# cat RT_SiteConfig.pm Set($ExternalAuthPriority, [ 'My_LDAP',] ); Set($ExternalInfoPriority, [ 'My_LDAP',] ); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'zeus.mydomain.edu', 'user' => 'CN=LDAPRT,OU=CampusServices,DC=mydomain,DC=mydomain,DC=edu', 'pass' => '*********', 'base' => 'DC=mydomain,DC=mydomain,DC=edu', 'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))', 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'tls' => 0, # 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], 'group' => 'CN=RTUsers,OU=CampusServices,DC= mydomain,DC=mydomain,DC=edu', 'group_attr' => 'member', 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' } } } ); 1; EOF I do not have Debugging turned on. I am going to need some help turning it on since this is new to me. Here are some errors from /var/log/messages... This is a failed attempt... Feb 1 16:02:25 localhost RT: My_LDAP AUTH FAILED mary.servantez (can't bind: LDAP_INVALID_CREDENTIALS 49 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82) Feb 1 16:02:25 localhost RT: FAILED LOGIN for mary.servantez from 10.1.41.95 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655) Here is a successful attemt.... Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): test.account (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139) Feb 2 10:14:02 localhost RT: Couldn't enable user 28 (/opt/rt4/sbin/../lib/RT/User.pm:1066) Feb 2 10:14:02 localhost RT: User marked as ENABLED ( test.account ) per External Service (, ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274) Feb 2 10:14:02 localhost RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: , Country: , EmailAddress: test.acco...@lcu.edu, ExternalAuthId: test.account, Gecos: test.account, Name: test.account, Organization: , RealName: Test Account, State: , WorkPhone: , Zip: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536) Feb 2 10:14:02 localhost RT: Successful login for test.account from 10.1.5.9 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219) Van Howell System Administrator Lubbock Christian University -----Original Message----- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone Sent: Wednesday, February 01, 2012 5:33 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] External Auth using Active Directory 2008 On Wed, Feb 01, 2012 at 11:04:38PM +0000, Howell, Van wrote: > I have added several users into the RTUsers group I set up in AD. > > The AD Administrator, a common Domain User called Test.Account that is > located in the OU with > all my other users, my personal account also located in the OU with all > the other users and an > alternate administrative account I use. > > > > I can logon to RT with the AD Administrator account. I can logon to RT > with the Test.Account > and I can log in using my alternate account. But I cannot logon using my > personal account. I > also had my assistant test with her account and she cannot log on. > > I have studied the problem and cannot find anything unique about the > accounts that cannot > logon. We really need to see your configuration for RT-Authen-ExternalAuth and your logs for the failed login, turned up to debug. -kevin -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 & 6, 2012