Val, Have you verified that ldapsearch works for you on this box? I used something like this to test:
ldapsearch -LLL -x -H ldap://<ldap server>:389 -b 'DC=corp,DC=something,DC=com' -D '[email protected]' -w '<ldapuser password>' '(&(ObjectClass=Person)(cn=<username to search for))' I had to request from our Windows AD guys to allow the ldapuser to be able to read all user information. I also had to have them open the firewall to our server, because by default, they only allow certain servers to query the AD servers. John On 09/27/2010 10:14 AM, Val Polyakov wrote: Trying to get my RT 3.8.8 on RHEL5 to authenticate against our corporate AD. I followed this guide here: http://wiki.bestpractical.com/view/CentOS5InstallPlusSome I also checked that apache has access to over here (RT-Authen-ExternalAuth dir was chgrp -R'ed and chmod -R 770'ed): [r...@rt plugins]# pwd /opt/rt3/local/plugins [r...@rt plugins]# ls -ltr total 4 drwxrwx--- 5 root apache 4096 Sep 13 14:16 RT-Authen-ExternalAuth [r...@rt plugins]# ps awwwux |grep httpd root 2313 0.1 4.1 348008 83360 ? Ss 10:32 0:02 /usr/sbin/httpd apache 2317 0.0 4.1 350272 82612 ? S 10:32 0:00 /usr/sbin/httpd apache 2318 0.0 4.1 350272 82616 ? S 10:32 0:00 /usr/sbin/httpd apache 2319 0.0 4.0 348204 82216 ? S 10:32 0:00 /usr/sbin/httpd apache 2320 0.0 4.1 350272 82684 ? S 10:32 0:00 /usr/sbin/httpd apache 2321 0.0 4.1 350928 83388 ? S 10:32 0:00 /usr/sbin/httpd apache 2322 0.0 4.1 350272 82616 ? S 10:32 0:00 /usr/sbin/httpd apache 2323 0.0 4.1 350272 82616 ? S 10:32 0:00 /usr/sbin/httpd apache 2324 0.0 4.1 350668 83172 ? S 10:32 0:00 /usr/sbin/httpd root 3537 0.0 0.0 61148 708 pts/0 R+ 11:06 0:00 grep httpd [r...@rt plugins]# when I set this up and tried to login with my AD account for the first time, here's what I saw in /var/log/httpd/error_log : [r...@rt autohandler]# tail -f /var/log/httpd/error_log [Mon Sep 27 14:32:29 2010] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: 101 Truman Avenue, City: Yonkers, Country: United States, Disabled: 0, EmailAddress: [email protected], ExternalAuthId: POLYVA, Gecos: POLYVA, Name: POLYVA, Organization: 1-8D, Privileged: 0, RealName: Polyakov, Valeriy, State: NY, WorkPhone: (914) 378-2577, Zip: 10703 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536) [Mon Sep 27 14:32:29 2010] [info]: Autocreated external user POLYVA ( 36 ) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:132) [Mon Sep 27 14:32:29 2010] [info]: My_LDAP AUTH FAILED: polyva (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127) .... And ever since then when I try to login I only see this: [Mon Sep 27 14:52:31 2010] [info]: My_LDAP AUTH FAILED: polyva (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127) [Mon Sep 27 14:52:31 2010] [error]: FAILED LOGIN for polyva from 192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) my /opt/rt3/etc/RT_SiteConfig.pm and /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc are attached Any suggestions? RT Training in Washington DC, USA on Oct 25 & 26 2010 Last one this year -- Learn how to get the most out of RT! -- John Alberts Hosted Services Exlibris USA [email protected] cell: 1-508-878-2197
RT Training in Washington DC, USA on Oct 25 & 26 2010 Last one this year -- Learn how to get the most out of RT!
