[rt-users] Issues configuring RT::Authen::ExternalAuth
Carlos J. Velez-Rivera
cvelez at ckcomputingpr.com
Wed Apr 23 23:01:10 EDT 2008
Hello Mike,
Thanks for your answer. Sorry for the delay in getting back to you. I had to take care of a fire... Here is the RT_SiteConfig.pm file. I thought it could be related to a bad filter...
Thanks in advance for any pointers you might have!
Carlos
# RT_SiteConfig.pm
#
# These are the bits you absolutely *must* edit.
#
# To find out how, please read
# /usr/share/doc/request-tracker3.6/INSTALL.Debian
# THE BASICS:
Set($rtname, 'Universidad de Puerto Rico - GAE');
Set($Organization, 'upr.edu');
Set($CorrespondAddress , 'someone at upr.edu');
Set($CommentAddress , 'someone at upr.edu');
Set($Timezone , 'Venezuela/Caracas'); # obviously choose what suits you
# THE DATABASE:
# Added by carlos 20070629
Set($DatabaseHost, 'localhost');
Set($DatabaseRTHost, 'localhost');
Set($DatabaseType, 'Pg'); # e.g. Pg or mysql
# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.
Set($DatabaseUser , 'dbuser');
Set($DatabasePassword , 'dbuserpwd');
Set($DatabaseName , 'dbname');
# THE WEBSERVER:
Set($WebPath , "/rt");
Set($WebBaseURL , "http://localhost");
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, [ 'My_LDAP' ]
);
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
# Once user info is found, no more services are checked.
Set($ExternalInfoPriority, [ 'My_LDAP' ]
);
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 0);
# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
# Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'ldap',
# Should the service be used for authentication?
'auth' => 1,
# Should the service be used for information?
'info' => 1,
# The server hosting the service
'server' => 'upridldap.upr.edu',
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
#
# The username RT should use to connect to the LDAP server
'user' => 'admindn',
# The password RT should use to connect to the LDAP server
'pass' => 'adminpwd',
#
# The LDAP search base
'base' => 'ou=people,dc=upr,dc=edu',
# The filter to use to match RT-Users
'filter' => '(objectclass=*)',
# The filter that will only match disabled users
'd_filter' => '(eduPersonAffiliation=alumn)',
# Should we try to use TLS to encrypt connections?
'tls' => 0,
# What other args should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args' => [ version => 3 ],
# Does authentication depend on group membership? What group name?
'group' => '',
# What is the attribute for the group object that determines membership?
'group_attr' => '',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
'attr_match_list' => [ 'Name' ],
# The mapping of RT attributes on to LDAP attributes
'attr_map' => { 'Name' => 'uid',
'EmailAddress' => 'eduPersonPrincipalName',
'Organization' => 'eduPersonOrgDN',
'RealName' => 'displayName',
'ExternalAuthId' => 'uid',
'Gecos' => 'uid',
'WorkPhone' => '',
'Address1' => '',
'City' => '',
'State' => '',
'Zip' => '',
'Country' => ''
}
}
}
);
Set($LogToSyslog , 'debug');
Set($LogToScreen , 'debug');
Set($LogToFile , 'debug');
Set($LogDir, '/var/log/request-tracker3.6');
Set($LogToFileNamed , "rt.log"); #log to rt.log
Set($LogStackTraces , 0);
# Set($LogoURL , $WebImagesURL . "bplogo.gif");
#
1;
On Monday 21 April 2008 04:46:56 Mike Peachey wrote:
> Carlos J. Velez-Rivera wrote:
> > I have followed a recent thread in the list to setup LDAP authentication using
> > RT::Authen::ExternalAuth and it is kind of working, but the user doesn;t
> > actually get to use the system. The system just leaves the user at the login
> > page and nothing happens. Is it that I'm using a bad disabled account filter
> > or something?
> >
> > As an additional observation, I logged in as root after trying this out and
> > even though the logs say the account was created I could not find the user.
> >
> > Here is the log I get when I try to login carlos.velez99:
> >
> <snip>
>
> Your attr_map seems a little broken, although that shouldn't affect user
> creation. The cause of the problem seems related to this line:
>
> [Sat Apr 19 22:19:46 2008] [info]: Autocreated authenticated user
> carlos.velez99 ( )
>
> The empty parenthesis at the end of this line is supposed to contain the
> principal ID for the newly created user, which means that user creation
> didn't succeed.
>
> It's not clear what would cause that.
>
> Perhaps if you provided your RT_SiteConfig.pm we might be better able to
> work out what's going on..
>
--
Carlos J. Velez-Rivera
Manager
CK Computing Corporation
cvelez at ckcomputingpr.com
Voice: (787)464-1182
Fax: 866-910-4798
More information about the rt-users
mailing list