On Tue, Nov 22, 2016 at 04:13:46PM -0500, Mike Johnson wrote: > We just went live with RT 4.4.1 and it seems that LDAP authentication is > failing. > > It has now died 2 days in a row, at approximately the same time. > > The RT log is showing the following error: > 2819] [Mon Nov 21 21:10:28 2016] [critical]: > RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: > LDAP_INVALID_CREDENTIALS 49 > (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678) > > This seems like a generic LDAP error, and it's not pointing us to a > specific issue. > > The user that we are binding with is a user that was in-use on our RT 3.8.X > environment that hadn't had an issue in years (3?). > > Restarting apache resolves the immediate issue, but clearly there is > something else going on that we should be able to fix permanently. Anyone > have any ideas on where to look? > > This didn't come up in our testing, but I don't believe we had the volume > of credential testing that we do in prod. > > Any help would be great! > > P.S. The LDAP server is a Microsoft Active Directory server. This same > server was being used for ExternalAuth extension in 3.8. > > Mike.
Hi Mike, You probably will need to check your AD logs as well. We have seen issues with AD authentication when an account is locked out by a bad password login attempt. Since it is about the same time of day, maybe something else is trying to login with those credentials and causing it to lock. Regards, Ken --------- RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
