BINGO! That nailed it. Thanks again Shawn and Julian. I will try to read responses more carefully in the future! :)
On Wed, Feb 10, 2016 at 9:59 PM, John Andersen <j...@yvig.com> wrote: > Oh man! Thanks for that catch! I see now that Shawn told me exactly that > and I saw what I expected to see instead. > > > > On Wed, Feb 10, 2016 at 9:55 PM, Julian De Marchi <jdemar...@pivit.com.au> > wrote: > >> Set( $WebExternalAuth, 1 ); to Set( $ExternalAuth, 1 ); >> > On 11 Feb 2016, at 3:44 PM, John Andersen <j...@yvig.com> wrote: >> > >> > One more thing I should note is that I'm quite sure there is not even >> an attempt to talk to the LDAP (Active Directory) server. I log all auth >> attempts to the domain controllers and no attempts are showing in the >> logs. I don't believe the requests are ever leaving the RT server. >> > >> > >> > >> > On Wed, Feb 10, 2016 at 9:27 PM, John Andersen <j...@yvig.com> wrote: >> > Sorry, forgot to include the relevant part of the config. Here is is >> again: >> > >> > Set( $WebExternalAuth, 1 ); >> > Set( $ExternalAuthPriority,['LDAP_DIR3']); >> > Set( $ExternalInfoPriority,['LDAP_DIR3']); >> > Set( $ExternalServiceUsesSSLorTLS, 0); >> > Set( $AutoCreateNonExternalUsers, 1); >> > >> > Set($ExternalSettings, { >> > 'LDAP_DIR3' => { >> > >> > 'type' => 'ldap', >> > 'server' => 'dir3.sch.ad', >> > 'user' => 'ldapb...@sch.ad', >> > 'pass' => '**********', >> > 'base' => 'dc=sch,dc=ad', >> > >> > >> > 'filter' => '(mail=*)(sAMAccountType=805306368)', >> > 'd_filter' => >> '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', >> > >> > 'tls' => 0, >> > 'ssl_version' => 3, >> > 'net_ldap_args' => [ version => 3 ], >> > #'group' => 'GROUP', >> > #'group_attr' => 'GROUP_ATTR', >> > >> > 'attr_match_list' => [ 'Name', >> > 'EmailAddress' >> > ], >> > >> > # The mapping of RT attributes on to LDAP attributes >> > 'attr_map' => { 'Name' => 'sAMAccountName', >> > 'EmailAddress' => 'mail', >> > 'Organization' => 'company', >> > 'RealName' => 'cn', >> > 'WorkPhone' => >> 'telephoneNumber', >> > 'MobilePhone' => 'mobile', >> > } >> > } >> > } >> > ); >> > >> > >> > On Wed, Feb 10, 2016 at 9:07 PM, John Andersen <j...@yvig.com> wrote: >> > Thank you for the response Shawn. I had rolled back to 4.2.12 but I >> threw up a test server based on my current production server and ran >> through the upgrade again, this time with your suggestion. Same result. >> What is maddening is that there don't seem to be any errors or anything. >> Other than telling me "FAILED LOGIN" I can't find anything in the logs that >> would point me in the right direction. In syslog I simply get: >> > >> > >> > Feb 10 21:02:27 rt RT: [5018] FAILED LOGIN for andersjp from >> 70.199.131.228 >> > >> > >> > >> > My LDAP config now looks like this: >> > --------- >> > >> > Set($ExternalSettings, { # SCH LDAP Settings >> > 'LDAP_DIR3' => { ## GENERIC SECTION >> > >> > 'type' => 'ldap', >> > 'server' => 'dir3.sch.ad', >> > 'user' => 'ldapb...@sch.ad', >> > 'pass' => '********', >> > 'base' => 'dc=sch,dc=ad', >> > >> > >> > 'filter' => '(mail=*)(sAMAccountType=805306368)', >> > 'd_filter' => >> '(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)', >> > >> > 'tls' => 0, >> > 'ssl_version' => 3, >> > 'net_ldap_args' => [ version => 3 ], >> > #'group' => 'GROUP', >> > #'group_attr' => 'GROUP_ATTR', >> > >> > 'attr_match_list' => [ 'Name', >> > 'EmailAddress' >> > ], >> > >> > # The mapping of RT attributes on to LDAP attributes >> > 'attr_map' => { 'Name' => 'sAMAccountName', >> > 'EmailAddress' => 'mail', >> > 'Organization' => 'company', >> > 'RealName' => 'cn', >> > 'WorkPhone' => >> 'telephoneNumber', >> > 'MobilePhone' => 'mobile', >> > } >> > } >> > } >> > ); >> > >> > >> > -John >> > >> > On Wed, Feb 10, 2016 at 9:20 AM, Shawn Moore <sh...@bestpractical.com> >> wrote: >> > Hi John, >> > >> > On 2016年2月10日 at 2:11:18, John Andersen (j...@yvig.com) wrote: >> > > For background. this particular installation went live 10 years ago >> and has >> > > been carried over (mostly flawlessly I might add) from version to >> version >> > > over that 10 years; I try to stay on the most recent stable version. >> > >> > I’m very happy to hear that RT has been running smoothly for you for so >> long! >> > >> > > Set( $ExternalAuthPriority,['LDAP_DIR3']); >> > > Set( $ExternalInfoPriority,['LDAP_DIR3']); >> > > Set( $ExternalServiceUsesSSLorTLS, 0); >> > > Set( $AutoCreateNonExternalUsers, 1); >> > > Set($ExternalSettings, { >> > > ... >> > > ); >> > >> > Could you try adding this as well? >> > >> > Set( $ExternalAuth, 1 ); >> > >> > > I'd be grateful for any ideas or pointers! >> > >> > Please let us know if that gets you back up and running. We’ll do a >> better job about this in 4.4.1. >> > >> > > Thank you, >> > > John >> > >> > Thanks! >> > Shawn >> > >> > --------- >> > RT 4.4 and RTIR Training Sessions ( >> http://bestpractical.com/services/training.html) >> > * Hamburg Germany March 14 & 15, 2016 >> > >> > >> > >> > >> > ______________________________________________________________________ >> > This email has been scanned by the Symantec Email Security.cloud >> service. >> > For more information please visit http://www.symanteccloud.com >> > ______________________________________________________________________ >> > >> > --------- >> > RT 4.4 and RTIR Training Sessions ( >> http://bestpractical.com/services/training.html) >> > * Hamburg Germany — March 14 & 15, 2016 >> >> >
--------- RT 4.4 and RTIR Training Sessions (http://bestpractical.com/services/training.html) * Hamburg Germany March 14 & 15, 2016