[rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

Eli Guzman eguzman at cvimellesgriot.com
Thu Apr 7 20:04:42 EDT 2011 

Eli Guzman wrote:
> Greetings all,
> 
> == A Little Background ==
> 
> Sorry for the length of this post, TL/DR is at the bottom of this
> message. We currently run RT 3.6.6 in a production environment
> (running on RHEL 5.3, Tikanga, 2.6.18-128.2.1.el5xen #1 SMP, x86,
> running on a Dell PowerEdge R410). We are in the midst of upgrading
> to 3.8.9 (as we really liked the new look). The test environment is
> running on RHEL 5.6 Tikanga, 2.6.18-229.el5 #1 SMP, x86_64, within an
> ESX virtual environment (Dell PowerEdge R710 acting as the VM host). 
> 
> We have already compiled the new RT instance successfully (web GUI
> runs really well), ported our current production DB to the new
> environment (after some issues related to MyISAM incompatibilities
> during initial deployment; we have been running RT since release
> v2.8), ran any necessary schema updates, and ensured that there
> weren't any CPAN related inconsistencies.     
> 
> == The Problem ==
> 
> Everything as far as the interface seems to be working as it should.
> We are currently attempting to integrate the LDAP piece into the
> install (LDAP via RT is a bit new to us). I believe that I may be
> missing a configuration piece somewhere, as we cannot seem to get
> authentication to occur properly between "RT::Authen::ExternalAuth",
> and our Active Directory (AD) server.     
> 
> I've enabled logging in RT (debug mode), and have attached the actual
> "rt.log" file to see if anyone can take a look and see if anything
> sticks out. I've also included my main "RT_SiteConfig.pm", as well as
> the RT::Authen::External LDAP configuration file
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm),
> as the issue could also be a configuration issue with this file. As
> far as LDAP authentication, we currently use Active Directory on
> Windows 2003 R2. Within AD we have setup an initial OU named
> 'services', with an authentication user named 'ldap', and a security
> group named 'RTUsers'.         
> 
> The actual error is as follows:
> 
> [Tue Apr  5 16:03:18 2011] [debug]: SSO Failed and no user to test
> with. 
> Nexting
>
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
> h.pm:92)
> 
> I've searched for this error, but I have only found some threads
> addressing a similar issue, but with no actual listed solutions. From
> what I can tell from these threads the issue seems to stem from
> either an Apache, or a FastCGI configuration issue. The thing is
> Apache on this server starts without any errors at all, so it seems
> to be parsing the configuration files without a problem. I am
> attaching any related Apache configuration files as well (two files
> actually, /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/rt3.conf).
> 
> At the moment I am a bit stumped, so if anyone here has any
> suggestions/information as to the issues mentioned above I'd
> certainly appreciate any and all input.  
> 
> == TL/DR ==
> 
> Installed RT 3.8.9 on a test RHEL server, and cannot seem to get
> RT::Authen::ExternalAuth to properly work, please help! 
> 
> Best Regards,
> Eli


Sorry for the bump to this topic, just needed to see if anyone can still
assist with 
this issue. If this is a problem with the module itself, what would be
another possible 
workaround for getting LDAP connected? 

I've seen quite a few different solutions, so I am just wondering what
solutions are more 
successful in implementing than others (would a manual overlay or
perhaps Apache authentication 
Over OpenLDAP be a better choice?). 

If anyone has had any success with any of these other methods any input
you may have would be very 
useful specially since we seem to be having an issue getting
RT:Authen:ExternalAuth configured 
correctly.

Best Regards,
Eli

More information about the rt-users mailing list