Complaing about validating the password after locating the user entry.
I am now receiving the following out of the external auth:
[Tue Aug 30 16:15:09 2011] [debug]: Attempting to use external auth service:
EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Aug 30 16:15:09 2011] [debug]: Calling UserExists with $username
(blmurphy) and $service (EIUAD)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Tue Aug 30 16:15:09 2011] [debug]: UserExists params:
username: blmurphy , service: EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Aug 30 16:15:09 2011] [debug]: LDAP Search === Base:
dc=eiuad,dc=eiu,dc=edu == Filter: (&(objectClass=*)(sAMAccountName=blmurphy))
== Attrs: sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Aug 30 16:15:09 2011] [debug]: Password validation required for service -
Executing...
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Tue Aug 30 16:15:09 2011] [debug]: Trying external auth service: EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Tue Aug 30 16:15:09 2011] [debug]: LDAP Search === Base:
dc=eiuad,dc=eiu,dc=edu == Filter: (&(sAMAccountName=blmurphy)(objectClass=*))
== Attrs: dn
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Tue Aug 30 16:15:09 2011] [debug]: Found LDAP DN: CN=Murphy\, Brian,OU=ITS
Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Tue Aug 30 16:15:09 2011] [debug]: LDAP Search === Base:
dc=eiuad,dc=eiu,dc=edu == Filter: (member=CN=Murphy, Brian,OU=ITS
Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu) == Attrs:
dn
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Tue Aug 30 16:15:09 2011] [info]: EIUAD AUTH FAILED: blmurphy
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Tue Aug 30 16:15:09 2011] [debug]: LDAP password validation result: 0
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Tue Aug 30 16:15:09 2011] [debug]: Password Validation Check Result: 0
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Tue Aug 30 16:15:09 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, Password Invalid)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Tue Aug 30 16:15:09 2011] [error]: FAILED LOGIN for blmurphy from 139.67.17.30
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:639)
Using the following RT_SiteConfig.pm settings:
Set($ExternalSettings, {
# EIUAD Active Directory
'EIUAD' => { ## GENERIC SECTION
# The type of service
(db/ldap/cookie)
'type'
=> 'ldap',
# The server hosting
the service
'server'
=> 'eiuad.eiu.edu',
## SERVICE-SPECIFIC
SECTION
# If you can bind to
your LDAP server anonymously you should
# remove the user and
pass config lines, otherwise specify them here:
#
# The username RT
should use to connect to the LDAP server
'user'
=> 'CN=RT Auth,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu',
# The password RT
should use to connect to the LDAP server
'pass'
=> 'xxxxxxxxx!',
#
# The LDAP search base
#'base'
=> 'ou=its employees,ou=employee accounts,ou=eiu
users,dc=eiuad,dc=eiu,dc=edu',
'base'
=> 'dc=eiuad,dc=eiu,dc=edu',
#
# ALL FILTERS MUST BE
VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY
A filter AND A d_filter!!
#
# The filter to use to
match RT-Users
'filter'
=> '(objectClass=*)',
# A catch-all example
filter: '(objectClass=*)'
#
# The filter that will
only match disabled users
'd_filter'
=> '(objectclass=Foo)',
# A catch-none example
d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use
TLS to encrypt connections?
'tls'
=> 0,
# SSL Version to
provide to Net::SSLeay *if* using SSL
'ssl_version'
=> 3,
# What other args
should I pass to Net::LDAP->new($host,@args)?
'net_ldap_args'
=> [ version => 3 ],
# Does authentication
depend on group membership? What group name?
'group'
=> 'CN=RT_Access,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu',
# What is the attribute
for the group object that determines membership?
'group_attr'
=> 'member',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
# This example shows
what you *can* specify.. I recommend reducing this
# to just the Name and
EmailAddress to save encountering problems later.
'attr_match_list'
=> [ 'Name'
],
# The mapping of RT
attributes on to LDAP attributes
'attr_map'
=> { 'Name' => 'sAMAccountName'
}
}
}
);
----- Original Message -----
From: "Brian Murphy" <blmur...@eiu.edu>
To: rt-users@lists.bestpractical.com
Sent: Tuesday, August 30, 2011 10:59:08 AM
Subject: Fwd: [rt-users] rt4 and External Auth to AD 2008 non-ssl
Well, sh**! Sometimes the simplest are the most difficult. I was way too
close to the forest to see the trees on that one. Having a . instead of the ,
in my base string was causing me to not be able to find the entry. I have my
filter set to () and am using the sAMAccountName and finding the user account,
but now it refuses my password. here is what I get in the log. Any ideas. I
know my password and am using it for other accounts.
[Tue Aug 30 15:48:14 2011] [debug]: Attempting to use external auth service:
EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Aug 30 15:48:14 2011] [debug]: Calling UserExists with $username
(blmurphy) and $service (EIUAD)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Tue Aug 30 15:48:14 2011] [debug]: UserExists params:
username: blmurphy , service: EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Aug 30 15:48:14 2011] [debug]: LDAP Search === Base:
dc=eiuad,dc=eiu,dc=edu == Filter: (&(sAMAccountName=blmurphy)) == Attrs:
sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Aug 30 15:48:14 2011] [debug]: Password validation required for service -
Executing...
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Tue Aug 30 15:48:14 2011] [debug]: Trying external auth service: EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Tue Aug 30 15:48:14 2011] [debug]: LDAP Search === Base:
dc=eiuad,dc=eiu,dc=edu == Filter: (&(sAMAccountName=blmurphy)) == Attrs: dn
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Tue Aug 30 15:48:14 2011] [debug]: Found LDAP DN: CN=Murphy\, Brian,OU=ITS
Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Tue Aug 30 15:48:14 2011] [debug]: LDAP Search === Base:
dc=eiuad,dc=eiu,dc=edu == Filter: (member=CN=Murphy, Brian,OU=ITS
Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu) == Attrs:
dn
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Tue Aug 30 15:48:14 2011] [info]: EIUAD AUTH FAILED: blmurphy
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Tue Aug 30 15:48:14 2011] [debug]: LDAP password validation result: 0
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Tue Aug 30 15:48:14 2011] [debug]: Password Validation Check Result: 0
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Tue Aug 30 15:48:14 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, Password Invalid)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Tue Aug 30 15:48:14 2011] [error]: FAILED LOGIN for blmurphy from 139.67.17.30
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:639)
[Tue Aug 30 15:48:17 2011] [debug]: Attempting to use external auth service:
EIUAD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Aug 30 15:48:17 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Tue Aug 30 15:48:17 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
----- Original Message -----
From: "David Chandek-Stark" <david.chandek.st...@duke.edu>
To: "Brian Murphy" <blmur...@eiu.edu>, rt-users@lists.bestpractical.com
Sent: Tuesday, August 30, 2011 10:41:54 AM
Subject: Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl
I'm guessing your base should have a comma b/w "eiu" and "dc" -- I.e.,
"dc=eiuad,dc=eiu,dc=edu".
--D
On 8/30/11 11:34 AM, "Brian Murphy" <blmur...@eiu.edu> wrote:
>[Tue Aug 30 15:29:48 2011] [debug]: LDAP Search === Base:
>dc=eiuad,dc=eiu.dc=edu == Filter: (&(sAMAccountName=blmurphy)) == Attrs:
>sAMAccountName
>(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>LDAP.pm:304)
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA September 26 & 27, 2011
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Melbourne VIC, Australia November 28 & 29, 2011
* Barcelona, Spain November 28 & 29, 2011
