[rt-users] problem with LDAP authentication after upgrading

Sebastian Reitenbach sebastia at l00-bugdead-prods.de
Wed Apr 9 06:37:18 EDT 2008


hi,

I wanted to upgrade rt3 from version 3.6.1 to 3.6.6. 
Therefore I installed a fresh version on a new host, following the 
installation procedure described in the README file.
I ran configure with the following parameters:
./configure --prefix=/opt/rt3 --with-web-user=wwwrun --with-db-type=Pg
--with-db-dba=postgres 
--with-db-database=rt3 --with-db-host=127.0.0.1
--with-apachectl=/usr/sbin/apache2ctl

I copied the old RT_SiteConfig.pm file to the new host, however, when I try 
to login, it is not possible, and I see the following in the logs:

[Wed Apr  9 10:08:21 2008] [error]: FAILED LOGIN for sebastia from 10.0.0.9 
(/opt/rt3/share/html/autohandler:251)

Stack trace:
        HTML::Mason::Commands::__ANON__() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm:135
        HTML::Mason::Component::run() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:1273
        (eval)() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:1268
        HTML::Mason::Request::comp() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:467
        (eval)() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:467
        (eval)() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:419
        HTML::Mason::Request::exec() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:168
        HTML::Mason::Request::ApacheHandler::exec() called 
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:825
        HTML::Mason::ApacheHandler::handle_request() called 
at /opt/rt3/bin/webmux.pl:125
        (eval)() called at /opt/rt3/bin/webmux.pl:125
        RT::Mason::handler() called at -e:0
        (eval)() called at -e:0

My RT_SiteConfig.pm has the following contents:
Set( $rtname, 'l00-bugdead-prods.de.de');
Set($AuthMethods, ['LDAP', 'Internal']);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {'Name' => 'uid',
                   'EmailAddress' => 'mail',
                   'Organization' => 'o',
                   'RealName' => 'cn',
                   'ExternalContactInfoId' => 'dn',
                   'ExternalAuthId' => 'uid',
                   'Gecos' => 'uid',
                   'WorkPhone' => 'telephoneNumber',
                   'Address1' => 'ou',
                   'Address2' => 'physicalDeliveryOfficeName'}
);
Set($LdapRTAttrMatchList, ['Name', 'ExternalContactInfoId',
                           'EmailAddress', 'RealName',
                           'WorkPhone', 'Address2']
);
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
                              'mailAlternateAddress']
);
Set($LdapEmailAttrMatchPrefix, ['', 'smtp:', 'SMTP:'] );
Set($LdapServer, '10.0.0.11');
Set($LdapBase, 'ou=People,dc=l00-bugdead-prods');
Set($LdapFilter, '(objectclass=posixAccount)');
Set($LdapDisableFilter, '(employmentStatus=Terminated)');
Set($LdapTLS, 1);
Set($LdapSSLVersion, 3);
1;
Set($WebPort , 443);# + ($< * 7274) % 32766 + ($< && 1024));
Set($WebBaseURL , "https://tracker.ds9");
Set($WebURL , $WebBaseURL . $WebPath . "/");
Set($CorrespondAddress , 'ithelp at l00-bugdead-prods.de.de');
Set($CommentAddress , 'ithelp at l00-bugdead-prods.de.de');
Set($Organization , "l00-bugdead-prods.de.de");
Set($RTAddressRegexp , '^rt\@l00-bugdead-prods.de.de$');
Set($AutoCreate, {Privileged => 1});

This configuration works well on the host with the rt3 3.6.1 installed, but 
not on the host with the new installation. They are both intended to 
authenticate against the same ldap server.

I created a new database and loaded the dump from the old version. As far as 
I can see, there is no need to upgrade the database schema between these 
versions. Also psql -h localhost -U postgres rt3 works well on the command 
line.


Do I can enable more debugging output for the LDAP authentication part? Or 
does anybody has an idea what I am still missing/might have made wrong?


kind regards




More information about the rt-users mailing list