RT 3.8 Active Directory integration and single sign-on

I am trying to accomplish two things:

First, to integrate RT with Active Directory such that an RT user
account will automatically be created in either of the following cases.
a) when a user first submits a ticket request via email, and
b) when a user first logs in via the RT web interface

Secondly, Single sign-on, such that once an RT account has been created
an MS-Windows user will not need to enter their password on subsequent
visits to the RT web interface.

I’ve started by attempting to implement the Auth::ExternalAuth extension
but have been unable to get it working. I cannot log into the RT web
interface using any account except the root account that has already
been created within RT. Once in RT as root, I am unable to create a new
user. I get the error “User could not be created: Could not set user
info.”

I’ve tried the solution mentioned in this thread -->
http://www.gossamer-threads.com/lists/rt/users/94218 to get RT to
auto-create users, but to no avail.
Note that when I uncomment the statement “Set($WebExternalAuto,1);” and
restart apache the RT login screen provides no login box in which to
enter a username or a password.

Any advice would be greatly appreciated.

Below is my RT configuration.

#Begin /opt/rt3/etc/RT_SiteConfig.pm tail

The following two statements support single sign-on.

but I have commented them out for now since they are

said to conflict with the ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth

http://wiki.bestpractical.com/view/ExternalAuth .

Tell RT to trust the webserver to handle authentication.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not

familiar with, RT should just go ahead and

create an account.

Set($WebExternalAuto, 1);

Include the configuration for the ExternalAuth extension.

require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($AutoCreate,{Privileged => 0});

1;
#End /opt/rt3/etc/RT_SiteConfig.pm

#Begin
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm in
its entirety.

Set($ExternalAuthPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘Heapy_AD_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>

‘serverxyz.domain.domainSuffix’,
‘user’ =>
‘cn=ldap,ou=Services,dc=domain,dc=domainSuffix’,
‘pass’ => ‘the_ldap_password’,
‘base’ =>
‘dc=domain,dc=domainSuffix’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

‘tls’ => 0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>  3

],
‘group’ =>
‘cn=group,ou=Services,dc=domain,dc=domainSuffix’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

Set(@Plugins, qw(RT::Authen::ExternalAuth));
1;
#End /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

b) should be done easily using ExternalAuth. when I say easily, I mean, as
soon as you get ExternalAuth working, b is done… but it did take me
almost a week to figure out my issues(a spelling mistake in the config file
:’()

a) sounds like you want ExternalAuth with AutoCreate Privleged=>0 set, but
you’d also need to tweak the RT system.

The problem with just doing the above, if someone has already sent an email
to your system prior to attempting to login, their email address generates a
user in RT. That user has username = email address, as well as email
address filled out too. Then when they go to login, ExternalAuth pulls the
user’s email address from LDAP and attempts to create the user with that
email address, however that email address already exists on the autocreated
user from the email they sent in… so the create user fails.

Ken Marshall shared something on the listserv of a way to fix this, but I
haven’t got it working yet(I’m new to perl, still learning)

He edited the spot in RT that runs everytime an email address is found.

From reading the code, I believe his changes makes the
CanonicalizeEmailAddress subroutine connect to your LDAP and pull the LDAP
info in (as defined in ExternalAuth’s config) instead of just creating a
user using the email address alone.

What I mean is, RT out of the box, when an email comes in, the unedited
CanonicalizeEmailAddress sub does pretty much nothing but a word
substitution(based on a config file setting), but Ken’s version actually
connects to LDAP and pulls the real name, the username, etc.

The way Ken explained it to me, it should not only fix old accounts that
already exist, but ensure all new accounts work correctly as well.

Below is the code, also search the listserv for my post about workarounds
while waiting for ExternalAuth 0.09.

Good luck!
Mike
Ken’s code below

sub CanonicalizeEmailAddress {
my $self = shift;
my $email = shift;

Leave some addresses intact

if ( $email =~ /[\w-]+@mysafe1.rice.edu$/ ) {
return ($email);
}
if ( $email =~ /[\w-]+@mysafe2.rice.edu$/ ) {
return ($email);
}

Example: the following rule would treat all email

coming from a subdomain as coming from second level domain

foo.com

if ( my $match = RT->Config->Get(‘CanonicalizeEmailAddressMatch’) and
my $replace = RT->Config->Get(‘CanonicalizeEmailAddressReplace’) )
{
$email =~ s/$match/$replace/gi;
}
$email .= ‘@rice.edu’ if ($email =~ /^[\w-]+$/);

Now we should have an Email address that is of the form addr@rice.edu

Use LDAP to map this to the primary vanity Email alias.

my $params = ( Name => undef,
EmailAddress => undef);
my $ldap = new Net::LDAP($RT::LdapServer)
or $RT::Logger->critical(“CanonicalizeEmailAddress: Cannot connect to
LDAP\n”),
return ($email);
my $mesg = $ldap->bind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("CanonicalizeEmailAddress: Unable to bind to
$RT::LdapServer: ",
ldap_error_name($mesg->code), “\n”);
return ($email);
}

First check to see if the E-mail address uniquely characterizes the

user. If so, update the information with the LDAP query results.

my $filter = “(mailAlternateAddress=$email)”;
$mesg = $ldap->search(base => $RT::LdapBase,
filter => $filter,
attrs => [ $RT::LdapMailAttr ]);
if ($mesg->code != LDAP_SUCCESS and $mesg->code != LDAP_PARTIAL_RESULTS)
{
$RT::Logger->critical("Unable to search in LDAP: ",
ldap_error_name($mesg->code), “\n”);
return ($email);
}

The search succeeded with just one match

if ($mesg->count == 1) {
$email = ($mesg->first_entry->get_value($RT::LdapMailAttr))[0];
}
$mesg = $ldap->unbind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("Could not unbind from LDAP: ",
ldap_error_name($mesg->code), “\n”);
}
undef $ldap;
undef $mesg;
return ($email);
}

You will also need these somewhere ahead of there use:
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS);
use Net::LDAP::Util qw (ldap_error_name);
use Net::LDAP::Filter;
We have them at the top under “use strict”.On Wed, Aug 4, 2010 at 10:58 PM, Eugene M. Evans EMEvans@heapy.com wrote:

I am trying to accomplish two things:

First, to integrate RT with Active Directory such that an RT user account
will automatically be created in either of the following cases.
a) when a user first submits a ticket request via email, and
b) when a user first logs in via the RT web interface

Secondly, Single sign-on, such that once an RT account has been created an
MS-Windows user will not need to enter their password on subsequent visits
to the RT web interface.

I’ve started by attempting to implement the Auth::ExternalAuth extension
but have been unable to get it working. I cannot log into the RT web
interface using any account except the root account that has already been
created within RT. Once in RT as root, I am unable to create a new user. I
get the error “User could not be created: Could not set user info.”

I’ve tried the solution mentioned in this thread -->
http://www.gossamer-threads.com/lists/rt/users/94218 to get RT to
auto-create users, but to no avail.
Note that when I uncomment the statement “Set($WebExternalAuto,1);” and
restart apache the RT login screen provides no login box in which to enter a
username or a password.

Any advice would be greatly appreciated.

Below is my RT configuration.

#Begin /opt/rt3/etc/RT_SiteConfig.pm tail

The following two statements support single sign-on.

but I have commented them out for now since they are

said to conflict with the ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth.

Tell RT to trust the webserver to handle authentication.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not

familiar with, RT should just go ahead and

create an account.

Set($WebExternalAuto, 1);

Include the configuration for the ExternalAuth extension.

require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($AutoCreate,{Privileged => 0});

1;
#End /opt/rt3/etc/RT_SiteConfig.pm

#Begin /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
in its entirety.

Set($ExternalAuthPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘Heapy_AD_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>

‘serverxyz.domain.domainSuffix’,
‘user’ => ‘cn=ldap,ou=Services,dc=
domain,dc=domainSuffix’,
‘pass’ => ‘the_ldap_password’,
‘base’ => ‘dc=domain,dc=
domainSuffix’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

‘tls’ => 0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>

3 ],
‘group’ => ‘cn=group,ou=Services,dc=
domain,dc=domainSuffix’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

Set(@Plugins, qw(RT::Authen::ExternalAuth));
1;
#End /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Mike,

Thankyou for the reply. Looks like I’ll need to dive a bit deeper than
I first anticipated. I’ll post my results.

Sincerely,

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of
rt-users-request@lists.bestpractical.com
Sent: Thursday, August 05, 2010 8:49 AM
To: rt-users@lists.bestpractical.com
Subject: RT-Users Digest, Vol 77, Issue 20

Send RT-Users mailing list submissions to
rt-users@lists.bestpractical.com

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
or, via email, send a message with subject or body ‘help’ to
rt-users-request@lists.bestpractical.com

You can reach the person managing the list at
rt-users-owner@lists.bestpractical.com

When replying, please edit your Subject line so it is more specific than
"Re: Contents of RT-Users digest…"

Today’s Topics:

  1. RT 3.8 Active Directory integration and single sign-on
    (Eugene M. Evans)
  2. Re: RT 3.8 Active Directory integration and single sign-on
    (Mike Johnson)

Message: 1
Date: Wed, 4 Aug 2010 22:58:07 -0400
From: “Eugene M. Evans” EMEvans@heapy.com
To: rt-users@lists.bestpractical.com
Subject: [rt-users] RT 3.8 Active Directory integration and single
sign-on
Message-ID:
BFA145AA31FEBC449D510ADC62FF513E14A6D5@dayxchng0.heapy.local
Content-Type: text/plain; charset=“us-ascii”

I am trying to accomplish two things:

First, to integrate RT with Active Directory such that an RT user
account will automatically be created in either of the following cases.
a) when a user first submits a ticket request via email, and
b) when a user first logs in via the RT web interface

Secondly, Single sign-on, such that once an RT account has been created
an MS-Windows user will not need to enter their password on subsequent
visits to the RT web interface.

I’ve started by attempting to implement the Auth::ExternalAuth extension
but have been unable to get it working. I cannot log into the RT web
interface using any account except the root account that has already
been created within RT. Once in RT as root, I am unable to create a new
user. I get the error “User could not be created: Could not set user
info.”

I’ve tried the solution mentioned in this thread -->
http://www.gossamer-threads.com/lists/rt/users/94218 to get RT to
auto-create users, but to no avail.
Note that when I uncomment the statement “Set($WebExternalAuto,1);” and
restart apache the RT login screen provides no login box in which to
enter a username or a password.

Any advice would be greatly appreciated.

Below is my RT configuration.

#Begin /opt/rt3/etc/RT_SiteConfig.pm tail …

The following two statements support single sign-on.

but I have commented them out for now since they are # said to

conflict with the ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth

http://wiki.bestpractical.com/view/ExternalAuth .

Tell RT to trust the webserver to handle authentication.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not # familiar with, RT should

just go ahead and # create an account.

Set($WebExternalAuto, 1);

Include the configuration for the ExternalAuth extension.

require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($AutoCreate,{Privileged => 0});

1;
#End /opt/rt3/etc/RT_SiteConfig.pm

#Begin
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm in
its entirety.

Set($ExternalAuthPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘Heapy_AD_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>

‘serverxyz.domain.domainSuffix’,
‘user’ =>
‘cn=ldap,ou=Services,dc=domain,dc=domainSuffix’,
‘pass’ => ‘the_ldap_password’,
‘base’ =>
‘dc=domain,dc=domainSuffix’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

‘tls’ => 0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>  3

],
‘group’ =>
‘cn=group,ou=Services,dc=domain,dc=domainSuffix’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

Set(@Plugins, qw(RT::Authen::ExternalAuth)); 1; #End
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

-------------- next part --------------
An HTML attachment was scrubbed…
URL:
<http://lists.bestpractical.com/pipermail/rt-users/attachments/20100804/
223f6f34/attachment-0001.html>

Message: 2
Date: Thu, 5 Aug 2010 08:51:28 -0400
From: Mike Johnson mike.johnson@nosm.ca
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT 3.8 Active Directory integration and single
sign-on
Message-ID:
AANLkTin4a4uuw-Q_wb4FXi9YDnATSN2OvyiuadodueU-@mail.gmail.com
Content-Type: text/plain; charset=“iso-8859-1”

b) should be done easily using ExternalAuth. when I say easily, I mean,
as soon as you get ExternalAuth working, b is done… but it did take
me almost a week to figure out my issues(a spelling mistake in the
config file
:’()

a) sounds like you want ExternalAuth with AutoCreate Privleged=>0 set,
but you’d also need to tweak the RT system.

The problem with just doing the above, if someone has already sent an
email to your system prior to attempting to login, their email address
generates a user in RT. That user has username = email address, as well
as email address filled out too. Then when they go to login,
ExternalAuth pulls the user’s email address from LDAP and attempts to
create the user with that email address, however that email address
already exists on the autocreated user from the email they sent in… so
the create user fails.

Ken Marshall shared something on the listserv of a way to fix this, but
I haven’t got it working yet(I’m new to perl, still learning)

He edited the spot in RT that runs everytime an email address is found.

From reading the code, I believe his changes makes the
CanonicalizeEmailAddress subroutine connect to your LDAP and pull the
LDAP info in (as defined in ExternalAuth’s config) instead of just
creating a user using the email address alone.

What I mean is, RT out of the box, when an email comes in, the unedited
CanonicalizeEmailAddress sub does pretty much nothing but a word
substitution(based on a config file setting), but Ken’s version actually
connects to LDAP and pulls the real name, the username, etc.

The way Ken explained it to me, it should not only fix old accounts that
already exist, but ensure all new accounts work correctly as well.

Below is the code, also search the listserv for my post about
workarounds while waiting for ExternalAuth 0.09.

Good luck!
Mike
Ken’s code below

sub CanonicalizeEmailAddress {
my $self = shift;
my $email = shift;

Leave some addresses intact

if ( $email =~ /[\w-]+@mysafe1.rice.edu$/ ) {
return ($email);
}
if ( $email =~ /[\w-]+@mysafe2.rice.edu$/ ) {
return ($email);
}

Example: the following rule would treat all email

coming from a subdomain as coming from second level domain

foo.com

if ( my $match = RT->Config->Get(‘CanonicalizeEmailAddressMatch’)
and
my $replace = RT->Config->Get(‘CanonicalizeEmailAddressReplace’)
)
{
$email =~ s/$match/$replace/gi;
}
$email .= ‘@rice.edu’ if ($email =~ /^[\w-]+$/);

Now we should have an Email address that is of the form

addr@rice.edu

Use LDAP to map this to the primary vanity Email alias.

my $params = ( Name => undef,
EmailAddress => undef);
my $ldap = new Net::LDAP($RT::LdapServer)
or $RT::Logger->critical(“CanonicalizeEmailAddress: Cannot connect
to LDAP\n”),
return ($email);
my $mesg = $ldap->bind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("CanonicalizeEmailAddress: Unable to bind to
$RT::LdapServer: ",
ldap_error_name($mesg->code), “\n”);
return ($email);
}

First check to see if the E-mail address uniquely characterizes the

user. If so, update the information with the LDAP query results.

my $filter = “(mailAlternateAddress=$email)”;
$mesg = $ldap->search(base => $RT::LdapBase,
filter => $filter,
attrs => [ $RT::LdapMailAttr ]);
if ($mesg->code != LDAP_SUCCESS and $mesg->code !=
LDAP_PARTIAL_RESULTS) {
$RT::Logger->critical("Unable to search in LDAP: ",
ldap_error_name($mesg->code), “\n”);
return ($email);
}

The search succeeded with just one match

if ($mesg->count == 1) {
$email = ($mesg->first_entry->get_value($RT::LdapMailAttr))[0];
}
$mesg = $ldap->unbind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("Could not unbind from LDAP: ",
ldap_error_name($mesg->code), “\n”);
}
undef $ldap;
undef $mesg;
return ($email);
}

You will also need these somewhere ahead of there use:
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS); use
Net::LDAP::Util qw (ldap_error_name); use Net::LDAP::Filter; We have
them at the top under “use strict”.

I am trying to accomplish two things:

First, to integrate RT with Active Directory such that an RT user
account will automatically be created in either of the following
cases.
a) when a user first submits a ticket request via email, and
b) when a user first logs in via the RT web interface

Secondly, Single sign-on, such that once an RT account has been
created an MS-Windows user will not need to enter their password on
subsequent visits to the RT web interface.

I’ve started by attempting to implement the Auth::ExternalAuth
extension but have been unable to get it working. I cannot log into
the RT web interface using any account except the root account that
has already been created within RT. Once in RT as root, I am unable
to create a new user. I get the error “User could not be created:
Could not set user info
.”

I’ve tried the solution mentioned in this thread -->
http://www.gossamer-threads.com/lists/rt/users/94218 to get RT to
auto-create users, but to no avail.
Note that when I uncomment the statement "Set($WebExternalAuto,1);"
and restart apache the RT login screen provides no login box in which
to enter a username or a password.

Any advice would be greatly appreciated.

Below is my RT configuration.

#Begin /opt/rt3/etc/RT_SiteConfig.pm tail …

The following two statements support single sign-on.

but I have commented them out for now since they are # said to

conflict with the ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth.

Tell RT to trust the webserver to handle authentication.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not # familiar with, RT

should just go ahead and # create an account.

Set($WebExternalAuto, 1);

Include the configuration for the ExternalAuth extension.

require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($AutoCreate,{Privileged => 0});

1;
#End /opt/rt3/etc/RT_SiteConfig.pm

#Begin
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
in its entirety.

Set($ExternalAuthPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘Heapy_AD_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘Heapy_AD_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>

‘serverxyz.domain.domainSuffix’,
‘user’ =>
‘cn=ldap,ou=Services,dc=
domain,dc=domainSuffix’,
‘pass’ => ‘the_ldap_password’,
‘base’ => ‘dc=domain,dc=
domainSuffix’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

‘tls’ => 0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>

3 ],
‘group’ =>
‘cn=group,ou=Services,dc=
domain,dc=domainSuffix’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ =>
‘cn’,
‘ExternalAuthId’
=> ‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

Set(@Plugins, qw(RT::Authen::ExternalAuth)); 1; #End
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca
-------------- next part --------------
An HTML attachment was scrubbed…
URL:
<http://lists.bestpractical.com/pipermail/rt-users/attachments/20100805/
193b2e31/attachment.html>

RT-Users mailing list
RT-Users@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

End of RT-Users Digest, Vol 77, Issue 20

VM,

Are you successful in your effort? <<

Not yet. It may be awhile as I have my fingers in a few pies besides
RT.

what is the difference in user creation when RT is integrated with
AD? <<

I’m not sure yet. I’m still trying to understand how RT works. Right
now, logged in as root, I can’t even manually create a user in RT at
all, let alone have a user automatically imported from Active Directory.
Once I’ve figured out how to create a user manually, then I’ll learn how
to make RT and AD do it for me.

What I’m trying to avoid, of course, is having to manually administer
the creation of users and the assignment of rights to each user.
Instead, I want RT to Import the user accounts from Active Directory,
rather than for me as the administrator to have to create hundreds of
user accounts in RT (either up front, or as people request access), each
matching an account we already have in our Active Directory datastore.
As for rights, it looks like I can assign rights to users by inheritance
through roles (eg. Requestor) and groups. From what I’m reading in the
user manual it looks like it can be done this way. If I’m successful, I
should have a set of configuration files that can be posted to the list
to help others accomplish the same thing. We’ll see.

Best regards,

Gene EvansFrom: testwreq wreq [mailto:testwreq@gmail.com]
Sent: Friday, August 06, 2010 2:58 PM
To: Eugene M. Evans
Subject: Re: [rt-users] RT 3.8 Active Directory integration and single
sign-on

Hello Gene,

I am looking to accomplish the similar thing. Are you successful in your
effort?

Question:

You want to integrate RT with Active Directory such that an RT user
account will automatically be created when a user first submits a ticket
request via email. RT does this without integration. So, then what is
the difference in user creation when RT is integrated with AD?

Regards, vm

Mike,

Thankyou for the reply.  Looks like I'll need to dive a bit

deeper than
I first anticipated. I’ll post my results.

Sincerely,

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404


From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of
rt-users-request@lists.bestpractical.com
Sent: Thursday, August 05, 2010 8:49 AM
To: rt-users@lists.bestpractical.com
Subject: RT-Users Digest, Vol 77, Issue 20

Send RT-Users mailing list submissions to
       rt-users@lists.bestpractical.com

To subscribe or unsubscribe via the World Wide Web, visit

http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
or, via email, send a message with subject or body ‘help’ to
rt-users-request@lists.bestpractical.com

You can reach the person managing the list at
       rt-users-owner@lists.bestpractical.com

When replying, please edit your Subject line so it is more

specific than
"Re: Contents of RT-Users digest…"

Today's Topics:

  1. RT 3.8 Active Directory integration and single sign-on
     (Eugene M. Evans)
  2. Re: RT 3.8 Active Directory integration and single

sign-on
(Mike Johnson)

Message: 1
Date: Wed, 4 Aug 2010 22:58:07 -0400
From: "Eugene M. Evans" <EMEvans@heapy.com>
To: <rt-users@lists.bestpractical.com>
Subject: [rt-users] RT 3.8 Active Directory integration and

single
sign-on
Message-ID:

BFA145AA31FEBC449D510ADC62FF513E14A6D5@dayxchng0.heapy.local
Content-Type: text/plain; charset=“us-ascii”

I am trying to accomplish two things:

First, to integrate RT with Active Directory such that an RT

user
account will automatically be created in either of the following
cases.
a) when a user first submits a ticket request via email, and
b) when a user first logs in via the RT web interface

Secondly, Single sign-on, such that once an RT account has been

created
an MS-Windows user will not need to enter their password on
subsequent
visits to the RT web interface.

I've started by attempting to implement the Auth::ExternalAuth

extension
but have been unable to get it working. I cannot log into the
RT web
interface using any account except the root account that has
already
been created within RT. Once in RT as root, I am unable to
create a new
user. I get the error “User could not be created: Could not
set user
info.”

I've tried the solution mentioned in this thread  -->
http://www.gossamer-threads.com/lists/rt/users/94218 to get RT

to
auto-create users, but to no avail.
Note that when I uncomment the statement
"Set($WebExternalAuto,1);" and
restart apache the RT login screen provides no login box in
which to
enter a username or a password.

Any advice would be greatly appreciated.

Below is my RT configuration.


#Begin /opt/rt3/etc/RT_SiteConfig.pm tail ...
# The following two statements support single sign-on.
# but I have commented them out for now since they are # said to
conflict with the ExternalAuth extension.
# See http://wiki.bestpractical.com/view/ExternalAuth
<http://wiki.bestpractical.com/view/ExternalAuth> .

# Tell RT to trust the webserver to handle authentication.
# Set($WebExternalAuth, 3);

# If the webserver hands RT a user RT is not # familiar with, RT

should
just go ahead and # create an account.
# Set($WebExternalAuto, 1);

...
# Include the configuration for the ExternalAuth extension.
require

“/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm”;
Set($AutoCreate,{Privileged => 0});

1;
#End /opt/rt3/etc/RT_SiteConfig.pm




#Begin

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm in
its entirety.

Set($ExternalAuthPriority,           [ 'Heapy_AD_LDAP' ] );
Set($ExternalInfoPriority,           [ 'Heapy_AD_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,     0);

Set($ExternalSettings,      {
                    'Heapy_AD_LDAP'               =>  {

                    'type'                  =>  'ldap',
                    'server'                =>
'serverxyz.domain.domainSuffix',
                    'user'                  =>
'cn=ldap,ou=Services,dc=domain,dc=domainSuffix',
                    'pass'                  =>

‘the_ldap_password’,
‘base’ =>
‘dc=domain,dc=domainSuffix’,

                    'filter'                =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
                    'd_filter'              =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',

#                     'tls'                   =>  0,
#                    'ssl_version'           =>  3,

                    'net_ldap_args'         => [    version =>

3
],
‘group’ =>
‘cn=group,ou=Services,dc=domain,dc=domainSuffix’,
‘group_attr’ => ‘member’,

                    'attr_match_list'       => [   'Name',
'EmailAddress'   ],
                    'attr_map'              => {   'Name' =>
'sAMAccountName',

‘EmailAddress’ =>
‘mail’,

‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ =>
‘cn’,

‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’
=>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ =>
‘l’,
‘State’ =>
‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ =>
‘co’
}
}
}
);

Set(@Plugins, qw(RT::Authen::ExternalAuth)); 1; #End

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

-------------- next part --------------
An HTML attachment was scrubbed...
URL:

<http://lists.bestpractical.com/pipermail/rt-users/attachments/20100804/
223f6f34/attachment-0001.html
<http://lists.bestpractical.com/pipermail/rt-users/attachments/20100804/
223f6f34/attachment-0001.html> >

Message: 2
Date: Thu, 5 Aug 2010 08:51:28 -0400
From: Mike Johnson <mike.johnson@nosm.ca>
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT 3.8 Active Directory integration and

single
sign-on
Message-ID:

AANLkTin4a4uuw-Q_wb4FXi9YDnATSN2OvyiuadodueU-@mail.gmail.com
Content-Type: text/plain; charset=“iso-8859-1”

b) should be done easily using ExternalAuth.  when I say easily,

I mean,
as soon as you get ExternalAuth working, b is done… but it
did take
me almost a week to figure out my issues(a spelling mistake in
the
config file
:’()

a) sounds like you want ExternalAuth with AutoCreate

Privleged=>0 set,
but you’d also need to tweak the RT system.

The problem with just doing the above, if someone has already

sent an
email to your system prior to attempting to login, their email
address
generates a user in RT. That user has username = email address,
as well
as email address filled out too. Then when they go to login,
ExternalAuth pulls the user’s email address from LDAP and
attempts to
create the user with that email address, however that email
address
already exists on the autocreated user from the email they sent
in… so
the create user fails.

Ken Marshall shared something on the listserv of a way to fix

this, but
I haven’t got it working yet(I’m new to perl, still learning)

He edited the spot in RT that runs everytime an email address is

found.
>From reading the code, I believe his changes makes the
CanonicalizeEmailAddress subroutine connect to your LDAP and
pull the
LDAP info in (as defined in ExternalAuth’s config) instead of
just
creating a user using the email address alone.

What I mean is, RT out of the box, when an email comes in, the

unedited
CanonicalizeEmailAddress sub does pretty much nothing but a word
substitution(based on a config file setting), but Ken’s version
actually
connects to LDAP and pulls the real name, the username, etc.

The way Ken explained it to me, it should not only fix old

accounts that
already exist, but ensure all new accounts work correctly as
well.

Below is the code, also search the listserv for my post about
workarounds while waiting for ExternalAuth 0.09.

Good luck!
Mike
***Ken's code below***

sub CanonicalizeEmailAddress {
  my $self = shift;
  my $email = shift;
  # Leave some addresses intact
  if ( $email =~ /[\w-]+\@mysafe1.rice.edu

http://mysafe1.rice.edu/ $/ ) {
return ($email);
}
if ( $email =~ /[\w-]+@mysafe2.rice.edu
http://mysafe2.rice.edu/ $/ ) {
return ($email);
}
# Example: the following rule would treat all email
# coming from a subdomain as coming from second level domain
# foo.com http://foo.com/
if ( my $match =
RT->Config->Get(‘CanonicalizeEmailAddressMatch’)
and
my $replace =
RT->Config->Get(‘CanonicalizeEmailAddressReplace’)
)
{
$email =~ s/$match/$replace/gi;
}
$email .= '@rice.edu http://rice.edu/ ’ if ($email =~
/^[\w-]+$/);
# Now we should have an Email address that is of the form
addr@rice.edu
# Use LDAP to map this to the primary vanity Email alias.
my $params = ( Name => undef,
EmailAddress => undef);
my $ldap = new Net::LDAP($RT::LdapServer)
or $RT::Logger->critical(“CanonicalizeEmailAddress: Cannot
connect
to LDAP\n”),
return ($email);
my $mesg = $ldap->bind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("CanonicalizeEmailAddress: Unable to
bind to
$RT::LdapServer: ",
ldap_error_name($mesg->code), “\n”);
return ($email);
}
# First check to see if the E-mail address uniquely
characterizes the
# user. If so, update the information with the LDAP query
results.
my $filter = “(mailAlternateAddress=$email)”;
$mesg = $ldap->search(base => $RT::LdapBase,
filter => $filter,
attrs => [ $RT::LdapMailAttr ]);
if ($mesg->code != LDAP_SUCCESS and $mesg->code !=
LDAP_PARTIAL_RESULTS) {
$RT::Logger->critical("Unable to search in LDAP: ",
ldap_error_name($mesg->code), “\n”);
return ($email);
}
# The search succeeded with just one match
if ($mesg->count == 1) {
$email =
($mesg->first_entry->get_value($RT::LdapMailAttr))[0];
}
$mesg = $ldap->unbind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("Could not unbind from LDAP: ",
ldap_error_name($mesg->code), “\n”);
}
undef $ldap;
undef $mesg;
return ($email);
}

You will also need these somewhere ahead of there use:
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS);

use
Net::LDAP::Util qw (ldap_error_name); use Net::LDAP::Filter; We
have
them at the top under “use strict”.

>  I am trying to accomplish two things:
>
> First, to integrate RT with Active Directory such that an RT

user
> account will automatically be created in either of the
following
cases.
> a) when a user first submits a ticket request via email,
and
> b) when a user first logs in via the RT web interface
>
> Secondly, Single sign-on, such that once an RT account has
been
> created an MS-Windows user will not need to enter their
password on
> subsequent visits to the RT web interface.
>
> I’ve started by attempting to implement the Auth::ExternalAuth
> extension but have been unable to get it working. I cannot
log into
> the RT web interface using any account except the root account
that
> has already been created within RT. Once in RT as root, I am
unable
> to create a new user. I get the error “User could not be
created:
Could not set user info
.”
>
> I’ve tried the solution mentioned in this thread -->
> http://www.gossamer-threads.com/lists/rt/users/94218 to get RT
to
> auto-create users, but to no avail.
> Note that when I uncomment the statement
"Set($WebExternalAuto,1);"
> and restart apache the RT login screen provides no login box
in which
> to enter a username or a password.
>
> Any advice would be greatly appreciated.
>
> Below is my RT configuration.
>
>
> #Begin /opt/rt3/etc/RT_SiteConfig.pm tail …
> # The following two statements support single sign-on.
> # but I have commented them out for now since they are # said
to
> conflict with the ExternalAuth extension.
> # See http://wiki.bestpractical.com/view/ExternalAuth.
>
> # Tell RT to trust the webserver to handle authentication.
> # Set($WebExternalAuth, 3);
> # If the webserver hands RT a user RT is not # familiar with,
RT
> should just go ahead and # create an account.
> # Set($WebExternalAuto, 1);
>
> …
> # Include the configuration for the ExternalAuth extension.
> require
>
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
> Set($AutoCreate,{Privileged => 0});
>
> 1;
> #End /opt/rt3/etc/RT_SiteConfig.pm
>
>
>
>
> #Begin
>
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
> in its entirety.
>
> Set($ExternalAuthPriority, [ ‘Heapy_AD_LDAP’ ] );
> Set($ExternalInfoPriority, [ ‘Heapy_AD_LDAP’ ] );
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
>
> Set($ExternalSettings, {
> ‘Heapy_AD_LDAP’ => {
>
> ‘type’ => ‘ldap’,
> ‘server’ =>
> ‘serverxyz.domain.domainSuffix’,
> ‘user’ =>
‘cn=ldap,ou=Services,dc=
> domain,dc=domainSuffix’,
> ‘pass’ =>
‘the_ldap_password’,
> ‘base’ =>
‘dc=domain,dc=
> domainSuffix’,
>
> ‘filter’ =>
> ‘(&(ObjectCategory=User)(ObjectClass=Person))’,
> ‘d_filter’ =>
> ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
>
> # ‘tls’ => 0,
> # ‘ssl_version’ => 3,
>
> ‘net_ldap_args’ => [ version
=>
> 3 ],
> ‘group’ =>
‘cn=group,ou=Services,dc=
> domain,dc=domainSuffix’,
> ‘group_attr’ => ‘member’,
>
> ‘attr_match_list’ => [ ‘Name’,
> ‘EmailAddress’ ],
> ‘attr_map’ => { ‘Name’ =>
> ‘sAMAccountName’,
>
‘EmailAddress’ =>
> ‘mail’,
>
‘Organization’ =>
> ‘physicalDeliveryOfficeName’,
> ‘RealName’
=>
‘cn’,
>
‘ExternalAuthId’
> => ‘sAMAccountName’,
> ‘Gecos’ =>
> ‘sAMAccountName’,
>
‘WorkPhone’ =>
> ‘telephoneNumber’,
> ‘Address1’
=>
> ‘streetAddress’,
> ‘City’ =>
‘l’,
> ‘State’ =>
‘st’,
> ‘Zip’ =>
‘postalCode’,
> ‘Country’
=> ‘co’
> }
> }
> }
> );
>
> Set(@Plugins, qw(RT::Authen::ExternalAuth)); 1; #End
>
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
>
>
>
>
>
>
> Discover RT’s hidden secrets with RT Essentials from O’Reilly
Media.
> Buy a copy at http://rtbook.bestpractical.com
http://rtbook.bestpractical.com/
>

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON   P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL:

<http://lists.bestpractical.com/pipermail/rt-users/attachments/20100805/
193b2e31/attachment.html
<http://lists.bestpractical.com/pipermail/rt-users/attachments/20100805/
193b2e31/attachment.html> >

RT-Users mailing list
RT-Users@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users


End of RT-Users Digest, Vol 77, Issue 20

Discover RT's hidden secrets with RT Essentials from O'Reilly

Media.
Buy a copy at http://rtbook.bestpractical.com
http://rtbook.bestpractical.com/

I’ve tried many things today and still don’t have Auth::ExternalAuth
working. Could it be because RT’s time is not synched with the Active
Directory server? The time RT reports in its log is hours ahead of the
system time on the host. The system is running NTP and matches the time
on the AD server. I don’t know why RT wouldn’t be using the system
time. The timezone is set correctly in RT_SiteConfig.pm >>>
Set($Timezone , ‘US/Eastern’);

The log lines below were all created before 10pm on Friday, August the
6th. If anyone has any ideas about the time difference or the inability
to log into RT using a valid AD account, I’m all ears.

*** /opt/rt3/var/log/rt.log

[Sat Aug 7 01:42:51 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:42:51 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:42:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:42:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:42:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 01:42:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:42:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:00 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:43:00 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:43:00 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:43:00 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:43:00 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 01:43:00 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:43:00 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:43:08 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:43:08 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:43:08 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:43:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 01:43:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:43:08 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:53:14 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:53:14 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:53:14 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 01:53:14 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 01:53:20 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 01:53:20 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 01:53:20 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 01:53:20 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:437)
[Sat Aug 7 01:53:20 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:46 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:00:46 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:00:46 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:00:46 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:00:46 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:437)
[Sat Aug 7 02:00:46 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:00:46 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:51 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:00:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:00:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:00:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:437)
[Sat Aug 7 02:00:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:00:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:01:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:01:08 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:01:08 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:01:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:01:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:01:08 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:59 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:01:59 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:01:59 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:01:59 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:01:59 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:01:59 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:01:59 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:02 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:02 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:02 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:02:02 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:02:03 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:02:03 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:02:03 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:35 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:35 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:35 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:02:35 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:02:35 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:02:35 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:02:35 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:38 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:38 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:38 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:02:38 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:02:38 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:02:38 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:02:38 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:55 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:02:55 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:02:55 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 02:02:55 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:03:01 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:03:01 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:03:01 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:03:01 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:03:01 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:04:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:04:08 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:04:08 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:04:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:04:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:04:08 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:16 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:04:16 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:04:16 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:04:16 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:04:16 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:04:16 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:04:16 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:28 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:04:28 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:04:28 2010] [debug]: Calling UserExists with $username
(emevans) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:04:28 2010] [debug]: UserExists params:
username: emevans , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:04:28 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:04:28 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:04:28 2010] [error]: FAILED LOGIN for emevans from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:08:17 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:08:17 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:08:17 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 02:08:17 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:08:22 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:08:22 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:08:22 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:08:22 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:08:22 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:26:43 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:26:43 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:26:43 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Sat Aug 7 02:26:43 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:14)
[Sat Aug 7 02:26:51 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Sat Aug 7 02:26:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)
[Sat Aug 7 02:26:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)

*** /opt/rt3/etc/RT_SiteConfig.pm

Custom Site Config

Set($rtname , “XXX.XXX.XXX”);
Set($Organization , “XXX.XXX”);
Set($MinimumPasswordLength , “0”);
Set($Timezone , ‘US/Eastern’);

Set(@Plugins, qw(
RT::Authen::ExternalAuth
));

Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);

Set($DatabaseType , ‘mysql’);
Set($DatabaseHost , ‘localhost’);
Set($DatabaseRTHost , ‘localhost’);
Set($DatabasePort , ‘’);
Set($DatabaseUser , ‘local’);
Set($DatabasePassword , ‘XXXXXXX’);
Set($DatabaseName , ‘XXXXXX’);

OwnerEmail is the account that will manage RT.

In this case hhadmin. Hhadmin’s email is forwarded to

the email address specified in the Postfix aliases

file.

Set($OwnerEmail , ‘hhadmin’);
Set($LoopsToRTOwner , 1);

Set($SendmailPath , “/usr/lib/sendmail.postfix”);
Set($SendmailArguments , “-oi -t -f support@hpyhdesk.heapy.local”);

Set($MaxAttachmentSize , 5000000);

Set($RTAddressRegexp , ‘^rt@hpyhdesk.heapy.local$’);
Set($CorrespondAddress , ‘no-reply@hpyhdesk.heapy.local’);
Set($CommentAddress , ‘no-reply@hpyhdesk.heapy.local’);

Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , “”%s" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, “”%s Ticket #%s":;");

Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);

Set($WebPath , “/ticket”);
Set($WebPort , 80);
Set($WebBaseURL , “http://hpyhdesk.heapy.local”);
Set($WebURL , $WebBaseURL . $WebPath . “/”);

The following two lines support single sign-on.

Tell RT to trust the webserver to handle

authentication.

They are commented out since they are said to conflict with the

ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not

familiar with, RT should just go ahead and

create an account.

#Set($WebExternalAuto, 1);

Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, “HARD”);

Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);

Set($OldestTransactionsFirst, ‘1’);
Set($ShowTransactionImages, 1);

Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);

Set($LogToSyslog, ‘’ ) ; # disable syslog
Set($LogToFile, ‘debug’ ) ; # set file logging to include
everything
Set($LogDir, ‘/opt/rt3/var/log’ ) ; # path to log
Set($LogToFileNamed , ‘rt.log’) ; # logfile name

Include the configuration for the ExternalAuth extension.

ExternalAuth only adds to the available authentication mechanisms. It

does

not replace RT’s own. Ao, authentication happens in this order:

1. ExternalAuth

2. RT-Internal

And you can have as many ExternalAuth sources as you wish.

ExternalAuth cannot add a user to any internal RT groups. This must

be

done by the RT administrator.

Set(@Plugins, qw(RT::Authen::ExternalAuth));
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";

If you want LDAP users to be automatically

assigned “Let this user be granted rights” then you may do so by

setting AutoCreate,{Privileged => 1}. Otherwise it will need

setting manually along with group membership.

Set($AutoCreate,{Privileged => 1});

1;

*** /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
‘My_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>  'XXX.XXX.XXXl',
                 'user'                  =>

‘cn=ldap,ou=XXX,dc=XXX,dc=XXX’,
‘pass’ => ‘XXX’,
‘base’ => ‘dc=XXX,dc=XXX’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

                 'tls'                   =>  0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>  3

],
‘group’ =>
‘cn=XXX,ou=XXX,dc=XXX,dc=XXX’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

1;

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404

Here is your problem,

ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS
49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
Something is wrong with your config, ExternalAuth cannot bind with your
LDAP, so any ldap calls after that will fail.

Looking at your config, you don’t have to comment out the ssl_version, that
may be throwing the argument list off and messing up your bind.

Check to make sure you can connect to your LDAP on port 389, so you know it
isn’t a firewall issue(you can telnet XXX.XXX.XXX.XXX 389).

Download an LDAP browser, and make sure the user you are connecting with
works…

Once you fix the problem of your LDAP bind not working, your error logs
should change, … hopefully everything works for you after that, but if
not… post the new logs and we’ll try to help you out!

Good luck!
Mike.On Fri, Aug 6, 2010 at 11:00 PM, Eugene M. Evans EMEvans@heapy.com wrote:

I’ve tried many things today and still don’t have Auth::ExternalAuth
working. Could it be because RT’s time is not synched with the Active
Directory server? The time RT reports in its log is hours ahead of the
system time on the host. The system is running NTP and matches the time on
the AD server. I don’t know why RT wouldn’t be using the system time. The
timezone is set correctly in RT_SiteConfig.pm >>> Set($Timezone ,
‘US/Eastern’);

The log lines below were all created before 10pm on Friday, August the
6th. If anyone has any ideas about the time difference or the inability to
log into RT using a valid AD account, I’m all ears.



/opt/rt3/var/log/rt.log ***


[Sat Aug 7 01:42:51 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:42:51 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:42:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:42:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:42:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 01:42:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:42:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:00 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:43:00 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:43:00 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:43:00 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:43:00 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 01:43:00 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:43:00 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:08 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:43:08 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:43:08 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:43:08 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:43:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 01:43:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:43:08 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:53:14 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:53:14 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:53:14 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 01:53:14 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:53:20 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:53:20 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:53:20 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:53:20 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Sat Aug 7 01:53:20 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:46 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:00:46 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:00:46 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:00:46 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:00:46 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Sat Aug 7 02:00:46 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:00:46 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:51 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:00:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:00:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:00:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Sat Aug 7 02:00:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:00:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:08 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:01:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:01:08 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:01:08 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:01:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:01:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:01:08 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:59 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:01:59 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:01:59 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:01:59 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:01:59 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:01:59 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:01:59 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:02 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:02 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:02 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:02:02 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:02:03 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:02:03 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:02:03 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:35 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:35 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:35 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:02:35 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:02:35 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:02:35 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:02:35 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:38 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:38 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:38 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:02:38 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:02:38 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:02:38 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:02:38 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:55 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:55 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:55 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 02:02:55 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:03:01 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:03:01 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:03:01 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:03:01 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:03:01 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:08 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:04:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:04:08 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:04:08 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:04:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:04:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:04:08 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:16 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:04:16 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:04:16 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:04:16 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:04:16 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:04:16 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:04:16 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:28 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:04:28 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:04:28 2010] [debug]: Calling UserExists with $username
(emevans) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:04:28 2010] [debug]: UserExists params:
username: emevans , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:04:28 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:04:28 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:04:28 2010] [error]: FAILED LOGIN for emevans from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:08:17 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:08:17 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:08:17 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 02:08:17 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:08:22 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:08:22 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:08:22 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:08:22 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:08:22 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:26:43 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:26:43 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:26:43 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 02:26:43 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [debug]: Reloading RT::User to work around a bug
in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:26:51 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:26:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:26:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)


*** /opt/rt3/etc/RT_SiteConfig.pm
***


######################

Custom Site Config

######################

Set($rtname , “XXX.XXX.XXX”);
Set($Organization , “XXX.XXX”);
Set($MinimumPasswordLength , “0”);
Set($Timezone , ‘US/Eastern’);

Set(@Plugins, qw(
RT::Authen::ExternalAuth
));

Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);

Set($DatabaseType , ‘mysql’);
Set($DatabaseHost , ‘localhost’);
Set($DatabaseRTHost , ‘localhost’);
Set($DatabasePort , ‘’);
Set($DatabaseUser , ‘local’);
Set($DatabasePassword , ‘XXXXXXX’);
Set($DatabaseName , ‘XXXXXX’);

OwnerEmail is the account that will manage RT.

In this case hhadmin. Hhadmin’s email is forwarded to

the email address specified in the Postfix aliases

file.

Set($OwnerEmail , ‘hhadmin’);
Set($LoopsToRTOwner , 1);

Set($SendmailPath , “/usr/lib/sendmail.postfix”);
Set($SendmailArguments , “-oi -t -f support@hpyhdesk.heapy.local”);

Set($MaxAttachmentSize , 5000000);

Set($RTAddressRegexp , ‘^rt@hpyhdesk.heapy.local$’);
Set($CorrespondAddress , ‘no-reply@hpyhdesk.heapy.local’);
Set($CommentAddress , ‘no-reply@hpyhdesk.heapy.local’);

Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , “”%s" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, “”%s Ticket #%s":;");

Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);

Set($WebPath , “/ticket”);
Set($WebPort , 80);
Set($WebBaseURL , “http://hpyhdesk.heapy.local”);
Set($WebURL , $WebBaseURL . $WebPath . “/”);

The following two lines support single sign-on.

Tell RT to trust the webserver to handle

authentication.

They are commented out since they are said to conflict with the

ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not

familiar with, RT should just go ahead and

create an account.

#Set($WebExternalAuto, 1);

Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, “HARD”);

Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);

Set($OldestTransactionsFirst, ‘1’);
Set($ShowTransactionImages, 1);

Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);

Set($LogToSyslog, ‘’ ) ; # disable syslog
Set($LogToFile, ‘debug’ ) ; # set file logging to include
everything
Set($LogDir, ‘/opt/rt3/var/log’ ) ; # path to log
Set($LogToFileNamed , ‘rt.log’) ; # logfile name

Include the configuration for the ExternalAuth extension.

ExternalAuth only adds to the available authentication mechanisms. It

does

not replace RT’s own. Ao, authentication happens in this order:

1. ExternalAuth

2. RT-Internal

And you can have as many ExternalAuth sources as you wish.

ExternalAuth cannot add a user to any internal RT groups. This must be

done by the RT administrator.

Set(@Plugins, qw(RT::Authen::ExternalAuth));
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";

If you want LDAP users to be automatically

assigned “Let this user be granted rights” then you may do so by

setting AutoCreate,{Privileged => 1}. Otherwise it will need

setting manually along with group membership.

Set($AutoCreate,{Privileged => 1});

1;


*** /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm ***


Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
‘My_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>  'XXX.XXX.XXXl',
                 'user'                  =>  'cn=ldap,ou=XXX,dc=XXX

,dc=XXX’,
‘pass’ => ‘XXX’,
‘base’ => ‘dc=XXX,dc=XXX’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

                 'tls'                   =>  0,

‘ssl_version’ => 3,

                  'net_ldap_args'         => [    version =>

3 ],
‘group’ => ‘cn=XXX,ou=XXX,dc=XXX,dc=
XXX’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

1;

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Mike,

I can telnet to the AD server and I am able to connect to the AD server
through an LDAP browser. The browser I happen to be using is jxplorer.
I found that Jxplorer requires the user DN to be the full first and last
name of the user rather than only the logon name and the ‘ou’ component
must be included in the field named ‘base’. Since that nomenclature
works in the LDAP browser, I modified RT_SiteConfig.pm to match, as
follows,

Was

‘user’ => ‘cn=UserLogonName, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,
‘base’ => ‘dc=XXXXXX, dc=XXXXXX’,
‘group’ => ‘cn=XXXXXX, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,

Is now

‘user’ => ‘cn=FullNameOfUserSameAsUsedInJxplorer, dc=XXXXXX,
dc=XXXXXX’,
‘base’ => ‘ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,
‘group’ => ‘cn=XXXXXX, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,

I also uncommented the ‘ssl_version’ line as you suggested. However, in
spite of all these changes I’m still not able to bind – “Can’t bind:
LDAP_INVALID_CREDENTIALS 49” – when I attempt to login to RT with
either a simple network username and password or the full form username
and password. I’ve tried logging in with the same account specified as
my LDAP bind account and as various other domain accounts, each with the
same result. I think my next step is to contact the author of the
ExternalAuth extension to see if the directives and attributes that
ExternalAuth adds to RT_SiteConfig.pm are documented. Already checked
the README but did not find a list.

Sincerely,

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404From: Mike Johnson [mailto:mike.johnson@nosm.ca]
Sent: Monday, August 09, 2010 9:02 AM
To: Eugene M. Evans
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT 3.8 Active Directory integration and single
sign-on

Here is your problem,

ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h/LDAP.pm:467)

Something is wrong with your config, ExternalAuth cannot bind with your
LDAP, so any ldap calls after that will fail.

Looking at your config, you don’t have to comment out the ssl_version,
that may be throwing the argument list off and messing up your bind.

Check to make sure you can connect to your LDAP on port 389, so you know
it isn’t a firewall issue(you can telnet XXX.XXX.XXX.XXX 389).

Download an LDAP browser, and make sure the user you are connecting with
works…

Once you fix the problem of your LDAP bind not working, your error logs
should change, … hopefully everything works for you after that, but if
not… post the new logs and we’ll try to help you out!

Good luck!
Mike.

I can telnet to the AD server and I am able to connect to the AD server through an LDAP
browser. The browser I happen to be using is jxplorer. I found that Jxplorer requires the
user DN to be the full first and last name of the user rather than only the logon name and the
’ou’ component must be included in the field named ‘base’. Since that nomenclature works in
the LDAP browser, I modified RT_SiteConfig.pm to match, as follows,

Try using the ldapsearch command line client, I find it is much closer
to the way the perl ldap library is connecting. Once you make that
connect, the same user should be fine. One thing about AD is that
sometimes the AD server responds better to a user of
sAMAccountName@domain (email address style login) rather than a full
DN, but I’ve never found an explanation for why.

-kevin

Take a look in

$RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm That is
what I used to figure out how to set everything up… and a few
"ExternalAuth" googles.

Both attributes ‘user’ and ‘group’ need to be the full DN. DN is a field in
AD. Browse to the CN you want to use, and look at the field
distinguishedName. That is what needs to go in your LDAP config.

Another question would be, did you attempt the telnet from the RT box?
Maybe the RT box isn’t able to connect to the LDAP, but your system is?

I’m running out of ideas… if everything is able to connect to each other,
it has to be the way you defined your config.

Good luck, keep us posted :smiley:

Mike.On Mon, Aug 9, 2010 at 8:38 PM, Eugene M. Evans EMEvans@heapy.com wrote:

Mike,

I can telnet to the AD server and I am able to connect to the AD server
through an LDAP browser. The browser I happen to be using is jxplorer. I
found that Jxplorer requires the user DN to be the full first and last name
of the user rather than only the logon name and the ‘ou’ component must
be included in the field named ‘base’. Since that nomenclature works in the
LDAP browser, I modified RT_SiteConfig.pm to match, as follows,

Was

‘user’ => ‘cn=UserLogonName, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,
‘base’ => ‘dc=XXXXXX, dc=XXXXXX’,
‘group’ => ‘cn=XXXXXX, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,

Is now

‘user’ => ‘cn=FullNameOfUserSameAsUsedInJxplorer, dc=XXXXXX, dc=XXXXXX’,
‘base’ => ‘ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,
‘group’ => ‘cn=XXXXXX, ou=XXXXXX, dc=XXXXXX, dc=XXXXXX’,

I also uncommented the ‘ssl_version’ line as you suggested. However, in
spite of all these changes I’m still not able to bind – *"*Can’t bind:
LDAP_INVALID_CREDENTIALS
49" – when I attempt to login to RT with either
a simple network username and password or the full form username and
password. I’ve tried logging in with the same account specified as my LDAP
bind account and as various other domain accounts, each with the same
result. I think my next step is to contact the author of the ExternalAuth
extension to see if the directives and attributes that ExternalAuth adds to
RT_SiteConfig.pm are documented. Already checked the README but did not
find a list.

Sincerely,

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404


From: Mike Johnson [mailto:mike.johnson@nosm.ca]
Sent: Monday, August 09, 2010 9:02 AM
To: Eugene M. Evans
Cc: rt-users@lists.bestpractical.com

Subject: Re: [rt-users] RT 3.8 Active Directory integration and single
sign-on

Here is your problem,

ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS
49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
Something is wrong with your config, ExternalAuth cannot bind with your
LDAP, so any ldap calls after that will fail.

Looking at your config, you don’t have to comment out the ssl_version, that
may be throwing the argument list off and messing up your bind.

Check to make sure you can connect to your LDAP on port 389, so you know it
isn’t a firewall issue(you can telnet XXX.XXX.XXX.XXX 389).

Download an LDAP browser, and make sure the user you are connecting with
works…

Once you fix the problem of your LDAP bind not working, your error logs
should change, … hopefully everything works for you after that, but if
not… post the new logs and we’ll try to help you out!

Good luck!
Mike.
On Fri, Aug 6, 2010 at 11:00 PM, Eugene M. Evans EMEvans@heapy.com wrote:

I’ve tried many things today and still don’t have Auth::ExternalAuth
working. Could it be because RT’s time is not synched with the Active
Directory server? The time RT reports in its log is hours ahead of the
system time on the host. The system is running NTP and matches the time on
the AD server. I don’t know why RT wouldn’t be using the system time. The
timezone is set correctly in RT_SiteConfig.pm >>> Set($Timezone ,
‘US/Eastern’);
The log lines below were all created before 10pm on Friday, August the
6th. If anyone has any ideas about the time difference or the inability to
log into RT using a valid AD account, I’m all ears.



/opt/rt3/var/log/rt.log ***


[Sat Aug 7 01:42:51 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:42:51 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:42:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:42:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:42:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 01:42:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:42:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:00 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:43:00 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:43:00 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:43:00 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:43:00 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 01:43:00 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:43:00 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:43:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:43:08 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:43:08 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:43:08 2010] [debug]: UserExists params:
username: hhadmin , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:43:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 01:43:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:43:08 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 01:53:14 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:53:14 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:53:14 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 01:53:14 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 01:53:20 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 01:53:20 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 01:53:20 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 01:53:20 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Sat Aug 7 01:53:20 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 01:53:20 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:46 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:00:46 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:00:46 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:00:46 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:00:46 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Sat Aug 7 02:00:46 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:00:46 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:00:51 2010] [debug]: Attempting to use external auth
service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:00:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (Heapy_AD_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:00:51 2010] [debug]: UserExists params:
username: ldap , service: Heapy_AD_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:00:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
dayxchng0.heapy.local
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Sat Aug 7 02:00:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:00:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:01:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:01:08 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:01:08 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:01:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:01:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:01:08 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:01:59 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:01:59 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:01:59 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:01:59 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:01:59 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:01:59 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:01:59 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:02 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:02 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:02 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:02:02 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:02:03 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:02:03 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:02:03 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:35 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:35 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:35 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:02:35 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:02:35 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:02:35 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:02:35 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:38 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:38 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:38 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:02:38 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:02:38 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:02:38 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:02:38 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:02:55 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:02:55 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:02:55 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 02:02:55 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:03:01 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:03:01 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:03:01 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:03:01 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:03:01 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:03:01 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:04:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:04:08 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:04:08 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:04:08 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:04:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:04:08 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:16 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:04:16 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:04:16 2010] [debug]: Calling UserExists with $username
(hhadmin) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:04:16 2010] [debug]: UserExists params:
username: hhadmin , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:04:16 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:04:16 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:04:16 2010] [error]: FAILED LOGIN for hhadmin from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:04:28 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:04:28 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:04:28 2010] [debug]: Calling UserExists with $username
(emevans) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:04:28 2010] [debug]: UserExists params:
username: emevans , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:04:28 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:04:28 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:04:28 2010] [error]: FAILED LOGIN for emevans from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:08:17 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:08:17 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:08:17 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 02:08:17 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:08:22 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:08:22 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:08:22 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:08:22 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:08:22 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:08:22 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)
[Sat Aug 7 02:26:43 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:26:43 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:26:43 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Sat Aug 7 02:26:43 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Sat Aug 7 02:26:51 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Sat Aug 7 02:26:51 2010] [debug]: Calling UserExists with $username
(ldap) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Sat Aug 7 02:26:51 2010] [debug]: UserExists params:
username: ldap , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Sat Aug 7 02:26:51 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
[Sat Aug 7 02:26:51 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Sat Aug 7 02:26:51 2010] [error]: FAILED LOGIN for ldap from
172.16.17.174 (/opt/rt3/bin/…/lib/RT/Interface/Web.pm:424)


*** /opt/rt3/etc/RT_SiteConfig.pm
***


######################

Custom Site Config

######################

Set($rtname , “XXX.XXX.XXX”);
Set($Organization , “XXX.XXX”);
Set($MinimumPasswordLength , “0”);
Set($Timezone , ‘US/Eastern’);

Set(@Plugins, qw(
RT::Authen::ExternalAuth
));

Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);

Set($DatabaseType , ‘mysql’);
Set($DatabaseHost , ‘localhost’);
Set($DatabaseRTHost , ‘localhost’);
Set($DatabasePort , ‘’);
Set($DatabaseUser , ‘local’);
Set($DatabasePassword , ‘XXXXXXX’);
Set($DatabaseName , ‘XXXXXX’);

OwnerEmail is the account that will manage RT.

In this case hhadmin. Hhadmin’s email is forwarded to

the email address specified in the Postfix aliases

file.

Set($OwnerEmail , ‘hhadmin’);
Set($LoopsToRTOwner , 1);

Set($SendmailPath , “/usr/lib/sendmail.postfix”);
Set($SendmailArguments , “-oi -t -f support@hpyhdesk.heapy.local”);

Set($MaxAttachmentSize , 5000000);

Set($RTAddressRegexp , ‘^rt@hpyhdesk.heapy.local$’);
Set($CorrespondAddress , ‘no-reply@hpyhdesk.heapy.local’);
Set($CommentAddress , ‘no-reply@hpyhdesk.heapy.local’);

Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , “”%s" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, “”%s Ticket #%s":;");

Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);

Set($WebPath , “/ticket”);
Set($WebPort , 80);
Set($WebBaseURL , “http://hpyhdesk.heapy.local”);
Set($WebURL , $WebBaseURL . $WebPath . “/”);

The following two lines support single sign-on.

Tell RT to trust the webserver to handle

authentication.

They are commented out since they are said to conflict with the

ExternalAuth extension.

See http://wiki.bestpractical.com/view/ExternalAuth.

Set($WebExternalAuth, 3);

If the webserver hands RT a user RT is not

familiar with, RT should just go ahead and

create an account.

#Set($WebExternalAuto, 1);

Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, “HARD”);

Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);

Set($OldestTransactionsFirst, ‘1’);
Set($ShowTransactionImages, 1);

Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);

Set($LogToSyslog, ‘’ ) ; # disable syslog
Set($LogToFile, ‘debug’ ) ; # set file logging to include
everything
Set($LogDir, ‘/opt/rt3/var/log’ ) ; # path to log
Set($LogToFileNamed , ‘rt.log’) ; # logfile name

Include the configuration for the ExternalAuth extension.

ExternalAuth only adds to the available authentication mechanisms. It

does

not replace RT’s own. Ao, authentication happens in this order:

1. ExternalAuth

2. RT-Internal

And you can have as many ExternalAuth sources as you wish.

ExternalAuth cannot add a user to any internal RT groups. This must be

done by the RT administrator.

Set(@Plugins, qw(RT::Authen::ExternalAuth));
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";

If you want LDAP users to be automatically

assigned “Let this user be granted rights” then you may do so by

setting AutoCreate,{Privileged => 1}. Otherwise it will need

setting manually along with group membership.

Set($AutoCreate,{Privileged => 1});

1;


*** /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm ***


Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
‘My_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>  'XXX.XXX.XXXl',
                 'user'                  =>

‘cn=ldap,ou=XXX,dc=XXX,dc=XXX’,
‘pass’ => ‘XXX’,
‘base’ => ‘dc=XXX,dc=XXX’,

                 'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
’(userAccountControl:1.2.840.113556.1.4.803:=2)’,

                 'tls'                   =>  0,

‘ssl_version’ => 3,

                  'net_ldap_args'         => [    version =>

3 ],
‘group’ =>
‘cn=XXX,ou=XXX,dc=XXX,dc=XXX’,
‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name',

‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);

1;

Gene Evans
IT Administrator
Heapy Engineering
937-224-0861 x1404

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Kevin,

Thank you for your suggestions.

Try using the ldapsearch command line client, I find it is much closer
to the way the perl ldap library is connecting. Once you make that

connect, the same user should be fine. One thing about AD is that
sometimes the AD server responds better to a user of

sAMAccountName@domain (email address style login) rather than a full
DN, but I’ve never found an explanation for why.

yes, I had been trying to use ldapsearch but was getting bogged down in
getting it configured to work. First had to install OpenLdap which also
depended on BerkeleyDB, then ran out of HDD space and finally gave up. I
was able to get it to run but never did get it to return anything at the
command line. Ended up I was able to to get things working without that
and without resorting to the sAMAccountName@domain format (see my reply
today to Mike Johnson), but may try it as a test anyway just to have an
alternative in case something down the road requires it.

I appreciate the help.

Sincerely,

Gene Evans

I use LdapBrowser to validate my ldap credentials and look inside of AD
when needed.

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Eugene M.
EvansSent: Tuesday, August 10, 2010 7:33 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT 3.8 Active Directory integration and
singlesign-on

Kevin,

Thank you for your suggestions.

Try using the ldapsearch command line client, I find it is much closer
to the way the perl ldap library is connecting. Once you make that

connect, the same user should be fine. One thing about AD is that
sometimes the AD server responds better to a user of

sAMAccountName@domain (email address style login) rather than a full
DN, but I’ve never found an explanation for why.

yes, I had been trying to use ldapsearch but was getting bogged down in
getting it configured to work. First had to install OpenLdap which also
depended on BerkeleyDB, then ran out of HDD space and finally gave up. I
was able to get it to run but never did get it to return anything at the
command line. Ended up I was able to to get things working without that
and without resorting to the sAMAccountName@domain format (see my reply
today to Mike Johnson), but may try it as a test anyway just to have an
alternative in case something down the road requires it.

I appreciate the help.

Sincerely,

Gene Evans

CONFIDENTIALITY NOTICE: The information contained in this email message, including any attachments, may be
privileged, confidential and otherwise protected from disclosure. If the reader of this message is not the
intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this
message, including any attachments, is strictly prohibited. If you have received this email message in
error, please notify the sender by reply email and delete/destroy the email message, including attachments,
and any copies thereof. Although we have taken precautions to minimize the risk of transmitting viruses via
email and attachments thereto, we do not guarantee that either is virus-free, and we accept no liability for
any damages sustained as a result of any such viruses.