[rt-users] RT::Authen::ExternalAuth debugging

Eli Altman eli at gmnameplate.com
Thu Oct 16 19:09:59 EDT 2008 

Rich, grant CreateTicket ReplyToTicket, ShowTicket to Unprivileged group.  Have you successfully setup the mailgate to accept emails?  IMHO I think the best setup is creating an rt user on the RT box, use fetchmail to retrieve the mail from another server on a cron and set the mta to the rt-mailgate within .fetchmailrc directly. This way, if the RT box itself goes down you'll have a normal email account to check for incoming requests.  Otherwise, if the mailgate or a mail server on the RT box is malfunctioning, it could bounce the mail back to the user.

Once that's setup correctly, the user will be autocreated the first time they send an email to RT.  They will also show up as the Requestor for the ticket.  The owner of the ticket can be set any number of ways, but by default it is owned by Nobody.   This way the ticket shows up in the 'top 10 unowned tickets.'

Elias

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Rich West
Sent: Thursday, October 16, 2008 2:38 PM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] RT::Authen::ExternalAuth debugging

Spoke with a few of the folks on the #rt irc channel off of irc.perl.org
and managed to get this working.  Hooray.  I do have one question,
though.. if a ticket is submitted via email, how will it get associated
to the proper user?  or: How can I make sure that user with the account
"testuser" in Active Directory / LDAP can send email in to RT using
their testuser at mydomain.coom email address, and it would be associated
properly to "testuser"?


The simple piece was that was missing from my setup was the fact that I
needed to activate the plugin (duh) via the following in RT_SiteConfig.pm:
Set(@Plugins, qw(RT::Authen::ExternalAuth));

Additionally, I had to copy:
local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
to:
local/html/Callbacks/ExternalAuth/autohandler/Auth

Then patch that file (local/html/Callbacks/ExternalAuth/autohandler/Auth):

--- lib/RT/User_Vendor.pm (revision 40675)
+++ lib/RT/User_Vendor.pm (revision 40676)
@@ -348,7 +348,7 @@
         return (undef);
     }

-    if ( $self->PrincipalObj->Disabled ) {
+    if ( $self->PrincipalObj && $self->PrincipalObj->Disabled ) {
         $RT::Logger->info("Disabled user " . $self->Name .
                           " tried to log in" );
         return (undef);

Once I did that and restarted the web server, AD and local
authentication started working.  Hooray. :)

-Rich

Alan Cheng wrote:
> Rich,
>
> (1) You should see something similar in your RT log if it is indeed
> trying to authenticate against your AD.
>
> [Thu Oct 16 00:25:12 2008] [info]: RT::User::IsExternalPassword
> External Auth OK
> ( MY_LDAP ): alan
> (/usr/local/rt381/bin/../local/lib/RT/User_Vendor.pm:281)
>
> [Thu Oct 16 00:25:12 2008] [debug]: RT::User::IsPassword External auth
> SUCCEEDED
> (/usr/local/rt381/bin/../local/lib/RT/User_Vendor.pm:360)
>
> (2) Backup your RT_SiteConfig.pm and reduce the match_list to
> something like this and test again:
>
>    # The list of RT attributes that uniquely identify a user
>           'attr_match_list' => [    'Name',
>                                     'EmailAddress',
>                                ],
>
> It took me some efforts to get LDAP authentication against SUN
> Directory Server 6.3 to work so keep trying! :)
> http://www.gossamer-threads.com/lists/rt/users/79313?search_string=TLS;#79313
>
> Good Luck!
>
> Alan
>
> Rich West wrote:
>> Thanks for the debug link and the quick help! I wasn't sure what
>> value to put in there, but, alas, the Wiki to the rescue. :)
>>
>> Those links were the ones that I followed.  It just doesn't seem to
>> even attempt an AD auth ("testuser" exists in AD):
>> [Wed Oct 15 22:42:06 2008] [error]: FAILED LOGIN for testuser from
>> 10.100.10.6
>> (/var/www/html/help.ourdomain.local/share/html/autohandler:265)
>>
>> I have this bizarre feeling like I am missing just one important
>> piece of the puzzle...
>>
>> -Rich
>>
>> Eli Altman wrote:
>>>
>>> Andrew, if you’d like to get ExternalAuth working there are scores
>>> of people who have set it up successfully.. so don’t give up.  I
>>> have 3.8.1 with AuthenExternalAuth LDAP working just fine.  It also
>>> autocreates users in the RT db as needed.  Rich, here is the link
>>> for the logging debug setup:
>>>
>>>
>>>
>>> http://wiki.bestpractical.com/view/Debug
>>>
>>>
>>>
>>> Here is the instruction lineup, read them all carefully.
>>>
>>>
>>>
>>> http://wiki.bestpractical.com/view/ExternalAuth  - Read the
>>> “Post-Install” section
>>>
>>>
>>>
>>> http://www.gossamer-threads.com/lists/rt/users/77286
>>>
>>> http://www.gossamer-threads.com/lists/rt/users/77139?search_string=ldap%
>>> <http://www.gossamer-threads.com/lists/rt/users/77139?search_string=ldap%25>
>>>
>>>
>>>
>>> If you go to the #rt irc channel I’d be happy to help solve
>>> ExternalAuth issues.
>>>
>>>
>>>
>>> Elias (whitman on #rt)
>>>

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales at bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

More information about the rt-users mailing list