RT::Authen::ExternalAuth error

Hi, All,

I have errors with RT 3.6.5 and RT-Authen-ExternalAuth-0.05 on my centos box.
following are error messages:
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)

And my configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’=>‘ldap’,
‘auth’=>1,
‘info’=> 1,
‘server’=> ‘tldap01.smith.com’,
‘user’ => ‘rt3’,
‘pass’ => ‘mypassword’,
‘base’=> ‘ou=people,dc=smith,dc=com’,
‘filter’=> ‘(objectClass=person)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘net_ldap_args’ => [ version => 3 ],
# ‘group’ => ‘GROUP_NAME’,
# ‘group_attr’ => ‘GROUP_ATTR’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
‘WorkPhone’,
‘Address2’
],
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}

Am I doing soething wrong?

Thanks, Please advise.

Regards,
Ben

Hi Ben,

Barring things like the user not being authorized, or your base being
incorrect, try limiting your attr_map down to just the essentials. I got
errors trying to map things that I thought should work just fine. I can’t
remember what error I got, but it wasn’t descriptive and it caused a
complete failure of the process.

-MikeFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Ben
Sent: September-02-09 2:20 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] RT::Authen::ExternalAuth error

Hi, All,

I have errors with RT 3.6.5 and RT-Authen-ExternalAuth-0.05 on my centos
box.

following are error messages:

[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t
bind: LDAP_INVALID_DN_SYNTAX 34
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t
bind: LDAP_INVALID_DN_SYNTAX 34
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)

And my configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’=>‘ldap’,
‘auth’=>1,
‘info’=> 1,
‘server’=> ‘
http://tldap01.smith.com/ tldap01.smith.com’,
‘user’ => ‘rt3’,
‘pass’ =>
‘mypassword’,
‘base’=> ‘ou=people,dc=smith,dc=com’,

                                 'filter'=>  '(objectClass=person)',
                                 'd_filter'                  =>

‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’
=> 0,
‘net_ldap_args’
=> [ version => 3 ],
# ‘group’
=> ‘GROUP_NAME’,
# ‘group_attr’
=> ‘GROUP_ATTR’,
‘attr_match_list’
=> [ ‘Name’,

‘EmailAddress’,

‘RealName’,

‘WorkPhone’,

‘Address2’

],
‘attr_map’
=> { ‘Name’ => ‘sAMAccountName’,

‘EmailAddress’ => ‘mail’,

‘Organization’ => ‘physicalDeliveryOfficeName’,

‘RealName’ => ‘cn’,

‘ExternalAuthId’ => ‘sAMAccountName’,

‘Gecos’ => ‘sAMAccountName’,

‘WorkPhone’ => ‘telephoneNumber’,

‘Address1’ => ‘streetAddress’,

‘City’ => ‘l’,

‘State’ => ‘st’,

‘Zip’ => ‘postalCode’,

‘Country’ => ‘co’

}
}
}

Am I doing soething wrong?

Thanks, Please advise.

Regards,

Ben

Ben wrote:

Hi, All,

I have errors with RT 3.6.5 and RT-Authen-ExternalAuth-0.05 on my centos
box.
following are error messages:
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t
bind: LDAP_INVALID_DN_SYNTAX 34
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t
bind: LDAP_INVALID_DN_SYNTAX 34

The error is clear. You cannot bind to the server (Can’t bind). The
reason is that the username’s DN Syntax is invalid
(LDAP_INVALID_DN_SYNTAX 34).

Use the valid DN Syntax for your LDAP server:

‘user’ => ‘rt3’,
‘user’ => ‘cn=rt3,ou=People,dc=smith,dc=com’,

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Hi, Mike,

Thanks, I tried your suggestions, base should be correct, because we have other service also using this ldap server. I limmted attr_map to just email and externalAuthId, it still gave same error message.
Following are are detailed debug information.

Thanks and Regards,

Ben

[Wed Sep 2 22:47:45 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Wed Sep 2 22:47:45 2009] [debug]: RT::User::IsExternalPassword Trying External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
[Wed Sep 2 22:47:45 2009] [debug]: Attempting to use external auth service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
[Wed Sep 2 22:47:45 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Wed Sep 2 22:47:45 2009] [info]: RT::User::IsExternalPassword External Auth Failed: yhuang (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:294)
[Wed Sep 2 22:47:45 2009] [debug]: RT::User::IsPassword External auth FAILED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:360)
[Wed Sep 2 22:47:45 2009] [info]: RT::User::IsInternalPassword AUTH FAILED: ben (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:331)
[Wed Sep 2 22:47:45 2009] [debug]: RT::User::IsPassword Internal auth FAILED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:366)
[Wed Sep 2 22:47:45 2009] [error]: FAILED LOGIN for ben from 10.64.16.119 (/usr/share/rt3/html/autohandler:251)— On Wed, 9/2/09, Michael Ellis Michael_Ellis@umanitoba.ca wrote:

From: Michael Ellis Michael_Ellis@umanitoba.ca
Subject: RE: [rt-users] RT::Authen::ExternalAuth error
To: “‘Ben’” uyhis@yahoo.com, rt-users@lists.bestpractical.com
Date: Wednesday, September 2, 2009, 5:00 PM

Hi Ben,

Barring things like the user not being authorized, or your base being incorrect, try limiting your attr_map down to just the essentials. I got errors trying to map things that I thought should work just fine. I can’t remember what error I got, but it wasn’t descriptive and it caused a complete failure of the process.

-Mike

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Ben
Sent: September-02-09 2:20 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] RT::Authen::ExternalAuth error

Hi, All,

I have errors with RT 3.6.5 and RT-Authen-ExternalAuth-0.05 on my centos box.

following are error messages:

[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)

And my configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’=>‘ldap’,
‘auth’=>1,
‘info’=> 1,
‘server’=> ‘tldap01.smith.com’,
‘user’ => ‘rt3’,
‘pass’ => ‘mypassword’,
‘base’=> ‘ou=people,dc=smith,dc=com’,

                                 'filter'=>  '(objectClass=person)',
                                 'd_filter'                  =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                                    'tls'                       =>  0,
                                                    'net_ldap_args'             => [    version =>  3   ],
                                                   # 'group'                     =>  'GROUP_NAME',
                                                   # 'group_attr'                =>  'GROUP_ATTR',
                                                    'attr_match_list'           => [    'Name',
                                                                                        'EmailAddress', 
                                                                                        'RealName',
                                                                                        'WorkPhone', 
                                                                                        'Address2'
                                                                                    ],
                                                    'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                                                                        'EmailAddress' => 'mail',
                                                                                        'Organization' => 'physicalDeliveryOfficeName',
                                                                                        'RealName' => 'cn',
                                                                                        'ExternalAuthId' => 'sAMAccountName',
                                                                                        'Gecos' => 'sAMAccountName',
                                                                                        'WorkPhone' => 'telephoneNumber',
                                                                                        'Address1' => 'streetAddress',
                                                                                        'City' => 'l',
                                                                                        'State' => 'st',
                                                                                        'Zip' => 'postalCode',
                                                                                        'Country' => 'co'
                                                                                    }
                                                }
                            }

Am I doing soething wrong?

Thanks, Please advise.

Regards,

Ben

Thanks, Mike.

This solves part of my problems, but you gave me the direction to make it work.

Regards,

BenFrom: Mike Peachey mike.peachey@jennic.com
Subject: Re: [rt-users] RT::Authen::ExternalAuth error
To: “Ben” uyhis@yahoo.com, rt-users@lists.bestpractical.com
Date: Wednesday, September 2, 2009, 4:55 PM

Ben wrote:

Hi, All,
I have errors with RT 3.6.5 and RT-Authen-ExternalAuth-0.05 on my centos box.
following are error messages:
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056)
[Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can’t bind: LDAP_INVALID_DN_SYNTAX 34

The error is clear. You cannot bind to the server (Can’t bind). The reason is that the username’s DN Syntax is invalid (LDAP_INVALID_DN_SYNTAX 34).

Use the valid DN Syntax for your LDAP server:

‘user’ => ‘rt3’,
‘user’ => ‘cn=rt3,ou=People,dc=smith,dc=com’,

– Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com