On Mon, Jul 01, 2013 at 04:24:51PM +0000, Jeff Solberg wrote: > > - -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Kevin Falcone > > Sent: Monday, July 01, 2013 9:14 AM > > To: [email protected] > > Subject: [secure] Re: [rt-users] External Auth config with RT on Debian > > Sensitivity: Confidential > > > > * PGP Signed by an unknown key > > > > On Fri, Jun 28, 2013 at 12:29:22PM -0700, jsolberg wrote: > > > Default settings till here.... > > > #PLUGINS > > > Set( @Plugins, qw(RT::Authen::ExternalAuth)); > > > > > > #External Auth Settings > > > > > > Set($ExternalAuthPriority, [ 'My_LDAP',] ); Set($ExternalInfoPriority, > > > [ 'My_LDAP',] ); Set($ExternalServiceUsesSSLorTLS, 0); > > > Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { > > > 'My_LDAP' => { > > > 'type' => 'ldap', > > > 'server' => 'dc2.xxxxxx.com', > > > 'user' => 'cn=Bind > > > Ldap,ou=User,Logins,dc=intrepidls,dc=com', > > > 'pass' => 'xxxxxxx', > > > 'base' => 'dc=xxxx,dc=com', > > > 'filter' => > > > '(&(ObjectCategory=User)(ObjectClass=Person))', > > > 'd_filter' => > > > '(userAccountControl:1.2.840.113556.1.4.803=2)', > > > 'group' => 'cn=Domain > > > Users,ou=Groups_Security,dc=xxxxx,dc=com', > > > 'group_attr' => 'member', > > > 'tls' => 0, > > > 'ssl_version' => 3, > > > 'net_ldap_args' => [ version => 3, port => 3268 > > > ], > > > 'group_scope' => 'base', > > > 'group_attr_value' => 'GROUP_ATTR_VALUE', > > > 'attr_match_list' => [ > > > 'Name', > > > 'EmailAddress', > > > 'RealName', > > > ], > > > 'attr_map' => { > > > 'Name' => 'sAMAccountName', > > > 'EmailAddress' => 'mail', > > > 'Organization' => 'physicalDeliveryOfficeName', > > > 'RealName' => 'cn', > > > 'ExternalAuthId' => 'sAMAccountName', > > > 'Gecos' => 'sAMAccountName', > > > 'WorkPhone' => 'telephoneNumber', > > > 'Address1' => 'streetAddress', > > > 'City' => 'l', > > > 'State' => 'st', > > > 'Zip' => 'postalCode', > > > 'Country' => 'co' > > > }, > > > }, > > > # An example SSO cookie service > > > 'My_SSO_Cookie' => { > > > 'type' => 'cookie', > > > 'name' => 'loginCookieValue', > > > 'u_table' => 'users', > > > 'u_field' => 'username', > > > 'u_match_key' => 'userID', > > > 'c_table' => 'login_cookie', > > > 'c_field' => 'loginCookieValue', > > > 'c_match_key' => 'loginCookieUserID', > > > 'db_service_name' => 'My_MySQL' > > > }, > > > } ); > > > > > > 1; > > > > > > I then use update-rt-siteconfig to merge these settings into > > > RT_SiteConfig.pm. From what I read this is all correct and "Should" > > > allow AD accounts to log in. Here is what is logging in the apache2 error > > > log: > > > > > > [Fri Jun 28 19:01:58 2013] [warning]: The actual HTTP_HOST (admin-rt4) > > > does NOT match the configured WebDomain (localhost). Perhaps you > > > should Set($WebDomain, 'admin-rt4'); in RT_SiteConfig.pm, otherwise > > > your internal links may be broken. > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194) > > > [Fri Jun 28 19:02:09 2013] [error]: FAILED LOGIN for > > > [email protected] from 10.10.30.62 > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > [Fri Jun 28 19:02:40 2013] [error]: FAILED LOGIN for jsolberg from > > > 10.10.30.62 ( /usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > [Fri Jun 28 19:02:52 2013] [info]: Successful login for root from > > > 10.10.30.62 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745) > > > root@admin-rt4:/usr/share/request-tracker4/lib# > > > > Navigate to Tools -> Configuration -> System Configuration and check that > > Plugins contains RT::Authen::ExternalAuth. > > > Thanks for your reply. In the sys config it shows the following under PLUGINS: > > Plugins [ > 'RT::Authen::ExternalAuth' > ]
Great - now go make sure your $LogToScreen is set to 'debug' and log in again. root will always be able to log in because it has a local password set, you're more concerned about getting useful debugging messages for your jsolberg user. -kevin
pgpWEQyK88Gd1.pgp
Description: PGP signature
