Hi all,
RT 4.4.4 (new installation)
MariaDB 10.3
CentOS 8 (Perl 5.26.3)
AD server is WS 2016
I’ve been working on this a couple of days but am stuck and hope I can get a few thoughts on where else to look.
Part of my RT_SiteConfig.pm:
Set($ExternalAuthPriority, [‘AD’]);
Set($ExternalInfoPriority, [‘AD’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1 });
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
‘AD’ => {
‘type’ => ‘ldap’,
‘server’ => ‘myldap.mydomain.edu’,
‘user’ => ‘myldapauthuser@mydomain.edu’,
‘password’ => ‘mypassword’,
‘base’ => ‘dc=mydomain,dc=edu’,
‘filter’ => ‘(objectCategory=User)’,
‘tls’ => { verify => ‘none’ },
‘net_ldap_args’ => [ version => 3, scheme => ‘ldaps’, port => 636],
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,
},
‘group_scope’ => ‘sub’,
},
} );
This bit is for ldapimport
Set($LDAPHost,‘myldap.mydomain.edu’);
Set($LDAPOptions, [ port => 636,
scheme => ‘ldaps’,
raw => qr/(;binary)/,
version => 3,
verify => ‘none’]);
Set($LDAPUser,‘CN=Myldapauth User,CN=Users,DC=mydomain,DC=edu’);
Set($LDAPPassword,‘mypassword’);
Set($LDAPBase, ‘dc=mydomain,dc=edu’);
Set($LDAPFilter, ‘(&(objectCategory=User)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))’);
Set($LDAPMapping, {Name => ‘sAMAccountName’, # required
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Address1 => ‘streetAddress’,
City => ‘l’,
State => ‘st’,
Zip => ‘postalCode’,
Country => ‘co’});
Set($LDAPGroupBase, ‘ou=Groups,dc=mydomain,dc=edu’);
Set($LDAPGroupFilter, ‘(|(cn=Staff)(cn=Consultant))’);
Set($LDAPGroupMapping, {Name => ‘cn’,
Member_Attr => ‘member’,
Member_Attr_Value => ‘dn’ });
The importer does seem to work: /opt/rt4/sbin/rt-ldapimport --verbose
and so does: ldapsearch -x -H ldaps://myldap.mydomain.edu:636 -D myldapauthuser@mydomain.edu -w mypassword -b “dc=mydomain,dc=edu” “(&(objectCategory=User)(sAMAccountName=testuser))”
The filter part is copied from the log entries of the failed login on the web gui.
Logging in via the web gui gives:
[19085] [Fri Dec 13 15:42:15 2019] [debug]: Attempting to use external auth service: AD (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[19085] [Fri Dec 13 15:42:15 2019] [debug]: Calling UserExists with $username (testuser) and $service (AD) (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:329)
[19085] [Fri Dec 13 15:42:15 2019] [debug]: UserExists params: username: testuser , service: AD (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:486)
[19085] [Fri Dec 13 15:42:15 2019] [debug]: LDAP Search === Base: dc=mydomain,dc=edu == Filter: (&(objectCategory=User)(sAMAccountName=testuser)) == Attrs: postalCode,streetAddress,telephoneNumber,st,co,mail,cn,l,sAMAccountName (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:516)
[19085] [Fri Dec 13 15:42:15 2019] [debug]: User Check Failed :: ( AD ) testuser User not found (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:530)
[19085] [Fri Dec 13 15:42:15 2019] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58)
[19085] [Fri Dec 13 15:42:15 2019] [error]: FAILED LOGIN for testuser from 1.2.3.4 (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:827)
Based on other posts, mine doesn’t appear to be a server connectivity issue or an LDAP account problem that I can tell. Sorta stuck on what to try next.
Thanks!