[rt-devel] RT 4.4.0rc1 - ExternalAuth

Thu Nov 5 12:57:54 EST 2015

Hi Brent,

Thank you so much for reviewing this for us.

Just to confirm, the issue was that the config variables were located in 
the new RT_SiteConfig.d structure, and when you moved everything back to 
RT_SiteConfig.pm it worked as expected? If so, it should work for you 
the way you originally did it so we'll have to fix that.

I also agree that the single line in the UPGRADING-4.4 file mentioning 
how to migrate to built in external auth probably isn't enough. I think 
we'll make an upgrading document just for external auth.

Thanks again,

On 11/5/15 10:50 AM, Parish, Brent wrote:
> Ok - part-way there.
>
> I threw in some debug lines and if I separate my config into multiple files within RT_SiteConfig.d  it correctly sets the values on first iteration of reading those files.
> Subsequent calls to the loader found the same values then UNset.
> Plowing all the separate files from RT_SiteConfig.d back into a single RT_SiteConfig.pm file (and deleting the separate ones) went back to keeping the ExternalAuth setting set.
>
> The spurious notice about " ExternalInfoPriority not defined" seems to be coming from line 1087 in Config.pm.
> I haven't looked deeper yet but first glance made me think perhaps it was used in debugging and maybe should be (re)moved now?
> I'll look closer once I have ExternalAuth back up.
>
> I had ExternalAuthId being set in my RT_SiteConfig.pm (for both $ExternalSettings attr_map and also for $LDAPMapping) and had to remove those (trips the "Unimplemented in RT::Record error")
>
> ExternalAuth is now working for me, I just need to get the SSO piece (Apache Kerberos) back and I'll be all set!
>
> Thanks again, BPS, for all your hard work and the great new release!
>
> - Brent
>
>
>
> -----Original Message-----
> From: rt-devel [mailto:rt-devel-bounces at lists.bestpractical.com] On Behalf Of Parish, Brent
> Sent: Wednesday, November 04, 2015 4:37 PM
> To: rt-devel at lists.bestpractical.com
> Subject: Re: [rt-devel] RT 4.4.0rc1 released
>
> This is awesome guys, thanks!!!!!
>
> I ran the upgrade today from 4.2.11 to 4.4.0rc1
> The upgrade itself was pleasantly uneventful, save for some confusion on my part as to whether or not to remove the obsoleted plugins from RT_SiteConfig.pm before or after running upgrade.
>    e.g.
>      Leave them in: get the warnings.
>      Leave them out: does it skip anything if it thinks I was not using them?
>
> I am struggling a bit with shifting ExternalAuth (LDAP --> Active Dir) to a core function though.
> I'll keep playing with it, but if anyone has a moment (yeah, right, like anyone has such a thing as Free Time!) I'd love some thoughts on it.
>
>
> For example, I removed the old plugins, because I see they are installed under lib/RT now.
>      local/plugins/RT-Authen-ExternalAuth
>      local/plugins/RT-Extension-LDAPImport
> I assume this was correct, though I don't recall seeing it in the upgrade doc?
>
>
> I noticed in /opt/rt4/lib/RT/Authen/ExternalAuth.pm that it still refers to the Set($ExternalInfoPriority config, but the RT logs tell me different:
>       ExternalInfoPriority not defined. User information (including user enabled/disabled) cannot be externally-sourced
> (I see this whether I have it defined or not)
>
>
> I kept all my old config settings for LDAP/ExternalAuth in RT_SiteConfig.pm
> I did remove the plugins line for them, and added the   Set($ExternalAuth, 1);
> I just wasn't sure if that was the right way to do it?
>
>
> In short, I'm looking for anything else that people have had to tweak for ExternalAuth (esp. LDAP) to make it work post-upgrade?
>
> Thanks!
> Brent