On Thu, Feb 02, 2012 at 04:21:48PM +0000, Bruno Martins wrote:
> Can't call method "as_string" on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 304.
>
> I've followed instructions at http://requesttracker.wikia.com/wiki/ExternalAuth to set this up.
I suggest the docs in the config and with the module over anything on
the wiki.
> Set($ExternalAuthPriority, [ 'My_LDAP',
> 'My_MySQL',
> 'My_SSO_Cookie'
> ]
> );
>
> Set($ExternalInfoPriority, [ 'My_MySQL',
> 'My_LDAP'
> ]
> );
Why do you have all of these turned on? You've only configured
My_LDAP. Telling RT to look into a misconfigured My_MySQL will only
cause other errors.
The config as shipped is an example and you should remove the pieces
you aren't using.
> 'My_LDAP' => { ## GENERIC SECTION
> # The type of service (db/ldap/cookie)
> 'type' => 'ldap',
> # The server hosting the service
> 'server' => 'jupiter.galileu-f.galileu.pt',
> ## SERVICE-SPECIFIC SECTION
> # If you can bind to your LDAP server anonymously you should
> # remove the user and pass config lines, otherwise specify them here:
> #
> # The username RT should use to connect to the LDAP server
> 'user' => 'ldap_domainadmin',
> # The password RT should use to connect to the LDAP server
> 'pass' => 'ldap_password',
> #
> # The LDAP search base
> 'base' => 'dc=galileu-f,dc=galileu,dc=pt',
> #
> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
See this doc ^
> # YOU **MUST** SPECIFY A filter AND A d_filter!!
> #
> # The filter to use to match RT-Users
> 'filter' => 'objectClass=*',
You're missing parens on this filter which I believe is causing your
problem.
> # A catch-all example filter: '(objectClass=*)'
> #
> # The filter that will only match disabled users
> 'd_filter' => 'UserAccountControl:1.2.840.113556.1.4.803:=2',
> # A catch-none example d_filter: '(objectClass=FooBarBaz)'
> #
> # Should we try to use TLS to encrypt connections?
> 'tls' => 0,
> # SSL Version to provide to Net::SSLeay *if* using SSL
> 'ssl_version' => 3,
> # What other args should I pass to Net::LDAP->new($host, at args)?
> 'net_ldap_args' => [ version => 3 , port => 3268 ],
> # Does authentication depend on group membership? What group name?
> #'group' => 'GROUP_NAME',
> # What is the attribute for the group object that determines membership?
> #'group_attr' => 'GROUP_ATTR',
> ## RT ATTRIBUTE MATCHING SECTION
> # The list of RT attributes that uniquely identify a user
> # This example shows what you *can* specify.. I recommend reducing this
> # to just the Name and EmailAddress to save encountering problems later.
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> 'RealName',
> 'WorkPhone',
> 'Address2'
> ],
You also want to read the doc above attr_match_list. As configured, you
cannot have to Bob Smiths in your RT.
-kevin
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'sAMAccountName',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> }
> },
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120202/11a9219a/attachment.sig>