[rt-users] LDAP integration
Alan Cheng
chenga at ias.edu
Fri May 9 11:45:09 EDT 2008
I would like to add the information back to the mailing list. Earlier
this week I communicated with Mike Peachey directly because I wasn't on
RT-User mailing list yet. I ran into the very same problem against Sun
Directory Server 5.2 Q4.
Bartosz - out of my curiosity, what LDAP backend are you using?
>>Alan Cheng wrote:
>> Hi Mike,
>>
>> [Mon May 5 17:54:28 2008] [info]: Autocreated authenticated user acheng
>> ( ) (/usr/local/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:50)
>This is the problem, but I'm not sure why. It is something I will work
>on when I get the time to do it. The parenthesis should contain a new
>Principle ID, but for some reason it doesn't.
>--
>Kind Regards,
Thanks,
Alan
Bartosz Cisek wrote:
> Hello,
>
> I try to integrate RT with LDAP. After reading several earlier topics I
> didn't manage to solve my problem and it seems that my issue is different.
>
> [Fri May 9 13:59:40 2008] [warning]: Transaction->Create couldn't, as
> you didn't specify an object type and id
> (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1481)
> [Fri May 9 13:59:40 2008] [debug]: RT::User::IsExternalPassword Trying
> External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
> [Fri May 9 13:59:40 2008] [debug]: Attempting to use external auth
> service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
> [Fri May 9 13:59:40 2008] [debug]: LDAP Search === Base: o=pracownicy
> == Filter: (&(uid=bartosz.cisek)(objectClass=inetmailuser)) == Attrs: dn
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:187)
> [Fri May 9 13:59:40 2008] [debug]: Found LDAP DN:
> uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:219)
> [Fri May 9 13:59:40 2008] [info]: RT::User::IsExternalPassword External
> Auth OK ( My_LDAP ): bartosz.cisek
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:283)
> [Fri May 9 13:59:40 2008] [debug]: RT::User::IsPassword External auth
> SUCCEEDED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:362)
> [Fri May 9 13:59:40 2008] [debug]: RT::User::CanonicalizeUserInfo
> called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm
> 192 with: Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
> bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:402)
> [Fri May 9 13:59:40 2008] [debug]: Attempting to get user info using
> this external service: My_LDAP
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:410)
> [Fri May 9 13:59:40 2008] [debug]: Attempting to use this
> canonicalization key: uid (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:419)
> [Fri May 9 13:59:40 2008] [info]: RT::User::CanonicalizeUserInfo
> returning Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
> bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:446)
> [Fri May 9 13:59:40 2008] [warning]: Use of uninitialized value in join
> or string at /usr/lib/perl5/vendor_perl/5.8.8/Log/Dispatch.pm line 22.
> (/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
> [Fri May 9 13:59:40 2008] [info]: Autocreated authenticated user
> bartosz.cisek ( )
> (/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
>
> It authenticates properly, but user receives invalid login/pass web
> page. Strange is that 'gecos' and 'name' are fetched from LDAP
> correctly, but 'EmailAddress' is not. 'Gecos' mapping is commented out
> in config file, strange.
>
> I also don't know how 'Disabled' and 'Privileged' fileds are set.
>
> Here is my LDAP entry:
>
> # base <o=pracownicy> with scope subtree
> # filter: uid=bartosz.cisek
> # requesting: ALL
>
> # bartosz.cisek, People, pwr.wroc.pl, pracownicy
> dn: uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: inetUser
> objectClass: inetSubscriber
> objectClass: ipUser
> objectClass: nsManagedPerson
> objectClass: inetmailuser
> objectClass: inetlocalmailrecipient
> objectClass: userpresenceprofile
> objectClass: icsCalendarUser
> objectClass: smsGwPerson
> cn:: QmFydG9zeiBDaXNlayA=
> uid: bartosz.cisek
> givenName: Bartosz
> sn: Cisek
> mail: bartosz.cisek [at] pwr.wroc.pl
> userPassword:: {hidden}
> departmentNumber: SKP
>
> RT_SiteConfig.pm
>
> Set( $rtname, 'cerber.pwr.wroc.pl');
> Set( $Organization , "Politechnika Wrocławska");
> Set( $Timezone , 'Europe/Warsaw');
> Set( $WebBaseURL , "http://cerber.pwr.wroc.pl");
> Set( $WebPath , "/rt3");
>
> Set($DatabaseType , 'Pg');
> Set($DatabaseHost , '172.17.x.x');
> Set($DatabaseRTHost , '172.17.x.x');
> Set($DatabaseUser , 'rt3_user');
> Set($DatabasePassword , '{hidden}');
> Set($DatabaseName , 'rt3');
>
> Set($OwnerEmail , 'bartosz.cisek [at] pwr.wroc.pl');
>
> Set($RTAddressRegexp , '^rt\@pwr.wroc.pl$');
> Set($ExternalAuthPriority, [ 'My_LDAP' ]);
> Set($ExternalInfoPriority, [ 'My_LDAP' ]);
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
> 'My_LDAP' => { ## GENERIC SECTION
> # The type of
> service (db/ldap/cookie)
> 'type'
> => 'ldap',
> # Should the
> service be used for authentication?
> 'auth'
> => 1,
> # Should the
> service be used for information?
> 'info'
> => 1,
> # The server
> hosting the service
> 'server'
> => 'student.pwr.wroc.pl',
> ##
> SERVICE-SPECIFIC SECTION
> # If you can
> bind to your LDAP server anonymously you should
> 'user'
> => 'uid=mudl-skp,ou=People,o=pracownicy',
> 'pass'
> => '.mudl.',
> 'base'
> => 'o=pracownicy',
> 'filter'
> => '(objectClass=inetmailuser)',
> 'tls'
> => 0,
> 'net_ldap_args'
> => [ version => 3 ],
>
> 'attr_match_list' => [ 'uid'
>
> ],
> 'attr_map'
> => { 'Name' => 'uid',
>
> 'EmailAddress' => 'mail',
>
> 'Organization' => 'departmentNumber',
>
> 'RealName' => 'cn',
>
> 'ExternalAuthId' => 'uid'
> #
> 'Gecos' => 'cn',
> #
> 'WorkPhone' => 'telephoneNumber',
> #
> 'Address1' => 'streetAddress',
> #
> 'City' => 'l',
> #
> 'State' => 'st',
> #
> 'Zip' => 'postalCode',
> #
> 'Country' => 'co'
>
> }
> }
> }
> );
>
> Thanks in advance for any help.
>
> best regards,
>
> Bartosz Cisek
>
>
More information about the rt-users
mailing list