[rt-users] RT 3.6.5 Setup / LDAP
David ROBERT
drobert at generix.fr
Fri Oct 19 17:23:52 EDT 2007
Some more info about my LDAP troubles:
- I went through the RHEL4 + FastCGI Install guide. It works fine for
RHEL6 + RT 3.6.5 (some minor glitches but got it working properly in the
end).
- Once I checked that I could log into RT using accounts defined in RT I
proceeded with LDAP Auth using :
. LDAP Overlay (http://wiki.bestpractical.com/view/LdapOverlay)
. used the updated User_Local.pm
(http://www.justatheory.com/computers/programming/perl/rt/User_Local.pm.
ldap)
. chmode 755 the User_Local.pm and activated DEBUG (use constant DEBUG
=> 1)
. activated debug in my RT_SiteConfig.pm
. chmod 777 the /opt/rt3/var/log directory
When I try to log into RT using an ActiveDirectory account, I only get a
LOGIN FAILED messages from the autohandler, nothing else.
I checked all the LDAP info used with ldapsearch and I can properly
connected and browse LDAP. Note that I have to use the -x option for
LDAPSEARCH as other connection methods fail.
Any ideas?
Some info about my config:
tail of /etc/httpd/conf/httpd.conf
***************************************
<VirtualHost *:80>
ServerAdmin root
ServerName itsupport.generix.fr
DocumentRoot /opt/rt3/share/html/
AddDefaultCharset UTF-8
# Adding the following for RT (the ticket tracker)
AddHandler fastcgi-script .fcgi
<Directory "/opt/rt3/share/html">
Options FollowSymLinks ExecCGI
AllowOverride None
</Directory>
# Pass through requests to for noauth
Alias /NoAuth/images /opt/rt3/share/html/NoAuth/images
ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
LogLevel debug
</VirtualHost>
***************************************
RT_SiteConfig.pm
***************************************
# To check your SiteConfig file, use this comamnd:
# perl -c /path/to/your/etc/RT_SiteConfig.pm
Set($rtname, 'generix.fr');
Set($WebBaseURL, "http://itsupport.generix.fr:80");
Set($WebPath, "");
Set($LogToFile, 'debug');
Set($LogDir, '/opt/rt3/var/log');
Set($LogToFileNamed , "rt.log");
Set($LDAPExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 0);
Set($AutoCreate, {Privileged => 1});
# Map RT attributes to LDAP attributes
# The mapping below is known to work in Windows 2003 w/Active Directory
Set( $LdapAttrMap, {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalContactInfoId' => 'dn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'HomePhone' => 'homePhone',
'WorkPhone' => 'telephoneNumber',
'MobilePhone' => 'mobile',
'PagerPhone' => 'pager',
'Address1' => 'streetAddress',
'Address2' => 'postOfficeBox',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co',
'FreeformContactInfo' => 'info',
});
# A list of RT attrs which can uniquely identify a user,
# ordered from most to least preferred.
Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
'EmailAddress', 'RealName',
'WorkPhone', 'Address2']
);
# A list of LDAP attrs to examine when canonicalizing email addresses,
# ordered from most to least preferred
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
'mailAlternateAddress']
);
Set($LdapServer, 'hydrogene.generix.fr');
Set($LdapUser, 'CN=TheLdapUser,OU=TheMainUsersOU,DC=generix,DC=fr');
Set($LdapPass, 'ThePassForLdapUser');
Set($LdapBase, 'OU=TheMainUsersOU,DC=generix,DC=fr');
Set(LdapUidAttr, 'sAMAccountName');
Set($LdapFilter, '(objectclass=*)');
Set($LdapTLS, 0);
#$LdapGroup ="cn=RT,ou=Group,dc=example,dc=com";
#$LdapGroupAttribute = 'uniqueMember';
#$LdapSSLVersion = 3;
1;
***************************************
/var/log/httpd/error_log after HTTPD restart and failed login
***************************************
[Fri Oct 19 23:07:01 2007] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Fri Oct 19 23:07:01 2007] [warn] module fastcgi_module is already
loaded, skipping
[Fri Oct 19 23:07:01 2007] [notice] Digest: generating secret for digest
authentication ...
[Fri Oct 19 23:07:01 2007] [notice] Digest: done
[Fri Oct 19 23:07:01 2007] [notice] FastCGI: process manager initialized
(pid 3212)
[Fri Oct 19 23:07:01 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3213)
[Fri Oct 19 23:07:02 2007] [notice] mod_python: Creating 4 session
mutexes based on 256 max processes and 0 max threads.
[Fri Oct 19 23:07:02 2007] [notice] Apache/2.2.3 (Red Hat) configured --
resuming normal operations
[Fri Oct 19 23:07:02 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3223)
[Fri Oct 19 23:07:03 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3227)
[Fri Oct 19 23:07:04 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3228)
[Fri Oct 19 23:07:06 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3231)
[Fri Oct 19 23:07:07 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3234)
[Fri Oct 19 23:07:08 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3235)
[Fri Oct 19 23:07:09 2007] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 3239)
[Fri Oct 19 23:07:42 2007] [error] [client XXX.XXX.XXX.XXX] FastCGI:
server "/opt/rt3/bin/mason_handler.fcgi" stderr: [Fri Oct 19 21:07:42
2007] [error]: FAILED LOGIN for infointerne from XXX.XXX.XXX.XXX
(/opt/rt3/share/html/autohandler:251), referer:
http://itsupport.generix.fr/
***************************************
Notice how the 2 error lines are merged in one... dunno why
>From the look of it, the LDAP User_Local.pm file is not used. dunno why
/opt/rt3/var/log/rt.log after failed login
***************************************
[Fri Oct 19 21:07:42 2007] [error]: FAILED LOGIN for infointerne from
XXX.XXX.XXX.XXX (/opt/rt3/share/html/autohandler:251)
***************************************
RT System Config (warning... very long)
***************************************
Perl v5.8.8 under linux
Apache::Session v1.84;
Apache::Session::Generate::MD5 v2.1;
Apache::Session::Lock::MySQL v1.00;
Apache::Session::MySQL v1.01;
Apache::Session::Serialize::Storable v1.01;
Apache::Session::Store::DBI v1.02;
Apache::Session::Store::MySQL v1.04;
AutoLoader v5.60;
base v2.07;
bytes v1.02;
Cache::Simple::TimedExpiry v0.27;
capitalization v0.03;
Carp v1.04;
CGI v3.29;
CGI::Cookie v1.28;
CGI::Fast v1.07;
CGI::Util v1.5;
Class::Container v0.12;
Class::Data::Inheritable v0.06;
Class::ReturnValue v0.55;
Clone v0.28;
constant v1.05;
Convert::ASN1 v0.21;
Cwd v3.25;
Data::Dumper v2.121_08;
Date::Format v2.22;
Date::Parse v2.27;
DBD::mysql v3.0007;
DBI v1.59;
DBIx::SearchBuilder v1.49;
DBIx::SearchBuilder::Union v0;
DBIx::SearchBuilder::Unique v0.01;
Devel::StackTrace v1.15;
Devel::StackTraceFrame v0.6;
Devel::Symdump v2.08;
Digest::base v1.00;
Digest::MD5 v2.36;
DynaLoader v1.05;
Encode v2.12;
Encode::Alias v2.04;
Encode::Config v2.01;
Encode::Encoding v2.02;
Errno v1.1;
Exception::Class v1.23;
Exception::Class::Base v1.2;
Exporter v5.58;
Exporter::Heavy v5.58;
FCGI v0.67;
Fcntl v1.05;
File::Basename v2.74;
File::Glob v1.05;
File::Path v1.08;
File::Spec v3.25;
File::Spec::Unix v1.5;
File::Temp v0.18;
FileHandle v2.01;
HTML::Element v3.23;
HTML::Entities v1.35;
HTML::Formatter v2.04;
HTML::FormatText v2.04;
HTML::Mason v1.37;
HTML::Mason::CGIHandler v1.00;
HTML::Mason::Exception v1.1;
HTML::Mason::Exception::Abort v1.1;
HTML::Mason::Exception::Compilation v1.1;
HTML::Mason::Exception::Compilation::IncompatibleCompiler v1.1;
HTML::Mason::Exception::Compiler v1.1;
HTML::Mason::Exception::Decline v1.1;
HTML::Mason::Exception::Params v1.1;
HTML::Mason::Exception::Syntax v1.1;
HTML::Mason::Exception::System v1.1;
HTML::Mason::Exception::TopLevelNotFound v1.1;
HTML::Mason::Exception::VirtualMethod v1.1;
HTML::Mason::Exceptions v1.43;
HTML::Parser v3.55;
HTML::Scrubber v0.08;
HTML::Tagset v3.10;
HTML::TreeBuilder v3.23;
HTTP::Date v1.47;
I18N::LangTags v0.35;
integer v1.00;
IO v1.22;
IO::File v1.13;
IO::Handle v1.25;
IO::InnerFile v2.110;
IO::Lines v2.110;
IO::ScalarArray v2.110;
IO::Seekable v1.1;
IO::Select v1.17;
IO::Socket v1.29;
IO::Socket::INET v1.29;
IO::Socket::UNIX v1.22;
IO::WrapTie v2.110;
IPC::Open2 v1.02;
IPC::Open3 v1.02;
lib v0.5565;
List::Util v1.19;
Locale::Maketext v1.10;
Locale::Maketext::Fuzzy v0.10;
Locale::Maketext::Lexicon v0.64;
Locale::Maketext::Lexicon::Gettext v0.15;
Log::Dispatch v2.18;
Log::Dispatch::Base v1.09;
Log::Dispatch::File v1.22;
Log::Dispatch::Output v1.26;
Log::Dispatch::Screen v1.17;
Log::Dispatch::Syslog v1.18;
Mail::Address v1.77;
Mail::Field v1.77;
Mail::Field::AddrList v1.77;
Mail::Field::Date v1.77;
Mail::Header v1.77;
Mail::Internet v1.77;
MIME::Base64 v3.07;
MIME::Body v5.423;
MIME::Decoder v5.423;
MIME::Entity v5.423;
MIME::Field::ContDisp v5.423;
MIME::Field::ConTraEnc v5.423;
MIME::Field::ContType v5.423;
MIME::Field::ParamVal v5.423;
MIME::Head v5.423;
MIME::Parser v5.423;
MIME::QuotedPrint v3.07;
MIME::Tools v5.423;
MIME::Words v5.423;
Module::Versions::Report v1.03;
Net::LDAP v0.34;
Net::LDAP::ASN v0.04;
Net::LDAP::Constant v0.04;
Net::LDAP::Filter v0.15;
Net::LDAP::Message v1.09;
Net::LDAP::Util v0.11;
overload v1.04;
Params::Validate v0.88;
POSIX v1.09;
re v0.05;
Regexp::Common v2.120;
Regexp::Common::delimited v2.104;
RT v3.6.5;
RT::Interface::Email v2;
Scalar::Util v1.19;
SelectSaver v1.01;
Socket v1.78;
Storable v2.16;
strict v1.03;
Symbol v1.06;
Sys::Syslog v0.13;
Text::Template v1.44;
Text::Wrapper v1.01;
Tie::Hash v1.02;
Time::HiRes v1.9708;
Time::JulianDay v2003.1125;
Time::Local v1.11;
Time::ParseDate v2006.0814;
Time::Timezone v2006.0814;
Time::Zone v2.22;
UNIVERSAL v1.01;
UNIVERSAL::require v0.11;
URI v1.35;
URI::Escape v3.28;
utf8 v1.06;
vars v1.01;
warnings v1.05;
warnings::register v1.01;
XSLoader v0.06;
Variables de RT
RT::AmbiguousDayInPast 1
RT::BasePath /opt/rt3
RT::BinPath /opt/rt3/bin
RT::CORE_CONFIG_FILE /opt/rt3/etc/RT_Config.pm
RT::CommentAddress RT_CommentAddressNotSet
RT::CorrespondAddress RT_CorrespondAddressNotSet
RT::DatabaseHost localhost
RT::DatabaseName rt3
RT::DatabasePassword Password not printed
RT::DatabaseRTHost localhost
RT::DatabaseType mysql
RT::DatabaseUser rt_user
RT::DateDayBeforeMonth 1
RT::DefaultSearchResultFormat '<B><A
HREF="/Ticket/Display.html?id=__id__">__id__</a></B>/TITLE:#', '<B><A
HREF="/Ticket/Display.html?id=__id__">__Subject__</a></B>/TITLE:Subject'
, Status, QueueName, OwnerName, Priority, '__NEWLINE__', '',
'<small>__Requestors__</small>', '<small>__CreatedRelative__</small>',
'<small>__ToldRelative__</small>',
'<small>__LastUpdatedRelative__</small>', '<small>__TimeLeft__</small>'
RT::DefaultSummaryRows 10
RT::EmailOutputEncoding utf-8
RT::EtcPath /opt/rt3/etc
RT::FriendlyFromLineFormat "%s via RT" <%s>
RT::FriendlyToLineFormat "%s of generix.fr Ticket #%s":;
RT::LDAPExternalAuth 1
RT::LdapBase OU=TheMainUsersOU,DC=generix,DC=fr
RT::LdapExternalInfo 1
RT::LdapFilter (objectclass=*)
RT::LdapPass ThePassForLdapUser
RT::LdapServer hydrogene.generix.fr
RT::LdapUser CN=TheLdapUser,OU=TheMainUsersOU,DC=generix,DC=fr
RT::LocalEtcPath /opt/rt3/local/etc
RT::LocalLexiconPath /opt/rt3/local/po
RT::LocalPath /opt/rt3/local
RT::LogDir /opt/rt3/var/log
RT::LogToFile debug
RT::LogToFileNamed rt.log
RT::LogToScreen error
RT::LogToSyslog debug
RT::LogoURL /NoAuth/images/bplogo.gif
RT::LoopsToRTOwner 1
RT::MailCommand sendmailpipe
RT::MasonComponentRoot /opt/rt3/share/html
RT::MasonDataDir /opt/rt3/var/mason_data
RT::MasonLocalComponentRoot /opt/rt3/local/html
RT::MasonSessionDir /opt/rt3/var/session_data
RT::MaxAttachmentSize 10000000
RT::MaxInlineBody 13456
RT::MessageBoxWidth 72
RT::MessageBoxWrap HARD
RT::MinimumPasswordLength 5
RT::OldestTransactionsFirst 1
RT::Organization example.com
RT::OwnerEmail root
RT::RTAddressRegexp ^rt\@example.com$
RT::RecordOutgoingEmail 1
RT::RedistributeAutoGeneratedMessages privileged
RT::SITE_CONFIG_FILE /opt/rt3/etc/RT_SiteConfig.pm
RT::SendmailArguments -oi -t
RT::SendmailBounceArguments -f "<>"
RT::SendmailPath /usr/sbin/sendmail
RT::ShowTransactionImages 1
RT::StrictLinkACL 1
RT::Timezone US/Eastern
RT::UseFriendlyFromLine 1
RT::VERSION 3.6.5
RT::VarPath /opt/rt3/var
RT::WebBaseURL http://itsupport.generix.fr:80
RT::WebDefaultStylesheet 3.5-default
RT::WebFlushDbCacheEveryRequest 1
RT::WebImagesURL /NoAuth/images/
RT::WebPort 80
RT::WebURL http://itsupport.generix.fr:80/
RT::rtname generix.fr
Configuration de Perl
Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
Platform:
osname=linux, osvers=2.6.9-34.elsmp,
archname=i386-linux-thread-multi
uname='linux hs20-bc2-2.build.redhat.com 2.6.9-34.elsmp #1 smp fri
feb 24 16:56:28 est 2006 i686 i686 i386 gnulinux '
config_args='-des -Doptimize=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables -Dversion=5.8.8 -Dmyhostname=localhost
-Dperladmin=root at localhost -Dcc=gcc -Dcf_by=Red Hat, Inc.
-Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux
-Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads
-Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db
-Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio
-Dinstallusrbinperl=n -Ubincompat5005 -Uversiononly
-Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto -Ud_endhostent_r_proto
-Ud_sethostent_r_proto -Ud_endprotoent_r_proto -Ud_setprotoent_r_proto
-Ud_endservent_r_proto -Ud_setservent_r_proto -Dinc_version_list=5.8.7
5.8.6 5.8.5 -Dscriptdir=/usr/bin'
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing
-pipe -Wdeclaration-after-statement -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=generic -fasynchronous-unwind-tables',
cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe
-Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='4.1.1 20060928 (Red Hat 4.1.1-28)',
gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread
-lc
perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version='2.5'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
-Wl,-rpath,/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE'
cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables -L/usr/local/lib'
***************************************
More information about the rt-users
mailing list