On Wed, May 25, 2011 at 3:28 PM, Asif Iqbal <[email protected]> wrote: > My ldapsearch works, but ldap auth with RT is failing > > # cat /etc/ldap/ldap.conf > TLS_REQCERT never # without this ldap bind fails > # TLS: peer cert untrusted or revoked (0x42) > # TLS: can't connect: (unknown error code). > > > # ldapsearch -LLL -W -D > "uid=binduser,ou=People,dc=mnet,dc=example,dc=com" -b > "ou=People,dc=mnet,dc=example,dc=com" -H ldaps://192.168.1.7:1636 > uid="asif" mail > Enter LDAP Password: <secret> > dn: uid=asif,ou=People,dc=mnet,dc=example,dc=com > mail: [email protected] > > but RT fails with this error > > [Wed May 25 14:51:39 2011] [info] [client 192.168.1.215] (32)Broken > pipe: core_output_filter: writing data to the network > [Wed May 25 14:51:39 2011] [error] [client 192.168.1.215] > Apache2::RequestIO::rflush: (103) Software caused connection abort at > /usr/local/share/perl/5.10.1/Plack/Handler/Apache2.pm line 148 > [Wed May 25 14:51:39 2011] [debug] mod_deflate.c(615): [client > 192.162.1.215] Zlib: Compressed 0 to 2 : URL / > [Wed May 25 14:51:41 2011] [info] [client 192.168.1.215] Request > header read timeout > [Wed May 25 14:51:41 2011] [info] [client 192.168.1.215] Request > header read timeout > [Wed May 25 14:51:43 2011] [info] [client 192.168.1.215] (32)Broken > pipe: core_output_filter: writing data to the network > [Wed May 25 14:51:43 2011] [error] [client 192.168.1.215] > Apache2::RequestIO::rflush: (103) Software caused connection abort at > /usr/local/share/perl/5.10.1/Plack/Handler/Apache2.pm line 148 > [Wed May 25 14:51:43 2011] [debug] mod_deflate.c(615): [client > 192.168.1.215] Zlib: Compressed 0 to 2 : URL / > [Wed May 25 14:51:43 2011] [debug] mod_deflate.c(615): [client > 192.168.1.215] Zlib: Compressed 0 to 8 : URL /NoAuth/Login.htm > [Wed May 25 14:51:43 2011] [info] [client 192.168.1.215] (32)Broken > pipe: core_output_filter: writing data to the network > [Wed May 25 14:51:47 2011] [debug] mod_deflate.c(615): [client > 192.168.1.215] Zlib: Compressed 4232 to 1682 : URL /NoAuth/Login.html, > referer: http://192.168.1.72/NoAuth/Login.html > > > and apache2/error.log show this > > [Wed May 25 18:51:43 2011] [error]: FAILED LOGIN for asif from > 192.168.1.215 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:639) > > # egrep -v "^[[:space:]]*#|^$" /opt/rt4/etc/RT_SiteConfig.pm > Set( $rtname, 'example.com'); > Set( @Plugins, qw(RT::Authen::ExternalAuth) ); > 1; > > # egrep -v "^[[:space:]]*#|^$" > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm > Set($ExternalAuthPriority, [ 'My_LDAP', > 'My_MySQL', > 'My_SSO_Cookie' > ] > ); > Set($ExternalInfoPriority, [ 'My_MySQL', > 'My_LDAP' > ] > ); > Set($ExternalServiceUsesSSLorTLS, 1); # <== set this to `1' for > TLS. tried with `0' as well and failed > Set($AutoCreateNonExternalUsers, 1); > Set($ExternalSettings, { # AN EXAMPLE DB SERVICE > 'My_MySQL' => { ## GENERIC SECTION > 'type' > => 'db', > 'server' > => 'server.domain.tld', > 'database' > => 'DB_NAME', > 'table' > => 'USERS_TABLE', > 'user' > => 'DB_USER', > 'pass' > => 'DB_PASS', > 'port' > => 'DB_PORT', > 'dbi_driver' > => 'DBI_DRIVER', > 'u_field' > => 'username', > 'p_field' > => 'password', > 'p_enc_pkg' > => 'Crypt::MySQL', > 'p_enc_sub' > => 'password', > 'd_field' > => 'disabled', > 'd_values' > => ['0'], > > 'attr_match_list' => [ 'Gecos', > > 'Name' > > ], > 'attr_map' > => { 'Name' => 'username', > > 'EmailAddress' => 'email', > > 'ExternalAuthId' => 'username', > > 'Gecos' => 'userID' > > } > }, > 'My_LDAP' => { ## GENERIC SECTION > 'type' > => 'ldap', > 'server' > => 'ldaps://192.168.1.7:1636', > 'user' > => 'sysldapq', > 'pass' > => 'secret', > 'debug' > => 255, > 'base' > => 'ou=People,dc=mnet,dc=example,dc=com', > 'filter' > => '(objectclass=mnetperson)', > 'd_filter' > => '(objectclass=blah)', > 'tls' > => 1, # <== set this to `1' for tls. failed with > `0' as well > 'ssl_version' > => 3, > > 'net_ldap_args' => [ version => 3 ], > > 'attr_match_list' => [ 'Name', > > 'EmailAddress', > > ], > 'attr_map' > => { 'Name' => 'uid', > > 'EmailAddress' => 'mail', > > 'Organization' => 'companynumber', > > 'RealName' => 'cn', > > 'ExternalAuthId' => 'uid', > > 'WorkPhone' => 'telephoneNumber', > > 'Address1' => 'street', > > 'City' => 'l', > > 'State' => 'st', > > 'Zip' => 'postalCode' > > 'Country' => 'nationname' > > } > }, > 'My_SSO_Cookie' => { # # The type > of service (db/ldap/cookie) > 'type' > => 'cookie', > 'name' > => 'loginCookieValue', > 'u_table' > => 'users', > 'u_field' > => 'username', > 'u_match_key' > => 'userID', > 'c_table' > => 'login_cookie', > 'c_field' > => 'loginCookieValue', > 'c_match_key' > => 'loginCookieUserID', > > 'db_service_name' => 'My_MySQL' > } > } > ); > 1; > > I can login as root with local password.
I got it working after going through the README few more times and replacing the user => 'binduser' with user => 'the binddn of the user' -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
