
‘Basics’ => [‘Trigger Code’]
]
);
Set($CanonicalizeRedirectURLs, 0);
1;From: Lush, Aaron alush@scentral.k12.in.us
Sent: Thursday, May 5, 2016 10:49 AM
To: t s
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP External Auth intermittent failure

Would you please post your LDAP configuration in RT_SiteConfig.pm? Omitting any sensitive information, of course.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

The only thing that jumps out to me is that under “External Settings” you
are domain\service name, whereas in Set$( LDAPUser) you are using the
DistinguishedName. I had similar issues in my RT 4.4 deployment until I
made both of those settings follow the DistinguishedName.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111On Thu, May 5, 2016 at 10:05 AM, t s zzzz67@hotmail.com wrote:

Here you go:

By the way, I just changed the line below from
’server’ => ‘LDAPSERVER:389’ to ‘server’
=> ‘LDAPSERVER.CORP.COMPANYNAME.NET:389’ and restarted so I will see if
that has any effect on the error not coming back up or not.

Set($WebPath , “”);
Set($WebBaseURL, “http://rt.servername.companyname.com”);

Set($RestrictReferrer, ‘0’);

Set($DatabaseAdmin, ‘root’);

Set($LogoURL, ‘https://bestpractical.com/images/logo.png’);
Set($WebDefaultStylesheet, ‘rudder’);

Set($LogToFile, ‘error’);

Set($SetOutgoingMailFrom, "RT_Tracker@companyname.com");
Set($SMTPFrom, “mail-out.smtp.companyname.com”);
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1)

Set($SendmailArguments, “-t”);
Set($MailCommand, “sendmail”);
Plugin( “RT::Authen::ExternalAuth” );
Plugin(‘RT::Extension::LDAPImport’);

Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=

companyname,DC=net’);
Set($LDAPPassword,‘password’);
Set($LDAPBase,
‘OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net’);
Set($LDAPFilter, ‘(&(objectClass=person))’);
Set($LDAPMapping, {Name => ‘sAMAccountName’, # required
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘departmentName’});
Set($LDAPSizeLimit, 1000);

Set($ExternalAuthPriority, [‘companynameLDAP’]);
Set($ExternalInfoPriority, [‘companynameLDAP’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {

    'companynameLDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'LDAPSERVER:389',
        'user'                      =>  'companyname

\svc.servicename’,
‘pass’ => ‘password’,
‘base’ =>
‘OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘(objectClass=asdf)’,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ =>
‘co’
},
},
} );

Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, ‘CompanyName RT’ );
Set( $CommentAddress, ‘’ );
Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt_database’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘3306’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘root’ );
Set( $Organization, ‘companyname.com’ );
Set( $OwnerEmail, ‘owner@companyname.com’ );
Set( $SendmailPath, ‘usr/lib/sendmail’ );
Set( $SendmailArguments, “-t”);
Set( $MailCommand, “sendmail”);
Set( $WebDomain, ‘rt.servername.companyname.com’ );
Set( $WebPort, ‘443’ );

Set(%CustomFieldGroupings,
‘RT::Ticket’ => [
‘Basics’ => [‘Trigger Code’]
]
);
Set($CanonicalizeRedirectURLs, 0);
1;


From: Lush, Aaron alush@scentral.k12.in.us
Sent: Thursday, May 5, 2016 10:49 AM
To: t s
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP External Auth intermittent failure

Would you please post your LDAP configuration in RT_SiteConfig.pm?
Omitting any sensitive information, of course.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

On Thu, May 5, 2016 at 8:15 AM, t s zzzz67@hotmail.com wrote:

Getting an intermittent “RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
Can’t bind: LDAP_INVALID_CREDENTIALS 49” error very similar to:
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
.

http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
LDAP External Auth intermittent failure - RequestTracker
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
requesttracker.8502.n7.nabble.com
LDAP External Auth intermittent failure. I’m using RT-4.2.7 installed
from source, on ubuntu 14.04LTS. I’ve been trying to get the External Auth
(0.23) extension …

Almost daily the External Auth will randomly start getting the binding
error above and stop accepting LDAP logins, a simple restart of RT fixes
the problem. I’m using External Auth 0.25 and RT 4.2.12. The only
suggestion in the post above is to update RT but these are both recent
stable versions.

Anyone ran into this problem? Is it an RT_SiteConfig problem? I
wouldn’t think so since it works for around 24 hours and then
stops. Could it be some kind of network connectivity problem?


RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Good Afternoon… T S.

I apologize for not reading the back and forth you have already had here
with Lush, in advance. However, I did a post a while back regarding getting
LDAP authentication to work and there may be a couple of items here that
could help.

My configuration is posted here as well:

http://trevthorpe.blogspot.com/

Hope you find this helpful, figured it couldn’t hurt.

Thanks,

TrevOn Thu, May 5, 2016 at 12:05 PM, Lush, Aaron alush@scentral.k12.in.us wrote:

The only thing that jumps out to me is that under “External Settings” you
are domain\service name, whereas in Set$( LDAPUser) you are using the
DistinguishedName. I had similar issues in my RT 4.4 deployment until I
made both of those settings follow the DistinguishedName.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

On Thu, May 5, 2016 at 10:05 AM, t s zzzz67@hotmail.com wrote:

Here you go:

By the way, I just changed the line below from
’server’ => ‘LDAPSERVER:389’ to ‘server’
=> ‘LDAPSERVER.CORP.COMPANYNAME.NET:389’ and restarted so I will see if
that has any effect on the error not coming back up or not.

Set($WebPath , “”);
Set($WebBaseURL, “http://rt.servername.companyname.com”);

Set($RestrictReferrer, ‘0’);

Set($DatabaseAdmin, ‘root’);

Set($LogoURL, ‘https://bestpractical.com/images/logo.png’);
Set($WebDefaultStylesheet, ‘rudder’);

Set($LogToFile, ‘error’);

Set($SetOutgoingMailFrom, "RT_Tracker@companyname.com");
Set($SMTPFrom, “mail-out.smtp.companyname.com”);
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1)

Set($SendmailArguments, “-t”);
Set($MailCommand, “sendmail”);
Plugin( “RT::Authen::ExternalAuth” );
Plugin(‘RT::Extension::LDAPImport’);

Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=

companyname,DC=net’);
Set($LDAPPassword,‘password’);
Set($LDAPBase,
‘OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net’);
Set($LDAPFilter, ‘(&(objectClass=person))’);
Set($LDAPMapping, {Name => ‘sAMAccountName’, # required
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘departmentName’});
Set($LDAPSizeLimit, 1000);

Set($ExternalAuthPriority, [‘companynameLDAP’]);
Set($ExternalInfoPriority, [‘companynameLDAP’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {

    'companynameLDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'LDAPSERVER:389',
        'user'                      =>  'companyname

\svc.servicename’,
‘pass’ => ‘password’,
‘base’ =>
‘OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘(objectClass=asdf)’,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ =>
‘co’
},
},
} );

Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, ‘CompanyName RT’ );
Set( $CommentAddress, ‘’ );
Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt_database’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘3306’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘root’ );
Set( $Organization, ‘companyname.com’ );
Set( $OwnerEmail, ‘owner@companyname.com’ );
Set( $SendmailPath, ‘usr/lib/sendmail’ );
Set( $SendmailArguments, “-t”);
Set( $MailCommand, “sendmail”);
Set( $WebDomain, ‘rt.servername.companyname.com’ );
Set( $WebPort, ‘443’ );

Set(%CustomFieldGroupings,
‘RT::Ticket’ => [
‘Basics’ => [‘Trigger Code’]
]
);
Set($CanonicalizeRedirectURLs, 0);
1;


From: Lush, Aaron alush@scentral.k12.in.us
Sent: Thursday, May 5, 2016 10:49 AM
To: t s
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP External Auth intermittent failure

Would you please post your LDAP configuration in RT_SiteConfig.pm?
Omitting any sensitive information, of course.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

On Thu, May 5, 2016 at 8:15 AM, t s zzzz67@hotmail.com wrote:

Getting an intermittent “RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj
Can’t bind: LDAP_INVALID_CREDENTIALS 49” error very similar to:
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
.

http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
LDAP External Auth intermittent failure - RequestTracker
http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html
requesttracker.8502.n7.nabble.com
LDAP External Auth intermittent failure. I’m using RT-4.2.7 installed
from source, on ubuntu 14.04LTS. I’ve been trying to get the External Auth
(0.23) extension …

Almost daily the External Auth will randomly start getting the binding
error above and stop accepting LDAP logins, a simple restart of RT fixes
the problem. I’m using External Auth 0.25 and RT 4.2.12. The only
suggestion in the post above is to update RT but these are both recent
stable versions.

Anyone ran into this problem? Is it an RT_SiteConfig problem? I
wouldn’t think so since it works for around 24 hours and then
stops. Could it be some kind of network connectivity problem?


RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.


RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016

Aaron,

That seems to have fixed it. No error in days! Thanks!From: Lush, Aaron alush@scentral.k12.in.us
Sent: Thursday, May 5, 2016 12:05 PM
To: t s
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP External Auth intermittent failure

The only thing that jumps out to me is that under “External Settings” you are domain\service name, whereas in Set$( LDAPUser) you are using the DistinguishedName. I had similar issues in my RT 4.4 deployment until I made both of those settings follow the DistinguishedName.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111