[rt-users] ldap externalauth problem

Val Polyakov Mon, 27 Sep 2010 08:14:52 -0700

Trying to get my RT 3.8.8 on RHEL5 to authenticate against our corporate AD.


I followed this guide here:
http://wiki.bestpractical.com/view/CentOS5InstallPlusSome

I also checked that apache has access to over here (RT-Authen-ExternalAuth
dir was chgrp -R'ed and chmod -R 770'ed):

[r...@rt plugins]# pwd
/opt/rt3/local/plugins
[r...@rt plugins]# ls -ltr
total 4
drwxrwx--- 5 root apache 4096 Sep 13 14:16 RT-Authen-ExternalAuth
[r...@rt plugins]# ps awwwux |grep httpd
root      2313  0.1  4.1 348008 83360 ?        Ss   10:32   0:02
/usr/sbin/httpd
apache    2317  0.0  4.1 350272 82612 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2318  0.0  4.1 350272 82616 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2319  0.0  4.0 348204 82216 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2320  0.0  4.1 350272 82684 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2321  0.0  4.1 350928 83388 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2322  0.0  4.1 350272 82616 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2323  0.0  4.1 350272 82616 ?        S    10:32   0:00
/usr/sbin/httpd
apache    2324  0.0  4.1 350668 83172 ?        S    10:32   0:00
/usr/sbin/httpd
root      3537  0.0  0.0  61148   708 pts/0    R+   11:06   0:00 grep httpd
[r...@rt plugins]#

when I set this up and tried to login with my AD account for the first
time, here's what I saw in /var/log/httpd/error_log :


[r...@rt autohandler]# tail -f /var/log/httpd/error_log
[Mon Sep 27 14:32:29 2010] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: 101
Truman Avenue, City: Yonkers, Country: United States, Disabled: 0,
EmailAddress: [email protected], ExternalAuthId: POLYVA, Gecos:
POLYVA, Name: POLYVA, Organization: 1-8D, Privileged: 0, RealName:
Polyakov, Valeriy, State: NY, WorkPhone: (914) 378-2577, Zip: 10703
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Mon Sep 27 14:32:29 2010] [info]: Autocreated external user POLYVA ( 36 )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:132)
[Mon Sep 27 14:32:29 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)

...

And ever since then when I try to login I only see this:

[Mon Sep 27 14:52:31 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Mon Sep 27 14:52:31 2010] [error]: FAILED LOGIN for polyva from
192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)


my /opt/rt3/etc/RT_SiteConfig.pm and
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc are attached


Any suggestions?

# Any configuration directives you include  here will override 
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
#   perl -c /path/to/your/etc/RT_SiteConfig.pm

Set( $rtname, 'rt.mydomain.org');
Set( $Organization, 'rt.mydomain.org');
Set($MinimumPasswordLength , "5");
Set($Timezone , 'US/Eastern');

Set(@Plugins, qw(
			RT::Authen::ExternalAuth
		));

Set($HomepageComponents, [qw(
			     QuickCreate
			     Quicksearch
			     MyAdminQueues
			     MySupportQueues
			     MyReminders
			     RefreshHomepage
			     Dashboards
			    )]);

Set( $DatabaseType, 'mysql');
Set( $DatabaseHost, 'localhost');
Set( $DatabaseRTHost , 'localhost');
Set( $DatabaseName , 'rt3'); 
Set( $DatabasePort , '');
Set( $DatabaseUser , 'rtuser');
Set( $DatabasePassword , 'mypassword');

Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);

Set($SendmailArguments , "-oi -t -f [email protected]");

Set($MaxAttachmentSize , 10000000);

Set($RTAddressRegexp , '^[email protected]$');
Set($CorrespondAddress , '[email protected]');
Set($CommentAddress , '[email protected]');

Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , "\"%s\" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat , "\"%s Ticket #%s\":;");

Set($NotifyActor , 0);
Set($RecordOutgoingEmail , 1);

Set($WebPath , "/ticket");
Set($WebPort , 80);
Set($WebBaseURL , "http://rt";);
Set($WebURL , $WebBaseURL . $WebPath . "/");
Set($WebImagesURL , $WebURL . "/NoAuth/images");

Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, "HARD");

Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);

Set($OldestTransactionsFirst, '1');

Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);

require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($Autocreate,			{Privileged => 1});

#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));
1;

RT_SiteConfig.pm.externalauth
Description: Binary data

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year -- Learn how to get the most out of RT!

[rt-users] ldap externalauth problem

Reply via email to