[rt-users] RT - Oracle db authentication as secondary methode
Thomas Sibley
trs at bestpractical.com
Wed May 25 10:01:18 EDT 2011
On 05/25/2011 12:04 AM, Asanka Gunasekera wrote:
> Hi all, I am trying o configure RT-Authen-ExternalAuth, as per the
> documentation with this I can see you can have more than one mode of
> authentication (LDAP, DB etc).
>
> Now my LDAP (AD) integration is fine, but what my issue now is to get RT
> to authenticate against Oracle DB as its secondary authentication
> method, and I am lost with this.
You appear to be trying to have ExternalAuth authenticate against the RT
users table as a fallback. Don't configure it that way, it's dangerous
and unnecessary. ExternalAuth will automatically fallback to internal
RT users without any configuration. Just get rid of the My_Oracle bits
entirely.
Thomas
> *Following are my system details*
>
> OS – Redhat 5.4 (64bit)
>
> Oracle – 10g2 (64bit)
>
> RT - 3.8.8
>
> Perl - v5.12.2)
>
> *Modules which are loaded:*
>
> DBD::Oracle
>
> DBI
>
>
>
> *I have done the following configuration *
>
> /Set($ExternalAuthPriority, [ 'My_LDAP', 'My_Oracle' ]);/
>
> /Set($ExternalInfoPriority, [ 'My_LDAP', 'My_Oracle' ]);/
>
> /Set($ExternalServiceUsesSSLorTLS, 0);/
>
> /Set($AutoCreateNonExternalUsers, 0);/
>
> / /
>
> /Set($ExternalSettings, { # AN EXAMPLE DB SERVICE/
>
> / 'My_Oracle' => { ## GENERIC
> SECTION/
>
> / # The type of
> service (db/ldap/cookie)/
>
> /
> 'type' => 'db',/
>
> / # The server
> hosting the service/
>
> /
> 'server' => localhost,/
>
> / ##
> SERVICE-SPECIFIC SECTION/
>
> / # The database
> name/
>
> /
> 'database' => 'RT',/
>
> / # The database
> table/
>
> /
> 'table' => 'USERS',/
>
> / # The user to
> connect to the database as/
>
> /
> 'user' => 'rtdb1',/
>
> / # The password
> to use to connect with/
>
> /
> 'pass' => 'rtdb1secret',/
>
> / # The port to
> use to connect with (e.g. 3306)/
>
> /
> 'port' => '1521',/
>
> / # The name of
> the Perl DBI driver to use (e.g. mysql)/
>
> /
> 'dbi_driver' => 'Oracle',/
>
> / # The field in
> the table that holds usernames/
>
> /
> 'u_field' => 'NAME',/
>
> / # The field in
> the table that holds passwords/
>
> /
> 'p_field' => 'PASSWORD',/
>
> / # The Perl
> package & subroutine used to encrypt passwords/
>
> / # e.g. if the
> passwords are stored using the MySQL v3.23 "PASSWORD"/
>
> / # function,
> then you will need Crypt::MySQL::password, but for the/
>
> / # MySQL4+
> password function you will need Crypt::MySQL::password41/
>
> / #
> Alternatively, you could use Digest::MD5::md5_hex or any other/
>
> / # encryption
> subroutine you can load in your perl installation/
>
> /
> 'p_enc_pkg' => 'Crypt::MySQL',/
>
> /
> 'p_enc_sub' => 'password',/
>
> / # If your
> p_enc_sub takes a salt as a second parameter,/
>
> / # uncomment
> this line to add your salt/
>
> /
> #'p_salt' => 'SALT',/
>
> / #/
>
> / # The field and
> values in the table that determines if a user should/
>
> / # be disabled.
> For example, if the field is 'user_status' and the values/
>
> / # are
> ['0','1','2','disabled'] then the user will be disabled if their/
>
> / # user_status
> is set to '0','1','2' or the string 'disabled'./
>
> / # Otherwise,
> they will be considered enabled./
>
> /
> 'd_field' => 'disabled',/
>
> /
> 'd_values' => ['0'],/
>
> / ## RT ATTRIBUTE
> MATCHING SECTION/
>
> / # The list of
> RT attributes that uniquely identify a user/
>
> /
> 'attr_match_list' => [ 'GECOS',/
>
> /
> 'NAME'/
>
> /
> ],/
>
> / # The mapping
> of RT attributes on to field names/
>
> /
> 'attr_map' => { 'Name' => 'NAME',/
>
> /
> 'EmailAddress' => 'EMAILADDRESS',/
>
> /
> 'ExternalAuthId' => 'NAME',/
>
> /
> 'Gecos'
> => 'GECOS'/
>
> /
> }/
>
> / },/
>
> / # AN EXAMPLE LDAP SERVICE/
>
> / 'My_LDAP' => { ## GENERIC SECTION/
>
> / # The type of
> service (db/ldap/cookie)/
>
> /
> 'type' => 'ldap',/
>
> / /
>
> /
> ………………………………………………./
>
> / /
>
> *With the above configuration, when I try to login to RT the IE displays
> following message.*
>
> /DBI
> connect('database=RT;host=myhost.exampal.com;port=1521','rtdb1',...)
> failed: Can't connect using this syntax without specifying a HOST and
> one of SID INSTANCE_NAME SERVER SERVICE_NAME at
> /usr/local/rt-3.8.8-ora/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
> line 440/
>
>
> Thanks and Best Reagards/
> /
>
More information about the rt-users
mailing list