<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Arial Unicode MS";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m running RT4.0.6 with the last ExternalAuth plugin.<o:p></o:p></p>
<p class="MsoNormal">It seems to be able to connect and authorize users against our LDAP, but for some reason when a new user logs in (a user that didn’t log in to the system before), it doesn’t get its Email address.<o:p></o:p></p>
<p class="MsoNormal">I can see a new user created in the DB, but it only gets its name.<o:p></o:p></p>
<p class="MsoNormal">PERL version is 5.10.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any ideas?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">RT_Siteconfig.pm:<o:p></o:p></p>
<p class="MsoNormal">##############################<o:p></o:p></p>
<p class="MsoNormal"># Active Directory Integration<o:p></o:p></p>
<p class="MsoNormal">##############################<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># The order in which the services defined in ExternalSettings<o:p></o:p></p>
<p class="MsoNormal"># should be used to authenticate users. User is authenticated<o:p></o:p></p>
<p class="MsoNormal"># if successfully confirmed by any service - no more services<o:p></o:p></p>
<p class="MsoNormal"># are checked.<o:p></o:p></p>
<p class="MsoNormal">Set($ExternalAuthPriority, ['My_LDAP'] );<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># The order in which the services defined in ExternalSettings<o:p></o:p></p>
<p class="MsoNormal"># should be used to get information about users. This includes<o:p></o:p></p>
<p class="MsoNormal"># RealName, Tel numbers etc, but also whether or not the user<o:p></o:p></p>
<p class="MsoNormal"># should be considered disabled.<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># Once user info is found, no more services are checked.<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal"># You CANNOT use a SSO cookie for authentication.<o:p></o:p></p>
<p class="MsoNormal">Set($ExternalInfoPriority, ['My_LDAP'] );<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># If this is set to true, then the relevant packages will<o:p></o:p></p>
<p class="MsoNormal"># be loaded to use SSL/TLS connections. At the moment,<o:p></o:p></p>
<p class="MsoNormal"># this just means "use Net::SSLeay;"<o:p></o:p></p>
<p class="MsoNormal">Set($ExternalServiceUsesSSLorTLS, 0);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># If this is set to 1, then users should be autocreated by RT<o:p></o:p></p>
<p class="MsoNormal"># as internal users if they fail to authenticate from an<o:p></o:p></p>
<p class="MsoNormal"># external service.<o:p></o:p></p>
<p class="MsoNormal">Set($AutoCreateNonExternalUsers, 0);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># These are the full settings for each external service as a HashOfHashes<o:p></o:p></p>
<p class="MsoNormal"># Note that you may have as many external services as you wish. They will<o:p></o:p></p>
<p class="MsoNormal"># be checked in the order specified in the Priority directives above.<o:p></o:p></p>
<p class="MsoNormal"># e.g.<o:p></o:p></p>
<p class="MsoNormal">Set($ExternalAuthPriority,['My_LDAP']);<o:p></o:p></p>
<p class="MsoNormal">#<o:p></o:p></p>
<p class="MsoNormal">Set($ExternalSettings, {<o:p></o:p></p>
<p class="MsoNormal"> # AN EXAMPLE LDAP SERVICE<o:p></o:p></p>
<p class="MsoNormal"> 'My_LDAP' => { ## GENERIC SECTION<o:p></o:p></p>
<p class="MsoNormal"> # The type of service (db/ldap/cookie)<o:p></o:p></p>
<p class="MsoNormal"> 'type' => 'ldap',<o:p></o:p></p>
<p class="MsoNormal"> # The server hosting the service<o:p></o:p></p>
<p class="MsoNormal"> 'server' => 'brain.panaya.int',<o:p></o:p></p>
<p class="MsoNormal"> ## SERVICE-SPECIFIC SECTION<o:p></o:p></p>
<p class="MsoNormal"> # If you can bind to your LDAP server anonymously you should<o:p></o:p></p>
<p class="MsoNormal"> # remove the user and pass config lines, otherwise specify them here:<o:p></o:p></p>
<p class="MsoNormal"> #<o:p></o:p></p>
<p class="MsoNormal"> # The username RT should use to connect to the LDAP server<o:p></o:p></p>
<p class="MsoNormal"> 'user' => 'XXX',<o:p></o:p></p>
<p class="MsoNormal"> # The password RT should use to connect to the LDAP server<o:p></o:p></p>
<p class="MsoNormal"> 'pass' => 'XXX',<o:p></o:p></p>
<p class="MsoNormal"> #<o:p></o:p></p>
<p class="MsoNormal"> # The LDAP search base<o:p></o:p></p>
<p class="MsoNormal"> 'base' => 'ou=Users,ou=Panaya,dc=panaya,dc=int',<o:p></o:p></p>
<p class="MsoNormal"> #<o:p></o:p></p>
<p class="MsoNormal"> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!<o:p></o:p></p>
<p class="MsoNormal"> # YOU **MUST** SPECIFY A filter AND A d_filter!!<o:p></o:p></p>
<p class="MsoNormal"> #<o:p></o:p></p>
<p class="MsoNormal"> # The filter to use to match RT-Users<o:p></o:p></p>
<p class="MsoNormal"> 'filter' => '(objectClass=*)',<o:p></o:p></p>
<p class="MsoNormal"> # A catch-all example filter: '(objectClass=*)'<o:p></o:p></p>
<p class="MsoNormal"> #<o:p></o:p></p>
<p class="MsoNormal"> # The filter that will only match disabled users<o:p></o:p></p>
<p class="MsoNormal"> 'd_filter' => '(objectClass=FooBarBaz)',<o:p></o:p></p>
<p class="MsoNormal"> # A catch-none example d_filter: '(objectClass=FooBarBaz)'<o:p></o:p></p>
<p class="MsoNormal"> #<o:p></o:p></p>
<p class="MsoNormal"> # Should we try to use TLS to encrypt connections?<o:p></o:p></p>
<p class="MsoNormal"> 'tls' => 0,<o:p></o:p></p>
<p class="MsoNormal"> # SSL Version to provide to Net::SSLeay *if* using SSL<o:p></o:p></p>
<p class="MsoNormal"> 'ssl_version' => 3,<o:p></o:p></p>
<p class="MsoNormal"> # What other args should I pass to Net::LDAP->new($host,@args)?<o:p></o:p></p>
<p class="MsoNormal"> 'net_ldap_args' => [ version => 3 ],<o:p></o:p></p>
<p class="MsoNormal"> # Does authentication depend on group membership? What group name?<o:p></o:p></p>
<p class="MsoNormal"> #'group' => 'GROUP_NAME',<o:p></o:p></p>
<p class="MsoNormal"> # What is the scope of the group search? (base, one, sub)<o:p></o:p></p>
<p class="MsoNormal"> # Optional; defaults to 'base', which is good enough for most cases. 'sub' is appropriate when you have nested groups<o:p></o:p></p>
<p class="MsoNormal"> #'group_scope' => 'base',<o:p></o:p></p>
<p class="MsoNormal"> # What is the attribute for the group object that determines membership?<o:p></o:p></p>
<p class="MsoNormal"> #'group_attr' => 'GROUP_ATTR',<o:p></o:p></p>
<p class="MsoNormal"> # What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to 'dn')<o:p></o:p></p>
<p class="MsoNormal"> #'group_attr_value' => 'GROUP_ATTR_VALUE',<o:p></o:p></p>
<p class="MsoNormal"> ## RT ATTRIBUTE MATCHING SECTION<o:p></o:p></p>
<p class="MsoNormal"> # The list of RT attributes that uniquely identify a user<o:p></o:p></p>
<p class="MsoNormal"> # This example shows what you *can* specify.. I recommend reducing this<o:p></o:p></p>
<p class="MsoNormal"> # to just the Name and EmailAddress to save encountering problems later.<o:p></o:p></p>
<p class="MsoNormal"> 'attr_match_list' => [ 'Name',<o:p></o:p></p>
<p class="MsoNormal"> 'EmailAddress'<o:p></o:p></p>
<p class="MsoNormal"> ],<o:p></o:p></p>
<p class="MsoNormal"> # The mapping of RT attributes on to LDAP attributes<o:p></o:p></p>
<p class="MsoNormal"> 'attr_map' => { 'Name' => 'sAMAccountName',<o:p></o:p></p>
<p class="MsoNormal"> 'EmailAddress' => 'mail'<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal">);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">From the log:<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:64)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Calling UserExists with $username (tstuser) and $service (My_LDAP) (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:105)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:<o:p></o:p></p>
<p class="MsoNormal">username: tstuser , service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Password validation required for service - Executing... (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:155)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:16)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(sAMAccountName=tstuser)(objectClass=*)) == Attrs: dn (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:43)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Found LDAP DN: CN=TestFirstName TestIn. TestLastName,OU=Users,OU=Panaya,DC=panaya,DC=int (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:75)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): tstuser (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:139)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: LDAP password validation result: 1 (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:335)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Password Validation Check Result: 1 (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:159)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:179)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:<o:p></o:p></p>
<p class="MsoNormal">username: tstuser , service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:<o:p></o:p></p>
<p class="MsoNormal">username: tstuser , service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(objectClass=FooBarBaz)(sAMAccountName=tstuser)) == Attrs: uid (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:398)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [warning]: Couldn't enable user 65117 (/opt/rt4/sbin/../lib/RT/User.pm:1066)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $val in concatenation (.) or string at /opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:274)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $message in concatenation (.) or string at /opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:274)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [info]: User marked as ENABLED ( tstuser ) per External Service (, ) (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:274)<o:p></o:p></p>
<p class="MsoNormal"><span style="background:yellow;mso-highlight:yellow">[Tue Nov 27 17:49:40 2012] [debug]: RT::Authen::ExternalAuth::UpdateUserInfo SetName Failed. That is already the current value (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:302)</span><o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: UPDATED user ( tstuser ) from External Service (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:308)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [info]: Successful login for tstuser from 10.100.0.34 (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:219)<o:p></o:p></p>
<p class="MsoNormal">[Tue Nov 27 17:49:40 2012] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#00659E">Karmi Simonov</span></b><b><span style="font-size:9.0pt;font-family:"Arial Unicode MS","sans-serif";color:#A7A9AC"> |
</span></b><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#EF4023">System Administrator</span></b><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial Unicode MS","sans-serif";color:#A7A9AC">TEL +972.9.7618000 EXT. 148 | FAX +972.9.7467901 | </span><span style="font-size:8.0pt;font-family:"Arial Unicode MS","sans-serif""><a href="mailto:karmi@panayainc.com"><span style="color:blue">karmi@panayainc.com</span></a><span style="color:#9933FF"><o:p></o:p></span></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#00659E">P</span></b><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#EF4023">A</span></b><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#00659E">N</span></b><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#EF4023">A</span></b><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#00659E">Y</span></b><b><span style="font-size:10.0pt;font-family:"Arial Unicode MS","sans-serif";color:#EF4023">A</span></b><b><span style="font-size:9.0pt;font-family:"Arial Unicode MS","sans-serif";color:#948A54"> </span></b><b><span style="font-size:9.0pt;font-family:"Arial Unicode MS","sans-serif";color:#A7A9AC">Making
ERP Easy</span></b><span style="font-size:9.0pt;font-family:"Arial Unicode MS","sans-serif";color:#A7A9AC"> |
</span><span style="font-size:9.0pt;font-family:"Arial Unicode MS","sans-serif""><a href="http://www.panayainc.com"><span style="color:blue">www.panayainc.com</span></a></span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>