# cat RT_SiteConfig.pm
Set($ExternalAuthPriority, [ 'My_LDAP',] );
Set($ExternalInfoPriority, [ 'My_LDAP',] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'zeus.mydomain.edu',
'user' =>
'CN=LDAPRT,OU=CampusServices,DC=mydomain,DC=mydomain,DC=edu',
'pass' => '*********',
'base' =>
'DC=mydomain,DC=mydomain,DC=edu',
'filter' =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
# 'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'group' =>
'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu',
'group_attr' => 'member',
'attr_match_list' => [ 'Name',
'EmailAddress' ],
'attr_map' => { 'Name' =>
'sAMAccountName',
'EmailAddress' =>
'mail',
'Organization' =>
'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' =>
'sAMAccountName',
'Gecos' =>
'sAMAccountName',
'WorkPhone' =>
'telephoneNumber',
'Address1' =>
'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' =>
'postalCode',
'Country' => 'co'
}
}
}
);
1;
EOF
I do not have Debugging turned on. I am going to need some help turning it on
since this is new to me.
Here are some errors from /var/log/messages...
This is a failed attempt...
Feb 1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can't bind:
LDAP_INVALID_CREDENTIALS 49 )
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)
Feb 1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
Here is a successful attemt....
Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth External
Auth OK ( My_LDAP ): test.account
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
Feb 2 10:14:02 localhost RT: Couldn't enable user 28
(/opt/rt4/sbin/../lib/RT/User.pm:1066)
Feb 2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per
External Service (, )
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
returning Address1: , City: , Country: , EmailAddress: [email protected],
ExternalAuthId: test.account, Gecos: test.account, Name: test.account,
Organization: , RealName: Test Account, State: , WorkPhone: , Zip:
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Feb 2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)
Van Howell
System Administrator
Lubbock Christian University
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Kevin Falcone
Sent: Wednesday, February 01, 2012 5:33 PM
To: [email protected]
Subject: Re: [rt-users] External Auth using Active Directory 2008
On Wed, Feb 01, 2012 at 11:04:38PM +0000, Howell, Van wrote:
> I have added several users into the RTUsers group I set up in AD.
>
> The AD Administrator, a common Domain User called Test.Account that is
> located in the OU with
> all my other users, my personal account also located in the OU with all
> the other users and an
> alternate administrative account I use.
>
>
>
> I can logon to RT with the AD Administrator account. I can logon to RT
> with the Test.Account
> and I can log in using my alternate account. But I cannot logon using my
> personal account. I
> also had my assistant test with her account and she cannot log on.
>
> I have studied the problem and cannot find anything unique about the
> accounts that cannot
> logon.
We really need to see your configuration for RT-Authen-ExternalAuth and your
logs for the failed login, turned up to debug.
-kevin
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 & 6, 2012
