Good Afternoon... T S. I apologize for not reading the back and forth you have already had here with Lush, in advance. However, I did a post a while back regarding getting LDAP authentication to work and there may be a couple of items here that could help.
My configuration is posted here as well: http://trevthorpe.blogspot.com/ Hope you find this helpful, figured it couldn't hurt. Thanks, Trev On Thu, May 5, 2016 at 12:05 PM, Lush, Aaron <al...@scentral.k12.in.us> wrote: > The only thing that jumps out to me is that under "External Settings" you > are domain\service name, whereas in Set$( LDAPUser) you are using the > DistinguishedName. I had similar issues in my RT 4.4 deployment until I > made both of those settings follow the DistinguishedName. > > Sincerely, > > Aaron Lush > Network Administrator > South Central Community School Corporation > (219) 767-2266 ext. 1111 > > On Thu, May 5, 2016 at 10:05 AM, t s <zzz...@hotmail.com> wrote: > >> Here you go: >> >> By the way, I just changed the line below from >> 'server' => 'LDAPSERVER:389' to 'server' >> => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if >> that has any effect on the error not coming back up or not. >> >> >> >> Set($WebPath , ""); >> Set($WebBaseURL, "http://rt.servername.companyname.com"); >> >> Set($RestrictReferrer, '0'); >> >> Set($DatabaseAdmin, 'root'); >> >> Set($LogoURL, 'https://bestpractical.com/images/logo.png'); >> Set($WebDefaultStylesheet, 'rudder'); >> >> Set($LogToFile, 'error'); >> >> Set($SetOutgoingMailFrom, "rt_trac...@companyname.com"); >> Set($SMTPFrom, "mail-out.smtp.companyname.com"); >> Set($ParseNewMessageForTicketCcs, 1); >> Set($HomePageRefreshInterval, 120); >> Set($NotifyActor,1) >> >> Set($SendmailArguments, "-t"); >> Set($MailCommand, "sendmail"); >> Plugin( "RT::Authen::ExternalAuth" ); >> Plugin('RT::Extension::LDAPImport'); >> >> >> Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389'); >> Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC= >> companyname,DC=net'); >> Set($LDAPPassword,'password'); >> Set($LDAPBase, >> 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net'); >> Set($LDAPFilter, '(&(objectClass=person))'); >> Set($LDAPMapping, {Name => 'sAMAccountName', # required >> EmailAddress => 'mail', >> RealName => 'cn', >> WorkPhone => 'telephoneNumber', >> Organization => 'departmentName'}); >> Set($LDAPSizeLimit, 1000); >> >> >> Set($ExternalAuthPriority, ['companynameLDAP']); >> Set($ExternalInfoPriority, ['companynameLDAP']); >> Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } ); >> Set($AutoCreateNonExternalUsers, 1); >> >> >> >> Set($ExternalSettings, { >> >> 'companynameLDAP' => { >> 'type' => 'ldap', >> 'server' => 'LDAPSERVER:389', >> 'user' => 'companyname >> \\svc.servicename', >> 'pass' => 'password', >> 'base' => >> 'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net', >> 'filter' => '(objectClass=person)', >> 'd_filter' => '(objectClass=asdf)', >> 'net_ldap_args' => [ version => 3 ], >> 'attr_match_list' => [ >> 'Name', >> 'EmailAddress', >> ], >> 'attr_map' => { >> 'Name' => 'sAMAccountName', >> 'EmailAddress' => 'mail', >> 'Organization' => 'physicalDeliveryOfficeName', >> 'RealName' => 'cn', >> 'ExternalAuthId' => 'sAMAccountName', >> 'Gecos' => 'sAMAccountName', >> 'WorkPhone' => 'telephoneNumber', >> 'Address1' => 'streetAddress', >> 'City' => 'l', >> 'State' => 'st', >> 'Zip' => 'postalCode', >> 'Country' => >> 'co' >> }, >> }, >> } ); >> >> >> >> Set($WebRemoteuserAuth,1); >> Set($WebRemoteUserContinuous,1); >> Set($WebFallbackToRTLogin, undef); >> Set($WebRemoteUserGecos,1); >> Set($WebRemoteUserAutocreate,1); >> >> Set( $rtname, 'CompanyName RT' ); >> Set( $CommentAddress, '' ); >> Set( $CorrespondAddress, '' ); >> Set( $DatabaseHost, 'localhost' ); >> Set( $DatabaseName, 'rt_database' ); >> Set( $DatabasePassword, 'password' ); >> Set( $DatabasePort, '3306' ); >> Set( $DatabaseType, 'mysql' ); >> Set( $DatabaseUser, 'root' ); >> Set( $Organization, 'companyname.com' ); >> Set( $OwnerEmail, 'ow...@companyname.com' ); >> Set( $SendmailPath, 'usr/lib/sendmail' ); >> Set( $SendmailArguments, "-t"); >> Set( $MailCommand, "sendmail"); >> Set( $WebDomain, 'rt.servername.companyname.com' ); >> Set( $WebPort, '443' ); >> >> Set(%CustomFieldGroupings, >> 'RT::Ticket' => [ >> 'Basics' => ['Trigger Code'] >> ] >> ); >> Set($CanonicalizeRedirectURLs, 0); >> 1; >> >> >> >> ------------------------------ >> *From:* Lush, Aaron <al...@scentral.k12.in.us> >> *Sent:* Thursday, May 5, 2016 10:49 AM >> *To:* t s >> *Cc:* rt-users@lists.bestpractical.com >> *Subject:* Re: [rt-users] LDAP External Auth intermittent failure >> >> Would you please post your LDAP configuration in RT_SiteConfig.pm? >> Omitting any sensitive information, of course. >> >> Sincerely, >> >> Aaron Lush >> Network Administrator >> South Central Community School Corporation >> (219) 767-2266 ext. 1111 >> >> On Thu, May 5, 2016 at 8:15 AM, t s <zzz...@hotmail.com> wrote: >> >>> Getting an intermittent "RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj >>> Can't bind: LDAP_INVALID_CREDENTIALS 49" error very similar to: >>> http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html >>> . >>> >>> >>> <http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html> >>> LDAP External Auth intermittent failure - RequestTracker >>> <http://requesttracker.8502.n7.nabble.com/LDAP-External-Auth-intermittent-failure-td58611.html> >>> requesttracker.8502.n7.nabble.com >>> LDAP External Auth intermittent failure. I'm using RT-4.2.7 installed >>> from source, on ubuntu 14.04LTS. I've been trying to get the External Auth >>> (0.23) extension ... >>> >>> Almost daily the External Auth will randomly start getting the binding >>> error above and stop accepting LDAP logins, a simple restart of RT fixes >>> the problem. I'm using External Auth 0.25 and RT 4.2.12. The only >>> suggestion in the post above is to update RT but these are both recent >>> stable versions. >>> >>> >>> Anyone ran into this problem? Is it an RT_SiteConfig problem? I >>> wouldn't think so since it works for around 24 hours and then >>> stops. Could it be some kind of network connectivity problem? >>> >>> --------- >>> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training >>> * Washington DC - May 23 & 24, 2016 >>> >>> >> >> Email Confidentiality Notice: This email message, including all >> attachments, is for the sole use of the intended recipient(s) and contains >> confidential information. If you are not the intended recipient, you may >> not use, disclose, print, copy or disseminate this information. Please >> reply and notify the sender, delete the message and any attachments and >> destroy all copies. >> > > > Email Confidentiality Notice: This email message, including all > attachments, is for the sole use of the intended recipient(s) and contains > confidential information. If you are not the intended recipient, you may > not use, disclose, print, copy or disseminate this information. Please > reply and notify the sender, delete the message and any attachments and > destroy all copies. > > --------- > RT 4.4 and RTIR Training Sessions https://bestpractical.com/training > * Washington DC - May 23 & 24, 2016 > >
--------- RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016