[rt-users] LDAP integration

Bartosz Cisek bartosz.cisek at pwr.wroc.pl
Fri May 9 10:38:41 EDT 2008


Hello,

I try to integrate RT with LDAP. After reading several earlier topics I 
didn't manage to solve my problem and it seems that my issue is different.

[Fri May  9 13:59:40 2008] [warning]: Transaction->Create couldn't, as 
you didn't specify an object type and id 
(/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1481)
[Fri May  9 13:59:40 2008] [debug]: RT::User::IsExternalPassword Trying 
External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
[Fri May  9 13:59:40 2008] [debug]: Attempting to use external auth 
service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
[Fri May  9 13:59:40 2008] [debug]: LDAP Search ===  Base: o=pracownicy 
== Filter: (&(uid=bartosz.cisek)(objectClass=inetmailuser)) == Attrs: dn 
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:187)
[Fri May  9 13:59:40 2008] [debug]: Found LDAP DN: 
uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy 
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:219)
[Fri May  9 13:59:40 2008] [info]: RT::User::IsExternalPassword External 
Auth OK ( My_LDAP ): bartosz.cisek 
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:283)
[Fri May  9 13:59:40 2008] [debug]: RT::User::IsPassword External auth 
SUCCEEDED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:362)
[Fri May  9 13:59:40 2008] [debug]: RT::User::CanonicalizeUserInfo 
called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 
192 with: Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name: 
bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:402)
[Fri May  9 13:59:40 2008] [debug]: Attempting to get user info using 
this external service: My_LDAP 
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:410)
[Fri May  9 13:59:40 2008] [debug]: Attempting to use this 
canonicalization key: uid (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:419)
[Fri May  9 13:59:40 2008] [info]: RT::User::CanonicalizeUserInfo 
returning Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name: 
bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:446)
[Fri May  9 13:59:40 2008] [warning]: Use of uninitialized value in join 
or string at /usr/lib/perl5/vendor_perl/5.8.8/Log/Dispatch.pm line 22. 
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
[Fri May  9 13:59:40 2008] [info]: Autocreated authenticated user 
bartosz.cisek (  ) 
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)

It authenticates properly, but user receives invalid login/pass web 
page. Strange is that 'gecos' and 'name' are fetched from LDAP 
correctly, but 'EmailAddress' is not. 'Gecos' mapping is commented out 
in config file, strange.

I also don't know how 'Disabled' and 'Privileged' fileds are set.

Here is my LDAP entry:

# base <o=pracownicy> with scope subtree
# filter: uid=bartosz.cisek
# requesting: ALL

# bartosz.cisek, People, pwr.wroc.pl, pracownicy
dn: uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetUser
objectClass: inetSubscriber
objectClass: ipUser
objectClass: nsManagedPerson
objectClass: inetmailuser
objectClass: inetlocalmailrecipient
objectClass: userpresenceprofile
objectClass: icsCalendarUser
objectClass: smsGwPerson
cn:: QmFydG9zeiBDaXNlayA=
uid: bartosz.cisek
givenName: Bartosz
sn: Cisek
mail: bartosz.cisek [at] pwr.wroc.pl
userPassword:: {hidden}
departmentNumber: SKP

RT_SiteConfig.pm

Set( $rtname, 'cerber.pwr.wroc.pl');
Set( $Organization , "Politechnika Wrocławska");
Set( $Timezone , 'Europe/Warsaw');
Set( $WebBaseURL , "http://cerber.pwr.wroc.pl");
Set( $WebPath , "/rt3");

Set($DatabaseType , 'Pg');
Set($DatabaseHost   , '172.17.x.x');
Set($DatabaseRTHost , '172.17.x.x');
Set($DatabaseUser , 'rt3_user');
Set($DatabasePassword , '{hidden}');
Set($DatabaseName , 'rt3');

Set($OwnerEmail , 'bartosz.cisek [at] pwr.wroc.pl');

Set($RTAddressRegexp , '^rt\@pwr.wroc.pl$');
Set($ExternalAuthPriority,  [   'My_LDAP' ]);
Set($ExternalInfoPriority,  [   'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    0);
Set($ExternalSettings,      {   # AN EXAMPLE LDAP SERVICE
                                 'My_LDAP'       =>  {   ## GENERIC SECTION
                                                         # The type of 
service (db/ldap/cookie)
                                                         'type' 
              =>  'ldap',
                                                         # Should the 
service be used for authentication?
                                                         'auth' 
              =>  1,
                                                         # Should the 
service be used for information?
                                                         'info' 
              =>  1,
                                                         # The server 
hosting the service
                                                         'server' 
              =>  'student.pwr.wroc.pl',
                                                         ## 
SERVICE-SPECIFIC SECTION
                                                         # If you can 
bind to your LDAP server anonymously you should
                                                         'user' 
              =>  'uid=mudl-skp,ou=People,o=pracownicy',
                                                         'pass' 
            =>  '.mudl.',
                                                         'base' 
              =>  'o=pracownicy',
                                                         'filter' 
              =>  '(objectClass=inetmailuser)',
                                                         'tls' 
              =>  0,
                                                         'net_ldap_args' 
             => [    version =>  3   ],
 
'attr_match_list'           => [    'uid'
 
                  ],
                                                         'attr_map' 
              =>  {   'Name' => 'uid',
 
                      'EmailAddress' => 'mail',
 
                      'Organization' => 'departmentNumber',
 
                      'RealName' => 'cn',
 
                      'ExternalAuthId' => 'uid'
                                                         # 
                      'Gecos' => 'cn',
                                                         # 
                       'WorkPhone' => 'telephoneNumber',
                                                         # 
                       'Address1' => 'streetAddress',
                                                         # 
                       'City' => 'l',
                                                         # 
                       'State' => 'st',
                                                         # 
                       'Zip' => 'postalCode',
                                                         # 
                       'Country' => 'co'
 
                  }
                                                     }
                                 }
);

Thanks in advance for any help.

best regards,

Bartosz Cisek

-- 
Bartosz Cisek <bartosz.cisek [at] pwr.wroc.pl>
tel.: +48 71 320 45 60




More information about the rt-users mailing list