New to RT and RTIR but so far love it. I need someone to help me get the Authentication to AD set up and also the Sendmail piece. Anyone out there willing to help me out?
Hello ahauber,
Iâm running an instance of RT 4.4.0 that uses Active Directory. Iâll take a stab at answering specific questions. Reply on this thread. Iâm watching it but donât login as often to review new threads. I liked the old listserv more since I also had my mail open.
Docs are over here: RT::Authen::ExternalAuth - RT 4.4.1 Documentation - Best Practical
You have any specific questions?
So here is my AD config piece I masked the user name and password. The Log error after tying to log in is below. I do not get it.
Set( $ExternalAuthPriority, [âMy_LDAPâ] );
Set( $ExternalInfoPriority, [âMy_LDAPâ] );
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);
# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set( $ExternalSettings, {
âMy_LDAPâ => {
âtypeâ => âldapâ,
âserverâ => â.Domain-crp.comâ,
âuserâ => 'â,
âpassâ => '******â,
âbaseâ => âdc=exclaim-crp,dc=comâ,
âfilterâ => â(objectClass=inetOrgPerson)â,
# Users are allowed to log in via email address or account
# name
âattr_match_listâ => [
âNameâ,
âEmailAddressâ,
],
# Import the following properties of the user from LDAP upon
# login
âattr_mapâ => {
âNameâ => âsAMAccountNameâ,
âEmailAddressâ => âmailâ,
âRealNameâ => âcnâ,
âWorkPhoneâ => âtelephoneNumberâ,
âAddress1â => âstreetAddressâ,
âCityâ => âlâ,
âStateâ => âstâ,
âZipâ => âpostalCodeâ,
âCountryâ => âcoâ,
},
},
LOG RESULTS
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Canât bind: LDAP_INVALI D_CREDENTIALS 49 (/opt/rt4/sbin/âŚ/lib/RT/Authen/ExternalAuth/LDAP.pm:678)
[19728] [Wed May 10 10:32:25 2017] [error]: FAILED LOGIN for e_ahauber from 10.140.10.30 (/opt/rt4/sbin/âŚ/lib/RT/Inter face/Web.pm:826)
So here is my AD config piece I masked the user name and password. The Log error after tying to log in is below
Set( $ExternalAuthPriority, [âMy_LDAPâ] );
Set( $ExternalInfoPriority, [âMy_LDAPâ] );
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);
# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set( $ExternalSettings, {
âMy_LDAPâ => {
âtypeâ => âldapâ,
âserverâ => â.Domain-crp.comâ,
âuserâ => '',
âpassâ => '******â,
âbaseâ => âdc=exclaim-crp,dc=comâ,
âfilterâ => â(objectClass=inetOrgPerson)â,
# Users are allowed to log in via email address or account
# name
âattr_match_listâ => [
âNameâ,
âEmailAddressâ,
],
# Import the following properties of the user from LDAP upon
# login
âattr_mapâ => {
âNameâ => âsAMAccountNameâ,
âEmailAddressâ => âmailâ,
âRealNameâ => âcnâ,
âWorkPhoneâ => âtelephoneNumberâ,
âAddress1â => âstreetAddressâ,
âCityâ => âlâ,
âStateâ => âstâ,
âZipâ => âpostalCodeâ,
âCountryâ => âcoâ,
},
},
LOG RESULTS
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Canât bind: LDAP_INVALI D_CREDENTIALS 49 (/opt/rt4/sbin/âŚ/lib/RT/Authen/ExternalAuth/LDAP.pm:678)
[19728] [Wed May 10 10:32:25 2017] [error]: FAILED LOGIN for e_ahauber from 10.140.10.30 (/opt/rt4/sbin/âŚ/lib/RT/Inter face/Web.pm:826)
[Forward Slash]
[Elevate]
[cid:image003.gif@01D2C94F.7778F1E0]
Alex Hauber
Sr. Security Engineer
P: 817-928-1500 x7562 | Elevate.comhttp://www.elevate.com
4150 International Plaza, Suite 300
Fort Worth, TX 76109
Privileged and Confidential. This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain privileged and/or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.
Looks to me like the user or pass are incorrect/invalid.
For easier debugging you can use ldapsearch
My Problem is that it will not connect no matter what. I use the RT Script from the Document and itâs a no go. Is there a specific way to write the RT_SiteConfig?
[Forward Slash]
[Elevate]
[cid:image003.gif@01D2C94C.818992A0]
Alex Hauber
Sr. Security Engineer
P: 817-928-1500 x7562 | Elevate.comhttp://www.elevate.com
4150 International Plaza, Suite 300
Fort Worth, TX 76109
Privileged and Confidential. This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain privileged and/or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.
Vinz,
Wrong in which way/ I took the actual user and pass out and just masked them with *** donât want to show my user name ans password lol
Yeah, bit misleading quote 
Iâm inferring this information from this:
This error is saying that RT couldnât do an initial login to your LDAP instance because when it tried the LDAP instance told RT that the credentials are invalid.
As @ahauber mentioned, the first step is to use a generic LDAP client, the easiest one to use is the command line tool ldapsearch, to try and bind to the LDAP instance. If that works, it proves the issue is with the RT config and not the credentials you are specifying in the config. That is the first step to troubleshooting this.
1 Like