[rt-users] Issues configuring RT::Authen::ExternalAuth

Carlos J. Velez-Rivera cvelez at ckcomputingpr.com
Wed Apr 23 23:01:10 EDT 2008


Hello Mike,

	Thanks for your answer.  Sorry for the delay in getting back to you.  I had to take care of a fire... Here is the RT_SiteConfig.pm file.  I thought it could be related to a bad filter...

Thanks in advance for any pointers you might have!
Carlos


# RT_SiteConfig.pm
#
# These are the bits you absolutely *must* edit.
#
# To find out how, please read
#   /usr/share/doc/request-tracker3.6/INSTALL.Debian

# THE BASICS:

Set($rtname, 'Universidad de Puerto Rico - GAE');
Set($Organization, 'upr.edu');

Set($CorrespondAddress , 'someone at upr.edu');
Set($CommentAddress , 'someone at upr.edu');

Set($Timezone , 'Venezuela/Caracas'); # obviously choose what suits you

# THE DATABASE:

# Added by carlos 20070629
Set($DatabaseHost, 'localhost');
Set($DatabaseRTHost, 'localhost');

Set($DatabaseType, 'Pg'); # e.g. Pg or mysql

# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.

Set($DatabaseUser , 'dbuser');
Set($DatabasePassword , 'dbuserpwd');
Set($DatabaseName , 'dbname');

# THE WEBSERVER:

Set($WebPath , "/rt");
Set($WebBaseURL , "http://localhost");

# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority,  [   'My_LDAP' ]
);

# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
# Once user info is found, no more services are checked.
Set($ExternalInfoPriority,  [   'My_LDAP' ]
);

# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS,    0);

# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers,    0);

# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
#   Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings,      {   # AN EXAMPLE LDAP SERVICE
                                'My_LDAP'       =>  {   ## GENERIC SECTION
                                                        # The type of service (db/ldap/cookie)
                                                        'type'                      =>  'ldap',
                                                        # Should the service be used for authentication?
                                                        'auth'                      =>  1,
                                                        # Should the service be used for information?
                                                        'info'                      =>  1,
                                                        # The server hosting the service
                                                        'server'                    =>  'upridldap.upr.edu',
                                                        ## SERVICE-SPECIFIC SECTION
                                                        # If you can bind to your LDAP server anonymously you should
                                                        # remove the user and pass config lines, otherwise specify them here:
                                                        #
                                                        # The username RT should use to connect to the LDAP server
                                                        'user'                      =>  'admindn',
                                                        # The password RT should use to connect to the LDAP server
                                                        'pass'                    =>  'adminpwd',
                                                        #
                                                        # The LDAP search base
                                                        'base'                      =>  'ou=people,dc=upr,dc=edu',
                                                        # The filter to use to match RT-Users
                                                        'filter'                    =>  '(objectclass=*)',
                                                        # The filter that will only match disabled users
                                                        'd_filter' => '(eduPersonAffiliation=alumn)',
                                                        # Should we try to use TLS to encrypt connections?
                                                        'tls'                       =>  0,
                                                        # What other args should I pass to Net::LDAP->new($host, at args)?
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        # Does authentication depend on group membership? What group name?
                                                        'group'                     =>  '',
                                                        # What is the attribute for the group object that determines membership?
                                                        'group_attr'                =>  '',
                                                        ## RT ATTRIBUTE MATCHING SECTION
                                                        # The list of RT attributes that uniquely identify a user
                                                        'attr_match_list'           => [    'Name' ],
                                                        # The mapping of RT attributes on to LDAP attributes
                                                        'attr_map'                  =>  {   'Name' => 'uid',
                                                                                            'EmailAddress' => 'eduPersonPrincipalName',
                                                                                            'Organization' => 'eduPersonOrgDN',
                                                                                            'RealName' => 'displayName',
                                                                                            'ExternalAuthId' => 'uid',
                                                                                            'Gecos' => 'uid',
                                                                                            'WorkPhone' => '',
                                                                                            'Address1' => '',
                                                                                            'City' => '',
                                                                                            'State' => '',
                                                                                            'Zip' => '',
                                                                                            'Country' => ''
                                                                                        }
                                                    }
                                }
);
Set($LogToSyslog    , 'debug');
Set($LogToScreen    , 'debug');
Set($LogToFile      , 'debug');
Set($LogDir, '/var/log/request-tracker3.6');
Set($LogToFileNamed , "rt.log");    #log to rt.log
Set($LogStackTraces , 0);
# Set($LogoURL , $WebImagesURL . "bplogo.gif");
#
1;


On Monday 21 April 2008 04:46:56 Mike Peachey wrote:
> Carlos J. Velez-Rivera wrote:
> > I have followed a recent thread in the list to setup LDAP authentication using 
> > RT::Authen::ExternalAuth and it is kind of working, but the user doesn;t 
> > actually get to use the system.  The system just leaves the user at the login 
> > page and nothing happens.  Is it that I'm using a bad disabled account filter 
> > or something?  
> > 
> > As an additional observation, I logged in as root after trying this out and 
> > even though the logs say the account was created I could not find the user.
> > 
> > Here is the log I get when I try to login carlos.velez99:
> > 
> <snip>
> 
> Your attr_map seems a little broken, although that shouldn't affect user 
> creation. The cause of the problem seems related to this line:
> 
> [Sat Apr 19 22:19:46 2008] [info]: Autocreated authenticated user
> carlos.velez99 (  )
> 
> The empty parenthesis at the end of this line is supposed to contain the 
> principal ID for the newly created user, which means that user creation 
> didn't succeed.
> 
> It's not clear what would cause that.
> 
> Perhaps if you provided your RT_SiteConfig.pm we might be better able to 
> work out what's going on..
> 



-- 
Carlos J. Velez-Rivera

Manager
CK Computing Corporation
cvelez at ckcomputingpr.com
Voice: (787)464-1182
Fax: 866-910-4798



More information about the rt-users mailing list