Transitory error on login (LDAP against AD)

Hi all,

We’re running RT 3.6.5, authenticating against AD. When people login, they get this error…

error: DBD::mysql::db selectall_hashref failed: Unknown column ‘disabled’ in ‘field list’ at /usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth/DBI.pm line 279.
context:

275: # DBI->trace(1,’/tmp/dbi.log’);
276:
277: # Get DBI Object, do the query, disconnect
278: my $dbh = _GetBoundDBIObj($config);
279: my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params);
280: $dbh->disconnect();
281:
282: my $num_of_results = scalar keys %$results_hashref;
283:

code stack: /usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth/DBI.pm:279
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:403
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:244
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:200
/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:25
/usr/share/request-tracker3.6/html/Elements/Callback:85
/usr/share/request-tracker3.6/html/autohandler:240

…but the fun part is, if you just hit “refresh” on your browser, everything is fine. You’re logged in and ready to go.

Is this a bug in part of the system that got solved in a later version, or do I have something configured in a slightly wrong way? To this point I’ve just told people to refresh the page and move on with life, but if it is something I can fix easily I’d like to do so.

If more info is needed to be able to tell what’s happening, I can provide it, just let me know. Thanks for any help you can give!
Kendric Beachey

This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.

Thank you for your cooperation.

We’re running RT 3.6.5, authenticating against AD. When people
login, they get this error…

If you’re authenticating against AD, then why are you doing DBI auth too?

Is this a bug in part of the system that got solved in a later
version, or do I have something configured in a slightly wrong way?

I believe this is a configuration error. Please send etc/RT_SiteConfig.pm.

I got the same error and I understand this must be minors, since my AD user is authenticated. The Users table in my rt4 database doesn’t have a column called ‘disable’. Removing the d_field line in RT_SiteConfig.pm and the error no longer show up. Looks like a bug.

Jun-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Beachey, Kendric
Sent: Friday, March 02, 2012 10:59 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Transitory error on login (LDAP against AD)

Hi all,

We’re running RT 3.6.5, authenticating against AD. When people login, they get this error…

error: DBD::mysql::db selectall_hashref failed: Unknown column ‘disabled’ in ‘field list’ at /usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth/DBI.pm line 279.
context:

275: # DBI->trace(1,‘/tmp/dbi.log’);
276:
277: # Get DBI Object, do the query, disconnect
278: my $dbh = _GetBoundDBIObj($config);
279: my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params);
280: $dbh->disconnect();
281:
282: my $num_of_results = scalar keys %$results_hashref;
283:

code stack: /usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth/DBI.pm:279
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:403
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:244
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:200
/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:25
/usr/share/request-tracker3.6/html/Elements/Callback:85
/usr/share/request-tracker3.6/html/autohandler:240

…but the fun part is, if you just hit “refresh” on your browser, everything is fine. You’re logged in and ready to go.

Is this a bug in part of the system that got solved in a later version, or do I have something configured in a slightly wrong way? To this point I’ve just told people to refresh the page and move on with life, but if it is something I can fix easily I’d like to do so.

If more info is needed to be able to tell what’s happening, I can provide it, just let me know. Thanks for any help you can give!
Kendric Beachey

This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.

Thank you for your cooperation.

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

I got the same error and I understand this must be minors, since my
AD user is authenticated. The Users table in my rt4 database doesn’t
have a column called ‘disable’. Removing the d_field line in
RT_SiteConfig.pm and the error no longer show up. Looks like a bug.

It is a severe misconfiguration to add the internal RT Users table as a
DBI auth source in RT::Authen::ExternalAuth. Don’t do that.

Thomas,
Since I’m new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
Thanks.

Jun

Set( $DatabaseUser, ‘rt_user’ );
Set( $CorrespondAddress, ‘x2@mdanderson.org’ );
Set( $rtname, ‘xrt.mdanderson.edu’ );
Set( $DatabaseRequireSSL, ‘’ );
Set( $WebPort, ‘80’ );
Set( $Organization, ‘mdanderson.edu’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabasePort, ‘’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabaseAdmin, ‘root’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘xrt.mdanderson.edu’ );
Set( $DatabaseAdminPassword, ‘’ );
Set( $CommentAddress, ‘x@mdanderson.org’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $OwnerEmail, ‘x2@mdanderson.org’ );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [ ‘My_MySQL’,
‘My_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_MySQL’ => {
‘type’ => ‘db’,
‘server’ => ‘dqsrt.mdanderson.edu’,
‘database’ => ‘rt4’,
‘table’ => ‘Users’,
‘user’ => ‘rt_user’,
‘pass’ => ‘password’,
‘port’ => ‘3306’,
‘dbi_driver’ => ‘mysql’,
‘u_field’ => ‘Name’,
‘p_field’ => ‘Password’,
‘p_enc_pkg’ => ‘Crypt::MySQL’,
‘p_enc_sub’ => ‘password’,
‘d_field’ => ‘disabled’,
‘d_values’ => [‘0’],
‘attr_map’ => { ‘Name’ => ‘Name’, }
},
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘dcpwpdc1.mdanderson.edu’,
‘user’ => ‘s_dqs_svn’,
‘pass’ => ‘Juoo9k88’,
‘base’ => ‘ou=people,dc=mdanderson,dc=edu’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_map’ => { ‘Name’ => ‘samaccountname’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicaldeliveryofficename’,
‘RealName’ => ‘gecos’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘gecos’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);
1;-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Friday, March 02, 2012 11:57 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)

On 03/02/2012 12:48 PM, Zhang,Jun wrote:

I got the same error and I understand this must be minors, since my AD
user is authenticated. The Users table in my rt4 database doesn’t have
a column called ‘disable’. Removing the d_field line in
RT_SiteConfig.pm and the error no longer show up. Looks like a bug.

It is a severe misconfiguration to add the internal RT Users table as a DBI auth source in RT::Authen::ExternalAuth. Don’t do that.
RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

Thomas,
Since I’m new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.

Remove My_MySQL from ExternalAuthPriority and remove the entire My_MySQL
block from ExternalSettings.

Set($ExternalAuthPriority, [ ‘My_MySQL’,
‘My_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_MySQL’ => {
‘type’ => ‘db’,
‘server’ => ‘dqsrt.mdanderson.edu’,
‘database’ => ‘rt4’,
‘table’ => ‘Users’,
‘user’ => ‘rt_user’,
‘pass’ => ‘password’,
‘port’ => ‘3306’,
‘dbi_driver’ => ‘mysql’,
‘u_field’ => ‘Name’,
‘p_field’ => ‘Password’,
‘p_enc_pkg’ => ‘Crypt::MySQL’,
‘p_enc_sub’ => ‘password’,
‘d_field’ => ‘disabled’,
‘d_values’ => [‘0’],
‘attr_map’ => { ‘Name’ => ‘Name’, }
},
[snipped]

Your My_LDAP ‘user’ needs to be the fully qualified ‘CN=s_dqs_svn,
ou=people,dc=mdanderson,dc=edu’. And I hope that is a bogus password!
Otherwise, I would change it.

Ryan Backman
Programmer / Analyst
George Fox UniversityOn Fri, Mar 2, 2012 at 10:16 AM, Zhang,Jun JHZhang@mdanderson.org wrote:

Thomas,
Since I’m new to RT, could you please tell where I did wrong in
configuration? May be I need to change the order of the
ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
Thanks.

Jun

Set( $DatabaseUser, ‘rt_user’ );
Set( $CorrespondAddress, ‘x2@mdanderson.org’ );
Set( $rtname, ‘xrt.mdanderson.edu’ );
Set( $DatabaseRequireSSL, ‘’ );
Set( $WebPort, ‘80’ );
Set( $Organization, ‘mdanderson.edu’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabasePort, ‘’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabaseAdmin, ‘root’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘xrt.mdanderson.edu’ );
Set( $DatabaseAdminPassword, ‘’ );
Set( $CommentAddress, ‘x@mdanderson.org’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $OwnerEmail, ‘x2@mdanderson.org’ );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [ ‘My_MySQL’,
‘My_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_MySQL’ => {
‘type’
=> ‘db’,
‘server’
=> ‘dqsrt.mdanderson.edu’,
‘database’
=> ‘rt4’,
‘table’
=> ‘Users’,
‘user’
=> ‘rt_user’,
‘pass’
=> ‘password’,
‘port’
=> ‘3306’,
‘dbi_driver’
=> ‘mysql’,
‘u_field’
=> ‘Name’,
‘p_field’
=> ‘Password’,
‘p_enc_pkg’
=> ‘Crypt::MySQL’,
‘p_enc_sub’
=> ‘password’,
‘d_field’
=> ‘disabled’,
‘d_values’
=> [‘0’],
‘attr_map’
=> { ‘Name’ => ‘Name’,
}
},
‘My_LDAP’ => {
‘type’
=> ‘ldap’,
‘server’
=> ‘dcpwpdc1.mdanderson.edu’,
‘user’
=> ‘s_dqs_svn’,
‘pass’
=> ‘Juoo9k88’,
‘base’
=> ‘ou=people,dc=mdanderson,dc=edu’,
‘d_filter’ =>
‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’
=> 0,
‘ssl_version’
=> 3,
‘net_ldap_args’
=> [ version => 3 ],
‘attr_map’
=> { ‘Name’ => ‘samaccountname’,

             'EmailAddress' => 'mail',

             'Organization' => 'physicaldeliveryofficename',

             'RealName' => 'gecos',

             'ExternalAuthId' => 'sAMAccountName',

             'Gecos' => 'gecos',

             'WorkPhone' => 'telephoneNumber',

             'Address1' => 'streetAddress',

             'City' => 'l',

             'State' => 'st',

             'Zip' => 'postalCode',

             'Country' => 'co'

         }
                                               }
                           }

);
1;

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:
rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Friday, March 02, 2012 11:57 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)

On 03/02/2012 12:48 PM, Zhang,Jun wrote:

I got the same error and I understand this must be minors, since my AD
user is authenticated. The Users table in my rt4 database doesn’t have
a column called ‘disable’. Removing the d_field line in
RT_SiteConfig.pm and the error no longer show up. Looks like a bug.

It is a severe misconfiguration to add the internal RT Users table as a
DBI auth source in RT::Authen::ExternalAuth. Don’t do that.

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

HEY! That solved the problem! Thanks so much Jun :slight_smile:

It’s interesting that this section of the stock config file refers correctly to the stock Users table, except for including references to this column that isn’t part of the table.
Kendric Beachey-----Original Message-----
From: Zhang,Jun [mailto:JHZhang@mdanderson.org]
Sent: Friday, March 02, 2012 11:49 AM
To: Beachey, Kendric; rt-users@lists.bestpractical.com
Subject: RE: Transitory error on login (LDAP against AD)

I got the same error and I understand this must be minors, since my AD user is authenticated. The Users table in my rt4 database doesn’t have a column called ‘disable’. Removing the d_field line in RT_SiteConfig.pm and the error no longer show up. Looks like a bug.

Jun

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Beachey, Kendric
Sent: Friday, March 02, 2012 10:59 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Transitory error on login (LDAP against AD)

Hi all,

We’re running RT 3.6.5, authenticating against AD. When people login, they get this error…

error: DBD::mysql::db selectall_hashref failed: Unknown column ‘disabled’ in ‘field list’ at /usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth/DBI.pm line 279.
context:

275: # DBI->trace(1,‘/tmp/dbi.log’);
276:
277: # Get DBI Object, do the query, disconnect
278: my $dbh = _GetBoundDBIObj($config);
279: my $results_hashref = $dbh->selectall_hashref($query,$u_field,{},@bind_params);
280: $dbh->disconnect();
281:
282: my $num_of_results = scalar keys %$results_hashref;
283:

code stack: /usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth/DBI.pm:279
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:403
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:244
/usr/local/share/request-tracker3.6/lib/RT/Authen/ExternalAuth.pm:200
/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:25
/usr/share/request-tracker3.6/html/Elements/Callback:85
/usr/share/request-tracker3.6/html/autohandler:240

…but the fun part is, if you just hit “refresh” on your browser, everything is fine. You’re logged in and ready to go.

Is this a bug in part of the system that got solved in a later version, or do I have something configured in a slightly wrong way? To this point I’ve just told people to refresh the page and move on with life, but if it is something I can fix easily I’d like to do so.

If more info is needed to be able to tell what’s happening, I can provide it, just let me know. Thanks for any help you can give!
Kendric Beachey

This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.

Thank you for your cooperation.

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

HEY! That solved the problem! Thanks so much Jun :slight_smile:

You just created another problem, which is now ExternalAuth looks at the
internal RT users table. It should not be configured to do this.

It’s interesting that this section of the stock config file refers
correctly to the stock Users table, except for including references
to this column that isn’t part of the table.

Please read my other responses to your email which I sent to the list.

Thoms,
Is restarting httpd the only thing needed after modifying RT_SiteConfig.pm?

JunFrom: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Friday, March 02, 2012 12:21 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)

Thomas,
Since I’m new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.

Remove My_MySQL from ExternalAuthPriority and remove the entire My_MySQL block from ExternalSettings.

Set($ExternalAuthPriority, [ ‘My_MySQL’,
‘My_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_MySQL’ => {
‘type’ => ‘db’,
‘server’ => ‘dqsrt.mdanderson.edu’,
‘database’ => ‘rt4’,
‘table’ => ‘Users’,
‘user’ => ‘rt_user’,
‘pass’ => ‘password’,
‘port’ => ‘3306’,
‘dbi_driver’ => ‘mysql’,
‘u_field’ => ‘Name’,
‘p_field’ => ‘Password’,
‘p_enc_pkg’ => ‘Crypt::MySQL’,
‘p_enc_sub’ => ‘password’,
‘d_field’ => ‘disabled’,
‘d_values’ => [‘0’],
‘attr_map’ => { ‘Name’ => ‘Name’, }
},
[snipped]
RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston March 5 & 6, 2012

I didn’t use the real password. Authentication works against AD, does that mean a short user name could be used? Thank you very much for raising the question. At this stage, I’m sure about nothing.

JunFrom: Ryan Backman [mailto:rbackman@georgefox.edu]
Sent: Friday, March 02, 2012 12:56 PM
To: Zhang,Jun
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)

Your My_LDAP ‘user’ needs to be the fully qualified ‘CN=s_dqs_svn,ou=people,dc=mdanderson,dc=edu’. And I hope that is a bogus password! Otherwise, I would change it.

Ryan Backman
Programmer / Analyst
George Fox University

Thomas,
Since I’m new to RT, could you please tell where I did wrong in configuration? May be I need to change the order of the ExternalAuthPriority. Below is my RT_SiteConfig.pm file content.
Thanks.

Jun

Set( $DatabaseUser, ‘rt_user’ );
Set( $CorrespondAddress, ‘x2@mdanderson.orgmailto:x2@mdanderson.org’ );
Set( $rtname, ‘xrt.mdanderson.eduhttp://xrt.mdanderson.edu’ );
Set( $DatabaseRequireSSL, ‘’ );
Set( $WebPort, ‘80’ );
Set( $Organization, ‘mdanderson.eduhttp://mdanderson.edu’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabasePort, ‘’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabaseAdmin, ‘root’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘xrt.mdanderson.eduhttp://xrt.mdanderson.edu’ );
Set( $DatabaseAdminPassword, ‘’ );
Set( $CommentAddress, ‘x@mdanderson.orgmailto:x@mdanderson.org’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $OwnerEmail, ‘x2@mdanderson.orgmailto:x2@mdanderson.org’ );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [ ‘My_MySQL’,
‘My_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_MySQL’ => {
‘type’ => ‘db’,
‘server’ => ‘dqsrt.mdanderson.eduhttp://dqsrt.mdanderson.edu’,
‘database’ => ‘rt4’,
‘table’ => ‘Users’,
‘user’ => ‘rt_user’,
‘pass’ => ‘password’,
‘port’ => ‘3306’,
‘dbi_driver’ => ‘mysql’,
‘u_field’ => ‘Name’,
‘p_field’ => ‘Password’,
‘p_enc_pkg’ => ‘Crypt::MySQL’,
‘p_enc_sub’ => ‘password’,
‘d_field’ => ‘disabled’,
‘d_values’ => [‘0’],
‘attr_map’ => { ‘Name’ => ‘Name’, }
},
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘dcpwpdc1.mdanderson.eduhttp://dcpwpdc1.mdanderson.edu’,
‘user’ => ‘s_dqs_svn’,
‘pass’ => ‘Juoo9k88’,
‘base’ => ‘ou=people,dc=mdanderson,dc=edu’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_map’ => { ‘Name’ => ‘samaccountname’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicaldeliveryofficename’,
‘RealName’ => ‘gecos’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘gecos’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);
1;

OOPS, I forgot I had shut off list mail delivery some time ago, so I only saw Jun’s first response (because it CCed me). Thanks for mentioning there were other messages, Thomas.

The reason for authenticating against LDAP and the internal system was that (for a time, at least) our users around the world did not all authenticate in the same way. US used one LDAP, UK used a different LDAP, Taiwan used the internal table.

At this point I think we actually do have everybody using AD, so I will go ahead and remove the internal part from the config and give that a shot.
KendricFrom: Thomas Sibley [mailto:trs@bestpractical.com]
Sent: Friday, March 02, 2012 1:18 PM
To: rt-users@lists.bestpractical.com
Cc: Beachey, Kendric
Subject: Re: [rt-users] Transitory error on login (LDAP against AD)

HEY! That solved the problem! Thanks so much Jun :slight_smile:

You just created another problem, which is now ExternalAuth looks at the
internal RT users table. It should not be configured to do this.

It’s interesting that this section of the stock config file refers
correctly to the stock Users table, except for including references
to this column that isn’t part of the table.

Please read my other responses to your email which I sent to the list.

This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies.

Thank you for your cooperation.

The reason for authenticating against LDAP and the internal system
was that (for a time, at least) our users around the world did not
all authenticate in the same way. US used one LDAP, UK used a
different LDAP, Taiwan used the internal table.

At this point I think we actually do have everybody using AD, so I
will go ahead and remove the internal part from the config and give
that a shot.

RT::Authen::ExternalAuth always falls back to internal RT auth. You
don’t need to configure it to do so. It’s called external auth for a
reason.