[rt-users] Ldap Authentication setup question

Eli Altman eli at gmnameplate.com
Wed Oct 22 19:47:06 EDT 2008


This sounds like you need the User_Vendor patch.. I know it's been known to work with earlier versions of the ExternalAuth, but is it still needed for the newest version?

http://www.gossamer-threads.com/lists/rt/users/77139?search_string=ldap%25

I imagine Mike will be back with words of advice, but may as well make a backup and give this a shot.


Elias

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Michael Mollard
Sent: Wednesday, October 22, 2008 4:10 PM
To: mike.peachey at jennic.com; RT Users
Subject: Re: [rt-users] Ldap Authentication setup question

Thanks for the assistance.
I have downloaded and installed the latest version of RT-Authen-ExternalAuth-0.06_02, with RT 3.8.1(latest)
I seem to have gotten a step further, but still have some issues.

When I try and authenticate with an ldap account, my browser reports:
"Can't call method "Disabled" on an undefined value at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../local/lib/RT/User_Vendor.pm line 351, line 273."

and my ./var/log/rt.log says:
[Thu Oct 23 00:11:07 2008] [warning]: Transaction->Create couldn't, as you didn't specify an object type and id (/srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/Record.pm:1439)
[Thu Oct 23 00:11:07 2008] [error]: Couldn't get principal for not loaded object (/srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/User_Overlay.pm:1113)

It seems to be connectiong to my ldap, (which was more than it was doing) but fails soon after.  Am I missing something?

Here is my RT_Siteconfig.pm

Set( $rtname, 'mbc.qld.edu.au');
Set($LogToSyslog    , 'debug');
Set($LogToScreen    , 'debug');
Set($LogToFile      , 'debug');
Set($LogDir, 'var/log');
Set($LogToFileNamed , "rt.log");    #log to rt.log

#Set(@Plugins,(qw(Extension::QuickDelete)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority,  [ 'My_LDAP' ] );
Set($ExternalInfoPriority,  [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    0);
Set($ExternalSettings,      {   'My_LDAP'       =>  {
                                                        'type'                      =>  'ldap',
                                                        'auth'                      =>  1,
                                                        'info'                      =>  1,
                                                        'server'                    =>  'ldap.mbc.qld.edu.au',
                                                        #'user'                     =>  'ldaphelpdesk',
                                                        #'pass'                     =>  'rt_ldap_password',
                                                        'base'                      =>  'ou=lab,o=mbc',
                                                        'filter'                    =>  '(objectClass=inetOrgPerson)',
                                                        #'d_filter'                  =>  '(FILTER_STRING)',
                                                        'tls'                       =>  0,
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        'group'                     =>  'cn=GRP_Staff,ou=lab,o=mbc',
                                                        'group_attr'                =>  'groupMembership',
                                                        'attr_match_list'           => [    'Name',
                                                                                            'EmailAddress',
                                                                                            #'RealName',
                                                                                            #'WorkPhone',
                                                                                            #'Address2'
                                                                                       ],
                                                        'attr_map'                  =>  {   'Name' => 'cn',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'l',
                                                                                            'RealName' => 'cn',
                                                                                            #'ExternalAuthId' => 'sAMAccountName',
                                                                                            #'Gecos' => 'sAMAccountName',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    }
                                }
);
1;


Thanks.
Michael.







Michael Mollard
Network Administrator
Moreton Bay College
mollardm at mbc.qld.edu.au
http://www.mbc.qld.edu.au
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )


>>> Mike Peachey <mike.peachey at jennic.com> 23/10/2008 12:43 am >>>
Michael Mollard wrote:
> Hi all,
> I'm an RT newbie, so be gentle with me.
>
> I have setup a functioning RT system (on SLES10sp2)

What version of RT?

> I have installed the RT::Authen::ExternalAuth 0.5.  This creates a <$RT_HOME>/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
> I have edited that file with the correct site-specific ldap stuff.
>
> Now, what do I need to add to my <$RT_Home>/etc/RT_SiteConfig.pm to activate the LDAP stuff?  Are there any other changes needed?

The file
$RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm is not
part of the installation, it simply contains examples for you to paste
into your $RTHOME/etc/RT_SiteConfig.pm file.

You can alternatively choose to put a line in your RT_SiteConfig to
"include" the example file instead of just copying the lines out of it.

> The wiki articles (http://wiki.bestpractical.com/view/ExternalAuth) are helpful to a point, but the Post-Install section (which is apparently the crux of the setup) is too vague for an RT newbie.

I've just read it again and the instructions seem fairly clear. If you
can advise what is confusing to you, perhaps we can make it better.

If you are using RT 3.8.x then I recommend using this ExternalAuth
0.06_002 instead of 0.05 as it is a pre-release candidate for RT3.8
compatibility. 0.05 was written before 3.8 came out and so requires
tweaking before it will work properly with 3.8 and later.

You can get it here:
http://www.cpan.org/authors/id/F/FA/FALCONE/RT-Authen-ExternalAuth-0.06_02.tar.gz

--
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales at bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com



More information about the rt-users mailing list