[rt-users] Problems with RT::ExternalAuth::LDAP After Upgrading to 4.4

Tim Gustafson tjg at ucsc.edu
Wed Sep 7 12:13:07 EDT 2016


Hi,

I'm trying to upgrade my RT instance from 4.2 to 4.4.  I use
RT::ExternalAuth::LDAP to authenticate users from my OpenLDAP server.
This configuration has been working perfectly in RT 4.2 (and earlier
versions) for years.  After upgrading to RT 4.4, I am not able to log
in to RT at all.  My RT_SiteConfig.pm and rt-log.txt files are
attached.

The interesting thing to note is that the log file says *nothing*
about attempting to connect to any LDAP servers, and a tcpdump shows
no traffic from the RT server to the LDAP server, so I'm pretty sure
something is broken in my configuration file, but after staring at it
for hours and comparing it to the RT documentation, I can't find what
I'm doing wrong or what's changed between RT 4.2 and RT 4.4.

I am positive that the configuration file attached is the one being
used, because if I change the OwnerEmail setting, the login screen
shows the new value.

Any help at all is greatly appreciated.  Thanks!

-- 

Tim Gustafson
tjg at ucsc.edu
831-459-5354
Baskin Engineering, Room 313A
-------------- next part --------------
[87694] [Wed Sep  7 16:08:52 2016] [debug]: Using lynx for HTML -> text conversion (/usr/local/lib/perl5/site_perl/RT/Interface/Email.pm:1490)
[87694] [Wed Sep  7 16:08:52 2016] [error]: FAILED LOGIN for tjg from x.x.x.x (/usr/local/lib/perl5/site_perl/RT/Interface/Web.pm:826)
Trace begun at /usr/local/lib/perl5/site_perl/RT.pm line 304
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x807762180)', 'FAILED LOGIN for tjg from x.x.x.x') called at /usr/local/lib/perl5/site_perl/RT/Interface/Web.pm line 826
RT::Interface::Web::AttemptPasswordAuthentication('HASH(0x80fdfc168)') called at /usr/local/share/rt44/html/NoAuth/Login.html line 49
HTML::Mason::Commands::__ANON__('pass', 'pa$$w0rd', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'user', 'tjg') called at /usr/local/lib/perl5/site_perl/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x80ff1f8a0)', 'pass', 'pa$$w0rd', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'user', 'tjg') called at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 1302
eval {...} at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 1292
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'pa$$w0rd', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'user', 'tjg') called at /usr/local/lib/perl5/site_perl/RT/Interface/Web.pm line 605
RT::Interface::Web::MaybeShowNoAuthPage('HASH(0x80ff29180)') called at /usr/local/lib/perl5/site_perl/RT/Interface/Web.pm line 316
RT::Interface::Web::HandleRequest('HASH(0x80ff29180)') called at /usr/local/share/rt44/html/autohandler line 53
HTML::Mason::Commands::__ANON__('user', 'tjg', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'pass', 'pa$$w0rd') called at /usr/local/lib/perl5/site_perl/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x80fdd9d08)', 'user', 'tjg', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'pass', 'pa$$w0rd') called at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 1300
eval {...} at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 1292
HTML::Mason::Request::comp(undef, undef, undef, 'user', 'tjg', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'pass', 'pa$$w0rd') called at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 481
eval {...} at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 481
eval {...} at /usr/local/lib/perl5/site_perl/HTML/Mason/Request.pm line 433
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x80fede7c8)') called at /usr/local/lib/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 96
eval {...} at /usr/local/lib/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 96
HTML::Mason::Request::PSGI::exec('RT::Interface::Web::Request=HASH(0x80fede7c8)') called at /usr/local/lib/perl5/site_perl/HTML/Mason/Interp.pm line 342
HTML::Mason::Interp::exec(undef, undef, 'user', 'tjg', 'next', '90639347336f150cb529fe5c5b4ee3ff', 'pass', 'pa$$w0rd') called at /usr/local/lib/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 59
eval {...} at /usr/local/lib/perl5/site_perl/HTML/Mason/PSGIHandler.pm line 59
HTML::Mason::PSGIHandler::invoke_mason('HTML::Mason::PSGIHandler::Streamy=HASH(0x808c10600)', 'HASH(0x80ff19c60)', 'HASH(0x80f3aa5d0)') called at /usr/local/lib/perl5/site_perl/HTML/Mason/PSGIHandler/Streamy.pm line 52
HTML::Mason::PSGIHandler::Streamy::__ANON__('CODE(0x80ffe5a98)') called at /usr/local/lib/perl5/site_perl/Plack/Util.pm line 339
Plack::Util::__ANON__('CODE(0x8064f9480)') called at /usr/local/lib/perl5/site_perl/Plack/Handler/Apache2.pm line 89
Plack::Handler::Apache2::call_app('Plack::Handler::Apache2', 'Apache2::RequestRec=SCALAR(0x8029e4be8)', 'CODE(0x80fe850f0)') called at /usr/local/lib/perl5/site_perl/Plack/Handler/Apache2.pm line 126
Plack::Handler::Apache2::handler('Apache2::RequestRec=SCALAR(0x8029e4be8)') called at -e line 0
eval {...} at -e line 0

-------------- next part --------------
use utf8;

Set($rtname, 'RTDEV');

Set($DatabaseHost, 'localhost');
Set($DatabaseType, 'Pg');
Set($DatabaseUser, 'rt');
Set($DatabaseName, 'rt');

Set($LogToSyslog, 'error');
Set($LogToSTDERR, 'debug');
Set($LogStackTraces, 1);

Set($WebDomain, 'rt-dev.company.com');
Set($WebPort, 443);
Set($WebURL, 'https://rt-dev.company.com/');

Set($Organization, 'company.com');
Set($Timezone, 'America/Los_Angeles');
Set($OwnerEmail, 'tjg at company.com');
Set($RTAddressRegexp , '^.*\@rt-dev.company.com$');

Set(%GnuPG, Enable => 0);

Set($DisableGraphViz, 1);

Set($DateDayBeforeMonth, 0);

Set($ShowUnreadMessageNotifications, 1);

Set($MessageBoxRichText, 0);

Set($DependenciesLimit, 10000);

Set($MaxAttachmentSize, 1048576);

Set($DropLongAttachments, 1);

Set(
  @Plugins,
  qw(
    RT::Extension::MergeUsers
  )
);

Set($AutoCreateNonExternalUsers, 1);

Set($ExternalAuthPriority, ['LDAP']);   
Set($ExternalInfoPriority, ['LDAP']);   

Set(
  $ExternalSettings,
  {
    'LDAP' => {
      'type' => 'ldap',
      'server' => 'ldap.company.com',
      'base' => 'ou=People,dc=company,dc=com',
      'filter' => '(objectClass=*)',
      'tls' => {
        'verify' => 'none',
      },
      'net_ldap_args' => [
        'version' => 3,
      ],
      'attr_match_list' => [
        'Name',
        'EmailAddress'
      ],
      'attr_map' => {
        'Name' => 'uid',
        'EmailAddress' => 'mail',
        'Organization' => 'departmentNumber',
        'RealName' => 'cn',
        'ExternalAuthId' => 'uid',
        'Gecos' => 'uid',
        'WorkPhone' => 'telephoneNumber',
        'Address1' => 'roomNumber'
      }
    }
  }
);

Set($ParseNewMessageForTicketCcs, 1);

Set($UseTransactionBatch, 1);

Set(
  %FullTextSearch,
  Enable => 1,
  Indexed => 1,
  Column => 'ContentIndex',
  Table => 'AttachmentsIndex',
);

Set($NotifyActor, 1);

1;



More information about the rt-users mailing list