[rt-users] FW: Regular Authentication and ExternalAuth RT 3.8.1
Eric Chatham
echatham at broadvox.net
Thu May 21 13:38:45 EDT 2009
On Thursday, May 21, 2009 10:39, Mike Peachey wrote,
>> I'm still having a problem with this. Does anyone know how to get LDAP
>working on RT 3.8.2? Thank you.
>
>Absolutely.
>
>You don't mention actually *installing* RT::Authen::ExternalAuth into
>your RT install..
I did the CPAN install. Would you suggest the manual installation, using the tarball you provided in your e-mail?
>> 2. I partly fixed the problem I was having with LDAP. First, I looked for
>the ./RT/Authen/ directory and copied it recursively over to /opt/rt3/bin.
>This fixed the problem as far as the Module being included, but it did not fix
>the problem I'm having trying to use LDAP.
>
>I totally don't see how that would work.. throwing random stuff into a
>bin dir certainly would have no impact on getting it going..
>
>This further makes me concerned that you might not have actually
>installed the plugin at all.
>
>>
>> So, here are examples of my problems after the fixings. Could someone
>double check them for me? Thank you once again for your assistance.
>>
>> RT_SiteConfig.pm settings:
>>
>> Set(@Plugins, qw(RT::Authen::ExternalAuth));
>
>This line is right and is what causes the plugin to get loaded assuming
>it's properly installed.
>
>> # External Authentication
>> Set($ExternalAuthPriority, ['My_LDAP']);
>> Set($ExternalInfoPriority, ['My_LDAP']);
>> Set($AutoCreateNonExternalUsers, 1);
>> Set($ExternalAuthPriority, ['My_LDAP', 'My_MySQL', 'My_Oracle',
>'SecondaryLDAP', 'Other-DB']);
>
>Why are you overriding ExternalAuthPriority with invalid entries after
>having set it correctly the first time?
>
>> Set($AuthMethods, ['My_LDAP', 'Internal']);
>
>This is not a valid setting any more. Delete it. It was deprecated by
>ExternalAuthPriority.
>
>
>> Set($LdapExternalAuth, 0);
>> Set($LdapExternalInfo, 0);
>> Set($LdapAutoCreateNonLdapUsers, 1);
>
>These are nothing to do with ExternalAuth, you must have picked them up
>from somewhere else. Delete them.
>
>
>> Set($LdapAttrMap, {'Name' => 'sAMAccountName',
>> 'EmailAddress' => 'mail',
>> 'Orginization' => 'o',
>> 'RealName' => 'cn',
>> 'ExternalContactInfoId' => 'dn',
>> 'ExternalAuthId' => 'sAMAccountName',
>> 'Gecos', => 'sAMAccountName',
>> 'WorkPhone', => 'telephoneNumber',
>> 'Address1' => 'streetAddress',
>> 'City' => 'l',
>> 'State' => 'st',
>> 'Zip' => 'postalCode',
>> 'Country' => 'co'});
>> Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
>> 'EmailAddress', 'RealName',
>> 'WorkPhone', 'Address2']);
>> Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
>> 'mailAlternateAddress']);
>> Set($LdapEmailAttrMatchPrefix, ['', 'smtp', 'SMTP:']);
>> Set($LdapServer, 'clehbdc01.broadvox.local');
>> Set($LdapBase, 'OU=USA,DC=broadvox,DC=local');
>> Set($LdapFilter, '(objectClass=*)');
>
>ALL of these are irrelevant to ExternalAuth. ExternalAuth uses a single
>config variable called ExternalSettings with the settings for all
>external configurations inside it.
>
>
>>
>> Here are my APACHE ERROR_LOG listings:
>>
>
>The apache error_log is useless for debugging EA, you need to have debug
>logging enabled and look at the rt log.
>
>
>You need to go back to basics and start again. First things first, go to
>cpan and get the latest tarball for RT-Authen-ExternalAuth v0.08.
>http://search.cpan.org/CPAN/authors/id/Z/ZO/ZORDRAK/RT-Authen-ExternalAuth-
>0.08.tar.gz
>
>Open the README and read it top to bottom.
>http://search.cpan.org/src/ZORDRAK/RT-Authen-ExternalAuth-0.08/README
>
>Open the example configuration file and read through. If it's not
>provided as an example entry there, you shouldn't have it in your
>RT_SiteConfig.pm.
>http://cpansearch.perl.org/src/ZORDRAK/RT-Authen-ExternalAuth-
>0.08/etc/RT_SiteConfig.pm
>
>Once done, strip your RT_SiteConfig.pm down to basics and add the
>directives you need from the example, modifying them to suit and work
>with your LDAP environment.
>--
CONFIDENTIAL. This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient.
More information about the rt-users
mailing list