[rt-users] Ldap Authentication setup question
Kevin Falcone
falcone at bestpractical.com
Wed Oct 22 19:55:15 EDT 2008
On Oct 22, 2008, at 4:47 PM, Eli Altman wrote:
> This sounds like you need the User_Vendor patch.. I know it's been
> known to work with earlier versions of the ExternalAuth, but is it
> still needed for the newest version?
>
> http://www.gossamer-threads.com/lists/rt/users/77139?search_string=ldap%25
>
> I imagine Mike will be back with words of advice, but may as well
> make a backup and give this a shot.
For the archives:
This patch has been applied to 0.06_02 but if you have an old version
laying around
in local/ you may need to delete it.
I'm checking in an update to the README which will be in the next
release
-kevin
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com
> ] On Behalf Of Michael Mollard
> Sent: Wednesday, October 22, 2008 4:10 PM
> To: mike.peachey at jennic.com; RT Users
> Subject: Re: [rt-users] Ldap Authentication setup question
>
> Thanks for the assistance.
> I have downloaded and installed the latest version of RT-Authen-
> ExternalAuth-0.06_02, with RT 3.8.1(latest)
> I seem to have gotten a step further, but still have some issues.
>
> When I try and authenticate with an ldap account, my browser reports:
> "Can't call method "Disabled" on an undefined value at /srv/www/
> vhosts/rt.mbc.qld.edu.au/bin/../local/lib/RT/User_Vendor.pm line
> 351, line 273."
>
> and my ./var/log/rt.log says:
> [Thu Oct 23 00:11:07 2008] [warning]: Transaction->Create couldn't,
> as you didn't specify an object type and id (/srv/www/vhosts/
> rt.mbc.qld.edu.au/bin/../lib/RT/Record.pm:1439)
> [Thu Oct 23 00:11:07 2008] [error]: Couldn't get principal for not
> loaded object (/srv/www/vhosts/rt.mbc.qld.edu.au/bin/../lib/RT/
> User_Overlay.pm:1113)
>
> It seems to be connectiong to my ldap, (which was more than it was
> doing) but fails soon after. Am I missing something?
>
> Here is my RT_Siteconfig.pm
>
> Set( $rtname, 'mbc.qld.edu.au');
> Set($LogToSyslog , 'debug');
> Set($LogToScreen , 'debug');
> Set($LogToFile , 'debug');
> Set($LogDir, 'var/log');
> Set($LogToFileNamed , "rt.log"); #log to rt.log
>
> #Set(@Plugins,(qw(Extension::QuickDelete)));
> Set( @Plugins, qw(RT::Authen::ExternalAuth) );
> Set($ExternalAuthPriority, [ 'My_LDAP' ] );
> Set($ExternalInfoPriority, [ 'My_LDAP' ] );
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, { 'My_LDAP' => {
>
> 'type' => 'ldap',
>
> 'auth' => 1,
>
> 'info' => 1,
>
> 'server' => 'ldap.mbc.qld.edu.au',
>
> #'user' => 'ldaphelpdesk',
>
> #'pass' => 'rt_ldap_password',
>
> 'base' => 'ou=lab,o=mbc',
>
> 'filter' => '(objectClass=inetOrgPerson)',
>
> #'d_filter' => '(FILTER_STRING)',
>
> 'tls' => 0,
>
> 'net_ldap_args' => [ version => 3 ],
>
> 'group' => 'cn=GRP_Staff,ou=lab,o=mbc',
>
> 'group_attr' => 'groupMembership',
>
> 'attr_match_list' => [ 'Name',
> 'EmailAddress
> ',
> #'RealName
> ',
> #'WorkPhone
> ',
> #'Address2
> '
> ],
>
> 'attr_map' => { 'Name' => 'cn',
> 'EmailAddress
> ' => 'mail',
> 'Organization
> ' => 'l',
> 'RealName
> ' => 'cn',
> #'ExternalAuthId
> ' => 'sAMAccountName',
> #'Gecos
> ' => 'sAMAccountName',
> 'WorkPhone
> ' => 'telephoneNumber',
> 'Address1
> ' => 'streetAddress',
> 'City
> ' => 'l',
> 'State
> ' => 'st',
> 'Zip
> ' => 'postalCode',
> 'Country
> ' => 'co'
> }
> }
> }
> );
> 1;
>
>
> Thanks.
> Michael.
>
>
>
>
>
>
>
> Michael Mollard
> Network Administrator
> Moreton Bay College
> mollardm at mbc.qld.edu.au
> http://www.mbc.qld.edu.au
> Ph: (Direct) 07 3907 5712 / (Mob) 0417 631 801
> Fax: 07 3390 8919 ( http://www.mbc.qld.edu.au )
>
>
>>>> Mike Peachey <mike.peachey at jennic.com> 23/10/2008 12:43 am >>>
> Michael Mollard wrote:
>> Hi all,
>> I'm an RT newbie, so be gentle with me.
>>
>> I have setup a functioning RT system (on SLES10sp2)
>
> What version of RT?
>
>> I have installed the RT::Authen::ExternalAuth 0.5. This creates a <
>> $RT_HOME>/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
>> I have edited that file with the correct site-specific ldap stuff.
>>
>> Now, what do I need to add to my <$RT_Home>/etc/RT_SiteConfig.pm to
>> activate the LDAP stuff? Are there any other changes needed?
>
> The file
> $RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm is
> not
> part of the installation, it simply contains examples for you to paste
> into your $RTHOME/etc/RT_SiteConfig.pm file.
>
> You can alternatively choose to put a line in your RT_SiteConfig to
> "include" the example file instead of just copying the lines out of
> it.
>
>> The wiki articles (http://wiki.bestpractical.com/view/ExternalAuth)
>> are helpful to a point, but the Post-Install section (which is
>> apparently the crux of the setup) is too vague for an RT newbie.
>
> I've just read it again and the instructions seem fairly clear. If you
> can advise what is confusing to you, perhaps we can make it better.
>
> If you are using RT 3.8.x then I recommend using this ExternalAuth
> 0.06_002 instead of 0.05 as it is a pre-release candidate for RT3.8
> compatibility. 0.05 was written before 3.8 came out and so requires
> tweaking before it will work properly with 3.8 and later.
>
> You can get it here:
> http://www.cpan.org/authors/id/F/FA/FALCONE/RT-Authen-ExternalAuth-0.06_02.tar.gz
>
> --
> Kind Regards,
>
> __________________________________________________
>
> Mike Peachey, IT
> Tel: +44 114 281 2655
> Fax: +44 114 281 2951
> Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
> Comp Reg No: 3191371 - Registered In England
> http://www.jennic.com
> __________________________________________________
>
> --------------------------------------------------------------------------------
> Disclaimer: Whilst every attempt has been made to ensure that
> material contained in this email is free from computer viruses or
> other defects, the attached files are provided, and may only be
> used, on the basis that the user assumes all responsibility for use
> of the material transmitted. This email is intended only for the use
> of the individual or entity names above and may contain information
> that is confidential and privileged. If you are not the intended
> recipient, please note that any dissemination, distribution or
> copying of this email is strictly prohibited. If you have received
> this email in error, please notify us immediately by return email or
> telephone 07 3390 8555 and destroy the original message. The
> contents of this message are provided without responsibility in law
> for their accuracy or otherwise, and without assumption of a duty of
> care by the School.
> --------------------------------------------------------------------------------
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
More information about the rt-users
mailing list