[rt-users] LDAP Authentication and User Account Creation 3.6.6. and latest ExternalAuth

Carlos J. Velez-Rivera cvelez at ckcomputingpr.com
Sun Jun 1 15:51:25 EDT 2008


Mike,

	I'm one of those who has the issue you mention.  I'd like to help.  Do you want some more output enabled?  Would you like me to add some code to my instance so you can output anything that might help you fix it?

Thanks,
Carlos
On Friday 30 May 2008 04:34:10 Mike Peachey wrote:
> Bill Teeple wrote:
> > (also - note - I put rt3 within the /var volume not the /opt volume)
> 
> Meh, I always stick it in /usr
> 
> > Here is a part of my log:
> > 
> > 
> > 
> > [Thu May 29 19:37:57 2008] [warning]: Transaction->Create couldn't, as 
> > you didn't specify an object type and id (/var/rt3/lib/RT/Record.pm:1486)
> 
> I'm not sure what the cause of this message is, but it does not get int 
> the way of user creation, this is one of those messages that has ALWAYS 
> been there, I've just yet to get around to working out why.
> 
> > [Thu May 29 19:37:57 2008] [warning]: Use of uninitialized value in join 
> > or string at /usr/lib/perl5/site_perl/5.8.8/Log/Dispatch.pm line 22. 
> > (/var/rt3/local/lib/RT/User_Vendor.pm:408)
> 
> I've never seen this one before, but I'm guessing it's due to a lack of 
> a Set($ExternalInfoPriority, ['My_LDAP']); in your config. Auth and info 
> are treated as completely seperate services and so you need to define 
> the services for each.
> 
> > [Thu May 29 19:37:57 2008] [debug]: Attempting to get user info using 
> > this external service:  (/var/rt3/local/lib/RT/User_Vendor.pm:408)
> 
> Hence this line ^^
> 
> > [Thu May 29 19:37:57 2008] [info]: RT::User::CanonicalizeUserInfo 
> > returning Disabled: 0, EmailAddress: , Gecos: ldapsearch, Name: 
> > ldapsearch, Privileged: 0 (/var/rt3/local/lib/RT/User_Vendor.pm:444)
> 
> > [Thu May 29 19:37:57 2008] [warning]: Use of uninitialized value in join 
> > or string at /usr/lib/perl5/site_perl/5.8.8/Log/Dispatch.pm line 22. 
> > (/var/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:50)
> 
> And again ^^
> 
> > [Thu May 29 19:37:57 2008] [info]: Autocreated authenticated user 
> > ldapsearch (  ) 
> > (/var/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:50)
> 
> This one ^^ is the nub of the problem. I have had a number of people 
> report having this issue, for some reason there just seems to be no user 
> object created or no principle ID assigned and, because it's only debug 
> output, it's not clear if anything is being created or not, or if it's 
> just not reporting right to the debugging code.
> 
> If you can help me get to the cause of this issue I would greatly 
> appreciate it. The problem I have is that, because it's never happened 
> to me, I do not have access to a copy of RT with the problem so that I 
> can debug it myself.
> 
> > Here is my RT_SiteConfig.pm:
> > 
> > Set($AuthMethods, ['LDAP','internal']);
> 
> This setting ^^ is irrelevant. It forms part of Jim Meyer's LDAP 
> User_Local.pm overlay code which was deprecated by the ExternalAuth 
> extension. I recommend removing it. Also, since you have this line, make 
> sure you don't have a $RTHOME/local/lib/RT/User_Local.pm or the same in 
> the non-local tree, because if you have accidentally combined my code 
> and Jim Meyer's you could be looking at problems.
> 
> > # These are the full settings for each external service as a HashOfHashes
> > # Note that you may have as many external services as you wish. They will
> > # be checked in the order specified in the Priority directives above.
> > # e.g.
> > Set($ExternalAuthPriority,['My_LDAP']);
> 
> Obviously insert ExternalInfoPriority here.
> 
> 
> > 'attr_match_list'           => [    'Name',
> >                                      'EmailAddress',
> >                                      'RealName',
> >                                      'WorkPhone',
> >                                      'Address2'
> >                                  ],
> 
> I think I'll be updating the example config for the next release to 
> reduce the attr_match_list. I would recommend only using Name and 
> EmailAddress in your configuration. These should be attributes that 
> *uniquely* identify a user meaning you can't have more than one with the 
> same Address or workphone. Name and Email give RT a username and an 
> e-mail address, each of which should be unique for each and every user.
> 
> > When I uncomment the:
> > 
> > #Set($AutoCreateNonExternalUsers,    1);
> >
> > line, my attempted user gets AUTO-CREATED in the system, but no 
> > attributes are pulled over.
> 
> As per the comments, if you uncomment it, RT will create the user 
> whether they authenticated (and informaticated :/) correctly or not.
> 
> > 
> > As you can see by the log file above, when a user (in log above, example 
> > user is called ldapsearch) who is not within RT attempts to log on, 
> > settings are pulled just fine - it even says it has authenticated 
> > properly, but then the last line:
> > 
> > [Thu May 29 19:37:57 2008] [info]: Autocreated authenticated user 
> > ldapsearch (  ) 
> > (/var/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:50)
> > 
> > Shows me that the account is attempting to be created, but the "( )" is 
> > missing an ID of some?
> 
> Precisely. A few of your own debugging statements may be able to help 
> you work out why and I would love to know. If I can help I'm always 
> around, especially in #rt on irc.perl.org. Just say Zordrak three times 
> and I shall appear. I'm magic like that.
> 
> > This coupled with the error further UP the log:
> > 
> > [Thu May 29 19:37:57 2008] [warning]: Transaction->Create couldn't, as 
> > you didn't specify an object type and id (/var/rt3/lib/RT/Record.pm:1486)
> 
> Again, I think this is a red herring and completely unrelated as it is 
> always there.
> 
> > leads me to believe that I might be missing like ONE setting that would 
> > allow this to all JIVE the way it should.
> 
> Well, you're missing ExternalInfoPriority, but I only think that will 
> fix your boogie-woogie problems, I think your jive-block is elsewhere.



-- 
Carlos J. Velez-Rivera

Manager
CK Computing Corporation
cvelez at ckcomputingpr.com
Voice: (787)464-1182
Fax: 866-910-4798



More information about the rt-users mailing list