If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried.
On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner <y...@seiner.com> wrote: > What format do you use for the username? > > When I try hpm\yans which should, in theory, work, I get: > > [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: > dc=hpm,dc=net == Filter: (&(objectClass=*)(sAMAccountName=hpm\5cyans)) == > Attrs: sAMAccountName,mail > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) > > Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is > searching for, then we have a problem. :) > > --Yan > > > On 7/7/2015 11:57 AM, Trev wrote: > > This may help: > > > http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html > > > > On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner <y...@seiner.com> wrote: > >> I'm coming back to RT after a few years. I am trying to set up external >> auth against our AD server. >> >> I have a working implementation for mediawiki, so I know that it's >> possible on our system. As far as possible I've duplicated the options >> from mediawiki/php to rt/perl, but I am still missing something important >> as all login attempts get rejected with a NoUser. >> >> The only thing that I find different (and I'm searching my memory from a >> few years ago when I set up mediawiki) there is a line where the user name >> is pre-pended with the domain for AD: >> >> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" ); >> >> And I can't find anything like that in the RT config. >> >> Does anyone have a working AD external auth they can share? >> >> Thanks. >> >> Here's the logfile snippet: >> >> [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external >> auth service: My_LDAP >> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) >> [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with >> $username (yans) and $service (My_LDAP) >> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) >> [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: >> username: yans , service: My_LDAP >> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) >> [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: >> ou=Staff,dc=hpm,dc=net == Filter: >> (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: >> cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail >> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) >> [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP >> ) yans User not found >> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) >> [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called >> ExternalAuth. Response: (0, No User) >> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) >> [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from >> 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) >> >> And here's the setup in RTSiteConfig.pm: >> >> Plugin('RT::Authen::ExternalAuth'); >> Set($ExternalAuthPriority, [ 'My_LDAP' ]); >> Set($ExternalInfoPriority, [ 'My_LDAP' ]); >> Set($ExternalSettings, { >> 'My_LDAP' => { >> 'type' => 'ldap', >> 'server' => 'file_print.hpm.net', >> # By not passing 'user' and 'pass' we are using an >> anonymous >> # bind, which some servers to not allow >> 'base' => 'dc=hpm,dc=net', >> 'filter' => '(objectClass=inetOrgPerson)', >> # Users are allowed to log in via email address or account >> # name >> 'attr_match_list' => [ >> 'Name', >> # 'EmailAddress', >> ], >> # Import the following properties of the user from LDAP >> upon >> # login >> 'attr_map' => { >> 'Name' => 'sAMAccountName', >> 'EmailAddress' => 'mail', >> 'RealName' => 'cn', >> 'WorkPhone' => 'telephoneNumber', >> 'Address1' => 'streetAddress', >> 'City' => 'l', >> 'State' => 'st', >> 'Zip' => 'postalCode', >> 'Country' => 'co', >> }, >> }, >> } ); >> >> > >