[rt-users] RT 4.2.10 and ExternalAuth using LDAP

Indrek Paas indrekpaas at gmail.com
Mon Apr 20 10:32:26 EDT 2015


Hi,

messing with the filter => '(objectClass=*)', gave me FAILED LOGIN as did
=person. Then tested the LDAP Import plugin and it worked. Now I need to
see about AD user permissions (create tickets etc).

Thank you for the suggestions and thank you Trev for making it more
understandable. Your configuration helped me understand other needed values
as well.

Regards,
--Indrek

On Mon, Apr 20, 2015 at 4:19 PM Jeff Blaine <jblaine at kickflop.net> wrote:

> https://metacpan.org/pod/RT::Authen::ExternalAuth::LDAP
>
> says:
>
> filter
>
>     The filter to use to match RT users. You must specify
>     it and it must be a valid LDAP filter encased in parentheses.
>
>     For example:
>
>     filter => '(objectClass=*)',
>
> On 4/20/2015 5:16 AM, Indrek Paas wrote:
> > Hi,
> >
> > I'm setting up an RT server on:
> > CentOS 7.1 x64
> > Apache 2.4
> > PostgreSQL
> > Perl v5.16.3
> >
> > Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings
> > in RT_SiteConfig.pm:
> >
> > Plugin( "RT::Authen::ExternalAuth" );
> >
> > Set( $ExternalAuthPriority, ["My_LDAP"] );
> > Set( $ExternalInfoPriority, ["My_LDAP"] );
> >
> > Set($ExternalSettings, {
> >         'My_LDAP'       =>  {
> >                 'type'                      =>  'ldap',
> >                 'server'                    =>  '1.1.1.1',
> >                 'user'                      =>  'rtbinduser at domain.server
> ',
> >                 'pass'                      =>  'rtbinduserpw',
> >                 'base'                      =>  'ou=Dom Users,ou=Company
> > AD,dc=domain,dc=server',
> >
> >                 'attr_match_list' => [
> >                         'Name',
> >                         'EmailAddress',
> >                 ],
> >                 'attr_map' => {
> >                         'Name' => 'sAMAccountName',
> >                         'EmailAddress' => 'mail',
> >                         'Organization' => 'physicalDeliveryOfficeName',
> >                         'RealName' => 'cn',
> >                         'ExternalAuthId' => 'sAMAccountName',
> >                         'Gecos' => 'sAMAccountName',
> >                         'WorkPhone' => 'telephoneNumber',
> >                         'Address1' => 'streetAddress',
> >                         'City' => 'l',
> >                         'State' => 'st',
> >                         'Zip' => 'postalCode',
> >                         'Country' => 'co'
> >                         },
> >                 },
> >         } );
> >
> > I start the RT using it's own server : /opt/rt4/sbin/rt-server --port
> 8080
> > Page loads in the browser and I can log in as root but when I try to log
> > in using AD account I see in the logs:
> >
> > [warning]: Use of uninitialized value $filter in concatenation (.) or
> > string at
> >
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> > line 453.
> >
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
> >
> > I have been digging through google and the LDAP.pm without success. When
> > I messed with the 'base' value error changed:
> >
> > [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
> > $filter in concatenation (.) or string at
> >
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> > line 453.
> >
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
> > [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method
> > "as_string" on an undefined value at
> >
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> > line 357.
> >
> > Stack:
> >
> >
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
> >
> >
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
> >
> >
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
> >   [/opt/rt4/sbin/../lib/RT/User.pm:141]
> >
> >
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
> >   [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
> >
> >
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
> >   [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
> >   [/opt/rt4/share/html/autohandler:53]
> > (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
> >
> >
> > Any suggestions to a right direction are welcome.
> >
> > PS! Went with LDAP because other services on the server use it
> > successfully. I have installed RT using Kerberos auth before but decided
> > to use something "simpler". :D
> >
> > --
> > Indrek
>
> --
> Jeff Blaine
> kickflop.net
> PGP/GnuPG Key ID: 0x0C8EDD02
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150420/b756bb07/attachment.htm>


More information about the rt-users mailing list