Hi Bob, I'm using RT version greater than 4.2 but I don't think that line is causing the issue. I found following in the log file :
[1755] [Thu Oct 15 16:04:59 2015] [debug]: Attempting to use external auth service: My_LDAP (/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [1755] [Thu Oct 15 16:04:59 2015] [debug]: SSO Failed and no user to test with. Nexting (/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [1755] [Thu Oct 15 16:04:59 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/rt/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) The user is not getting passed to LDAP I guess. Thanks, Bharath. On Wed, Oct 14, 2015 at 8:53 AM, Bob Shaker <rsha...@ardencompanies.com> wrote: > What Version of RT are you running? If you are using 4.2 or greater (you > should be if you’re setting up a new instance) you need to > > Replace this line > > Set(@Plugins, qw(RT::Authen::ExternalAuth) ); > > With this line > > Plugin('RT::Authen::ExternalAuth'); > > > > *From:* rt-users [mailto:rt-users-boun...@lists.bestpractical.com] *On > Behalf Of *bharath reddy > *Sent:* Tuesday, October 13, 2015 10:38 PM > *To:* Anton Panetta <anton.pane...@haircareaust.com> > *Cc:* RT-List <rt-users@lists.bestpractical.com> > *Subject:* Re: [rt-users] Regarding External Authentication using LDAP > > > > Hi Anton, > > > > I used following block in my RT_SiteConfig : > > > > Set(@Plugins, qw(RT::Authen::ExternalAuth) ); > > Set($ExternalAuthPriority, ["My_LDAP"]); > > Set($ExternalInfoPriority, ["My_LDAP"]); > > Set($AutoCreateNonExternalUsers, 1); > > > > Set($ExternalSettings, { > > 'My_LDAP' => { ## GENERIC SECTION > > 'type' => 'ldap', > > 'server' => ' > vmns1.cs.sunysb.edu', > > 'user' => 'CN=Recruit > LDAP user,OU=Service Accounts,OU=SBCS,DC=cs,DC=stonybrook,DC=edu', > > 'pass' => '*******', > > 'base' => > 'ou=SBCS,dc=cs,dc=stonybrook,DC=edu', > > # 'filter' => > '((&(objectCategory=Users)))', > > filter => > '(objectClass=*)', > > 'd_filter' => > '(userAccountControl:1.2.840.113556.1.4.803:=2)', > > # 'd_filter' => > '(&(objectCategory=User) (ObjectClass=Person))' , > > 'tls' => 1, > > 'ssl_version' => 3, > > 'net_ldap_args' => [ > version => 3 ], > > # 'group' => > 'CN=Domain Users,CN=Users,DC=cs,DC=stonybrook,DC=edu', > > # 'group_attr' => > 'member', > > 'attr_match_list' => > [ 'Name', > > > 'EmailAddress' > > ], > > 'attr_map' => > { 'Name' => 'sAMAccountName', > > > 'EmailAddress' => 'mail' } > > } > > } > > ); > > > > Is anything that I'm missing ? > > > > Thanks, > > Bharath. > > > > > > On Tue, Oct 13, 2015 at 8:04 PM, Anton Panetta < > anton.pane...@haircareaust.com> wrote: > > Whats the block you put in your RT_SiteConfig relating to external auth? > > > > > > > > *From:* rt-users [mailto:rt-users-boun...@lists.bestpractical.com] *On > Behalf Of *bharath reddy > *Sent:* Wednesday, 14 October 2015 3:58 AM > *To:* RT-List <rt-users@lists.bestpractical.com> > *Subject:* [rt-users] Regarding External Authentication using LDAP > > > > Dear All, > > > > I followed the link https://metacpan.org/pod/RT::Authen::ExternalAuth and > made required changes and then restarted my apache server. But when I'm > logging into the RT from web it fails with : > > "*Your username or password is incorrect*" > > > > But user exists in the LDAP. > > > > Log file contains : > > [22441] [Tue Oct 13 16:58:25 2015] [error]: FAILED LOGIN for > <my_user_name> from 130.245.10.107 (/rt/lib//RT/Interface/Web.pm:810) > > > > From the code(/rt/lib//RT/Interface/Web.pm) it fails at this point : > > > > unless ( $user_obj->id && $user_obj->IsPassword( $ARGS->{pass} ) ) { > > $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from > $ENV{'REMOTE_ADDR'}"); > > > > Can any one help me how to change the flow to authenticate from LDAP i.e > it should check the username and password against the LDAP and not from DB. > > > > Any help or pointers to this issue will be appreciated. > > > > Thanks, > > Bharath. > > The information contained in this email message and any attachments may be > confidential information. If you are not the intended recipient, any use, > interference with, disclosure or copying of this material is unauthorised > and prohibited. If you have received this email in error, please advise us > immediately and delete the email and all copies. The content and opinions > in non-business email are not necessarily those of Haircare Australia. [image: > Image removed by sender.] > > > > ------------------------------ > > ARDEN > A Global Company > Celebrating over 50 years of making your life more comfortable! > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. > > This OUTBOUND E-mail and Document(s) has been scanned by an Antivirus > Server. >