On 3/8/2011 5:37 PM, Mark Farver wrote:
You might turn up the log level, add:
Set($LogToScreen , 'debug');
And see if anything interesting turns up in the Apache logs.
You could also try using the same credentials, hostname etc with
ldapsearch on the command line to verify that you have AD configured
correctly.
Mark
Actually, LogToScreen is already set in my RT_SiteConfig.pm and the only
thing I get out of Apache's error.log is this stuff:
[Tue Mar 08 17:45:27 2011] [info] [client 192.168.55.133] Connection
to child 5 established (server alpha:443)
[Tue Mar 08 17:45:27 2011] [info] Seeding PRNG with 648 bytes of entropy
[Tue Mar 08 17:45:27 2011] [info] Initial (No.1) HTTPS request
received for child 5 (server alpha:443)
[Tue Mar 8 23:45:27 2011] [error]: FAILED LOGIN for mledbetter from
192.168.55.133 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Tue Mar 08 17:45:27 2011] [info] Subsequent (No.2) HTTPS request
received for child 5 (server alpha:443)
[Tue Mar 08 17:45:27 2011] [info] [client 192.168.55.133] Spelling
fix: /rt/NoAuth/RichText/fckeditor.js: 1 candidates from
https://alpha/rt/, referer: https://alpha/rt/
[Tue Mar 08 17:45:27 2011] [info] Subsequent (No.3) HTTPS request
received for child 5 (server alpha:443)
[Tue Mar 08 17:45:27 2011] [info] [client 192.168.55.133] Spelling
fix: /rt/NoAuth/RichText/fckeditor.js: 1 candidates from
https://alpha/rt/, referer: https://alpha/rt/
[Tue Mar 08 17:45:42 2011] [info] [client 192.168.55.133] (70007)The
timeout specified has expired: SSL input filter read failed.
[Tue Mar 08 17:45:42 2011] [info] [client 192.168.55.133] Connection
closed to child 5 with standard shutdown (server alpha:443)
And I'm not even sure that those [info] lines don't come from apache
itself anyway. At any rate, there is no evidence that it's even trying
LDAP authentication.
As for running ldapsearch with the credentials in my RT_SiteConfig.pm,
I've already tried that and it works. If I run this command:
> ldapsearch -h fattire -p 3268 -D rtldap -w 'PASSWORD' \
> -b 'ou=Services,dc=neuric,dc=internal'
And it will return my RT Users group:
> dn: CN=RT Users,OU=Services,DC=neuric,DC=internal
> ... etc ...
I've tried setting the 'user' in $ExternalSettings to 'rtldap' and the
full 'cn=rtldap,ou=Services,dc=internal,dc=local' because I've seen it
both ways online, but neither one works, or produces any different log
output.
However, going any further toward debugging this without any LDAP
related logging at all is obviously no fun, and I'd really like to
actually get logging working before jumping ahead and trying to just
troubleshoot through a black box.
Thanks for your suggestions.
- Micah
