Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP

Fri, 03 Oct 2014 10:52:00 -0700 

A little more info after checking rt4 logs:
Oct 3 10:20:16 rtracker6 RT: [16022] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: Oct 3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke: Could not set user info Oct 3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from 10.30.2.210 

On 10/3/2014 11:06 AM, William Clarke wrote:

Sorry, I sent that a little prematurely..... RT shows your username or 
password is incorrect : (


On 10/3/2014 10:58 AM, William Clarke wrote:

Hi all,

CentOS6.5 \ Apache 2.2.15 \ Perl 5.18.2 \ MariaDB 5.5.39

I followed these instructions for my RT build:
http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html


I'm very new to RT. I've read up what I could find on CPAN, wiki and 
Google and I'm not quite sure which way to go here. RT is connecting 
to our ldap and a search result is found but the logs in ldap show 
"closed (connection lost)" so I suspect RT isn't seeing\getting the 
response back from LDAP. I have some examples below showing RT's LDAP 
requests with logs as well as the same search run via command line.



The main differences I can see in logs so far is command line test 
sends "scope=2 deref=0" vs RT test "scope=2 deref=2" and also that 
the RT test doesn't unbind and the connection is lost.



Command line: ldapsearch -x -p 389 -h ldap.simons-rock.edu -b 
ou=People,dc=simons-rock,dc=edu "(&(&(uid=*))(uid=wclarke))" mail uid


# extended LDIF
#
# LDAPv3
# base <ou=People,dc=simons-rock,dc=edu> with scope subtree
# filter: (&(&(uid=*))(uid=wclarke))
# requesting: mail uid
#

# wclarke, People, simons-rock.edu
dn: uid=wclarke,ou=People,dc=simons-rock,dc=edu
uid: wclarke
mail: wcla...@simons-rock.edu

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
---------------------------------------------------------------------------------------------------------------
Logs from ldap via command line - loglevel 256
---------------------------------------------------------------------------------------------------------------

Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 ACCEPT from 
IP=10.30.2.36:51249 (IP=0.0.0.0:389)

Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 BIND dn="" method=128

Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 RESULT tag=97 
err=0 text=
Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH 
base="ou=People,dc=simons-rock,dc=edu" scope=2 deref=0 
filter="(&(&(uid=*))(uid=wclarke))"

Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH attr=mail uid

Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SEARCH RESULT 
tag=101 err=0 nentries=1 text=

Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 op=2 UNBIND
Oct  3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 closed
---------------------------------------------------------------------------------------------------------------
Logs from ldap when logging into RT - loglevel 256
---------------------------------------------------------------------------------------------------------------

Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 ACCEPT from 
IP=10.30.2.36:51262 (IP=0.0.0.0:389)

Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 BIND dn="" method=128

Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 RESULT tag=97 
err=0 text=
Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH 
base="ou=People,dc=simons-rock,dc=edu" scope=2 deref=2 
filter="(&(&(uid=*))(uid=wclarke))"

Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH attr=uid mail

Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SEARCH RESULT 
tag=101 err=0 nentries=1 text=
Oct  3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 closed 
(connection lost)

---------------------------------------------------------------------------------------------------------------
External Settings from: RT_SiteConfig.pm
---------------------------------------------------------------------------------------------------------------
Set( $ExternalSettings, {
        'My_LDAP'       =>  {
            'type'                      =>  'ldap',
            'server'                    => 'ldap2.simons-rock.edu',

            'base'                      => 
'ou=People,dc=simons-rock,dc=edu',

            'filter'                    => '(objectClass=*)',
            'net_ldap_args'             => [    version =>  3   ],

            'attr_match_list' => [
                'Name',
                'EmailAddress',
            ],
            'attr_map' => {
                'Name' => 'uid',
                'EmailAddress' => 'mail',
            },
        },
    } );

# You must install Plugins on your own, this is only an example
# of the correct syntax to use when activating them:
#       Plugin( "RT::Extension::SLA" );
#       Plugin( "RT::Authen::ExternalAuth" );

        Plugin( "RT::Authen::ExternalAuth" );
#       Plugin( "RT::Extension::Assets" );
#       plugin( "RT::Extension::Assets::Import::CSV" );
1;
--

William Clarke
ITS System Administrator
Bard College at Simon's Rock
84 Alford Road
Great Barrington, MA  01230
(413) 528-7428 (voice)
(413) 528-7405 (fax)
wcla...@simons-rock.edu





-- 
RT Training November 4 & 5 Los Angeles
http://bestpractical.com/training






















					Reply via email to