[rt-users] LDAP ExternalAuth broken after upgrade from 4.0.2 to 4.0.4

mjames at guesswho.com mjames at guesswho.com
Wed Nov 23 16:05:35 EST 2011


I just upgraded from 4.0.2 to 4.0.4 without issue. Simple questions - did you remember to upgrade the database as well? Also, perhaps you should run "make testdeps" and make sure all your dependencies are still fulfilled. After the upgrade, I had a different problem where the permissions on the mason_data folder had changed and that caused a permissions failure.

Just nitpicking, since your config worked previously, but you shouldn't need a trailing comma in these 2 settings.
Set($ExternalAuthPriority, ['DIVMS_LDAP',]);
Set($ExternalInfoPriority, ['DIVMS_LDAP',]);

Mike

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Karl Boyken
Sent: Wednesday, November 23, 2011 12:47 PM
To: rt-users at lists.bestpractical.com
Subject: [rt-users] LDAP ExternalAuth broken after upgrade from 4.0.2 to 4.0.4

We run RT on RedHat Enterprise Server 6.1, with Perl 5.14.2.  We set up RT::ExternalAuth to authenticate against our OpenLDAP server, and it works fine with RT 4.0.2.  But after upgrading to RT 4.0.4, LDAP authentication breaks.  I'd appreciate any helpful ideas.  Here's the relevant log entry--it's an LDAP bind() error:


Nov 23 11:27:28 serv07 RT: 
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: 
LDAP_OPERATIONS_ERROR 1
(/path_to_our_RT/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)


This is the relevant section of our RT_SiteConfig.pm file (where values 
beginning with "our" have been changed for posting):


# To enable RT::Authen::ExternalAuth
Set(@Plugins, qw(RT::Authen::ExternalAuth));

# RT::Authen::ExternalAuth settings
# For information on configuring RT::Authen::ExternalAuth, see
# $RT_HOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

Set($ExternalAuthPriority, ['DIVMS_LDAP',]);
Set($ExternalInfoPriority, ['DIVMS_LDAP',]);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings,
     {
      'DIVMS_LDAP' => {
                       'type' => 'ldap',
                       'server' => 'our_server',
                       'user' => 'our_cn',
                       'pass' => 'our_password',
                       'base' => 'our_base',
                       'filter' => '(objectClass=*)',
                       'd_filter' => '(objectClass=FooBarBaz)',
                       'tls' => 1,
                       'ssl_version' => 1,
                       'net_ldap_args' => [ port => 389, version => 3 ],
                       'group' => '',
                       'group_attr' => '',
                       'attr_match_list' => [ 'Name', 'EmailAddress', ],
                       'attr_map' => {
                                      'Name' => 'uid',
                                      'EmailAddress' => 'mail',
                                      'RealName' => 'gecos',
                                      'ExternalAuthId' => 'uid',
                                      'Gecos' => 'uid',
                                     }
                      }
     }
);

-- 
Karl Boyken, system administrator 
karl-boyken at uiowa.edu
303A MLH, Dept. of Comp. Sci. 
http://www.cs.uiowa.edu/~boyken/
The U. of Iowa, Iowa City, IA  52242   319-335-2730 (voice) 
319-335-3668 (fax)
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28 & 29, 2011



More information about the rt-users mailing list