Set( $WebExternalAuth, 1 ); to Set( $ExternalAuth, 1 ); > On 11 Feb 2016, at 3:44 PM, John Andersen <[email protected]> wrote: > > One more thing I should note is that I'm quite sure there is not even an > attempt to talk to the LDAP (Active Directory) server. I log all auth > attempts to the domain controllers and no attempts are showing in the logs. > I don't believe the requests are ever leaving the RT server. > > > > On Wed, Feb 10, 2016 at 9:27 PM, John Andersen <[email protected]> wrote: > Sorry, forgot to include the relevant part of the config. Here is is again: > > Set( $WebExternalAuth, 1 ); > Set( $ExternalAuthPriority,['LDAP_DIR3']); > Set( $ExternalInfoPriority,['LDAP_DIR3']); > Set( $ExternalServiceUsesSSLorTLS, 0); > Set( $AutoCreateNonExternalUsers, 1); > > Set($ExternalSettings, { > 'LDAP_DIR3' => { > > 'type' => 'ldap', > 'server' => 'dir3.sch.ad', > 'user' => '[email protected]', > 'pass' => '**********', > 'base' => 'dc=sch,dc=ad', > > > 'filter' => '(mail=*)(sAMAccountType=805306368)', > 'd_filter' => > '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', > > 'tls' => 0, > 'ssl_version' => 3, > 'net_ldap_args' => [ version => 3 ], > #'group' => 'GROUP', > #'group_attr' => 'GROUP_ATTR', > > 'attr_match_list' => [ 'Name', > 'EmailAddress' > ], > > # The mapping of RT attributes on to LDAP attributes > 'attr_map' => { 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'company', > 'RealName' => 'cn', > 'WorkPhone' => 'telephoneNumber', > 'MobilePhone' => 'mobile', > } > } > } > ); > > > On Wed, Feb 10, 2016 at 9:07 PM, John Andersen <[email protected]> wrote: > Thank you for the response Shawn. I had rolled back to 4.2.12 but I threw > up a test server based on my current production server and ran through the > upgrade again, this time with your suggestion. Same result. What is > maddening is that there don't seem to be any errors or anything. Other than > telling me "FAILED LOGIN" I can't find anything in the logs that would point > me in the right direction. In syslog I simply get: > > > Feb 10 21:02:27 rt RT: [5018] FAILED LOGIN for andersjp from 70.199.131.228 > > > > My LDAP config now looks like this: > --------- > > Set($ExternalSettings, { # SCH LDAP Settings > 'LDAP_DIR3' => { ## GENERIC SECTION > > 'type' => 'ldap', > 'server' => 'dir3.sch.ad', > 'user' => '[email protected]', > 'pass' => '********', > 'base' => 'dc=sch,dc=ad', > > > 'filter' => '(mail=*)(sAMAccountType=805306368)', > 'd_filter' => > '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', > > 'tls' => 0, > 'ssl_version' => 3, > 'net_ldap_args' => [ version => 3 ], > #'group' => 'GROUP', > #'group_attr' => 'GROUP_ATTR', > > 'attr_match_list' => [ 'Name', > 'EmailAddress' > ], > > # The mapping of RT attributes on to LDAP attributes > 'attr_map' => { 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'company', > 'RealName' => 'cn', > 'WorkPhone' => 'telephoneNumber', > 'MobilePhone' => 'mobile', > } > } > } > ); > > > -John > > On Wed, Feb 10, 2016 at 9:20 AM, Shawn Moore <[email protected]> wrote: > Hi John, > > On 2016年2月10日 at 2:11:18, John Andersen ([email protected]) wrote: > > For background. this particular installation went live 10 years ago and has > > been carried over (mostly flawlessly I might add) from version to version > > over that 10 years; I try to stay on the most recent stable version. > > I’m very happy to hear that RT has been running smoothly for you for so long! > > > Set( $ExternalAuthPriority,['LDAP_DIR3']); > > Set( $ExternalInfoPriority,['LDAP_DIR3']); > > Set( $ExternalServiceUsesSSLorTLS, 0); > > Set( $AutoCreateNonExternalUsers, 1); > > Set($ExternalSettings, { > > ... > > ); > > Could you try adding this as well? > > Set( $ExternalAuth, 1 ); > > > I'd be grateful for any ideas or pointers! > > Please let us know if that gets you back up and running. We’ll do a better > job about this in 4.4.1. > > > Thank you, > > John > > Thanks! > Shawn > > --------- > RT 4.4 and RTIR Training Sessions > (http://bestpractical.com/services/training.html) > * Hamburg Germany March 14 & 15, 2016 > > > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ > > --------- > RT 4.4 and RTIR Training Sessions > (http://bestpractical.com/services/training.html) > * Hamburg Germany March 14 & 15, 2016
--------- RT 4.4 and RTIR Training Sessions (http://bestpractical.com/services/training.html) * Hamburg Germany March 14 & 15, 2016
