On Fri, Jan 21, 2011 at 10:16:33AM -0700, Nick Couchman wrote: > On Fri, 2011-01-21 at 10:37 -0500, Kevin Falcone wrote: > > On Fri, Jan 21, 2011 at 07:48:15AM -0700, Nick Couchman wrote: > > > [Fri Jan 21 03:40:09 2011] [debug]: UPDATED user Nick Couchman from LDAP > > > (/opt/rt3/local/lib/RT/User_Local.pm:628) > > > > Looks like you're using an old extension that clobbers IsPassword. > > You're going to need to merge that code with the IsPassword in > > SaltedPasswords to handle both cases. > > > > -kevin > > Well, I'm getting closer. I decided to remove the old LDAP method and > install the RT-Authen-ExternalAuth extension, version 0.05, instead. > Now the log output looks like this: > > [Fri Jan 21 17:14:07 2011] [debug]: LDAP Search === Base: dc=seakr,dc=com == > Filter: (&(objectClass=posixAccount)(cn=Nick Couchman)) == Attrs: > l,cn,st,mail,cn,co,physicalDeliveryOfficeName,postalCode,telephoneNumber,cn,o,cn > (/opt/rt3/local/lib/RT/User_Vendor.pm:850) > [Fri Jan 21 17:14:07 2011] [debug]: LDAP Search === Base: dc=seakr,dc=com == > Filter: (&(objectClass=posixAccount)(isDisabled=true)(cn=Nick Couchman)) == > Attrs: uid (/opt/rt3/local/lib/RT/User_Vendor.pm:890) > [Fri Jan 21 17:14:07 2011] [info]: ENABLED user Nick Couchman per External > Service (0, That is already the current value) > (/opt/rt3/local/lib/RT/User_Vendor.pm:957) > [Fri Jan 21 17:14:07 2011] [debug]: RT::User::CanonicalizeUserInfo called by > RT::User /opt/rt3/local/lib/RT/User_Vendor.pm 966 with: Name: Nick Couchman > (/opt/rt3/local/lib/RT/User_Vendor.pm:400) > [Fri Jan 21 17:14:07 2011] [debug]: Attempting to get user info using this > external service: eDirectory1 (/opt/rt3/local/lib/RT/User_Vendor.pm:408) > [Fri Jan 21 17:14:07 2011] [debug]: Attempting to use this canonicalization > key: Name (/opt/rt3/local/lib/RT/User_Vendor.pm:417) > [Fri Jan 21 17:14:07 2011] [debug]: LDAP Search === Base: dc=seakr,dc=com == > Filter: (&(objectClass=posixAccount)(cn=Nick Couchman)) == Attrs: > l,cn,st,mail,cn,co,physicalDeliveryOfficeName,postalCode,telephoneNumber,cn,o,cn > (/opt/rt3/local/lib/RT/User_Vendor.pm:538) > [Fri Jan 21 17:14:07 2011] [info]: RT::User::LookupExternalUserInfo : > Returning: Address1: , City: , Country: , EmailAddress: > [email protected], ExternalAuthId: Nick Couchman, Gecos: Nick Couchman, > Name: Nick Couchman, Organization: , RealName: Nick Couchman, State: , > WorkPhone: , Zip: (/opt/rt3/local/lib/RT/User_Vendor.pm:703) > [Fri Jan 21 17:14:07 2011] [info]: RT::User::CanonicalizeUserInfo returning > Address1: , City: , Country: , EmailAddress: [email protected], > ExternalAuthId: Nick Couchman, Gecos: Nick Couchman, Name: Nick Couchman, > Organization: , RealName: Nick Couchman, State: , WorkPhone: , Zip: > (/opt/rt3/local/lib/RT/User_Vendor.pm:444) > [Fri Jan 21 17:14:08 2011] [debug]: UPDATED user Nick Couchman from External > Service (/opt/rt3/local/lib/RT/User_Vendor.pm:990) > [Fri Jan 21 17:14:08 2011] [error]: FAILED LOGIN for Nick Couchman from > 192.168.10.71 (/opt/rt3/share/html/autohandler:251) > > So, it looks to me like it successfully pulls all of the information > from the LDAP service successfully, but for some reason still fails the > login. I know I'm typing the correct password - tried that along with > bogus ones a few times. Any other hints?
Correct ldap password or correct local password? RT-Authen-ExternalAuth 0.05 messes with IsPassword, and you'd likely have to merge the IsPassword from SaltedPasswords with IsInternalPassword to make it go. RT-Authen-ExternalAuth 0.08 (the version compatible with 3.8) uses a different technique that doesn't clobber IsPassword -kevin
pgpXs5mCB6zNA.pgp
Description: PGP signature
