Hi Claude,
Seems you already have a user in the RT database with the same email
address, but different user name.
[3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user
20006583: Email address in use
Best Regards
Martin
On 2016-12-06 08:05, Claude EDUMA wrote:
Hi Martin,
Thank you for your response.
File permissions for my CA.cert are "rw-r--r-".
below rt.log
---------------------------
[3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: Calling UserExists with
$username (20006583) and $service (My_LDAP)
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: UserExists params:
username: 20006583 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base:
o=corp.mycorp.com [2] == Filter:
(&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518)
[3605] [Tue Dec 6 07:58:02 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: ,
Gecos: 20006583, Name: 20006583, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to get user info
using this external service: My_LDAP
(/opt/rt4/sbin/../lib/RT/User.pm:743)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base:
o=corp.mycorp.com [2] == Filter:
(&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406)
[3605] [Tue Dec 6 07:58:02 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: ,
Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos:
20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA
(/opt/rt4/sbin/../lib/RT/User.pm:812)
[3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user
20006583: Email address in use
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353)
[3605] [Tue Dec 6 07:58:02 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[3605] [Tue Dec 6 07:58:02 2016] [error]: FAILED LOGIN for 20006583
from 10.1.179.71 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
----------------
Thank you one more time.
Regards.
2016-12-05 23:35 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:
Hi Claude,
Your english is much better than my french :)
I've cc'd the RT users list as they may have additional suggestions.
The short answer is no I don't believe your problem is caused by TLS
bugs.
You seem to be mixing up the new RT 4.4 LDAP configuration syntax
with the older RT::Authen::ExternalAuth syntax.
If you are using RT 4.4.x then you don't need the following, because
it is the old style syntax:
Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name => 'uid',
EmailAddress => 'mail',
RealName => 'cn'
});
The following option should also be removed when using RT4.4.x
'ssl_version' => 3,
Is RT able to read your CAcert file? Please could you check the file
permissions.
Do you see any errors in the logs?
Best Regards
Martin
On 2016-12-05 13:22, clauded...@gmail.com wrote:
Hi Martin,
I try to configure LDAP authentication but it don't work.
I'm sure all my config is correct (see below). I tried with
ladapsearch and all it's OK. I look my ldap's server logs and i
bind
users correctly. Do you thinks it's TLS bugs ?
(sorry for my english I'm french)
Thank you.
--------------
Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name => 'uid',
EmailAddress => 'mail',
RealName => 'cn'
});
# Use the below LDAP source for both authentication, as well
as user
# information
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalServiceUsesSSLorTLS, 1);
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if
they
# fail to exist in an external service; this is so requestors
(who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 0);
# Minimal LDAP configuration; see
RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldaps://MYLDAPSERVER',
'user' => 'MYUSER',
'pass' => 'MYPASS',
'base' => 'MYBASE',
'filter' => '(objectClass=privperson)',
'tls' => { verify => "require", cafile =>
"/etc/CA.crt" },
'ssl_version' => 3,
'net_ldap_args' => [ version => 3, debug => 8
],
'attr_match_list' => [
'Name',
'EmailAddress',
],
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'Gecos' => 'uid',
'Country' => 'co',
}
},
}
);
1;
_____________________________________
Sent from http://requesttracker.8502.n7.nabble.com [1]
Links:
------
[1] http://requesttracker.8502.n7.nabble.com
[2] http://corp.mycorp.com
---------
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017
