[rt-users] LDAP integration
Bartosz Cisek
bartosz.cisek at pwr.wroc.pl
Fri May 9 10:38:41 EDT 2008
Hello,
I try to integrate RT with LDAP. After reading several earlier topics I
didn't manage to solve my problem and it seems that my issue is different.
[Fri May 9 13:59:40 2008] [warning]: Transaction->Create couldn't, as
you didn't specify an object type and id
(/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1481)
[Fri May 9 13:59:40 2008] [debug]: RT::User::IsExternalPassword Trying
External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
[Fri May 9 13:59:40 2008] [debug]: Attempting to use external auth
service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
[Fri May 9 13:59:40 2008] [debug]: LDAP Search === Base: o=pracownicy
== Filter: (&(uid=bartosz.cisek)(objectClass=inetmailuser)) == Attrs: dn
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:187)
[Fri May 9 13:59:40 2008] [debug]: Found LDAP DN:
uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:219)
[Fri May 9 13:59:40 2008] [info]: RT::User::IsExternalPassword External
Auth OK ( My_LDAP ): bartosz.cisek
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:283)
[Fri May 9 13:59:40 2008] [debug]: RT::User::IsPassword External auth
SUCCEEDED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:362)
[Fri May 9 13:59:40 2008] [debug]: RT::User::CanonicalizeUserInfo
called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm
192 with: Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:402)
[Fri May 9 13:59:40 2008] [debug]: Attempting to get user info using
this external service: My_LDAP
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:410)
[Fri May 9 13:59:40 2008] [debug]: Attempting to use this
canonicalization key: uid (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:419)
[Fri May 9 13:59:40 2008] [info]: RT::User::CanonicalizeUserInfo
returning Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:446)
[Fri May 9 13:59:40 2008] [warning]: Use of uninitialized value in join
or string at /usr/lib/perl5/vendor_perl/5.8.8/Log/Dispatch.pm line 22.
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
[Fri May 9 13:59:40 2008] [info]: Autocreated authenticated user
bartosz.cisek ( )
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
It authenticates properly, but user receives invalid login/pass web
page. Strange is that 'gecos' and 'name' are fetched from LDAP
correctly, but 'EmailAddress' is not. 'Gecos' mapping is commented out
in config file, strange.
I also don't know how 'Disabled' and 'Privileged' fileds are set.
Here is my LDAP entry:
# base <o=pracownicy> with scope subtree
# filter: uid=bartosz.cisek
# requesting: ALL
# bartosz.cisek, People, pwr.wroc.pl, pracownicy
dn: uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetUser
objectClass: inetSubscriber
objectClass: ipUser
objectClass: nsManagedPerson
objectClass: inetmailuser
objectClass: inetlocalmailrecipient
objectClass: userpresenceprofile
objectClass: icsCalendarUser
objectClass: smsGwPerson
cn:: QmFydG9zeiBDaXNlayA=
uid: bartosz.cisek
givenName: Bartosz
sn: Cisek
mail: bartosz.cisek [at] pwr.wroc.pl
userPassword:: {hidden}
departmentNumber: SKP
RT_SiteConfig.pm
Set( $rtname, 'cerber.pwr.wroc.pl');
Set( $Organization , "Politechnika Wrocławska");
Set( $Timezone , 'Europe/Warsaw');
Set( $WebBaseURL , "http://cerber.pwr.wroc.pl");
Set( $WebPath , "/rt3");
Set($DatabaseType , 'Pg');
Set($DatabaseHost , '172.17.x.x');
Set($DatabaseRTHost , '172.17.x.x');
Set($DatabaseUser , 'rt3_user');
Set($DatabasePassword , '{hidden}');
Set($DatabaseName , 'rt3');
Set($OwnerEmail , 'bartosz.cisek [at] pwr.wroc.pl');
Set($RTAddressRegexp , '^rt\@pwr.wroc.pl$');
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of
service (db/ldap/cookie)
'type'
=> 'ldap',
# Should the
service be used for authentication?
'auth'
=> 1,
# Should the
service be used for information?
'info'
=> 1,
# The server
hosting the service
'server'
=> 'student.pwr.wroc.pl',
##
SERVICE-SPECIFIC SECTION
# If you can
bind to your LDAP server anonymously you should
'user'
=> 'uid=mudl-skp,ou=People,o=pracownicy',
'pass'
=> '.mudl.',
'base'
=> 'o=pracownicy',
'filter'
=> '(objectClass=inetmailuser)',
'tls'
=> 0,
'net_ldap_args'
=> [ version => 3 ],
'attr_match_list' => [ 'uid'
],
'attr_map'
=> { 'Name' => 'uid',
'EmailAddress' => 'mail',
'Organization' => 'departmentNumber',
'RealName' => 'cn',
'ExternalAuthId' => 'uid'
#
'Gecos' => 'cn',
#
'WorkPhone' => 'telephoneNumber',
#
'Address1' => 'streetAddress',
#
'City' => 'l',
#
'State' => 'st',
#
'Zip' => 'postalCode',
#
'Country' => 'co'
}
}
}
);
Thanks in advance for any help.
best regards,
Bartosz Cisek
--
Bartosz Cisek <bartosz.cisek [at] pwr.wroc.pl>
tel.: +48 71 320 45 60
More information about the rt-users
mailing list