I'm not very familiar with Linux or Perl and have mostly been following guides
that I can find from Google in getting RT set up for my company. I'm running a
Ubuntu 13.10 server with RT 4.2 and ExternalAuth (installed via CPAN) to
connect to Active Directory. I've run into roadblocks nearly every step of the
way but I feel like I'm almost there. I was able to log on with AD credentials
at one point (taking me to an error page first but I was logged in when
returning to the main page) but once I added the 'group' and 'group_attr'
settings, it's now not letting me log in.
Apache's error log when attempting to log in:
[10263] [Thu Nov 14 20:01:23 2013] [info]: My_LDAP AUTH FAILED: tamas.mccoy
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:289)
[10263] [Thu Nov 14 20:01:23 2013] [error]: FAILED LOGIN for tamas.mccoy from
192.168.1.68 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814)
My RT_SiteConfig.pm:
Set( $rtname, 'McLendon Hardware');
Set( $Organization, 'corp.mclendons.com');
Set( $Timezone, 'US/Pacific');
Set( $WebDomain, 'snip');
Set( $WebPort, 80);
Set( $WebPath, '');
Set( $DatabasePassword, 'snip');
Set( $LogoLinkURL, 'snip');
Set( $LogToSyslog, 'debug');
Set(@Plugins, qw (
RT::Extension::MandatorySubject
RT::Authen::ExternalAuth
));
### ACTIVE DIRECTORY CONNECTION
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => '192.168.100.215',
'user' => 'MCLENDONS/snip',
'pass' => 'snip',
'base' => 'dc=corp,dc=mclendons,dc=com',
'filter' => '(objectClass=*)',
'd_filter' =>
'UserAccountControl:1.2.840.113556.1.4.803:=2',
'group' => 'CN=Domain
Users,CN=Users,DC=corp,DC=mclendons,DC=com',
'group_attr' => 'memberOf',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3, port => 3268 ],
# 'group_scope' => 'base',
# 'group_attr_value' => 'GROUP_ATTR_VALUE',
'attr_match_list' => [
'Name',
'EmailAddress',
'RealName',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
} );
1;
Tamas McCoy
IT Assistant
McLendon Hardware, Inc.
[email protected]<mailto:[email protected]>
All email sent via the McLendon Hardware Email System is for business use
only.
Using this email system for any other purpose is strictly prohibited. This email
and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed.
If you are not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information
is strictly prohibited.
