Re: [rt-users] LDAP ExternalAuth broken after upgrade from 4.0.2 to 4.0.4

Wed, 23 Nov 2011 10:53:40 -0800 

On Wed, Nov 23, 2011 at 11:46:44AM -0600, Karl Boyken wrote:
> We run RT on RedHat Enterprise Server 6.1, with Perl 5.14.2.  We set
> up RT::ExternalAuth to authenticate against our OpenLDAP server, and
> it works fine with RT 4.0.2.  But after upgrading to RT 4.0.4, LDAP
> authentication breaks.  I'd appreciate any helpful ideas.  Here's
> the relevant log entry--it's an LDAP bind() error:
> 
> 
> Nov 23 11:27:28 serv07 RT:
> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
> LDAP_OPERATIONS_ERROR 1 
> (/path_to_our_RT/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)

This usually means that the LDAP server rejected you in some way.
You may find more information in the server logs, you may also set
net_ldap_args => [ debug => 2 or 8 ] in addition to your current args
to get back the full dumps of packets coming over the wire.
Please note that the debug dumps may contain privileged info, so it's
really just a debugging shim.

-kevin

> This is the relevant section of our RT_SiteConfig.pm file (where
> values beginning with "our" have been changed for posting):
> 
> 
> # To enable RT::Authen::ExternalAuth
> Set(@Plugins, qw(RT::Authen::ExternalAuth));
> 
> # RT::Authen::ExternalAuth settings
> # For information on configuring RT::Authen::ExternalAuth, see
> # $RT_HOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
> 
> Set($ExternalAuthPriority, ['DIVMS_LDAP',]);
> Set($ExternalInfoPriority, ['DIVMS_LDAP',]);
> Set($ExternalServiceUsesSSLorTLS, 1);
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings,
>     {
>      'DIVMS_LDAP' => {
>                       'type' => 'ldap',
>                       'server' => 'our_server',
>                       'user' => 'our_cn',
>                       'pass' => 'our_password',
>                       'base' => 'our_base',
>                       'filter' => '(objectClass=*)',
>                       'd_filter' => '(objectClass=FooBarBaz)',
>                       'tls' => 1,
>                       'ssl_version' => 1,
>                       'net_ldap_args' => [ port => 389, version => 3 ],
>                       'group' => '',
>                       'group_attr' => '',
>                       'attr_match_list' => [ 'Name', 'EmailAddress', ],
>                       'attr_map' => {
>                                      'Name' => 'uid',
>                                      'EmailAddress' => 'mail',
>                                      'RealName' => 'gecos',
>                                      'ExternalAuthId' => 'uid',
>                                      'Gecos' => 'uid',
>                                     }
>                      }
>     }
> );
> 
> -- 
> Karl Boyken, system administrator [email protected]
> 303A MLH, Dept. of Comp. Sci. http://www.cs.uiowa.edu/~boyken/
> The U. of Iowa, Iowa City, IA  52242   319-335-2730 (voice)
> 319-335-3668 (fax)
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  Barcelona, Spain  November 28 & 29, 2011

Attachment: pgpDP4oSbrgtx.pgp
Description: PGP signature

--------
RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28 & 29, 2011

Reply via email to