[rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please

Mathew Snyder mathew.snyder at gmail.com
Fri Oct 18 20:08:08 EDT 2013 

I've actually been trying to get debugging turned on for a few days now.
I've set all of the variables:

Set( $LogToSTDERR, 'debug' );
Set( $LogToFile, 'debug' );
Set( $LogDir, '/var/log/' );
Set( $LogToFileNamed, 'rt.log' );
Set( $LogToSyslog, 'debug' );

I'm not getting any detailed information at all. In fact, the rt.log file
isn't even being created. I had tried to set the directory to /opt/rt4/log,
but the file wasn't being created there, either.




-Mathew

"When you do things right, people won't be sure you've done anything at
all." - God; Futurama

"We'll get along much better once you accept that you're wrong and neither
am I." - Me


On Fri, Oct 18, 2013 at 7:51 AM, Parish, Brent <bparish at cognex.com> wrote:

> Hi Matthew****
>
> ** **
>
> It sounds to me like you were authenticating ok initially, but getting an
> error in creating the user.****
>
> ** **
>
> And to answer your initial question about the group and group_attr
> settings, I don’t use those at all and it works fine for me.****
>
> ** **
>
> I would recommend putting things back to how you first had them (to
> generate the error your originally posted), turn the log level up to debug,
> and try again.****
>
> There are some debug statements within that method that may help identify
> where it is choking.****
>
> ** **
>
> **-          **Brent****
>
> ** **
>
> ** **
>
>  ****
>
> *From:* Mathew Snyder [mailto:mathew.snyder at gmail.com]
> *Sent:* Thursday, October 17, 2013 1:50 PM****
>
>
> *To:* Jeff Solberg
> *Cc:* rt-users at lists.bestpractical.com****
>
> *Subject:* Re: [rt-users] I need help with the RT-Authen-ExternalAuth
> LDAP settings, please****
>
>  ****
>
> I found another thread that indicated that the solution to the second
> problem was to add @domain to the end of the username. That just reverted
> to the previous list of errors with a couple new ones.****
>
>  ****
>
> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in
> join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42.****
>
> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service in
> hash element at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
> line 611.****
>
> Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string eq
> at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
> line 613.****
>
> Oct 17 16:47:50 zen-rt RT: [24673]
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
> EmailAddress: , Gecos: user, Name: user, Privileged: ****
>
> Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not
> set user info****
>
> Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from
> 192.168.236.102****
>
>  ****
>
>
>  ****
>
>  ****
>
> *From:* rt-users-bounces at lists.bestpractical.com [mailto:
> rt-users-bounces at lists.bestpractical.com] *On Behalf Of *Mathew Snyder
>
> *Sent:* Thursday, October 17, 2013 1:19 PM
> *To:* rt-users at lists.bestpractical.com
> *Subject:* [rt-users] I need help with the RT-Authen-ExternalAuth LDAP
> settings, please
> ****
>
>  ****
>
> These are the settings I've started with:****
>
>  ****
>
> Set($ExternalSettings, {****
>
>     'AD'       =>  {****
>
>         'type'                      =>  'ldap',****
>
>         'server'                    =>  'domain_controller.example.com',**
> **
>
>         'base'                      =>  'dc=example,dc=com',****
>
>         'user'                      =>  'rtuser',****
>
>         'pass'                      =>  '********',****
>
>         'filter'                    =>  '(ObjectClass=*)',****
>
>         'tls'                       =>  0,****
>
>         'ssl_version'               =>  3,****
>
>         'net_ldap_args'             => [    version =>  3   ],****
>
>         'attr_match_list' => [****
>
>             'EmailAddress',****
>
>         ],****
>
>         'attr_map' => {****
>
>             'Name' => 'sAMAccountName',****
>
>             'EmailAddress' => 'mail',****
>
>             'RealName' => 'cn',****
>
>         },****
>
>  ****
>
> They aren't working. Whenever someone attempts an initial login with just
> their username (which should create their RT account) the following error
> is logged:****
>
> Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string eq
> at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
> line 613.****
>
> Oct 17 15:02:29 zen-rt RT: [23131]
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
> EmailAddress: , Gecos: user, Name: user, Privileged:****
>
> Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not
> set user info****
>
> Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from
> 192.168.236.102****
>
>  ****
>
> When initial logins are attempted with either example\username or
> example.com\username only the FAILED LOGIN line is displayed.****
>
>  ****
>
> We also have our Openfire Jabber server authenticating successfully. Those
> settings are****
>
> ldap.autoFollowAliasReferrals = true****
>
> ldap.autoFollowReferrals = false****
>
> ldap.baseDN = dc=example,dc=com****
>
> ldap.connectionPoolEnabled = true****
>
> ldap.debugEnabled = false****
>
> ldap.emailField = mail****
>
> ldap.encloseDNs = true****
>
> ldap.groupDescriptionField = description****
>
> ldap.groupMemberField = member****
>
> ldap.groupNameField = cn****
>
> ldap.groupSearchFilter = (objectClass=group)****
>
> ldap.host = domain_controller.example.com****
>
> ldap.ldapDebugEnabled = false****
>
> ldap.nameField = cn****
>
> ldap.port = 389****
>
> ldap.searchFilter = (objectClass=*)****
>
> ldap.usernameField = sAMAccountName****
>
>  ****
>
>  ****
>
> I know they don't match up exactly in terms of what Openfire calls the
> settings vs. what RT does, but I'm hoping someone can help me sort out what
> should be plugged in where on the RT side. For example, I don't know what
> the group_attr or group_attr_value setting should contain (if anything) in
> the RT_SiteConfig.pm file. Basically, anything from the "group" settings.*
> ***
>
>  ****
>
> -Mathew
>
> "When you do things right, people won't be sure you've done anything at
> all." - God; Futurama****
>
>  ****
>
> "We'll get along much better once you accept that you're wrong and
> neither am I." - Me****
>
>  ****
>
>  ****
>
>  ****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20131018/eaae6346/attachment.htm>

More information about the rt-users mailing list