Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi,
After many searches, it works for some of my users and don't work for some
others.
Is it possible that parameter $RTAddressRegexp interfers with
RT::Authen::ExternalAuth
?
On Active directory side no error, only successes logs.
Do you no about any other debug options I could use ?
Thanks
On Wed, Aug 21, 2013 at 12:33 PM, Maximilien Drouet mdro...@randco.frwrote:
Hi Nathan,
After many searchs with your help and our AD Administrator we found that
the account was not authorized.
I was given another one and now, command line binds and authenticate well
but no chance with RT. Here is the command line
ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D
'mydomain\ldapuser' -W -b ou=FR,dc=mydomain,dc=local uid=mysuer
and the output.
dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users
Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
v
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Firstname Lastname
sn: Lastname
c: FR
l: city
title: myTitle
postalCode: Zipcode
physicalDeliveryOfficeName: z - y - x
telephoneNumber: myTelephonenumber
givenName: FirstName
distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users
Clients,OU=mydomain,OU=FR,
DC=mydomain,DC=local
instanceType: 4
whenCreated: 20100701014148.0Z
whenChanged: 20130821001737.0Z
displayName: Firstname Lastname
uSNCreated: 73679
memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
memberOf:
CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
uSNChanged: 10019507
co: FRANCE
department: z - y - x
streetAddress: myaddress
name: Firstname Lastname
objectGUID:: l8cI/GO3KEOyA0E8neccKA==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 250
badPasswordTime: 130215493735596806
lastLogoff: 0
lastLogon: 130214762950697235
pwdLastSet: 130214610102266437
primaryGroupID: 513
objectSid:: AQUAAAUVEQz3vwuoUpdtKTGZJPEAAA==
accountExpires: 1302513840
logonCount: 197
sAMAccountName: mysuer
sAMAccountType: 805306368
userPrincipalName: mymail
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dSCorePropagationData: 20130524093118.0Z
dSCorePropagationData: 20130523093743.0Z
dSCorePropagationData: 1601010101.0Z
lastLogonTimestamp: 130214610103032919
uid: mysuer
mail: mymail
I'm quite confused with the RT configuration file and it's option, even
looking at the documentation I'm a litte bit lost, maybe the problem is
there.
Here is the RT_Config extract
# External Authentication Configuration
Set($ExternalAuthPriority, [ 'My_LDAP']);
Set($ExternalInfoPriority, [ 'My_LDAP']);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
'My_LDAP' = {
'type' = 'ldap',
'server'= 'myserver.mydomain.local',
'user' = 'ldapaccount',
'pass' = 'ldapaccountpassword',
'base' = 'ou=FR,dc=mydomain,dc=local',
'filter'=
'((ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'group' = 'OU=Users
Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
'group_attr'= 'member',
'tls' = 0,
'ssl_version' = 3,
'net_ldap_args' = [version = 3 ],
'group_scope' = 'base',
'group_attr_value' = '*',
'attr_match_list' = ['Name'],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );
Any other Idea ?
--
Regards
Maximilien
--
Regards
Maximilien
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi Is it possible that parameter $RTAddressRegexp interfers with RT::Authen::ExternalAuth ? I doubt it. On Active directory side no error, only successes logs. Are you saying that a user attempts to log in, you see successful LDAP bind on the LDAP server, and RT login fails? If so, please send us the relevant debug-level RT log excerpt. Also the LDAP server log excerpt if possible. Do you no about any other debug options I could use ? I did notice that, after upgrading to RT 4.0.17 and ExternalAuth 0.12, I get much more detailed debug-level log messages for ExternalAuth. Hope this helps. Nathan
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi Nathan,
After many searchs with your help and our AD Administrator we found that
the account was not authorized.
I was given another one and now, command line binds and authenticate well
but no chance with RT. Here is the command line
ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D 'mydomain\ldapuser'
-W -b ou=FR,dc=mydomain,dc=local uid=mysuer
and the output.
dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users
Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
v
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Firstname Lastname
sn: Lastname
c: FR
l: city
title: myTitle
postalCode: Zipcode
physicalDeliveryOfficeName: z - y - x
telephoneNumber: myTelephonenumber
givenName: FirstName
distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users
Clients,OU=mydomain,OU=FR,
DC=mydomain,DC=local
instanceType: 4
whenCreated: 20100701014148.0Z
whenChanged: 20130821001737.0Z
displayName: Firstname Lastname
uSNCreated: 73679
memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
memberOf:
CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
uSNChanged: 10019507
co: FRANCE
department: z - y - x
streetAddress: myaddress
name: Firstname Lastname
objectGUID:: l8cI/GO3KEOyA0E8neccKA==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 250
badPasswordTime: 130215493735596806
lastLogoff: 0
lastLogon: 130214762950697235
pwdLastSet: 130214610102266437
primaryGroupID: 513
objectSid:: AQUAAAUVEQz3vwuoUpdtKTGZJPEAAA==
accountExpires: 1302513840
logonCount: 197
sAMAccountName: mysuer
sAMAccountType: 805306368
userPrincipalName: mymail
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dSCorePropagationData: 20130524093118.0Z
dSCorePropagationData: 20130523093743.0Z
dSCorePropagationData: 1601010101.0Z
lastLogonTimestamp: 130214610103032919
uid: mysuer
mail: mymail
I'm quite confused with the RT configuration file and it's option, even
looking at the documentation I'm a litte bit lost, maybe the problem is
there.
Here is the RT_Config extract
# External Authentication Configuration
Set($ExternalAuthPriority, [ 'My_LDAP']);
Set($ExternalInfoPriority, [ 'My_LDAP']);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
'My_LDAP' = {
'type' = 'ldap',
'server'= 'myserver.mydomain.local',
'user' = 'ldapaccount',
'pass' = 'ldapaccountpassword',
'base' = 'ou=FR,dc=mydomain,dc=local',
'filter'=
'((ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'group' = 'OU=Users
Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
'group_attr'= 'member',
'tls' = 0,
'ssl_version' = 3,
'net_ldap_args' = [version = 3 ],
'group_scope' = 'base',
'group_attr_value' = '*',
'attr_match_list' = ['Name'],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );
Any other Idea ?
--
Regards
Maximilien
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi You are right, i'm using RT::Authen::ExternalAuth. It binds because i receive all aditional fields and even creates the user with those . The problem is really focused on authentication step and i can't understand why :(
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
It binds because i receive all aditional fields and even creates the user with those . Yes, it binds, but anonymously. All the information fields are first retrieved that way. Only then does the authentication phase start, when it attempts to bind as the user with the password that the user enters in the login window. The problem is really focused on authentication step and i can't understand why :( Yes, so the question is (once again): can you bind *as the user* and *with the user's password* from the command line?
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hello, To be more specific, when i remove the user, at next login RT creates again the user with the right values ( i.e. Name, ZIP code, etc. ) but fails at authentication step. Here are the debug logs for that specific scenario. [Wed Jul 31 09:54:41 2013] [debug]: Loading new user ( myUser ) into current session (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:287) [Wed Jul 31 09:54:41 2013] [debug]: Password validation required for service - Executing... (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:304) [Wed Jul 31 09:54:41 2013] [debug]: Trying external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:153) Regards On Tue, Jul 30, 2013 at 3:23 PM, Maximilien Drouet mdro...@randco.frwrote: Hi, Unfortunately same problem with this filter :( Regarding the address I tried many times, even fresh install :( Same problem. On Mon, Jul 29, 2013 at 3:37 PM, Nathan Cutler presnyprek...@gmail.comwrote: Any other idea ? Yes. As Kevin indicated, I would start with your 'attr_match_list'. On your testing/development RT instance, try running it with just: 'attr_match_list' = [ 'Name' ], and see if the user can log in. Tell us what happens. Also, judging from the Couldn't create user myuser : Email address in use error I would guess some other user has that email address. Try searching for users with that email address in RT and tell us what you find. Good luck. Nathan -- Cordialement, Maximilien -- Maximilien
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
To be more specific, when i remove the user, at next login RT creates again the user with the right values ( i.e. Name, ZIP code, etc. ) but fails at authentication step. IIRC you are using RT::Authen::ExternalAuth, right? That extension authenticates by attempting to bind to the LDAP server with the credentials entered by the user. But before it tries to bind, it first looks up the user in LDAP anonymously. This is consistent with what you are seeing. Here's what I see in my log when a known user attempts to login and fails: Jul 30 11:09:56 myserv RT: My_LDAP AUTH FAILED myuser (can't bind: LDAP_INVALID_CREDENTIALS 49 ) (/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth/LDAP.pm:90) Jul 30 11:09:56 myserv RT: FAILED LOGIN for myuser from 10.120.5.61 (/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Web.pm:753) And this is the log when an unknown (to RT) user attempts to login and fails: Jul 29 13:06:44 myserv RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: myuser, Name: myuser, Privileged: (/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth.pm:665) Jul 29 13:06:45 myserv RT: Autocreated external user myuser ( 988 ) (/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth.pm:254) Jul 29 13:06:48 myserv RT: My_LDAP AUTH FAILED myuser (can't bind: LDAP_INVALID_CREDENTIALS 49 ) (/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth/LDAP.pm:90) Jul 29 13:06:48 myserv RT: FAILED LOGIN for myuser from 10.120.4.148 (/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Web.pm:753) Note that it first creates the user in RT. Only then does it attempt to bind. Now, in my case the bind fails because the user's credentials are wrong. But this is not the only possible failure modality. There are any number of reasons why bind might be failing. Can you bind to the LDAP server using the 'ldapsearch' command? If you can get bind to work that way, first, that would be a start. In my case, the successful ldapsearch command looked something like this: ldapsearch -LLL -H ldaps://login.example.com -x \ -D cn=myuser,ou=users,dc=example,dc=com -W \ -b ou=users,dc=example,dc=com uid=myuser (Note that you have to know myuser's password -- and enter it correctly -- for this to work.) Hope this helps. Nathan
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi, Unfortunately same problem with this filter :( Regarding the address I tried many times, even fresh install :( Same problem. On Mon, Jul 29, 2013 at 3:37 PM, Nathan Cutler presnyprek...@gmail.comwrote: Any other idea ? Yes. As Kevin indicated, I would start with your 'attr_match_list'. On your testing/development RT instance, try running it with just: 'attr_match_list' = [ 'Name' ], and see if the user can log in. Tell us what happens. Also, judging from the Couldn't create user myuser : Email address in use error I would guess some other user has that email address. Try searching for users with that email address in RT and tell us what you find. Good luck. Nathan -- Cordialement, Maximilien DROUET Consultant Systèmes Réseaux RANDCO, Cabinet de conseil en Réseau, Sécurité Systèmes 19 Rue Pierre LESCOT 75001 Paris Mob. 06.30.91.70.09 Fax. 01.72.74.44.01 http://www.randco.fr
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi, Yes the user is found and data retrieved correctly (i.e address, zip, etc. ) . Any other idea ? On Tue, Jul 23, 2013 at 11:19 AM, Maximilien Drouet mdro...@randco.frwrote: Hi, Let me try, i never used ldapsearch before so i need to check the syntax. On Tue, Jul 23, 2013 at 11:04 AM, Craig Ringer cr...@2ndquadrant.comwrote: On 07/04/2013 11:00 PM, Maximilien Drouet wrote: (((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser )) If you execute this LDAP search directly against your directory with the same base dn as given in the logs, does it find the user? -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training Services -- Cordialement, Maximilien DROUET
[rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Any other idea ? Yes. As Kevin indicated, I would start with your 'attr_match_list'. On your testing/development RT instance, try running it with just: 'attr_match_list' = [ 'Name' ], and see if the user can log in. Tell us what happens. Also, judging from the Couldn't create user myuser : Email address in use error I would guess some other user has that email address. Try searching for users with that email address in RT and tell us what you find. Good luck. Nathan
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hello, Anyone with an idea ? I've tried many times without any success. Thanks for your help. On Fri, Jul 5, 2013 at 4:18 PM, Maximilien Drouet mdro...@randco.fr wrote: Hi, Both AD RT have a user matching email Username. Regarding RealName, yes I read about it but in my case, real names are NEVER the same they use Kevin FALCONE, KEVIN A FALCONE, KEVIN B FALCONE, and so on. But yes you're right about what's documented. On Fri, Jul 5, 2013 at 4:14 PM, Kevin Falcone falc...@bestpractical.comwrote: On Thu, Jul 04, 2013 at 05:00:23PM +0200, Maximilien Drouet wrote: As you can see in the log output I successfully find the user BUT I have an error Couldn't create user myuser which I don't understand because YES user exists but I just want to authenticate not recreate a user. Does the user exist with a matching Email Address AND username? Or is the username different. Also, as documented, you probably shouldn't be using RealName here: 50 'attr_match_list' = [ 51 'Name', 52 'EmailAddress', 53 'RealName', 54 ], It means you can't have two users named Kevin Falcone in your RT. -kevin -- Max -- Cordialement, Maximilien DROUET Consultant Systèmes Réseaux RANDCO, Cabinet de conseil en Réseau, Sécurité Systèmes 19 Rue Pierre LESCOT 75001 Paris Mob. 06.30.91.70.09 Fax. 01.72.74.44.01 http://www.randco.fr
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi, Let me try, i never used ldapsearch before so i need to check the syntax. On Tue, Jul 23, 2013 at 11:04 AM, Craig Ringer cr...@2ndquadrant.comwrote: On 07/04/2013 11:00 PM, Maximilien Drouet wrote: (((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser )) If you execute this LDAP search directly against your directory with the same base dn as given in the logs, does it find the user? -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training Services -- Cordialement, Maximilien DROUET Consultant Systèmes Réseaux RANDCO, Cabinet de conseil en Réseau, Sécurité Systèmes 19 Rue Pierre LESCOT 75001 Paris Mob. 06.30.91.70.09 Fax. 01.72.74.44.01 http://www.randco.fr
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
On Thu, Jul 04, 2013 at 05:00:23PM +0200, Maximilien Drouet wrote: As you can see in the log output I successfully find the user BUT I have an error Couldn't create user myuser which I don't understand because YES user exists but I just want to authenticate not recreate a user. Does the user exist with a matching Email Address AND username? Or is the username different. Also, as documented, you probably shouldn't be using RealName here: 50 'attr_match_list' = [ 51 'Name', 52 'EmailAddress', 53 'RealName', 54 ], It means you can't have two users named Kevin Falcone in your RT. -kevin pgpHLwswIkEXa.pgp Description: PGP signature
Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hi, Both AD RT have a user matching email Username. Regarding RealName, yes I read about it but in my case, real names are NEVER the same they use Kevin FALCONE, KEVIN A FALCONE, KEVIN B FALCONE, and so on. But yes you're right about what's documented. On Fri, Jul 5, 2013 at 4:14 PM, Kevin Falcone falc...@bestpractical.comwrote: On Thu, Jul 04, 2013 at 05:00:23PM +0200, Maximilien Drouet wrote: As you can see in the log output I successfully find the user BUT I have an error Couldn't create user myuser which I don't understand because YES user exists but I just want to authenticate not recreate a user. Does the user exist with a matching Email Address AND username? Or is the username different. Also, as documented, you probably shouldn't be using RealName here: 50 'attr_match_list' = [ 51 'Name', 52 'EmailAddress', 53 'RealName', 54 ], It means you can't have two users named Kevin Falcone in your RT. -kevin -- Max
[rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD
Hello
I'm using version 4.0.13 of RT.
I'm trying to authenticate via an AD.
As you can see in the log output I successfully find the user BUT I have an
error Couldn't create user myuser which I don't understand because YES
user exists but I just want to authenticate not recreate a user.
Any Idea ?
You can find below either logs or configuration.
Debug Logs Output
[Thu Jul 4 09:59:08 2013] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:186)
[Thu Jul 4 09:59:08 2013] [debug]: Calling UserExists with $username
(myuser ) and $service (My_LDAP)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:227)
[Thu Jul 4 09:59:08 2013] [debug]: UserExists params:
username: 791286 , service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
[Thu Jul 4 09:59:08 2013] [debug]: LDAP Search === Base:
dc=mydomain,dc=local == Filter:
(((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser)) ==
Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
[Thu Jul 4 09:59:08 2013] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
675 with: Disabled: , EmailAddress: , Gecos: myuser , Name: myuser ,
Privileged:
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:572)
[Thu Jul 4 09:59:08 2013] [debug]: Attempting to get user info using this
external service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:580)
[Thu Jul 4 09:59:08 2013] [debug]: Attempting to use this canonicalization
key: Name
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:594)
[Thu Jul 4 09:59:08 2013] [debug]: LDAP Search === Base:
dc=mydomain,dc=local == Filter:
(((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser )) ==
Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)
[Thu Jul 4 09:59:08 2013] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City:
Paris, Country: France, Disabled: , EmailAddress: myaddr...@mydomain.com,
ExternalAuthId: myuser , Gecos: myuser , Name: myuser , Organization: ,
Privileged: , RealName: John DOE, State: , WorkPhone: myTel, Zip:
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:658)
[Thu Jul 4 09:59:08 2013] [error]: Couldn't create user myuser : Email
address in use
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:251)
[Thu Jul 4 09:59:08 2013] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:16)
[Thu Jul 4 09:59:08 2013] [error]: FAILED LOGIN for myuser from
XX.xxx.XXX.xx (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:753)
End Debug Logs Output
Configuration
# External Authentication Configuration
30 Set($ExternalAuthPriority, [ 'My_LDAP']);
31 Set($ExternalInfoPriority, [ 'My_LDAP']);
32
33 Set($ExternalSettings, {
34 # AN EXAMPLE LDAP SERVICE
35 'My_LDAP' = {
36 'type' = 'ldap',
37 'server'= 'myserver',
38 'user' = 'myuser',
39 'pass' = 'password',
40 'base' = 'dc=domain,dc=local',
41 'filter'=
'((ObjectCategory=User)(ObjectClass=Person))',
42 'd_filter' =
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
43 'group' = 'OU=Users
Clients,OU=MyPrincipalOU,OU=FR,DC=mydomain,DC=local',
44 'group_attr'= 'member',
45 'tls' = 0,
46 'ssl_version' = 3,
47 'net_ldap_args' = [version = 3 ],
48 'group_scope' = 'base',
49 'group_attr_value' = '*',
50 'attr_match_list' = [
51 'Name',
52 'EmailAddress',
53 'RealName',
54 ],
55 'attr_map' = {
56 'Name' = 'sAMAccountName',
57 'EmailAddress' = 'mail',
58 'Organization' = 'physicalDeliveryOfficeName',
59 'RealName' = 'cn',
60 'ExternalAuthId' = 'sAMAccountName',
61 'Gecos' = 'sAMAccountName',
62 'WorkPhone' = 'telephoneNumber',
63 'Address1' =
