[rt-users] External Auth config with RT on Debian

Jeff Solberg jsolberg at intrepidls.com
Mon Jul 1 12:24:51 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thanks for your reply. In the sys config it shows the following under PLUGINS:

Plugins   [
        'RT::Authen::ExternalAuth'
          ]

Jeff



- -----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Monday, July 01, 2013 9:14 AM
To: rt-users at lists.bestpractical.com
Subject: [secure] Re: [rt-users] External Auth config with RT on Debian
Sensitivity: Confidential

* PGP Signed by an unknown key

On Fri, Jun 28, 2013 at 12:29:22PM -0700, jsolberg wrote:
> Default settings till here....
> #PLUGINS
> Set( @Plugins, qw(RT::Authen::ExternalAuth));
> 
> #External Auth Settings
> 
> Set($ExternalAuthPriority, [ 'My_LDAP',] ); Set($ExternalInfoPriority, 
> [ 'My_LDAP',] ); Set($ExternalServiceUsesSSLorTLS, 0); 
> Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, {
>     'My_LDAP'       =>  {
>         'type'                      =>  'ldap',
>         'server'                    =>  'dc2.xxxxxx.com',
>         'user'                      =>  'cn=Bind
> Ldap,ou=User,Logins,dc=intrepidls,dc=com',
>         'pass'                    =>  'xxxxxxx',
>         'base'                      =>  'dc=xxxx,dc=com',
>         'filter'                    => 
> '(&(ObjectCategory=User)(ObjectClass=Person))',
>         'd_filter'                  => 
> '(userAccountControl:1.2.840.113556.1.4.803=2)',
>         'group'                     =>  'cn=Domain
> Users,ou=Groups_Security,dc=xxxxx,dc=com',
>         'group_attr'                =>  'member',
>         'tls'                       =>  0,
>         'ssl_version'               =>  3,
>         'net_ldap_args'             => [    version =>  3, port => 3268   ],
>         'group_scope'               =>  'base',
>         'group_attr_value'          =>  'GROUP_ATTR_VALUE',
>         'attr_match_list' => [
>             'Name',
>             'EmailAddress',
>             'RealName',
>         ],
>         'attr_map' => {
>             'Name' => 'sAMAccountName',
>             'EmailAddress' => 'mail',
>             'Organization' => 'physicalDeliveryOfficeName',
>             'RealName' => 'cn',
>             'ExternalAuthId' => 'sAMAccountName',
>             'Gecos' => 'sAMAccountName',
>             'WorkPhone' => 'telephoneNumber',
>             'Address1' => 'streetAddress',
>             'City' => 'l',
>             'State' => 'st',
>             'Zip' => 'postalCode',
>             'Country' => 'co'
>         },
>     },
>     # An example SSO cookie service
>     'My_SSO_Cookie'  => {
>         'type'                      =>  'cookie',
>         'name'                      =>  'loginCookieValue',
>         'u_table'                   =>  'users',
>         'u_field'                   =>  'username',
>         'u_match_key'               =>  'userID',
>         'c_table'                   =>  'login_cookie',
>         'c_field'                   =>  'loginCookieValue',
>         'c_match_key'               =>  'loginCookieUserID',
>         'db_service_name'           =>  'My_MySQL'
>     },
> } );
> 
> 1;
> 
> I then use update-rt-siteconfig to merge these settings into 
> RT_SiteConfig.pm. From what I read this is all correct and "Should" 
> allow AD accounts to log in. Here is what is logging in the apache2 error log:
> 
> [Fri Jun 28 19:01:58 2013] [warning]: The actual HTTP_HOST (admin-rt4) 
> does NOT match the configured WebDomain (localhost). Perhaps you 
> should Set($WebDomain, 'admin-rt4'); in RT_SiteConfig.pm, otherwise 
> your internal links may be broken.
> (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194)
> [Fri Jun 28 19:02:09 2013] [error]: FAILED LOGIN for 
> jsolberg at xxxxxx.com from 10.10.30.62 
> (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740)
> [Fri Jun 28 19:02:40 2013] [error]: FAILED LOGIN for jsolberg from
> 10.10.30.62 ( /usr/share/request-tracker4/lib/RT/Interface/Web.pm:740)
> [Fri Jun 28 19:02:52 2013] [info]: Successful login for root from
> 10.10.30.62 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745)
> root at admin-rt4:/usr/share/request-tracker4/lib#

Navigate to Tools -> Configuration -> System Configuration and check that Plugins contains RT::Authen::ExternalAuth.


- -kevin

* Unknown Key
* 0x9E42250A

-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.1 (Build 4940)
Charset: us-ascii

wsBVAwUBUdGtV08vfChWkpdqAQh9BQf/V16SlfqUkTqq86o9O0awLXboBVSQ17Pz
SdErERPzir0sDxK6gxHbC0OYiVg8+3jLvyWEyNg8/1am68/5XCzFUezQOkYHaz07
1Tm7SCejhLNE0hmeLW7GL+Q74YK+wzyJkWZqIrMkq0+tnpFk+cs7R6g0m+Rrn0x6
W1xQYVKUyM9DQYLHXaGN6FU3scUZJEV1If1KdTxHOX3IDl6yYCI5XXYYwj/XqokH
AyhYXhmihEhq/zWD657SNjO6CYJ8pH5GbXlgKeixDxO5anZ6rnjGSkFE/ekAqXip
m60hYh5h/UNztNl2urdFp6SQZhewCoE3mVNvtGiG4W32we7dzXTHVw==
=21Dv
-----END PGP SIGNATURE-----


More information about the rt-users mailing list