Complaing about validating the password after locating the user entry. I am now receiving the following out of the external auth:
[Tue Aug 30 16:15:09 2011] [debug]: Attempting to use external auth service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Tue Aug 30 16:15:09 2011] [debug]: Calling UserExists with $username (blmurphy) and $service (EIUAD) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Tue Aug 30 16:15:09 2011] [debug]: UserExists params: username: blmurphy , service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Tue Aug 30 16:15:09 2011] [debug]: LDAP Search === Base: dc=eiuad,dc=eiu,dc=edu == Filter: (&(objectClass=*)(sAMAccountName=blmurphy)) == Attrs: sAMAccountName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304) [Tue Aug 30 16:15:09 2011] [debug]: Password validation required for service - Executing... (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155) [Tue Aug 30 16:15:09 2011] [debug]: Trying external auth service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16) [Tue Aug 30 16:15:09 2011] [debug]: LDAP Search === Base: dc=eiuad,dc=eiu,dc=edu == Filter: (&(sAMAccountName=blmurphy)(objectClass=*)) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43) [Tue Aug 30 16:15:09 2011] [debug]: Found LDAP DN: CN=Murphy\, Brian,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75) [Tue Aug 30 16:15:09 2011] [debug]: LDAP Search === Base: dc=eiuad,dc=eiu,dc=edu == Filter: (member=CN=Murphy, Brian,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100) [Tue Aug 30 16:15:09 2011] [info]: EIUAD AUTH FAILED: blmurphy (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127) [Tue Aug 30 16:15:09 2011] [debug]: LDAP password validation result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334) [Tue Aug 30 16:15:09 2011] [debug]: Password Validation Check Result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159) [Tue Aug 30 16:15:09 2011] [debug]: Autohandler called ExternalAuth. Response: (0, Password Invalid) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [Tue Aug 30 16:15:09 2011] [error]: FAILED LOGIN for blmurphy from 139.67.17.30 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:639) Using the following RT_SiteConfig.pm settings: Set($ExternalSettings, { # EIUAD Active Directory 'EIUAD' => { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' => 'ldap', # The server hosting the service 'server' => 'eiuad.eiu.edu', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' => 'CN=RT Auth,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu', # The password RT should use to connect to the LDAP server 'pass' => 'xxxxxxxxx!', # # The LDAP search base #'base' => 'ou=its employees,ou=employee accounts,ou=eiu users,dc=eiuad,dc=eiu,dc=edu', 'base' => 'dc=eiuad,dc=eiu,dc=edu', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter' => '(objectClass=*)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' => '(objectclass=Foo)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' => 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' => 3, # What other args should I pass to Net::LDAP->new($host,@args)? 'net_ldap_args' => [ version => 3 ], # Does authentication depend on group membership? What group name? 'group' => 'CN=RT_Access,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu', # What is the attribute for the group object that determines membership? 'group_attr' => 'member', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user # This example shows what you *can* specify.. I recommend reducing this # to just the Name and EmailAddress to save encountering problems later. 'attr_match_list' => [ 'Name' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' => { 'Name' => 'sAMAccountName' } } } ); ----- Original Message ----- From: "Brian Murphy" <blmur...@eiu.edu> To: rt-users@lists.bestpractical.com Sent: Tuesday, August 30, 2011 10:59:08 AM Subject: Fwd: [rt-users] rt4 and External Auth to AD 2008 non-ssl Well, sh**! Sometimes the simplest are the most difficult. I was way too close to the forest to see the trees on that one. Having a . instead of the , in my base string was causing me to not be able to find the entry. I have my filter set to () and am using the sAMAccountName and finding the user account, but now it refuses my password. here is what I get in the log. Any ideas. I know my password and am using it for other accounts. [Tue Aug 30 15:48:14 2011] [debug]: Attempting to use external auth service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Tue Aug 30 15:48:14 2011] [debug]: Calling UserExists with $username (blmurphy) and $service (EIUAD) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Tue Aug 30 15:48:14 2011] [debug]: UserExists params: username: blmurphy , service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Tue Aug 30 15:48:14 2011] [debug]: LDAP Search === Base: dc=eiuad,dc=eiu,dc=edu == Filter: (&(sAMAccountName=blmurphy)) == Attrs: sAMAccountName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304) [Tue Aug 30 15:48:14 2011] [debug]: Password validation required for service - Executing... (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155) [Tue Aug 30 15:48:14 2011] [debug]: Trying external auth service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16) [Tue Aug 30 15:48:14 2011] [debug]: LDAP Search === Base: dc=eiuad,dc=eiu,dc=edu == Filter: (&(sAMAccountName=blmurphy)) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43) [Tue Aug 30 15:48:14 2011] [debug]: Found LDAP DN: CN=Murphy\, Brian,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75) [Tue Aug 30 15:48:14 2011] [debug]: LDAP Search === Base: dc=eiuad,dc=eiu,dc=edu == Filter: (member=CN=Murphy, Brian,OU=ITS Employees,OU=Employee Accounts,OU=EIU USERS,DC=eiuad,DC=eiu,DC=edu) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100) [Tue Aug 30 15:48:14 2011] [info]: EIUAD AUTH FAILED: blmurphy (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127) [Tue Aug 30 15:48:14 2011] [debug]: LDAP password validation result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334) [Tue Aug 30 15:48:14 2011] [debug]: Password Validation Check Result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159) [Tue Aug 30 15:48:14 2011] [debug]: Autohandler called ExternalAuth. Response: (0, Password Invalid) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [Tue Aug 30 15:48:14 2011] [error]: FAILED LOGIN for blmurphy from 139.67.17.30 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:639) [Tue Aug 30 15:48:17 2011] [debug]: Attempting to use external auth service: EIUAD (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Tue Aug 30 15:48:17 2011] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Tue Aug 30 15:48:17 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) ----- Original Message ----- From: "David Chandek-Stark" <david.chandek.st...@duke.edu> To: "Brian Murphy" <blmur...@eiu.edu>, rt-users@lists.bestpractical.com Sent: Tuesday, August 30, 2011 10:41:54 AM Subject: Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl I'm guessing your base should have a comma b/w "eiu" and "dc" -- I.e., "dc=eiuad,dc=eiu,dc=edu". --D On 8/30/11 11:34 AM, "Brian Murphy" <blmur...@eiu.edu> wrote: >[Tue Aug 30 15:29:48 2011] [debug]: LDAP Search === Base: >dc=eiuad,dc=eiu.dc=edu == Filter: (&(sAMAccountName=blmurphy)) == Attrs: >sAMAccountName >(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/ >LDAP.pm:304) -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011