[rt-users] Installing and Using ExternalAuth

Kevin Falcone falcone at bestpractical.com
Thu May 14 17:02:31 EDT 2009


On May 14, 2009, at 4:55 PM, Eric Chatham wrote:

> On Thursday, May 14, 2009 12:35, Kevin wrote:
>
>>> With V0.08, the sample config file says:
>>>
>>> # If this is set to 1, then users should be autocreated by RT
>>> # as internal users if they fail to authenticate from an
>>> # external service.
>>> Set($AutoCreateNonExternalUsers,    0);
>>
>> By default, RT-Authen-ExternalAuth will look for a user/password
>> in LDAP and then fall back to RT's internal auth.
>> Toggling this setting will allow you to create users that don't
>> have a mapping in LDAP
>>
>
> After I installed the ExternalAuth v0.05, I began modifying my  
> RT_SiteConfig.PM to reflect the LDAP setup.  When I try to log onto  
> through the Web Interface, I receive an error.  When I try logging  
> in with the default "root" login, I get the same error, but when I  
> click "back" I'm logged in (as root).  This only happens for the  
> default "root" user for RT, otherwise no LDAP users can log in.
> Here is the Error from the Web Interface:

You didn't define the ExternalAuthPriority array to tell the  
externalauth
what to do.

RT's internal auth is kicking in and recognizing the root user/pass

-kevin

>
>
> error:  Can't use an undefined value as an ARRAY reference at /usr/ 
> local/rt3/lib/RT/User_Vendor.pm line 56.
>
> context:  ...
> 52:  $RT::Logger->debug( (caller(0))[3],
> 53:  "Trying External authentication");
> 54:
> 55:  # Get the prioritised list of external authentication services
> 56:  my @auth_services = @$RT::ExternalAuthPriority;
> 57:
> 58:  # For each of those services..
> 59:  foreach my $service (@auth_services) {
> 60:
> ...
>
> code stack:  /usr/local/rt3/lib/RT/User_Vendor.pm:56
> /usr/local/rt3/lib/RT/User_Vendor.pm:359
> /usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:35
> /usr/share/rt3/html/Elements/Callback:85
> /usr/share/rt3/html/autohandler:240
>
> -------------------------------------------
>
> I should stress, I'm not modifying the RT_Config.pm settings in /etc/ 
> rt3.  I'm having a problem seeing the $rtname display our company  
> domain.  It still shows example.com.
>
> Here are my /etc/rt3/RT_SiteConfig.pm settings:
>
> Set($WebPath, "/rt3");
> Set($rtname, "broadvox.local");
> Set($Orginization, 'broadvox.local');
> Set($CorrespondAddress, 'echatham at broadvox.net');
> Set($CommentAddress, 'echatham at infotelecom.us');
> Set($Timezone, 'US/Eastern');
> Set($DatabaseType, 'mysql');
> Set($WebBaseURL, 'http://rt.broadvox.local/');
> Set(@Plugins, qw(RT::Authen::ExternalAuth));
>
> # LDAP
> Set($AuthMethods, ['LDAP', 'Internal']);
> Set($LdapExternalAuth, 0);
> Set($LdapExternalInfo, 0);
> Set($LdapAutoCreateNonLdapUsers, 1);
> Set($LdapAttrMap, {'Name' => 'sAMAccountName',
>                 'EmailAddress' => 'mail',
>                 'Orginization' => 'o',
>                 'RealName' => 'cn',
>                 'ExternalContactInfoId' => 'dn',
>                 'ExternalAuthId' => 'sAMAccountName',
>                 'Gecos', => 'sAMAccountName',
>                 'WorkPhone', => 'telephoneNumber',
>                 'Address1' => 'streetAddress',
>                 'City' => 'l',
>                 'State' => 'st',
>                 'Zip' => 'postalCode',
>                 'Country' => 'co'});
> Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
>                         'EmailAddress', 'RealName',
>                         'WorkPhone', 'Address2']);
> Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
>                            'mailAlternateAddress']);
> Set($LdapEmailAttrMatchPrefix, ['', 'smtp', 'SMTP:']);
> Set($LdapServer, 'clehbdc01.broadvox.local');
> Set($LdapBase, 'OU=USA,DC=broadvox,DC=local');
> Set($LdapFilter, '(objectClass=user)');
> 1;
>
> ----------------------------------
>
> Thank you for your assistance. :)
>
>
> -Eric
>
> CONFIDENTIAL.  This e-mail and any attached files are confidential  
> and should be destroyed and/or returned if you are not the intended  
> and proper recipient.
>




More information about the rt-users mailing list