[rt-users] LDAP integration

Alan Cheng chenga at ias.edu
Fri May 9 11:45:09 EDT 2008


I would like to add the information back to the mailing list.  Earlier 
this week I communicated with Mike Peachey directly because I wasn't on 
RT-User mailing list yet.  I ran into the very same problem against Sun 
Directory Server 5.2 Q4.

Bartosz - out of my curiosity, what LDAP backend are you using?

>>Alan Cheng wrote:
>> Hi Mike,
>> 
>> [Mon May  5 17:54:28 2008] [info]: Autocreated authenticated user acheng 
>> (  ) (/usr/local/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:50)

>This is the problem, but I'm not sure why. It is something I will work 
>on when I get the time to do it. The parenthesis should contain a new 
>Principle ID, but for some reason it doesn't.
>-- 
>Kind Regards,


Thanks,

Alan

Bartosz Cisek wrote:
> Hello,
>
> I try to integrate RT with LDAP. After reading several earlier topics I 
> didn't manage to solve my problem and it seems that my issue is different.
>
> [Fri May  9 13:59:40 2008] [warning]: Transaction->Create couldn't, as 
> you didn't specify an object type and id 
> (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1481)
> [Fri May  9 13:59:40 2008] [debug]: RT::User::IsExternalPassword Trying 
> External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
> [Fri May  9 13:59:40 2008] [debug]: Attempting to use external auth 
> service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
> [Fri May  9 13:59:40 2008] [debug]: LDAP Search ===  Base: o=pracownicy 
> == Filter: (&(uid=bartosz.cisek)(objectClass=inetmailuser)) == Attrs: dn 
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:187)
> [Fri May  9 13:59:40 2008] [debug]: Found LDAP DN: 
> uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy 
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:219)
> [Fri May  9 13:59:40 2008] [info]: RT::User::IsExternalPassword External 
> Auth OK ( My_LDAP ): bartosz.cisek 
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:283)
> [Fri May  9 13:59:40 2008] [debug]: RT::User::IsPassword External auth 
> SUCCEEDED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:362)
> [Fri May  9 13:59:40 2008] [debug]: RT::User::CanonicalizeUserInfo 
> called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 
> 192 with: Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name: 
> bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:402)
> [Fri May  9 13:59:40 2008] [debug]: Attempting to get user info using 
> this external service: My_LDAP 
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:410)
> [Fri May  9 13:59:40 2008] [debug]: Attempting to use this 
> canonicalization key: uid (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:419)
> [Fri May  9 13:59:40 2008] [info]: RT::User::CanonicalizeUserInfo 
> returning Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name: 
> bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:446)
> [Fri May  9 13:59:40 2008] [warning]: Use of uninitialized value in join 
> or string at /usr/lib/perl5/vendor_perl/5.8.8/Log/Dispatch.pm line 22. 
> (/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
> [Fri May  9 13:59:40 2008] [info]: Autocreated authenticated user 
> bartosz.cisek (  ) 
> (/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
>
> It authenticates properly, but user receives invalid login/pass web 
> page. Strange is that 'gecos' and 'name' are fetched from LDAP 
> correctly, but 'EmailAddress' is not. 'Gecos' mapping is commented out 
> in config file, strange.
>
> I also don't know how 'Disabled' and 'Privileged' fileds are set.
>
> Here is my LDAP entry:
>
> # base <o=pracownicy> with scope subtree
> # filter: uid=bartosz.cisek
> # requesting: ALL
>
> # bartosz.cisek, People, pwr.wroc.pl, pracownicy
> dn: uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: inetUser
> objectClass: inetSubscriber
> objectClass: ipUser
> objectClass: nsManagedPerson
> objectClass: inetmailuser
> objectClass: inetlocalmailrecipient
> objectClass: userpresenceprofile
> objectClass: icsCalendarUser
> objectClass: smsGwPerson
> cn:: QmFydG9zeiBDaXNlayA=
> uid: bartosz.cisek
> givenName: Bartosz
> sn: Cisek
> mail: bartosz.cisek [at] pwr.wroc.pl
> userPassword:: {hidden}
> departmentNumber: SKP
>
> RT_SiteConfig.pm
>
> Set( $rtname, 'cerber.pwr.wroc.pl');
> Set( $Organization , "Politechnika Wrocławska");
> Set( $Timezone , 'Europe/Warsaw');
> Set( $WebBaseURL , "http://cerber.pwr.wroc.pl");
> Set( $WebPath , "/rt3");
>
> Set($DatabaseType , 'Pg');
> Set($DatabaseHost   , '172.17.x.x');
> Set($DatabaseRTHost , '172.17.x.x');
> Set($DatabaseUser , 'rt3_user');
> Set($DatabasePassword , '{hidden}');
> Set($DatabaseName , 'rt3');
>
> Set($OwnerEmail , 'bartosz.cisek [at] pwr.wroc.pl');
>
> Set($RTAddressRegexp , '^rt\@pwr.wroc.pl$');
> Set($ExternalAuthPriority,  [   'My_LDAP' ]);
> Set($ExternalInfoPriority,  [   'My_LDAP' ]);
> Set($ExternalServiceUsesSSLorTLS,    0);
> Set($AutoCreateNonExternalUsers,    0);
> Set($ExternalSettings,      {   # AN EXAMPLE LDAP SERVICE
>                                  'My_LDAP'       =>  {   ## GENERIC SECTION
>                                                          # The type of 
> service (db/ldap/cookie)
>                                                          'type' 
>               =>  'ldap',
>                                                          # Should the 
> service be used for authentication?
>                                                          'auth' 
>               =>  1,
>                                                          # Should the 
> service be used for information?
>                                                          'info' 
>               =>  1,
>                                                          # The server 
> hosting the service
>                                                          'server' 
>               =>  'student.pwr.wroc.pl',
>                                                          ## 
> SERVICE-SPECIFIC SECTION
>                                                          # If you can 
> bind to your LDAP server anonymously you should
>                                                          'user' 
>               =>  'uid=mudl-skp,ou=People,o=pracownicy',
>                                                          'pass' 
>             =>  '.mudl.',
>                                                          'base' 
>               =>  'o=pracownicy',
>                                                          'filter' 
>               =>  '(objectClass=inetmailuser)',
>                                                          'tls' 
>               =>  0,
>                                                          'net_ldap_args' 
>              => [    version =>  3   ],
>  
> 'attr_match_list'           => [    'uid'
>  
>                   ],
>                                                          'attr_map' 
>               =>  {   'Name' => 'uid',
>  
>                       'EmailAddress' => 'mail',
>  
>                       'Organization' => 'departmentNumber',
>  
>                       'RealName' => 'cn',
>  
>                       'ExternalAuthId' => 'uid'
>                                                          # 
>                       'Gecos' => 'cn',
>                                                          # 
>                        'WorkPhone' => 'telephoneNumber',
>                                                          # 
>                        'Address1' => 'streetAddress',
>                                                          # 
>                        'City' => 'l',
>                                                          # 
>                        'State' => 'st',
>                                                          # 
>                        'Zip' => 'postalCode',
>                                                          # 
>                        'Country' => 'co'
>  
>                   }
>                                                      }
>                                  }
> );
>
> Thanks in advance for any help.
>
> best regards,
>
> Bartosz Cisek
>
>   




More information about the rt-users mailing list