[rt-users] RT::Authen::ExternalAuth

Dan Stilts dstilts at gaiaonline.com
Wed Sep 1 14:15:35 EDT 2010


As far as I know, this only gets updated when the user goes to login. 
However, I'm sure it's also very easily scriptable to pull rt3.Users and 
then pull the users from LDAP (AD) and update the user via sql in 
rt3.Users. Whether this would end up breaking anything, I'm not sure as 
this is just off the top of my head thinking, but I wouldn't think so.

Just a thought.

-Dan


On 9/1/10 8:21 AM, Peter Barton wrote:
> Thanks a bunch Dan!!  That did the trick perfectly!  I am now able to
> authenticate successfully from AD and from the local system.
>
> Since it was so easy for you to spot my problem maybe you can help me
> with one more request.  Like I said at the end of my last email I have
> run the "rt_logins_email2ldap" script and everyone has appropriate
> usernames to match AD.  Is there a way to have RT go through and
> populate all the user information for each of the users that already
> exist in my system?  Or is this supposed to be a dynamic step?  When I
> open a ticket that existed prior to the installation of
> RT::Authen::ExternalAuth the user information is not populated with
> anything.
>
> Any direction you can give would be greatly appreciated.
>
> Thanks in advance,
>
> ----------
> Peter Barton
>
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dan
> Stilts
> Sent: Tuesday, August 31, 2010 5:38 PM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] RT::Authen::ExternalAuth
>
> Peter,
>
> Looks like you have two plugin lines:
>
> Set(@Plugins, qw(RT::Authen::ExternalAuth));
> Set(@Plugins, qw(RTx::Calendar));
>
> Try:
> Set(@Plugins,(qw(RT::Authen::ExternalAuth RTx::Calendar)));
>
> Your second plugin line is overwriting the first one.
>
> -Dan
>
> On 8/31/10 3:05 PM, Peter Barton wrote:
>> I have been searching all day long and I am having some issues getting
>> this running. Here is a quick copy of my RT_SiteConfig.pm:
>>
>> Set(@Plugins, qw(RT::Authen::ExternalAuth));
>>
>> Set(@Plugins, qw(RTx::Calendar));
>>
>> Set($LogToFile,'debug');
>>
>> Set($TrustHTMLAttachments, 1);
>>
>> Set($ExternalAuthPriority, [ 'My_LDAP'
>>
>> ]
>>
>> );
>>
>> Set($ExternalInfoPriority, [ 'My_LDAP'
>>
>> ]
>>
>> );
>>
>> Set($ExternalServiceUsesSSLorTLS, 0);
>>
>> Set($AutoCreateNonExternalUsers, 0);
>>
>> Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
>>
>> 'My_MySQL' =>  { ## GENERIC SECTION
>>
>> 'type' =>  'mysql',
>>
>> 'server' =>  'localhost',
>>
>> 'database' =>  'rt3',
>>
>> 'table' =>  'USERS_TABLE',
>>
>> 'user' =>  'rt_user',
>>
>> 'pass' =>  'blahblah',
>>
>> 'port' =>  '3306',
>>
>> 'dbi_driver' =>  'mysql',
>>
>> 'u_field' =>  'username',
>>
>> 'p_field' =>  'password',
>>
>> 'p_enc_pkg' =>  'Crypt::MySQL',
>>
>> 'p_enc_sub' =>  'password',
>>
>> 'd_field' =>  'disabled',
>>
>> 'd_values' =>  ['0'],
>>
>> 'attr_match_list' =>  [ 'Gecos',
>>
>> 'Name'
>>
>> ],
>>
>> 'attr_map' =>  { 'Name' =>  'username',
>>
>> 'EmailAddress' =>  'email',
>>
>> 'ExternalAuthId' =>  'username',
>>
>> 'Gecos' =>  'userID'
>>
>> }
>>
>> },
>>
>> # AN EXAMPLE LDAP SERVICE
>>
>> 'My_LDAP' =>  { ## GENERIC SECTION
>>
>> 'type' =>  'ldap',
>>
>> 'server' =>  'iesicorp.tf.prv',
>>
>> 'user' =>  'cn=user,dc=tf,dc=prv',
>>
>> 'pass' =>  'blahblah',
>>
>> 'base' =>  'dc=tf,dc=prv',
>>
>> 'filter' =>  '(objectClass=user)',
>>
>> 'd_filter' =>  '(objectClass=FooBarBaz)',
>>
>> 'tls' =>  0,
>>
>> 'ssl_version' =>  3,
>>
>> 'net_ldap_args' =>  [ version =>  3 ],
>>
>> # 'group' =>  'Domain Users',
>>
>> # 'group_attr' =>  'memberof',
>>
>> 'attr_match_list' =>  [ 'Name',
>>
>> 'EmailAddress',
>>
>> 'RealName',
>>
>> 'WorkPhone',
>>
>> 'Address2'
>>
>> ],
>>
>> # The mapping of RT attributes on to LDAP attributes
>>
>> 'attr_map' =>  { 'Name' =>  'sAMAccountName',
>>
>> 'EmailAddress' =>  'mail',
>>
>> 'Organization' =>  'physicalDeliveryOfficeName',
>>
>> 'RealName' =>  'cn',
>>
>> 'ExternalAuthId' =>  'sAMAccountName',
>>
>> 'Gecos' =>  'sAMAccountName',
>>
>> 'WorkPhone' =>  'telephoneNumber',
>>
>> 'Address1' =>  'streetAddress',
>>
>> 'City' =>  'l',
>>
>> 'State' =>  'st',
>>
>> 'Zip' =>  'postalCode',
>>
>> 'Country' =>  'co'
>>
>> }
>>
>> },
>>
>> When I restart apache2 everything works fine. I see no errors. Yet
> when
>> I log into the web page I get this:
>>
>> [Tue Aug 31 21:44:27 2010] [info]: Successful login for pbarton from
>> 192.168.10.60 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:430)
>>
>> I check the "System Configuration" and I see no reference to
>> RT::Authen::ExternalAuth anywhere in there. From all the logs it does
>> not even appear that I am loading this plugin.
>>
>> BTW, I am running Ubuntu 8.0.4 LTS and RT version 3.8.6 and I
> installed
>> RT::Authen::ExternalAuth from cpan version 0.08.
>>
>> I have successfully run the "rt_logins_email2ldap" script and was able
>> to make all the necessary changes to accomoodate the change from local
>> user auth to LDAP auth. Any help anyone
>>
>> Can provide I would be greatly appreciative.
>>
>> Thanks,
>>
>> ----------
>>
>> Peter Barton
>>
>>
>>
>>
>> RT Training in Washington DC, USA on Oct 25&   26 2010
>> Last one this year -- Learn how to get the most out of RT!
>
> RT Training in Washington DC, USA on Oct 25&  26 2010
> Last one this year -- Learn how to get the most out of RT!
>
> RT Training in Washington DC, USA on Oct 25&  26 2010
> Last one this year -- Learn how to get the most out of RT!



More information about the rt-users mailing list