Re: [rt-users] Help with Active Directory Auth on 4.2.2

Thu, 06 Feb 2014 10:20:25 -0800 

Here is mine which is working great
# WorkingLDAP Connection
    'Connect_LDAP'  =>  {
       'type'              =>  'ldap',
       'server'            =>  '192.168.250.49',
       'user'              =>  
'CN=Secret,OU=Users_Special,OU=Copesan,DC=Copesan,DC=local',
       'pass'              =>  Secret,
       'base'              =>  'DC=copesan,DC=local',
       'filter'            =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
       'd_filter'          =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
       'tls'               =>  0,
#      'ssl_version'       =>  3,

       'net_ldap_args'     => [ version => 3 ],
#      'group'             =>  'CN=RTUsers,OU=CampusServices,DC= 
mydomain,DC=mydomain,DC=edu',
#      'group_attr'        =>  'member',

       'attr_match_list'   => [   'Name', 'EmailAddress'   ],
       'attr_map'          => {   'Name' => 'sAMAccountName',
                          'EmailAddress' => 'mail',
                          'Organization' => 'physicalDeliveryOfficeName',
                              'RealName' => 'cn',
                        'ExternalAuthId' => 'sAMAccountName',
                                 'Gecos' => 'sAMAccountName',
                             'WorkPhone' => 'telephoneNumber',
                              'Address1' => 'streetAddress',
                                  'City' => 'l',
                                 'State' => 'st',
                                   'Zip' => 'postalCode',
                               'Country' => 'co'
                }
         }
     }

I would question the conical name of the user the log email address is 
different from the name .local versus .com.br.  Should the local have a .br as 
well? Also in the conical name you do not have an OU in the path.

Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726  *  262-783-6261 ext. 2296
bba...@copesan.com<mailto:cstep...@copesan.com>
www.copesan.com<http://www.copesan.com/>
"Servicing North America with Local Care"

From: rt-users-boun...@lists.bestpractical.com 
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Diego Andrade
Sent: Thursday, February 06, 2014 11:46 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Help with Active Directory Auth on 4.2.2

Hi,

I need some help from you whom have already Request Tracker with Active 
Directory!

After struggle for some days trying to authenticate Active Directory users with 
the External Auth module I bring you my Apache Log and configuration of the 
Plugin. May someone help me with advices??? I would love to see my Request 
Tracker linked to the Active Directory of the company.

My Operational Systems are:
Request Tracker 4.2.2 - Ubuntu 13.10
Active Directory - Windows 2008 Server

Well after trying to figure out how the Plugin Works I wanted to make sure my 
Active Directory was acessible and the Bind account was working. So I check 
with the command:

ldapsearch -x -h pdcsti.stitelecom.local -p 389 -D 
"cn=rt-ldap,cn=Users,dc=stitelecom,dc=local" -w secret -s sub -b 
'cn=Users,dc=stitelecom,dc=local' "(&(objectClass=*))"

When I do it the output is a loto f Users, Groups and other objects from the 
AD. So I suppose the AD is ready right??

Follow the RT part...

+++++In the /var/log/apache2/error.log++++++

[4638] [Thu Feb  6 14:41:01 2014] [info]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , 
EmailAddress: r...@stitelecom.com.br<mailto:r...@stitelecom.com.br>, 
ExternalAuthId: rtop, Gecos: rtop, Name: rtop, Privileged: , RealName:  
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
[4638] [Thu Feb  6 14:41:01 2014] [info]: Autocreated external user rtop ( 118 
) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:281)
[4638] [Thu Feb  6 14:41:01 2014] [info]: My_LDAP AUTH FAILED rtop (can't bind: 
LDAP_INVALID_CREDENTIALS 49 ) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:227)
[4638] [Thu Feb  6 14:41:01 2014] [error]: FAILED LOGIN for rtop from 
10.10.1.137 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:814)

++++++ In the RT_Siteconfig.pm: +++++++

Plugin( "RT::Authen::ExternalAuth" );
Set($ExternalAuthPriority,  [ 'My_LDAP' ] );
Set($ExternalInfoPriority,  [ 'My_LDAP' ] );
Set($AutoCreateNonExternalUsers,    0);
Set($ExternalSettings, {

'My_LDAP'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'pdcsti.stitelecom.local',
        'user'                      =>  
'cn=rt-ldap,cn=Users,dc=stitelecom,dc=local',
        'pass'                      =>  'secret',
        'base'                      =>  'dc=stitelecom,dc=local',
        'filter'                    =>  '(objectclass=*)',
        'group'                     =>  
'cn=RTUsers,ou=RT4,ou=STI,dc=stitelecom,dc=local',
        'group_attr'                =>  'uniqueMember',
        'tls'                       =>  0,
        'ssl_version'               =>  3,
        'net_ldap_args'             => [    version =>  3   ],
        'attr_match_list' => [
            'Name',
            'EmailAddress',
        ],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'ExternalAuthId' => 'sAMAccountName',
        },
    },
} );
1;


THANK YOU IN ADVANCE!


[Diego2013]

<<inline: image001.jpg>>

Reply via email to