[rt-users] FW: Regular Authentication and ExternalAuth RT 3.8.1

Mike Peachey mike.peachey at jennic.com
Thu May 21 10:38:44 EDT 2009


Thu 21 May 2009 15:18:29 GMT
Eric Chatham wrote:
> I'm still having a problem with this.  Does anyone know how to get LDAP working on RT 3.8.2?  Thank you.

Absolutely.

> -----Original Message-----
> From: Eric Chatham
> Sent: Wednesday, May 20, 2009 14:55
> To: 'Eric Chatham'; RT-Users at lists.bestpractical.com
> Subject: RE: Regular Authentication and ExternalAuth RT 3.8.1
> 
> On Tuesday, May 20, 2009, Eric Chatham wrote:
> 
>> It appears that after I got Apache/MySql working previously, I am unable to login with the default username/password (root/password) to the web > interface.  I started a new topic for this.  I also tried adding settings in for ExternalAuth to the RT_SiteConfig.pm.  I am getting an @INC
>> error in Apache when I try restarting the service.  Even before I added the "External Authentication" variables, "LDAP" variables and the
>> "ExternalAuth" Plugin setting, I still could not login using root and password.

I think part of the problem may be that you seem to be mixing LDAP
implementations.

>>
>> /opt/rt3/etc/RT_SiteConfig.pm settings:
> 
> I fixed some of my problems.  I did two things to fix them, but I'm still stuck.
> 
> 1.  I copied my RT_SiteConfig.pm and Apache Config and re-ran the installation (./configure -> make testdeps -> make install).  I copied my saved RT_SiteConfig.pm and Apache config back to their original location.  I ran "make dropdb" to redo the database installation.  There wasn't anything in there before so I was aware of the warning of all data being lost.
> 
> This fixed the problem I was having trying to log onto the web interface with the defaults (root and password).  I would like to change this password, can anyone tell me how this is changed?  The README file didn't say how or where.
> 
>> APACHE ERROR_LOG:

You don't mention actually *installing* RT::Authen::ExternalAuth into
your RT install..

> 
> 2.  I partly fixed the problem I was having with LDAP.  First, I looked for the ./RT/Authen/ directory and copied it recursively over to /opt/rt3/bin.  This fixed the problem as far as the Module being included, but it did not fix the problem I'm having trying to use LDAP.

I totally don't see how that would work.. throwing random stuff into a
bin dir certainly would have no impact on getting it going..

This further makes me concerned that you might not have actually
installed the plugin at all.

> 
> So, here are examples of my problems after the fixings.  Could someone double check them for me?  Thank you once again for your assistance.
> 
> RT_SiteConfig.pm settings:
> 
> Set(@Plugins, qw(RT::Authen::ExternalAuth));

This line is right and is what causes the plugin to get loaded assuming
it's properly installed.

> # External Authentication
> Set($ExternalAuthPriority, ['My_LDAP']);
> Set($ExternalInfoPriority, ['My_LDAP']);
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalAuthPriority, ['My_LDAP', 'My_MySQL', 'My_Oracle', 'SecondaryLDAP', 'Other-DB']);

Why are you overriding ExternalAuthPriority with invalid entries after
having set it correctly the first time?

> Set($AuthMethods, ['My_LDAP', 'Internal']);

This is not a valid setting any more. Delete it. It was deprecated by
ExternalAuthPriority.


> Set($LdapExternalAuth, 0);
> Set($LdapExternalInfo, 0);
> Set($LdapAutoCreateNonLdapUsers, 1);

These are nothing to do with ExternalAuth, you must have picked them up
from somewhere else. Delete them.


> Set($LdapAttrMap, {'Name' => 'sAMAccountName',
>                    'EmailAddress' => 'mail',
>                    'Orginization' => 'o',
>                    'RealName' => 'cn',
>                    'ExternalContactInfoId' => 'dn',
>                    'ExternalAuthId' => 'sAMAccountName',
>                    'Gecos', => 'sAMAccountName',
>                    'WorkPhone', => 'telephoneNumber',
>                    'Address1' => 'streetAddress',
>                    'City' => 'l',
>                    'State' => 'st',
>                    'Zip' => 'postalCode',
>                    'Country' => 'co'});
> Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
>                            'EmailAddress', 'RealName',
>                            'WorkPhone', 'Address2']);
> Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
>                               'mailAlternateAddress']);
> Set($LdapEmailAttrMatchPrefix, ['', 'smtp', 'SMTP:']);
> Set($LdapServer, 'clehbdc01.broadvox.local');
> Set($LdapBase, 'OU=USA,DC=broadvox,DC=local');
> Set($LdapFilter, '(objectClass=*)');

ALL of these are irrelevant to ExternalAuth. ExternalAuth uses a single
config variable called ExternalSettings with the settings for all
external configurations inside it.


> 
> Here are my APACHE ERROR_LOG listings:
> 

The apache error_log is useless for debugging EA, you need to have debug
logging enabled and look at the rt log.


You need to go back to basics and start again. First things first, go to
cpan and get the latest tarball for RT-Authen-ExternalAuth v0.08.
http://search.cpan.org/CPAN/authors/id/Z/ZO/ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz

Open the README and read it top to bottom.
http://search.cpan.org/src/ZORDRAK/RT-Authen-ExternalAuth-0.08/README

Open the example configuration file and read through. If it's not
provided as an example entry there, you shouldn't have it in your
RT_SiteConfig.pm.
http://cpansearch.perl.org/src/ZORDRAK/RT-Authen-ExternalAuth-0.08/etc/RT_SiteConfig.pm

Once done, strip your RT_SiteConfig.pm down to basics and add the
directives you need from the example, modifying them to suit and work
with your LDAP environment.
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________



More information about the rt-users mailing list