[rt-users] Ldap Authentication setup question

Michael Mollard MollardM at mbc.qld.edu.au
Thu Oct 23 00:41:25 EDT 2008


Mike,
As part of my troubleshooting process, I have tried to wipe my rt installation and restart (I'm testing on a local VM, so not a  big deal).
I have deleted my <$RT_HOME> (/srv/www/vhosts/rt.mbc.qld.edu.au/*).  Is that enough to reinstall from scratch or are there other things which should be 'tidied up'?

My Reinstall Process:
-installed rt3.8.1 as per instructions
-make initialize-database
-restarted apache2

(tested login as root/password, all works ok)

-Installed RT-Authen-ExternalAuth-0.06_02
-restarted apache
(left my RT_SiteConfig.pm unmodified to test 'local only' root/password again - still works fine)
Modified my RT_SiteConif.pm file with :

Set( @Plugins,(qw(RT::Authen::ExternalAuth)));

Set($ExternalAuthPriority,  [ 'My_LDAP' ] );
Set($ExternalInfoPriority,  [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    0);
Set($ExternalSettings,      {   'My_LDAP'       =>  {   
                                                        'type'                      =>  'ldap',
                                                        'auth'                      =>  1,
                                                        'info'                      =>  1,
                                                        'server'                    =>  'ldap.mbc.qld.edu.au',
                                                        #'user'                     =>  'cn=ldaphelpdesk,ou=ldap,ou=lab,o=mbc',
                                                        #'pass'                     =>  '',
                                                        'base'                      =>  'ou=lab,o=mbc',
                                                        'filter'                    =>  '(objectClass=Person)',
                                                        #'d_filter'                  =>  '(FILTER_STRING)',
                                                        'tls'                       =>  0,
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        'group'                     =>  'cn=GRP_Staff,ou=lab,o=mbc',
                                                        'group_attr'                =>  'groupMembership',
                                                        'attr_match_list'           => [    'Name',
                                                                                            'EmailAddress' 
                                                                                        ],
                                                        'attr_map'                  =>  {   'Name' => 'cn',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'l',
                                                                                            'RealName' => 'cn',
                                                                                            'ExternalAuthId' => 'cn',
                                                                                            #'Gecos' => 'sAMAccountName',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    }
                                }
);

-restarted apache
-tested root/password (which should work as a local account)
I get this error in the browser:
RT::User::UpdateFromExternal Unimplemented in HTML::Mason::Commands. (/srv/www/vhosts/rt.mbc.qld.edu.au/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth line 73)

If I go to http://rt.mbc.qld.edu.au (my default rt home), I go straight to the dashboard, already logged in as root.  
 
If I logout and try and login as a valid ldap user (bogust/bogust - see log below) I get this error in the browser:
Can't call method "Disabled" on an undefined value at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/User_Overlay.pm line 971.
(If I go to http://rt.mbc.qld.edu.au ( http://rt.mbc.qld.edu.au/ ) (my default rt home), I get the login screen)


 
This is my rt.log:
Trace begun at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT.pm line 289
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x8244f698)', 'Transaction->Create couldn\'t, as you didn\'t specify an object type and id') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/Record.pm line 1439
RT::Record::_NewTransaction('RT::User=HASH(0x825b74ac)', 'Type', 'Set', 'Field', 'Name', 'NewValue', 'bogust', 'OldValue', undef, 'TimeTaken', undef) called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/User_Overlay.pm line 1496
RT::User::_Set('RT::User=HASH(0x825b74ac)', 'Field', 'Name', 'Value', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/DBIx/SearchBuilder/Record.pm line 440
DBIx::SearchBuilder::Record::__ANON__('RT::User=HASH(0x825b74ac)', 'bogust') called at /srv/www/vhosts/rt.mbc.qld.edu.au/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth line 32
HTML::Mason::Commands::__ANON__('pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x825b7608)', 'pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1279
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1274
HTML::Mason::Request::comp(undef, undef, 'pass', 'bogust', 'user', 'bogust') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/Interface/Web/Request.pm line 176
RT::Interface::Web::Request::callback('RT::Interface::Web::Request=HASH(0x824a971c)', 'pass', 'bogust', 'user', 'bogust', 'CallbackName', 'Auth') called at /srv/www/vhosts/rt.mbc.qld.edu.au/share/html/autohandler line 253
HTML::Mason::Commands::__ANON__('pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x815f3550)', 'pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1279
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1274
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 473
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 473
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 425
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x824a971c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x824a971c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x80b26370)', 'Apache2::RequestRec=SCALAR(0x80fc77d4)') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/webmux.pl line 148
eval {...} at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/webmux.pl line 148
RT::Mason::handler('Apache2::RequestRec=SCALAR(0x80fc77d4)') called at -e line 0
eval {...} at -e line 0
[Thu Oct 23 06:12:34 2008] [error]: Couldn't get principal for not loaded object (/srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/User_Overlay.pm:1113)
Trace begun at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT.pm line 289
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x8244f698)', 'Couldn\'t get principal for not loaded object') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/User_Overlay.pm line 1113
RT::User::PrincipalObj('RT::User=HASH(0x825b74ac)') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/User_Overlay.pm line 971
RT::User::IsPassword('RT::User=HASH(0x825b74ac)', 'bogust') called at /srv/www/vhosts/rt.mbc.qld.edu.au/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth line 35
HTML::Mason::Commands::__ANON__('pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x825b7608)', 'pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1279
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1274
HTML::Mason::Request::comp(undef, undef, 'pass', 'bogust', 'user', 'bogust') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/Interface/Web/Request.pm line 176
RT::Interface::Web::Request::callback('RT::Interface::Web::Request=HASH(0x824a971c)', 'pass', 'bogust', 'user', 'bogust', 'CallbackName', 'Auth') called at /srv/www/vhosts/rt.mbc.qld.edu.au/share/html/autohandler line 253
HTML::Mason::Commands::__ANON__('pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x815f3550)', 'pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1279
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1274
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'bogust', 'user', 'bogust') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 473
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 473
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 425
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x824a971c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x824a971c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x80b26370)', 'Apache2::RequestRec=SCALAR(0x80fc77d4)') called at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/webmux.pl line 148
eval {...} at /srv/www/vhosts/rt.mbc.qld.edu.au/bin/webmux.pl line 148
RT::Mason::handler('Apache2::RequestRec=SCALAR(0x80fc77d4)') called at -e line 0
eval {...} at -e line 0
[Thu Oct 23 06:12:55 2008] [debug]: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/srv/www/vhosts/rt.mbc.qld.edu.au/var/data/gpg). PGP support has been disabled (/srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/Config.pm:276)
 
I was wondering if it is something I have done (can't figure out what that could be), or if the 'pre-release' 0.06.02 code has a bug.
 
I really do appreciate your time on this ..
 
Kind regards,
Michael.
 


 
 
Michael Mollard
Network Administrator
Moreton Bay College

mollardm at mbc.qld.edu.au
http://www.mbc.qld.edu.au ( http://www.mbc.qld.edu.au/ )
Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801 
Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au/ )


>>> Mike Peachey <mike.peachey at jennic.com> 23/10/2008 12:43 am >>>
Michael Mollard wrote:
> Hi all,
> I'm an RT newbie, so be gentle with me.
> 
> I have setup a functioning RT system (on SLES10sp2)

What version of RT?

> I have installed the RT::Authen::ExternalAuth 0.5.  This creates a <$RT_HOME>/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
> I have edited that file with the correct site-specific ldap stuff.  
> 
> Now, what do I need to add to my <$RT_Home>/etc/RT_SiteConfig.pm to activate the LDAP stuff?  Are there any other changes needed?

The file
$RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm is not
part of the installation, it simply contains examples for you to paste
into your $RTHOME/etc/RT_SiteConfig.pm file.

You can alternatively choose to put a line in your RT_SiteConfig to
"include" the example file instead of just copying the lines out of it.

> The wiki articles (http://wiki.bestpractical.com/view/ExternalAuth) are helpful to a point, but the Post-Install section (which is apparently the crux of the setup) is too vague for an RT newbie.

I've just read it again and the instructions seem fairly clear. If you
can advise what is confusing to you, perhaps we can make it better.

If you are using RT 3.8.x then I recommend using this ExternalAuth
0.06_002 instead of 0.05 as it is a pre-release candidate for RT3.8
compatibility. 0.05 was written before 3.8 came out and so requires
tweaking before it will work properly with 3.8 and later.

You can get it here:
http://www.cpan.org/authors/id/F/FA/FALCONE/RT-Authen-ExternalAuth-0.06_02.tar.gz

-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________

--------------------------------------------------------------------------------
Disclaimer: Whilst every attempt has been made to ensure that material contained in this email is free from computer viruses or other defects, the attached files are provided, and may only be used, on the basis that the user assumes all responsibility for use of the material transmitted. This email is intended only for the use of the individual or entity names above and may contain information that is confidential and privileged. If you are not the intended recipient, please note that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone 07 3390 8555 and destroy the original message. The contents of this message are provided without responsibility in law for their accuracy or otherwise, and without assumption of a duty of care by the School.
--------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081023/8fa4dfac/attachment.htm>


More information about the rt-users mailing list