[rt-users] RT-3.8.3, RT-Authen-ExternalAuth-0.08 login issue

Matt Millard gocyclones at eml.cc
Wed Jun 3 14:24:45 EDT 2009


I'm doing a fresh install of RT-3.8.3, RT-Authen-ExternalAuth-0.08, and
AD for authentication. All running on RHEL5 x86_64 for the OS. I had
this all working with RT-3.6.7 and RT-Authen-ExternalAuth-0.05, but had
the brilliant idea that I needed to be current since 3.8.3 was released
on the same day I got the old version working.  Oh well...  Any thoughts
on where to go with this?

Here is what I get in my error_log when I login with a verified
username/password.

[Wed Jun  3 17:46:08 2009] [error]: FAILED LOGIN for myuser from
192.168.1.100 (/opt/rt3/share/html/autohandler:268)
Trace begun at /opt/rt3/bin/../lib/RT.pm line 289
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x2aeca7462620)', 'FAILED
LOGIN for myuser from 192.168.1.100') called at
/opt/rt3/share/html/autohandler line 268
HTML::Mason::Commands::__ANON__('pass', 'mypass', 'user', 'myuser')
called at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x2aeca75a3180)',
'pass', 'mypass', 'user', 'myuser') called at
/usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'mypass',
'user', 'myuser') called at
/usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {...} at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {...} at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x2aeca74a6ff0)')
called at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x2aeca74a6ff0)')
called at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x2aeca42ab740)',
'Apache2::RequestRec=SCALAR(0x2aeca3f49f70)') called at
/opt/rt3/bin/webmux.pl line 163
eval {...} at /opt/rt3/bin/webmux.pl line 163
RT::Mason::handler('Apache2::RequestRec=SCALAR(0x2aeca3f49f70)') called
at -e line 0

Site Config from web interface:
Loaded perl modules

Perl v5.8.8 under linux
 Apache2::Const v2.000004;
 Apache2::Log v2.000004;
 Apache2::RequestIO v2.000004;
 Apache2::RequestRec v2.000004;
 Apache2::RequestUtil v2.000004;
 Apache2::Response v2.000004;
 Apache2::ServerUtil v2.000004;
 Apache2::Status v4.00;
 Apache::Session v1.86;
 Apache::Session::Generate::MD5 v2.1;
 Apache::Session::Lock::MySQL v1.01;
 Apache::Session::MySQL v1.01;
 Apache::Session::Serialize::Storable v1.01;
 Apache::Session::Store::DBI v1.02;
 Apache::Session::Store::MySQL v1.04;
 APR v0.009000;
 APR::Pool v0.009000;
 APR::Table v0.009000;
 AutoLoader v5.60;
 base v2.07;
 bytes v1.02;
 Cache::Simple::TimedExpiry v0.27;
 Carp v1.04;
 CGI v3.43;
 CGI::Cookie v1.29;
 CGI::Util v1.5_01;
 Class::Accessor v0.33;
 Class::Accessor::Fast v0.33;
 Class::Container v0.12;
 Class::Data::Inheritable v0.06;
 Class::Inspector v1.24;
 Class::ISA v0.33;
 Class::ReturnValue v0.55;
 Clone v0.27;
 constant v1.05;
 Convert::ASN1 v0.22;
 CSS::Squish v0.07;
 Cwd v3.12;
 Data::Dumper v2.121_08;
 Date::Format v2.22;
 Date::Parse v2.27;
 DateTime v0.50;
 DateTime::Locale v0.42;
 DateTime::TimeZone v0.91;
 DateTime::TimeZone::Floating v0.01;
 DateTime::TimeZone::Local v0.01;
 DateTime::TimeZone::OffsetOnly v0.02;
 DateTime::TimeZone::UTC v0.01;
 DBD::mysql v3.0007;
 DBI v1.52;
 DBIx::SearchBuilder v1.54;
 DBIx::SearchBuilder::Union v0;
 DBIx::SearchBuilder::Unique v0.01;
 Devel::StackTrace v1.20;
 Devel::StackTraceFrame v1.20;
 Digest::base v1.00;
 Digest::MD5 v2.36;
 DynaLoader v1.05;
 Email::Address v1.889;
 Encode v2.33;
 Encode::Alias v2.12;
 Encode::Config v2.05;
 Encode::Encoding v2.05;
 Errno v1.0901;
 Exception::Class v1.23;
 Exception::Class::Base v1.2;
 Exporter v5.58;
 Exporter::Heavy v5.58;
 Fcntl v1.05;
 File::Basename v2.74;
 File::Glob v1.05;
 File::Path v1.08;
 File::ShareDir v1.00;
 File::Spec v3.12;
 File::Spec::Unix v1.5;
 File::Temp v0.21;
 FileHandle v2.01;
 GD v2.35;
 GD::Image v2.27;
 HTML::Element v3.23;
 HTML::Entities v1.35;
 HTML::Formatter v2.04;
 HTML::FormatText v2.04;
 HTML::Mason v1.39;
 HTML::Mason::ApacheHandler v1.69;
 HTML::Mason::Exception v1.1;
 HTML::Mason::Exception::Abort v1.1;
 HTML::Mason::Exception::Compilation v1.1;
 HTML::Mason::Exception::Compilation::IncompatibleCompiler v1.1;
 HTML::Mason::Exception::Compiler v1.1;
 HTML::Mason::Exception::Decline v1.1;
 HTML::Mason::Exception::Params v1.1;
 HTML::Mason::Exception::Syntax v1.1;
 HTML::Mason::Exception::System v1.1;
 HTML::Mason::Exception::TopLevelNotFound v1.1;
 HTML::Mason::Exception::VirtualMethod v1.1;
 HTML::Mason::Exceptions v1.43;
 HTML::Parser v3.55;
 HTML::Scrubber v0.08;
 HTML::Tagset v3.10;
 HTML::TreeBuilder v3.23;
 I18N::LangTags v0.35;
 I18N::LangTags::Detect v1.03;
 integer v1.00;
 IO v1.22;
 IO::File v1.13;
 IO::Handle v1.25;
 IO::InnerFile v2.110;
 IO::Lines v2.110;
 IO::ScalarArray v2.110;
 IO::Seekable v1.1;
 IO::Select v1.17;
 IO::Socket v1.29;
 IO::Socket::INET v1.29;
 IO::Socket::UNIX v1.22;
 IO::WrapTie v2.110;
 IPC::Open2 v1.02;
 IPC::Open3 v1.02;
 List::MoreUtils v0.22;
 List::Util v1.19;
 Locale::Maketext v1.09;
 Locale::Maketext::Fuzzy v0.10;
 Locale::Maketext::Lexicon v0.62;
 Locale::Maketext::Lexicon::Gettext v0.15;
 Log::Dispatch v2.20;
 Log::Dispatch::Base v1.09;
 Log::Dispatch::Output v1.26;
 Log::Dispatch::Screen v1.17;
 Log::Dispatch::Syslog v1.18;
 Mail::Address v1.77;
 Mail::Field v1.77;
 Mail::Field::AddrList v1.77;
 Mail::Field::Date v1.77;
 Mail::Header v1.77;
 Mail::Internet v1.77;
 Mail::Mailer v1.77;
 MIME::Base64 v3.07;
 MIME::Body v5.427;
 MIME::Decoder v5.427;
 MIME::Entity v5.427;
 MIME::Field::ContDisp v5.427;
 MIME::Field::ConTraEnc v5.427;
 MIME::Field::ContType v5.427;
 MIME::Field::ParamVal v5.427;
 MIME::Head v5.427;
 MIME::Parser v5.427;
 MIME::QuotedPrint v3.07;
 MIME::Tools v5.427;
 MIME::Words v5.427;
 mod_perl v2.000004;
 mod_perl2 v2.000004;
 ModPerl::Const v2.000004;
 Module::Versions::Report v1.06;
 Net::LDAP v0.33;
 Net::LDAP::ASN v0.03;
 Net::LDAP::Constant v0.04;
 Net::LDAP::Filter v0.14;
 Net::LDAP::Message v1.08;
 Net::LDAP::Util v0.10;
 overload v1.04;
 Params::Util v0.38;
 Params::Validate v0.88;
 PerlIO v1.04;
 PerlIO::scalar v0.04;
 POSIX v1.09;
 re v0.05;
 Regexp::Common v2.120;
 Regexp::Common::delimited v2.104;
 RT v3.8.3;
 RT::Authen::ExternalAuth v0.08;
 RT::Interface::Email v2;
 RT::Interface::Web::Request v0.30;
 Scalar::Util v1.19;
 SelectSaver v1.01;
 Socket v1.78;
 Storable v2.15;
 strict v1.03;
 Symbol v1.06;
 Sys::Syslog v0.27;
 Text::Template v1.45;
 Text::Wrapper v1.01;
 Tie::Hash v1.02;
 Time::HiRes v1.9715;
 Time::JulianDay v2003.1125;
 Time::Local v1.11;
 Time::ParseDate v2003.1126;
 Time::Timezone v2003.0211;
 Time::Zone v2.22;
 UNIVERSAL v1.01;
 UNIVERSAL::require v0.11;
 URI v1.35;
 URI::Escape v3.28;
 URI::file v4.19;
 utf8 v1.06;
 vars v1.01;
 warnings v1.05;
 warnings::register v1.01;
 XSLoader v0.06;

RT Config
ARRAY(0x2b804abbe930)   My_LDAP
site config
ActiveStatus    new, open, stalled
core config
Active_MakeClicky
core config
AmbiguousDayInFuture    0
core config
AmbiguousDayInPast      0
core config
ApprovalRejectionNotes  1
core config
AutoCreateNonExternalUsers      0
site config
AutoLogoff      0
core config
CanonicalizeOnCreate    0
core config
CanonicalizeRedirectURLs        0
core config
CommentAddress
core config
CorrespondAddress
core config
CustomFieldValuesSources
core config
DashboardAddress
core config
DashboardSubject        %s Dashboard: %s
core config
DatabaseHost    localhost
core config
DatabaseName    drm_rt3
site config
DatabasePassword        Password not printed
site config
DatabasePort
core config
DatabaseRTHost  localhost
core config
DatabaseType    mysql
core config
DatabaseUser    drm_rt_user
site config
DateDayBeforeMonth      1
core config
DateTimeFormat  DefaultFormat
core config
DefaultSearchResultFormat       '<B><A
HREF="__WebPath__/Ticket/Display.html?id=__id__">__id__</a></B>/TITLE:#',
'<B><A
HREF="__WebPath__/Ticket/Display.html?id=__id__">__Subject__</a></B>/TITLE:Subject',
Status, QueueName, OwnerName, Priority, '__NEWLINE__', '',
'<small>__Requestors__</small>', '<small>__CreatedRelative__</small>',
'<small>__ToldRelative__</small>',
'<small>__LastUpdatedRelative__</small>', '<small>__TimeLeft__</small>'
core config
DefaultSummaryRows      10
core config
DefaultTimeUnitsToHours         0
core config
DevelMode       0
core config
DisableGraphViz         1
core config
EmailFrequency  Individual messages
core config
EmailInputEncodings     utf-8, iso-8859-1, us-ascii
core config
EmailOutputEncoding     utf-8
core config
EnableReminders         1
core config
ExternalAuthPriority    My_LDAP
site config
ExternalInfoPriority    My_LDAP
site config
ExternalServiceUsesSSLorTLS     0
site config
ExternalSettings        My_LDAP, HASH(0x2b804db99850)
site config
ExtractSubjectTagMatch  Regexp
core config
ExtractSubjectTagNoMatch        Regexp
core config
ForwardFromUser         0
core config
FriendlyFromLineFormat  "%s via RT" <%s>
core config
FriendlyToLineFormat    "%s of helpdesk.example.com Ticket #%s":;
core config
GnuPG   RejectOnBadData, 1, Enable, 0, RejectOnMissingPrivateKey, 1,
AllowEncryptDataInDB, 0, OutgoingMessagesFormat, RFC
core config
GnuPGOptions    homedir, /opt/rt3/var/data/gpg
core config
HomePageRefreshInterval         0
core config
HomeRefreshPeriod       300
site config
HomepageComponents      QuickCreate, Quicksearch, MyAdminQueues,
MySupportQueues, MyReminders, RefreshHomepage, Dashboards
core config
InactiveStatus  resolved, rejected, deleted
core config
LexiconLanguages        *
core config
LinkTransactionsRun1Scrip       0
core config
LogDir  /opt/rt3/var/log
core config
LogStackTraces  debug
site config
LogToFileNamed  rt.log
core config
LogToScreen     info
core config
LogToSyslog     info
site config
LogToSyslogConf
core config
LogoAltText     DRMHelpdesk
site config
LogoHeight      82
site config
LogoImageURL    /rt3/NoAuth/Images/logo.gif
site config
LogoLinkURL     http://helpdesk.example.com/
site config
LogoURL         logo.gif
site config
LogoWidth       161
site config
LoopsToRTOwner  1
core config
MailCommand     sendmailpipe
core config
MailParams
core config
MasonParameters
core config
MaxAttachmentSize       10000000
core config
MaxInlineBody   12000
core config
MessageBoxHeight        15
core config
MessageBoxIncludeSignature      1
core config
MessageBoxRichText      1
core config
MessageBoxRichTextHeight        200
core config
MessageBoxWidth         72
core config
MessageBoxWrap  HARD
core config
MinimumPasswordLength   8
site config
MyRequestsLength        20
site config
MyTicketsLength         20
site config
NetServerOptions
core config
NotifyActor     0
core config
OldestTransactionsFirst         1
core config
Organization    helpdesk.example.com
site config
OwnerEmail      millard.matt at example.com
site config
PlainTextPre    0
core config
Plugins         RT::Authen::ExternalAuth
site config
PreviewScripMessages    0
core config
RTAddressRegexp         ^rt\@example.com$
core config
RecordOutgoingEmail     1
core config
RedistributeAutoGeneratedMessages       privileged
core config
SMTPDebug       0
core config
SearchResultsRefreshInterval    0
core config
SelfServiceRegex        Regexp
core config
SendmailArguments       -oi -t
core config
SendmailBounceArguments         -f "<>"
core config
SendmailPath    /usr/sbin/sendmail
core config
ShowBccHeader   0
core config
ShowTransactionImages   1
core config
ShowUnreadMessageNotifications  1
core config
StandaloneMaxServers    1
core config
StandaloneMaxSpareServers       0
core config
StandaloneMinServers    1
core config
StandaloneMinSpareServers       0
core config
StrictLinkACL   1
core config
TicketsRefreshPeriod    300
site config
Timezone        US/Central
site config
UseFriendlyFromLine     1
core config
UseFriendlyToLine       0
core config
UseTransactionBatch     1
core config
UsernameFormat  concise
core config
WebBaseURL      http://helpdesk.example.com:80
site config
WebDefaultStylesheet    web2
core config
WebDomain       localhost
core config
WebExternalAuto         true
site config
WebFlushDbCacheEveryRequest     1
core config
WebImagesURL    /rt3/NoAuth/images/
core config
WebNoAuthRegex  Regexp
core config
WebPath         /rt3
site config
WebPort         80
core config
WebSecureCookies        0
core config
WebURL  http://helpdesk.example.com:80/rt3/
core config
WikiImplicitLinks       0
core config
rtname  helpdesk.example.com
site config
RT Variables
RT::BasePath    /opt/rt3
RT::BinPath     /opt/rt3/bin
RT::EtcPath     /opt/rt3/etc
RT::LocalEtcPath        /opt/rt3/local/etc
RT::LocalLexiconPath    /opt/rt3/local/po
RT::LocalLibPath        /opt/rt3/local/lib
RT::LocalPath   /opt/rt3/local
RT::LocalPluginPath     /opt/rt3/local/plugins
RT::MasonComponentRoot  /opt/rt3/share/html
RT::MasonDataDir        /opt/rt3/var/mason_data
RT::MasonLocalComponentRoot     /opt/rt3/local/html
RT::MasonSessionDir     /opt/rt3/var/session_data
RT::SbinPath    /opt/rt3/sbin
RT::VERSION     3.8.3
RT::VarPath     /opt/rt3/var
RT Size
Tickets         0
Queues  2
Transactions    24
Groups  18
Privileged Users        1
Unprivileged Users      2
Perl configuration

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
 Platform:
   osname=linux, osvers=2.6.18-128.1.1.el5,
   archname=x86_64-linux-thread-multi
   uname='linux hs20-bc1-5.build.redhat.com 2.6.18-128.1.1.el5 #1 smp
   mon jan 26 13:58:24 est 2009 x86_64 x86_64 x86_64 gnulinux '
   config_args='-des -Doptimize=-O2 -g -pipe -Wall
   -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
   --param=ssp-buffer-size=4 -m64 -mtune=generic -Dversion=5.8.8
   -Dmyhostname=localhost -Dperladmin=root at localhost -Dcc=gcc
   -Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr
   -Dlibpth=/usr/local/lib64 /lib64 /usr/lib64
   -Dprivlib=/usr/lib/perl5/5.8.8
   -Dsitelib=/usr/lib/perl5/site_perl/5.8.8
   -Dvendorlib=/usr/lib/perl5/vendor_perl/5.8.8
   -Darchlib=/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
   -Dsitearch=/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
   -Dvendorarch=/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
   -Darchname=x86_64-linux -Dvendorprefix=/usr -Dsiteprefix=/usr
   -Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid
   -Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog
   -Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005
   -Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto
   -Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto
   -Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto
   -Dinc_version_list=5.8.7 5.8.6 5.8.5 -Dscriptdir=/usr/bin'
   hint=recommended, useposix=true, d_sigaction=define
   usethreads=define use5005threads=undef useithreads=define
   usemultiplicity=define
   useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
   use64bitint=define use64bitall=define uselongdouble=undef
   usemymalloc=n, bincompat5005=undef
 Compiler:
   cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing
   -pipe -Wdeclaration-after-statement -I/usr/local/include
   -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
   optimize='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
   -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic',
   cppflags='-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe
   -Wdeclaration-after-statement -I/usr/local/include
   -I/usr/include/gdbm'
   ccversion='', gccversion='4.1.2 20080704 (Red Hat 4.1.2-44)',
   gccosandvers=''
   intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
   d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
   ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t',
   lseeksize=8
   alignbytes=8, prototype=define
 Linker and Libraries:
   ld='gcc', ldflags =''
   libpth=/usr/local/lib64 /lib64 /usr/lib64
   libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
   perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
   libc=, so=so, useshrplib=true, libperl=libperl.so
   gnulibc_version='2.5'
 Dynamic Linking:
   dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
   -Wl,-rpath,/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE'
   cccdlflags='-fPIC', lddlflags='-shared -O2 -g -pipe -Wall
   -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
   --param=ssp-buffer-size=4 -m64 -mtune=generic'



Perl Include Paths (@INC)

/opt/rt3/bin/../local/lib
/opt/rt3/bin/../lib
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl/5.8.7
/usr/lib/perl5/site_perl/5.8.6
/usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl/5.8.7
/usr/lib/perl5/vendor_perl/5.8.6
/usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/vendor_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8
.
/etc/httpd

Here is my
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority,  [   'My_LDAP'
                           ]
);

# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority,  [   'My_LDAP'
                           ]
);

# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS,    0);

# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers,    0);

# These are the full settings for each external service as a
HashOfHashes
# Note that you may have as many external services as you wish. They
will
# be checked in the order specified in the Priority directives above.
# e.g.
#  
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
Set($ExternalAuthPriority,['My_LDAP']);
#
Set($ExternalSettings,      {
       # AN EXAMPLE LDAP SERVICE
      'My_LDAP'       =>  {   ## GENERIC SECTION
      # The type of service (db/ldap/cookie)
      'type'                      =>  'ldap',
      # The server hosting the service
      'server'                    =>  'ldap://dcldap.example.com',
      ## SERVICE-SPECIFIC SECTION
      # If you can bind to your LDAP server anonymously you should
      # remove the user and pass config lines, otherwise specify them
      here:
      #
      # The username RT should use to connect to the LDAP server
      'user'                      => 
      'CN=MYADID,OU=Users,OU=IS,DC=example,DC=corp,DC=example,DC=com',
      # The password RT should use to connect to the LDAP server
      'pass'                    =>  'MyADpass',
      #
      # The LDAP search base
      'base'                      => 
      'DC=exampleusa,DC=corp,DC=example,DC=com',
      #
      # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
      # YOU **MUST** SPECIFY A filter AND A d_filter!!
      #
      # The filter to use to match RT-Users
      'filter'                    =>  '(objectclass=*)',
      # A catch-all example filter: '(objectClass=*)'
      #
      # The filter that will only match disabled users
      'd_filter'                  =>  '(msRTCSIP-UserEnabled=FALSE)',
      # A catch-none example d_filter: '(objectClass=FooBarBaz)'
      #
      # Should we try to use TLS to encrypt connections?
      'tls'                       =>  0,
      # SSL Version to provide to Net::SSLeay *if* using SSL
      'ssl_version'               =>  3,
      # What other args should I pass to Net::LDAP->new($host, at args)?
      'net_ldap_args'             => [    version =>  3   ],
      # Does authentication depend on group membership? What group name?
      #'group'                     =>  'GROUP_NAME',
      # What is the attribute for the group object that determines
      membership?
      #'group_attr'                =>  'GROUP_ATTR',
      ## RT ATTRIBUTE MATCHING SECTION
      # The list of RT attributes that uniquely identify a user
      # This example shows what you *can* specify.. I recommend reducing
      this
      # to just the Name and EmailAddress to save encountering problems
      later.
                 'attr_match_list'           => [      'Name',
                                                       'EmailAddress'
                                                ],
      # The mapping of RT attributes on to LDAP attributes
                 'attr_map'                  =>  {   'Name' =>
                 'sAMAccountName',
                                                     'EmailAddress' =>
                                                     'mail',
                                                     'Organization' =>
                                                     'physicalDeliveryOfficeName',
                                                     'RealName' =>
                                                     'displayName',
                                                     'ExternalAuthId' =>
                                                     'sAMAccountName',
                                                     'Gecos' =>
                                                     'sAMAccountName',
                                                     'WorkPhone' =>
                                                     'telephoneNumber',
                                                     'Address1' =>
                                                     'streetAddress',
                                                     'Address2' =>
                                                     'extensionAttribute2',
                                                     'City' => 'l',
                                                     'State' => 'st',
                                                     'Zip' =>
                                                     'postalCode'
                                                 }
                          }
                          }
);

1;


Here is my /opt/rt3/etc/RT_SiteConfig.pm:

# Any configuration directives you include  here will override
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
#   perl -c /path/to/your/etc/RT_SiteConfig.pm

Set(@Plugins,(qw(Extension::QuickDelete)));
Set(@Plugins, qw(RT::Authen::ExternalAuth));
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($rtname , "helpdesk.example.com");
Set($Organization , "helpdesk.example.com");
Set($MinimumPasswordLength , "8");
Set($Timezone , 'US/Central');
Set($OwnerEmail , 'myuserid at example.com');
#Set($RTAddressRegexp , '^rt\@example.com$');
#Set($CorrespondAddress , 'rt');
#Set($CommentAddress , 'rt');
Set($WebBaseURL , "http://helpdesk.example.com:80");
Set( $WebPath , "/rt3");
Set($LogoLinkURL, 'http://helpdesk.example.com/');
Set($LogoImageURL, $WebPath . '/NoAuth/Images/logo.gif');
Set($LogoAltText, 'Helpdesk');
Set($LogoWidth, 161);
Set($LogoHeight, 82);
Set($MyTicketsLength, 20);
Set($MyRequestsLength, 20);
# $LogoURL points to the URL of the RT logo displayed in the web UI
Set($LogoURL , $WebImagesURL . "logo.gif");
Set($DatabasePassword, DRMh31p);
Set($DatabaseName, rt3);
Set($DatabaseUser, rt_user);
Set($LogToSyslog, 'info');
Set($LogStackTraces, 'debug');

# $WebExternalAuto will create users under the same name as REMOTE_USER
# upon login, if it's missing in the Users table.

Set($WebExternalAuto , "true");

#Adding the following to RT_SiteConfig.pm causes Mason compilation
#errors to not be logged to screen:

#@MasonParameters = ( error_mode => 'fatal' );


# HomeRefreshPeriod specifies the default refresh interval in seconds
# for refreshing the home page.  Actual values are defined in
# share/html/Elements/Refresh and must be one of
# "120", "300", "600", "1200", "3600" or "7200".

Set($HomeRefreshPeriod, "300");

# TicketsRefreshPeriod specifies the default refresh interval in seconds
# for refreshing the ticket search page.  It uses the same values as
# HomeRefreshPeriod.

Set($TicketsRefreshPeriod, "300");

# @AuthOrder specifies the authentication methods to use and the
# order in which to use them.  The keywords must be one or more of
# "LDAP", "SMB", "Web" and "Internal".  If any authentication method
# fails to authenticate the user, authentication will proceed to the
# next method in the list.  Any method not in the list is effectively
# disabled.  Note: WebExternalAuth does not affect this code.

@AuthOrder = ("LDAP", "Web", "Internal");

# the tree, the attributes to use and the filter to apply to the
# search.


1;

--- 
  Matt Millard
  gocyclones at eml.cc
  http://photos.millardfam.com
  http://snipurl.com/mattsshareditems




More information about the rt-users mailing list