I found another thread that indicated that the solution to the second problem was to add @domain to the end of the username. That just reverted to the previous list of errors with a couple new ones.
Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42. Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611. Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613. Oct 17 16:47:50 zen-rt RT: [24673] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged: Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not set user info Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from 192.168.236.102 -Mathew "When you do things right, people won't be sure you've done anything at all." - God; Futurama "We'll get along much better once you accept that you're wrong and neither am I." - Me On Thu, Oct 17, 2013 at 4:39 PM, Mathew Snyder <[email protected]>wrote: > I didn't know the OU until a few moments ago so I only entered > "cn=user,dc=example,dc=com". That did seem to make a difference. However, > I'm still not able to log in. Perhaps for other reasons, though: > > Oct 17 16:33:11 zen-rt RT: [24525] > RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: > LDAP_INVALID_CREDENTIALS 49 > Oct 17 16:33:11 zen-rt RT: [24525] FAILED LOGIN for example\user from > 192.168.236.102 > > I know I'm entering my username and password correctly and have again > tried just the username, example\username, and example.com\username. I'm > wondering if the LDAP_INVALID_CREDENTIALS error is because of the missing > OU. I do know it now, but how do I enter an OU that has two words? I was > told it is example.com/Special Accounts. > > -Mathew > > "When you do things right, people won't be sure you've done anything at > all." - God; Futurama > > "We'll get along much better once you accept that you're wrong and > neither am I." - Me > > > On Thu, Oct 17, 2013 at 4:27 PM, Jeff Solberg <[email protected]>wrote: > >> For your ‘server’ try using IP rather than hostname.**** >> >> Second for the ‘user’ field try using the DN name for your AD Binding >> user…{cn=some_user,ou=some_ou,dc=some_domain,dc=com**** >> >> ** ** >> >> Hope this helps..**** >> >> ** ** >> >> Jeff**** >> >> ** ** >> >> ** ** >> >> ** ** >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Mathew Snyder >> *Sent:* Thursday, October 17, 2013 1:19 PM >> *To:* [email protected] >> *Subject:* [rt-users] I need help with the RT-Authen-ExternalAuth LDAP >> settings, please**** >> >> ** ** >> >> These are the settings I've started with:**** >> >> ** ** >> >> Set($ExternalSettings, {**** >> >> 'AD' => {**** >> >> 'type' => 'ldap',**** >> >> 'server' => 'domain_controller.example.com',* >> *** >> >> 'base' => 'dc=example,dc=com',**** >> >> 'user' => 'rtuser',**** >> >> 'pass' => '********',**** >> >> 'filter' => '(ObjectClass=*)',**** >> >> 'tls' => 0,**** >> >> 'ssl_version' => 3,**** >> >> 'net_ldap_args' => [ version => 3 ],**** >> >> 'attr_match_list' => [**** >> >> 'EmailAddress',**** >> >> ],**** >> >> 'attr_map' => {**** >> >> 'Name' => 'sAMAccountName',**** >> >> 'EmailAddress' => 'mail',**** >> >> 'RealName' => 'cn',**** >> >> },**** >> >> ** ** >> >> They aren't working. Whenever someone attempts an initial login with just >> their username (which should create their RT account) the following error >> is logged:**** >> >> Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string >> eq at >> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >> line 613.**** >> >> Oct 17 15:02:29 zen-rt RT: [23131] >> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , >> EmailAddress: , Gecos: user, Name: user, Privileged:**** >> >> Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not >> set user info**** >> >> Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from >> 192.168.236.102**** >> >> ** ** >> >> When initial logins are attempted with either example\username or >> example.com\username only the FAILED LOGIN line is displayed.**** >> >> ** ** >> >> We also have our Openfire Jabber server authenticating successfully. >> Those settings are**** >> >> ldap.autoFollowAliasReferrals = true**** >> >> ldap.autoFollowReferrals = false**** >> >> ldap.baseDN = dc=example,dc=com**** >> >> ldap.connectionPoolEnabled = true**** >> >> ldap.debugEnabled = false**** >> >> ldap.emailField = mail**** >> >> ldap.encloseDNs = true**** >> >> ldap.groupDescriptionField = description**** >> >> ldap.groupMemberField = member**** >> >> ldap.groupNameField = cn**** >> >> ldap.groupSearchFilter = (objectClass=group)**** >> >> ldap.host = domain_controller.example.com**** >> >> ldap.ldapDebugEnabled = false**** >> >> ldap.nameField = cn**** >> >> ldap.port = 389**** >> >> ldap.searchFilter = (objectClass=*)**** >> >> ldap.usernameField = sAMAccountName**** >> >> ** ** >> >> ** ** >> >> I know they don't match up exactly in terms of what Openfire calls the >> settings vs. what RT does, but I'm hoping someone can help me sort out what >> should be plugged in where on the RT side. For example, I don't know what >> the group_attr or group_attr_value setting should contain (if anything) in >> the RT_SiteConfig.pm file. Basically, anything from the "group" settings. >> **** >> >> ** ** >> >> -Mathew >> >> "When you do things right, people won't be sure you've done anything at >> all." - God; Futurama**** >> >> ** ** >> >> "We'll get along much better once you accept that you're wrong and >> neither am I." - Me**** >> > >
