This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html
On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner <y...@seiner.com> wrote: > I'm coming back to RT after a few years. I am trying to set up external > auth against our AD server. > > I have a working implementation for mediawiki, so I know that it's > possible on our system. As far as possible I've duplicated the options > from mediawiki/php to rt/perl, but I am still missing something important > as all login attempts get rejected with a NoUser. > > The only thing that I find different (and I'm searching my memory from a > few years ago when I set up mediawiki) there is a line where the user name > is pre-pended with the domain for AD: > > $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" ); > > And I can't find anything like that in the RT config. > > Does anyone have a working AD external auth they can share? > > Thanks. > > Here's the logfile snippet: > > [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth > service: My_LDAP > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) > [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with > $username (yans) and $service (My_LDAP) > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) > [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: > username: yans , service: My_LDAP > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) > [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: > ou=Staff,dc=hpm,dc=net == Filter: > (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: > cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) > [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP > ) yans User not found > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) > [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called > ExternalAuth. Response: (0, No User) > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) > [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from > 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) > > And here's the setup in RTSiteConfig.pm: > > Plugin('RT::Authen::ExternalAuth'); > Set($ExternalAuthPriority, [ 'My_LDAP' ]); > Set($ExternalInfoPriority, [ 'My_LDAP' ]); > Set($ExternalSettings, { > 'My_LDAP' => { > 'type' => 'ldap', > 'server' => 'file_print.hpm.net', > # By not passing 'user' and 'pass' we are using an > anonymous > # bind, which some servers to not allow > 'base' => 'dc=hpm,dc=net', > 'filter' => '(objectClass=inetOrgPerson)', > # Users are allowed to log in via email address or account > # name > 'attr_match_list' => [ > 'Name', > # 'EmailAddress', > ], > # Import the following properties of the user from LDAP > upon > # login > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'RealName' => 'cn', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co', > }, > }, > } ); > >