Sorry about that, review the blog entry I sent you prior. I do see I did add that plugin, again, it's been a while since I wrestled with LDAP authentication. So, I threw my working config with notes, into that blog.
On Tue, Jul 7, 2015 at 1:30 PM, Trev <tre...@onepost.net> wrote: > Use --> Plugin( "RT::Extension::LDAPImport" ); > > Note the configuration I linked to you prior. > > I had some issues with limited functionality using > Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not > even have had that extension working. > > > > On Tue, Jul 7, 2015 at 1:28 PM, Trev <tre...@onepost.net> wrote: > >> If you mean during the login via RT Gui -- username is, sAMAccountName. >> THere shouldn't be any need to prefix with the domain as the domain is >> already be queried. >> >> >> >> On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner <y...@seiner.com> wrote: >> >>> What format do you use for the username? >>> >>> When I try hpm\yans which should, in theory, work, I get: >>> >>> [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: >>> dc=hpm,dc=net == Filter: (&(objectClass=*)(sAMAccountName=hpm\5cyans)) == >>> Attrs: sAMAccountName,mail >>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) >>> >>> Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is >>> searching for, then we have a problem. :) >>> >>> --Yan >>> >>> >>> On 7/7/2015 11:57 AM, Trev wrote: >>> >>> This may help: >>> >>> >>> http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html >>> >>> >>> >>> On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner <y...@seiner.com> wrote: >>> >>>> I'm coming back to RT after a few years. I am trying to set up >>>> external auth against our AD server. >>>> >>>> I have a working implementation for mediawiki, so I know that it's >>>> possible on our system. As far as possible I've duplicated the options >>>> from mediawiki/php to rt/perl, but I am still missing something important >>>> as all login attempts get rejected with a NoUser. >>>> >>>> The only thing that I find different (and I'm searching my memory from >>>> a few years ago when I set up mediawiki) there is a line where the user >>>> name is pre-pended with the domain for AD: >>>> >>>> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" ); >>>> >>>> And I can't find anything like that in the RT config. >>>> >>>> Does anyone have a working AD external auth they can share? >>>> >>>> Thanks. >>>> >>>> Here's the logfile snippet: >>>> >>>> [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external >>>> auth service: My_LDAP >>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) >>>> [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with >>>> $username (yans) and $service (My_LDAP) >>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) >>>> [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: >>>> username: yans , service: My_LDAP >>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) >>>> [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: >>>> ou=Staff,dc=hpm,dc=net == Filter: >>>> (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: >>>> cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail >>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) >>>> [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( >>>> My_LDAP ) yans User not found >>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) >>>> [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called >>>> ExternalAuth. Response: (0, No User) >>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) >>>> [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from >>>> 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) >>>> >>>> And here's the setup in RTSiteConfig.pm: >>>> >>>> Plugin('RT::Authen::ExternalAuth'); >>>> Set($ExternalAuthPriority, [ 'My_LDAP' ]); >>>> Set($ExternalInfoPriority, [ 'My_LDAP' ]); >>>> Set($ExternalSettings, { >>>> 'My_LDAP' => { >>>> 'type' => 'ldap', >>>> 'server' => 'file_print.hpm.net', >>>> # By not passing 'user' and 'pass' we are using an >>>> anonymous >>>> # bind, which some servers to not allow >>>> 'base' => 'dc=hpm,dc=net', >>>> 'filter' => '(objectClass=inetOrgPerson)', >>>> # Users are allowed to log in via email address or >>>> account >>>> # name >>>> 'attr_match_list' => [ >>>> 'Name', >>>> # 'EmailAddress', >>>> ], >>>> # Import the following properties of the user from LDAP >>>> upon >>>> # login >>>> 'attr_map' => { >>>> 'Name' => 'sAMAccountName', >>>> 'EmailAddress' => 'mail', >>>> 'RealName' => 'cn', >>>> 'WorkPhone' => 'telephoneNumber', >>>> 'Address1' => 'streetAddress', >>>> 'City' => 'l', >>>> 'State' => 'st', >>>> 'Zip' => 'postalCode', >>>> 'Country' => 'co', >>>> }, >>>> }, >>>> } ); >>>> >>>> >>> >>> >> >