One more thing I should note is that I'm quite sure there is not even an attempt to talk to the LDAP (Active Directory) server. I log all auth attempts to the domain controllers and no attempts are showing in the logs. I don't believe the requests are ever leaving the RT server.
On Wed, Feb 10, 2016 at 9:27 PM, John Andersen <j...@yvig.com> wrote: > Sorry, forgot to include the relevant part of the config. Here is is > again: > > Set( $WebExternalAuth, 1 ); > > Set( $ExternalAuthPriority,['LDAP_DIR3']); > > Set( $ExternalInfoPriority,['LDAP_DIR3']); > > Set( $ExternalServiceUsesSSLorTLS, 0); > > Set( $AutoCreateNonExternalUsers, 1); > > > Set($ExternalSettings, { > > 'LDAP_DIR3' => { > > > 'type' => 'ldap', > > 'server' => 'dir3.sch.ad', > > 'user' => 'ldapb...@sch.ad', > > 'pass' => '**********', > > 'base' => 'dc=sch,dc=ad', > > > > 'filter' => '(mail=*)(sAMAccountType=805306368)', > > 'd_filter' => > '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', > > > 'tls' => 0, > > 'ssl_version' => 3, > > 'net_ldap_args' => [ version => 3 ], > > #'group' => 'GROUP', > > #'group_attr' => 'GROUP_ATTR', > > > 'attr_match_list' => [ 'Name', > > 'EmailAddress' > > ], > > > # The mapping of RT attributes on to LDAP attributes > > 'attr_map' => { 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > 'Organization' => 'company', > > 'RealName' => 'cn', > > 'WorkPhone' => 'telephoneNumber', > > 'MobilePhone' => 'mobile', > > } > > } > > } > > ); > > > On Wed, Feb 10, 2016 at 9:07 PM, John Andersen <j...@yvig.com> wrote: > >> Thank you for the response Shawn. I had rolled back to 4.2.12 but I >> threw up a test server based on my current production server and ran >> through the upgrade again, this time with your suggestion. Same result. >> What is maddening is that there don't seem to be any errors or anything. >> Other than telling me "FAILED LOGIN" I can't find anything in the logs that >> would point me in the right direction. In syslog I simply get: >> >> >> Feb 10 21:02:27 rt RT: [5018] FAILED LOGIN for andersjp from >> 70.199.131.228 >> >> >> >> My LDAP config now looks like this: >> --------- >> >> Set($ExternalSettings, { # SCH LDAP Settings >> 'LDAP_DIR3' => { ## GENERIC SECTION >> >> 'type' => 'ldap', >> 'server' => 'dir3.sch.ad', >> 'user' => 'ldapb...@sch.ad', >> 'pass' => '********', >> 'base' => 'dc=sch,dc=ad', >> >> >> 'filter' => '(mail=*)(sAMAccountType=805306368)', >> 'd_filter' => >> >> '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', >> >> 'tls' => 0, >> 'ssl_version' => 3, >> 'net_ldap_args' => [ version => 3 ], >> #'group' => 'GROUP', >> #'group_attr' => 'GROUP_ATTR', >> >> 'attr_match_list' => [ 'Name', >> 'EmailAddress' >> ], >> >> # The mapping of RT attributes on to LDAP attributes >> 'attr_map' => { 'Name' => 'sAMAccountName', >> 'EmailAddress' => 'mail', >> 'Organization' => 'company', >> 'RealName' => 'cn', >> 'WorkPhone' => 'telephoneNumber', >> 'MobilePhone' => 'mobile', >> } >> } >> } >> ); >> >> >> -John >> >> On Wed, Feb 10, 2016 at 9:20 AM, Shawn Moore <sh...@bestpractical.com> >> wrote: >> >>> Hi John, >>> >>> On 2016年2月10日 at 2:11:18, John Andersen (j...@yvig.com) wrote: >>> > For background. this particular installation went live 10 years ago >>> and has >>> > been carried over (mostly flawlessly I might add) from version to >>> version >>> > over that 10 years; I try to stay on the most recent stable version. >>> >>> I’m very happy to hear that RT has been running smoothly for you for so >>> long! >>> >>> > Set( $ExternalAuthPriority,['LDAP_DIR3']); >>> > Set( $ExternalInfoPriority,['LDAP_DIR3']); >>> > Set( $ExternalServiceUsesSSLorTLS, 0); >>> > Set( $AutoCreateNonExternalUsers, 1); >>> > Set($ExternalSettings, { >>> > ... >>> > ); >>> >>> Could you try adding this as well? >>> >>> Set( $ExternalAuth, 1 ); >>> >>> > I'd be grateful for any ideas or pointers! >>> >>> Please let us know if that gets you back up and running. We’ll do a >>> better job about this in 4.4.1. >>> >>> > Thank you, >>> > John >>> >>> Thanks! >>> Shawn >>> >>> --------- >>> RT 4.4 and RTIR Training Sessions ( >>> http://bestpractical.com/services/training.html) >>> * Hamburg Germany March 14 & 15, 2016 >> >> >> >
--------- RT 4.4 and RTIR Training Sessions (http://bestpractical.com/services/training.html) * Hamburg Germany March 14 & 15, 2016