On Wed, Jul 27, 2011 at 04:13:07PM -0400, Shawn M Plummer wrote: > Sorry for the delay in responding to this. > > > > > They are compatible, but it's entirely possible that you have some > > crufty user data. > > > > Do you already have a user whose Name and EMailAddress are both > > n...@geneseo.edu ? > > > > I do not. > > > If you log in as this user, can RT-Authen-ExternalAuth find and > > authenticate this user? > > > > > I created a new user in AD that I knew would not be in RT and that I would > know the username and password. It does appear that ExternalAuth cannot > create a new user but it seems to be authenticating existing user just fine. > > Relevant logs: > [Wed Jul 27 16:08:09 2011] [warn] [client 137.238.60.9] mod_fcgid: stderr: > [Wed Jul 27 20:08:09 2011] [info]: > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: 0, > EmailAddress: , Gecos: rttestuser, Name: rttestuser, Privileged: 0 > (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536), > referer: https://rtdevel.geneseo.edu/ > [Wed Jul 27 16:08:09 2011] [warn] [client 137.238.60.9] mod_fcgid: stderr: > [Wed Jul 27 20:08:09 2011] [error]: Couldn't create user rttestuser: Could > not set user info > (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:129), > referer: https://rtdevel.geneseo.edu/ > [Wed Jul 27 16:08:09 2011] [warn] [client 137.238.60.9] mod_fcgid: stderr: > [Wed Jul 27 20:08:09 2011] [error]: FAILED LOGIN for rttestuser f, referer: > https://rtdevel.geneseo.edu/ > [Wed Jul 27 16:08:09 2011] [warn] [client 137.238.60.9] mod_fcgid: stderr: > rom 137.238.60.9 (/opt/rt4devel/sbin/../lib/RT/Interface/Web.pm:655), > referer: https://rtdevel.geneseo.edu/ > > > I have had no issue logging in as myself, using my AD password. Granted my > account already existed. > > Any idea why external auth would be able to authenticate existing users but > fail to create new users?
You've left off a number of useful debugging messages from CanonicalizeUserInfo which came right before this. Without those, it's hard to tell what's going on -kevin
pgpHZ1MGYU8Vw.pgp
Description: PGP signature
-------- 2011 Training: http://bestpractical.com/services/training.html