I seem to be getting closer. I'm down to only the "FAILED LOGIN for user from..." error.
I've found that in order to get down to just that I have to include the domain in the username either as - domain\user - domain.local\user - user@domain - [email protected] However, if I use just the username I get [3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607) [3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:611) [3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:613) [3221] [Sat Oct 19 00:44:37 2013] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685) [3221] [Sat Oct 19 00:44:37 2013] [error]: Couldn't create user user: Could not set user info (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:278) [3221] [Sat Oct 19 00:44:37 2013] [error]: FAILED LOGIN for user from 192.168.236.119 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814) The domain does not seem to be getting passed as part of the username when I attempt to log in. Interestingly, though, when I don't use the domain, I do get the info line in the log which contains bits of information that wouldn't otherwise be returned from AD. If I do use the domain that doesn't get returned, but I'm still unable to log in. I know my credentials are accurate because they are the same as I use to log into our VPN and that is tied to AD. My current settings: Set($ExternalAuthPriority, [ 'AD' ] ); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'AD' => { 'type' => 'ldap', 'server' => 'dc1.domain.local', 'base' => 'dc=domain,dc=local', 'user' => 'rtuser', 'pass' => 'xxxxxxxx', 'filter' => '(ObjectClass=*)', 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803=2)', 'group_scope' => 'base', 'tls' => 0, 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }, }, } ); Further assistance will be appreciated. -Mathew "When you do things right, people won't be sure you've done anything at all." - God; Futurama "We'll get along much better once you accept that you're wrong and neither am I." - Me On Fri, Oct 18, 2013 at 8:08 PM, Mathew Snyder <[email protected]>wrote: > I've actually been trying to get debugging turned on for a few days now. > I've set all of the variables: > > Set( $LogToSTDERR, 'debug' ); > Set( $LogToFile, 'debug' ); > Set( $LogDir, '/var/log/' ); > Set( $LogToFileNamed, 'rt.log' ); > Set( $LogToSyslog, 'debug' ); > > I'm not getting any detailed information at all. In fact, the rt.log file > isn't even being created. I had tried to set the directory to /opt/rt4/log, > but the file wasn't being created there, either. > > > > > -Mathew > > "When you do things right, people won't be sure you've done anything at > all." - God; Futurama > > "We'll get along much better once you accept that you're wrong and > neither am I." - Me > > > On Fri, Oct 18, 2013 at 7:51 AM, Parish, Brent <[email protected]> wrote: > >> Hi Matthew**** >> >> ** ** >> >> It sounds to me like you were authenticating ok initially, but getting an >> error in creating the user.**** >> >> ** ** >> >> And to answer your initial question about the group and group_attr >> settings, I don’t use those at all and it works fine for me.**** >> >> ** ** >> >> I would recommend putting things back to how you first had them (to >> generate the error your originally posted), turn the log level up to debug, >> and try again.**** >> >> There are some debug statements within that method that may help identify >> where it is choking.**** >> >> ** ** >> >> **- **Brent**** >> >> ** ** >> >> ** ** >> >> **** >> >> *From:* Mathew Snyder [mailto:[email protected]] >> *Sent:* Thursday, October 17, 2013 1:50 PM**** >> >> >> *To:* Jeff Solberg >> *Cc:* [email protected]**** >> >> *Subject:* Re: [rt-users] I need help with the RT-Authen-ExternalAuth >> LDAP settings, please**** >> >> **** >> >> I found another thread that indicated that the solution to the second >> problem was to add @domain to the end of the username. That just reverted >> to the previous list of errors with a couple new ones.**** >> >> **** >> >> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in >> join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42.**** >> >> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service in >> hash element at >> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >> line 611.**** >> >> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string >> eq at >> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >> line 613.**** >> >> Oct 17 16:47:50 zen-rt RT: [24673] >> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , >> EmailAddress: , Gecos: user, Name: user, Privileged: **** >> >> Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not >> set user info**** >> >> Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from >> 192.168.236.102**** >> >> **** >> >> >> **** >> >> **** >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Mathew Snyder >> >> *Sent:* Thursday, October 17, 2013 1:19 PM >> *To:* [email protected] >> *Subject:* [rt-users] I need help with the RT-Authen-ExternalAuth LDAP >> settings, please >> **** >> >> **** >> >> These are the settings I've started with:**** >> >> **** >> >> Set($ExternalSettings, {**** >> >> 'AD' => {**** >> >> 'type' => 'ldap',**** >> >> 'server' => 'domain_controller.example.com',* >> *** >> >> 'base' => 'dc=example,dc=com',**** >> >> 'user' => 'rtuser',**** >> >> 'pass' => '********',**** >> >> 'filter' => '(ObjectClass=*)',**** >> >> 'tls' => 0,**** >> >> 'ssl_version' => 3,**** >> >> 'net_ldap_args' => [ version => 3 ],**** >> >> 'attr_match_list' => [**** >> >> 'EmailAddress',**** >> >> ],**** >> >> 'attr_map' => {**** >> >> 'Name' => 'sAMAccountName',**** >> >> 'EmailAddress' => 'mail',**** >> >> 'RealName' => 'cn',**** >> >> },**** >> >> **** >> >> They aren't working. Whenever someone attempts an initial login with just >> their username (which should create their RT account) the following error >> is logged:**** >> >> Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string >> eq at >> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >> line 613.**** >> >> Oct 17 15:02:29 zen-rt RT: [23131] >> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , >> EmailAddress: , Gecos: user, Name: user, Privileged:**** >> >> Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not >> set user info**** >> >> Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from >> 192.168.236.102**** >> >> **** >> >> When initial logins are attempted with either example\username or >> example.com\username only the FAILED LOGIN line is displayed.**** >> >> **** >> >> We also have our Openfire Jabber server authenticating successfully. >> Those settings are**** >> >> ldap.autoFollowAliasReferrals = true**** >> >> ldap.autoFollowReferrals = false**** >> >> ldap.baseDN = dc=example,dc=com**** >> >> ldap.connectionPoolEnabled = true**** >> >> ldap.debugEnabled = false**** >> >> ldap.emailField = mail**** >> >> ldap.encloseDNs = true**** >> >> ldap.groupDescriptionField = description**** >> >> ldap.groupMemberField = member**** >> >> ldap.groupNameField = cn**** >> >> ldap.groupSearchFilter = (objectClass=group)**** >> >> ldap.host = domain_controller.example.com**** >> >> ldap.ldapDebugEnabled = false**** >> >> ldap.nameField = cn**** >> >> ldap.port = 389**** >> >> ldap.searchFilter = (objectClass=*)**** >> >> ldap.usernameField = sAMAccountName**** >> >> **** >> >> **** >> >> I know they don't match up exactly in terms of what Openfire calls the >> settings vs. what RT does, but I'm hoping someone can help me sort out what >> should be plugged in where on the RT side. For example, I don't know what >> the group_attr or group_attr_value setting should contain (if anything) in >> the RT_SiteConfig.pm file. Basically, anything from the "group" settings. >> **** >> >> **** >> >> -Mathew >> >> "When you do things right, people won't be sure you've done anything at >> all." - God; Futurama**** >> >> **** >> >> "We'll get along much better once you accept that you're wrong and >> neither am I." - Me**** >> >> **** >> >> **** >> >> **** >> >> ** ** >> > >
