Oh man! Thanks for that catch! I see now that Shawn told me exactly that and I saw what I expected to see instead.
On Wed, Feb 10, 2016 at 9:55 PM, Julian De Marchi <[email protected]> wrote: > Set( $WebExternalAuth, 1 ); to Set( $ExternalAuth, 1 ); > > On 11 Feb 2016, at 3:44 PM, John Andersen <[email protected]> wrote: > > > > One more thing I should note is that I'm quite sure there is not even an > attempt to talk to the LDAP (Active Directory) server. I log all auth > attempts to the domain controllers and no attempts are showing in the > logs. I don't believe the requests are ever leaving the RT server. > > > > > > > > On Wed, Feb 10, 2016 at 9:27 PM, John Andersen <[email protected]> wrote: > > Sorry, forgot to include the relevant part of the config. Here is is > again: > > > > Set( $WebExternalAuth, 1 ); > > Set( $ExternalAuthPriority,['LDAP_DIR3']); > > Set( $ExternalInfoPriority,['LDAP_DIR3']); > > Set( $ExternalServiceUsesSSLorTLS, 0); > > Set( $AutoCreateNonExternalUsers, 1); > > > > Set($ExternalSettings, { > > 'LDAP_DIR3' => { > > > > 'type' => 'ldap', > > 'server' => 'dir3.sch.ad', > > 'user' => '[email protected]', > > 'pass' => '**********', > > 'base' => 'dc=sch,dc=ad', > > > > > > 'filter' => '(mail=*)(sAMAccountType=805306368)', > > 'd_filter' => > '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', > > > > 'tls' => 0, > > 'ssl_version' => 3, > > 'net_ldap_args' => [ version => 3 ], > > #'group' => 'GROUP', > > #'group_attr' => 'GROUP_ATTR', > > > > 'attr_match_list' => [ 'Name', > > 'EmailAddress' > > ], > > > > # The mapping of RT attributes on to LDAP attributes > > 'attr_map' => { 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > 'Organization' => 'company', > > 'RealName' => 'cn', > > 'WorkPhone' => 'telephoneNumber', > > 'MobilePhone' => 'mobile', > > } > > } > > } > > ); > > > > > > On Wed, Feb 10, 2016 at 9:07 PM, John Andersen <[email protected]> wrote: > > Thank you for the response Shawn. I had rolled back to 4.2.12 but I > threw up a test server based on my current production server and ran > through the upgrade again, this time with your suggestion. Same result. > What is maddening is that there don't seem to be any errors or anything. > Other than telling me "FAILED LOGIN" I can't find anything in the logs that > would point me in the right direction. In syslog I simply get: > > > > > > Feb 10 21:02:27 rt RT: [5018] FAILED LOGIN for andersjp from > 70.199.131.228 > > > > > > > > My LDAP config now looks like this: > > --------- > > > > Set($ExternalSettings, { # SCH LDAP Settings > > 'LDAP_DIR3' => { ## GENERIC SECTION > > > > 'type' => 'ldap', > > 'server' => 'dir3.sch.ad', > > 'user' => '[email protected]', > > 'pass' => '********', > > 'base' => 'dc=sch,dc=ad', > > > > > > 'filter' => '(mail=*)(sAMAccountType=805306368)', > > 'd_filter' => > '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', > > > > 'tls' => 0, > > 'ssl_version' => 3, > > 'net_ldap_args' => [ version => 3 ], > > #'group' => 'GROUP', > > #'group_attr' => 'GROUP_ATTR', > > > > 'attr_match_list' => [ 'Name', > > 'EmailAddress' > > ], > > > > # The mapping of RT attributes on to LDAP attributes > > 'attr_map' => { 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > 'Organization' => 'company', > > 'RealName' => 'cn', > > 'WorkPhone' => 'telephoneNumber', > > 'MobilePhone' => 'mobile', > > } > > } > > } > > ); > > > > > > -John > > > > On Wed, Feb 10, 2016 at 9:20 AM, Shawn Moore <[email protected]> > wrote: > > Hi John, > > > > On 2016年2月10日 at 2:11:18, John Andersen ([email protected]) wrote: > > > For background. this particular installation went live 10 years ago > and has > > > been carried over (mostly flawlessly I might add) from version to > version > > > over that 10 years; I try to stay on the most recent stable version. > > > > I’m very happy to hear that RT has been running smoothly for you for so > long! > > > > > Set( $ExternalAuthPriority,['LDAP_DIR3']); > > > Set( $ExternalInfoPriority,['LDAP_DIR3']); > > > Set( $ExternalServiceUsesSSLorTLS, 0); > > > Set( $AutoCreateNonExternalUsers, 1); > > > Set($ExternalSettings, { > > > ... > > > ); > > > > Could you try adding this as well? > > > > Set( $ExternalAuth, 1 ); > > > > > I'd be grateful for any ideas or pointers! > > > > Please let us know if that gets you back up and running. We’ll do a > better job about this in 4.4.1. > > > > > Thank you, > > > John > > > > Thanks! > > Shawn > > > > --------- > > RT 4.4 and RTIR Training Sessions ( > http://bestpractical.com/services/training.html) > > * Hamburg Germany March 14 & 15, 2016 > > > > > > > > > > ______________________________________________________________________ > > This email has been scanned by the Symantec Email Security.cloud service. > > For more information please visit http://www.symanteccloud.com > > ______________________________________________________________________ > > > > --------- > > RT 4.4 and RTIR Training Sessions ( > http://bestpractical.com/services/training.html) > > * Hamburg Germany — March 14 & 15, 2016 > >
--------- RT 4.4 and RTIR Training Sessions (http://bestpractical.com/services/training.html) * Hamburg Germany March 14 & 15, 2016
