I have solved this problem! I had the $AutoCreateNonExternalUsers set to 0. I changed it to 1.
I completely misinterpreted this setting. I have an AD account which I thought would be considered internal and therefore be created when I first logged in. Frankly, I'm still confused about what I was thinking. Either way, it works. -Mathew "When you do things right, people won't be sure you've done anything at all." - God; Futurama "We'll get along much better once you accept that you're wrong and neither am I." - Me On Fri, Oct 18, 2013 at 8:57 PM, Mathew Snyder <mathew.sny...@gmail.com>wrote: > I seem to be getting closer. I'm down to only the "FAILED LOGIN for user > from..." error. > > I've found that in order to get down to just that I have to include the > domain in the username either as > > - domain\user > - domain.local\user > - user@domain > - user@domain.local > > However, if I use just the username I get > > [3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value > $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607) > [3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value > $service in hash element at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm > line 611. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:611) > [3221] [Sat Oct 19 00:44:37 2013] [warning]: Use of uninitialized value in > string eq at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm > line 613. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:613) > [3221] [Sat Oct 19 00:44:37 2013] [info]: > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , > EmailAddress: , Gecos: user, Name: user, Privileged: > > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685) > [3221] [Sat Oct 19 00:44:37 2013] [error]: Couldn't create user user: > Could not set user info > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:278) > [3221] [Sat Oct 19 00:44:37 2013] [error]: FAILED LOGIN for user from > 192.168.236.119 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814) > > The domain does not seem to be getting passed as part of the username when > I attempt to log in. Interestingly, though, when I don't use the domain, I > do get the info line in the log which contains bits of information that > wouldn't otherwise be returned from AD. If I do use the domain that doesn't > get returned, but I'm still unable to log in. > > I know my credentials are accurate because they are the same as I use to > log into our VPN and that is tied to AD. > > My current settings: > > Set($ExternalAuthPriority, [ 'AD' ] ); > Set($ExternalServiceUsesSSLorTLS, 0); > Set($AutoCreateNonExternalUsers, 0); > Set($ExternalSettings, { > 'AD' => { > 'type' => 'ldap', > 'server' => 'dc1.domain.local', > 'base' => 'dc=domain,dc=local', > 'user' => 'rtuser', > 'pass' => 'xxxxxxxx', > 'filter' => '(ObjectClass=*)', > 'd_filter' => > '(userAccountControl:1.2.840.113556.1.4.803=2)', > 'group_scope' => 'base', > 'tls' => 0, > 'ssl_version' => 3, > 'net_ldap_args' => [ version => 3 ], > 'attr_match_list' => [ > 'Name', > ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'cn', > 'ExternalAuthId' => 'sAMAccountName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co' > }, > }, > } ); > > Further assistance will be appreciated. > > -Mathew > > "When you do things right, people won't be sure you've done anything at > all." - God; Futurama > > "We'll get along much better once you accept that you're wrong and > neither am I." - Me > > > On Fri, Oct 18, 2013 at 8:08 PM, Mathew Snyder <mathew.sny...@gmail.com>wrote: > >> I've actually been trying to get debugging turned on for a few days now. >> I've set all of the variables: >> >> Set( $LogToSTDERR, 'debug' ); >> Set( $LogToFile, 'debug' ); >> Set( $LogDir, '/var/log/' ); >> Set( $LogToFileNamed, 'rt.log' ); >> Set( $LogToSyslog, 'debug' ); >> >> I'm not getting any detailed information at all. In fact, the rt.log file >> isn't even being created. I had tried to set the directory to /opt/rt4/log, >> but the file wasn't being created there, either. >> >> >> >> >> -Mathew >> >> "When you do things right, people won't be sure you've done anything at >> all." - God; Futurama >> >> "We'll get along much better once you accept that you're wrong and >> neither am I." - Me >> >> >> On Fri, Oct 18, 2013 at 7:51 AM, Parish, Brent <bpar...@cognex.com>wrote: >> >>> Hi Matthew**** >>> >>> ** ** >>> >>> It sounds to me like you were authenticating ok initially, but getting >>> an error in creating the user.**** >>> >>> ** ** >>> >>> And to answer your initial question about the group and group_attr >>> settings, I don’t use those at all and it works fine for me.**** >>> >>> ** ** >>> >>> I would recommend putting things back to how you first had them (to >>> generate the error your originally posted), turn the log level up to debug, >>> and try again.**** >>> >>> There are some debug statements within that method that may help >>> identify where it is choking.**** >>> >>> ** ** >>> >>> **- **Brent**** >>> >>> ** ** >>> >>> ** ** >>> >>> **** >>> >>> *From:* Mathew Snyder [mailto:mathew.sny...@gmail.com] >>> *Sent:* Thursday, October 17, 2013 1:50 PM**** >>> >>> >>> *To:* Jeff Solberg >>> *Cc:* rt-users@lists.bestpractical.com**** >>> >>> *Subject:* Re: [rt-users] I need help with the RT-Authen-ExternalAuth >>> LDAP settings, please**** >>> >>> **** >>> >>> I found another thread that indicated that the solution to the second >>> problem was to add @domain to the end of the username. That just reverted >>> to the previous list of errors with a couple new ones.**** >>> >>> **** >>> >>> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in >>> join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42.**** >>> >>> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service >>> in hash element at >>> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >>> line 611.**** >>> >>> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string >>> eq at >>> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >>> line 613.**** >>> >>> Oct 17 16:47:50 zen-rt RT: [24673] >>> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , >>> EmailAddress: , Gecos: user, Name: user, Privileged: **** >>> >>> Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not >>> set user info**** >>> >>> Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from >>> 192.168.236.102**** >>> >>> **** >>> >>> >>> **** >>> >>> **** >>> >>> *From:* rt-users-boun...@lists.bestpractical.com [mailto: >>> rt-users-boun...@lists.bestpractical.com] *On Behalf Of *Mathew Snyder >>> >>> *Sent:* Thursday, October 17, 2013 1:19 PM >>> *To:* rt-users@lists.bestpractical.com >>> *Subject:* [rt-users] I need help with the RT-Authen-ExternalAuth LDAP >>> settings, please >>> **** >>> >>> **** >>> >>> These are the settings I've started with:**** >>> >>> **** >>> >>> Set($ExternalSettings, {**** >>> >>> 'AD' => {**** >>> >>> 'type' => 'ldap',**** >>> >>> 'server' => 'domain_controller.example.com', >>> **** >>> >>> 'base' => 'dc=example,dc=com',**** >>> >>> 'user' => 'rtuser',**** >>> >>> 'pass' => '********',**** >>> >>> 'filter' => '(ObjectClass=*)',**** >>> >>> 'tls' => 0,**** >>> >>> 'ssl_version' => 3,**** >>> >>> 'net_ldap_args' => [ version => 3 ],**** >>> >>> 'attr_match_list' => [**** >>> >>> 'EmailAddress',**** >>> >>> ],**** >>> >>> 'attr_map' => {**** >>> >>> 'Name' => 'sAMAccountName',**** >>> >>> 'EmailAddress' => 'mail',**** >>> >>> 'RealName' => 'cn',**** >>> >>> },**** >>> >>> **** >>> >>> They aren't working. Whenever someone attempts an initial login with >>> just their username (which should create their RT account) the following >>> error is logged:**** >>> >>> Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string >>> eq at >>> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm >>> line 613.**** >>> >>> Oct 17 15:02:29 zen-rt RT: [23131] >>> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , >>> EmailAddress: , Gecos: user, Name: user, Privileged:**** >>> >>> Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not >>> set user info**** >>> >>> Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from >>> 192.168.236.102**** >>> >>> **** >>> >>> When initial logins are attempted with either example\username or >>> example.com\username only the FAILED LOGIN line is displayed.**** >>> >>> **** >>> >>> We also have our Openfire Jabber server authenticating successfully. >>> Those settings are**** >>> >>> ldap.autoFollowAliasReferrals = true**** >>> >>> ldap.autoFollowReferrals = false**** >>> >>> ldap.baseDN = dc=example,dc=com**** >>> >>> ldap.connectionPoolEnabled = true**** >>> >>> ldap.debugEnabled = false**** >>> >>> ldap.emailField = mail**** >>> >>> ldap.encloseDNs = true**** >>> >>> ldap.groupDescriptionField = description**** >>> >>> ldap.groupMemberField = member**** >>> >>> ldap.groupNameField = cn**** >>> >>> ldap.groupSearchFilter = (objectClass=group)**** >>> >>> ldap.host = domain_controller.example.com**** >>> >>> ldap.ldapDebugEnabled = false**** >>> >>> ldap.nameField = cn**** >>> >>> ldap.port = 389**** >>> >>> ldap.searchFilter = (objectClass=*)**** >>> >>> ldap.usernameField = sAMAccountName**** >>> >>> **** >>> >>> **** >>> >>> I know they don't match up exactly in terms of what Openfire calls the >>> settings vs. what RT does, but I'm hoping someone can help me sort out what >>> should be plugged in where on the RT side. For example, I don't know what >>> the group_attr or group_attr_value setting should contain (if anything) in >>> the RT_SiteConfig.pm file. Basically, anything from the "group" settings. >>> **** >>> >>> **** >>> >>> -Mathew >>> >>> "When you do things right, people won't be sure you've done anything at >>> all." - God; Futurama**** >>> >>> **** >>> >>> "We'll get along much better once you accept that you're wrong and >>> neither am I." - Me**** >>> >>> **** >>> >>> **** >>> >>> **** >>> >>> ** ** >>> >> >> >