[rt-users] RT::Authen::ExternalAuth debugging

Rich West Rich.West at wesmo.com
Thu Oct 16 17:38:10 EDT 2008


Spoke with a few of the folks on the #rt irc channel off of irc.perl.org
and managed to get this working.  Hooray.  I do have one question,
though.. if a ticket is submitted via email, how will it get associated
to the proper user?  or: How can I make sure that user with the account
"testuser" in Active Directory / LDAP can send email in to RT using
their testuser at mydomain.coom email address, and it would be associated
properly to "testuser"?


The simple piece was that was missing from my setup was the fact that I
needed to activate the plugin (duh) via the following in RT_SiteConfig.pm:
Set(@Plugins, qw(RT::Authen::ExternalAuth));

Additionally, I had to copy:
local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
to:
local/html/Callbacks/ExternalAuth/autohandler/Auth

Then patch that file (local/html/Callbacks/ExternalAuth/autohandler/Auth):

--- lib/RT/User_Vendor.pm (revision 40675)
+++ lib/RT/User_Vendor.pm (revision 40676)
@@ -348,7 +348,7 @@
         return (undef);
     }
 
-    if ( $self->PrincipalObj->Disabled ) {
+    if ( $self->PrincipalObj && $self->PrincipalObj->Disabled ) {
         $RT::Logger->info("Disabled user " . $self->Name . 
                           " tried to log in" );
         return (undef);

Once I did that and restarted the web server, AD and local
authentication started working.  Hooray. :)

-Rich

Alan Cheng wrote:
> Rich,
>
> (1) You should see something similar in your RT log if it is indeed
> trying to authenticate against your AD.
>
> [Thu Oct 16 00:25:12 2008] [info]: RT::User::IsExternalPassword
> External Auth OK                          
> ( MY_LDAP ): alan
> (/usr/local/rt381/bin/../local/lib/RT/User_Vendor.pm:281)
>
> [Thu Oct 16 00:25:12 2008] [debug]: RT::User::IsPassword External auth
> SUCCEEDED                          
> (/usr/local/rt381/bin/../local/lib/RT/User_Vendor.pm:360)
>
> (2) Backup your RT_SiteConfig.pm and reduce the match_list to
> something like this and test again:
>
>    # The list of RT attributes that uniquely identify a user
>           'attr_match_list' => [    'Name',
>                                     'EmailAddress',
>                                ],
>
> It took me some efforts to get LDAP authentication against SUN
> Directory Server 6.3 to work so keep trying! :)
> http://www.gossamer-threads.com/lists/rt/users/79313?search_string=TLS;#79313
>
> Good Luck!
>
> Alan
>
> Rich West wrote:
>> Thanks for the debug link and the quick help! I wasn't sure what
>> value to put in there, but, alas, the Wiki to the rescue. :)
>>
>> Those links were the ones that I followed.  It just doesn't seem to
>> even attempt an AD auth ("testuser" exists in AD):
>> [Wed Oct 15 22:42:06 2008] [error]: FAILED LOGIN for testuser from
>> 10.100.10.6
>> (/var/www/html/help.ourdomain.local/share/html/autohandler:265)
>>
>> I have this bizarre feeling like I am missing just one important
>> piece of the puzzle...
>>
>> -Rich
>>
>> Eli Altman wrote:
>>>
>>> Andrew, if you’d like to get ExternalAuth working there are scores
>>> of people who have set it up successfully.. so don’t give up.  I
>>> have 3.8.1 with AuthenExternalAuth LDAP working just fine.  It also
>>> autocreates users in the RT db as needed.  Rich, here is the link
>>> for the logging debug setup:
>>>
>>>  
>>>
>>> http://wiki.bestpractical.com/view/Debug
>>>
>>>  
>>>
>>> Here is the instruction lineup, read them all carefully.
>>>
>>>  
>>>
>>> http://wiki.bestpractical.com/view/ExternalAuth  - Read the
>>> “Post-Install” section
>>>
>>>  
>>>
>>> http://www.gossamer-threads.com/lists/rt/users/77286
>>>
>>> http://www.gossamer-threads.com/lists/rt/users/77139?search_string=ldap%
>>> <http://www.gossamer-threads.com/lists/rt/users/77139?search_string=ldap%25>
>>>
>>>  
>>>
>>> If you go to the #rt irc channel I’d be happy to help solve
>>> ExternalAuth issues.
>>>
>>>  
>>>
>>> Elias (whitman on #rt)
>>>




More information about the rt-users mailing list