[rt-users] Implementing LDAP Authentication in RT 4.0.2

Izz Abdullah Izz.Abdullah at hibbett.com
Mon Sep 19 09:41:06 EDT 2011


So I had a typo causing the timeout, but I am still unable to get LDAP authentication to work.  I am sure it is a configuration issue, as I can login with the mysql db root account just fine.  I can't find detailed documentation on what each of the arguments takes, so I am posting my config back here for some assistance.  I am also receiving in the apache logs 
"syntax error at [RTHOME]/etc/RT_SiteConfig.pm line xx, near "}"
"Missing right curly or square bracket at ..."
Everything is open and closed below, correct?  I thought this was odd...

Is there any way possible for me to see a debugging log of RT trying (or not trying) to talk to our AD server?


Set($ExternalAuthPriority,  [   'My_LDAP'   ]);

Set($ExternalInfoPriority,  [   'My_LDAP'   ]);

Set($ExternalServiceUsesSSLorTLS,    0);

Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings, { 'My_LDAP' => {
		'type'                      =>  'ldap',
                'server'                    =>  '****.****.hibbett.com',
              #temporarily commented this out
		#'user'                      =>  '****',
                #'pass'                      =>  '****',
                'base'                      =>  'ou=****,dc=****,dc=hibbett,dc=com',
                'filter'                    =>  '(objectClass=*)',
                'd_filter'                  =>  '(objectClass=NoOneAtALL)',
              #not using tls or ssl  
		#'tls'                       =>  0,
                #'ssl_version'               =>  3, 
	      #I don't know what the ldap args should be...is this in the net::ldap perl module?
                #'net_ldap_args'             => [    version =>  3   ],
                'attr_match_list'           => [    'Name',
                				    'EmailAddress'  ],	
		'attr_map'                  =>  {   
			'Name' => 'sAMAccountName',
                	'EmailAddress' => 'mail',
                	'Organization' => 'physicalDeliveryOfficeName',
                	'RealName' => 'cn',
                	'ExternalAuthId' => 'sAMAccountName',
                	'Gecos' => 'sAMAccountName',
                	'WorkPhone' => 'telephoneNumber',
                	'Address1' => 'streetAddress',
                	'City' => 'l',
                	'State' => 'st',
                	'Zip' => 'postalCode',
                	'Country' => 'co'
                				}
                        }
);

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:18 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

I hate to do this...but now, it is timing out with communication to fast CGI. I can only see this in apache logs, I can't see anything in RT logs (they are not being created).  How can I turn debugging off so that I can see what else is going on?  Why would the changes in authentication affect FCGI?

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:08 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok...so I found the missing opening braces.  I truly appreciate your help Kevin!  When staring at code for so long, it needs another set of eyes. ;)

I changed it, and have refreshed the login page, it's been in the 'waiting for <servername>' for quite some time now.  I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time).  I'll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)

Thanks again!

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

On Fri, Sep 16, 2011 at 10:37:58AM -0500, Izz Abdullah wrote:
> The comma is no longer there.  The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, 'My_LDAP' => {  

to the version in the example siteconfig

You're missing an important character (and an important closing character).

-kevin

> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com 
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin 
> Falcone
> Sent: Friday, September 16, 2011 10:33 AM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
> 
> On Fri, Sep 16, 2011 at 10:23:08AM -0500, Izz Abdullah wrote:
> > Ok...so I changed it to:
> > Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, 
> > ['My_LDAP']);
> > 
> > #and for weird one off testing, since it is a list, I even tried ['My_LDAP',]; by adding a comma to denote a list of one item.
> 
> The comma is irrelevant and unnecessary.
> 
> > I am still receiving "Can't use string ("My_LDAP") as a HASH ref while "strict refs" in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63."
> 
> You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.
> 
> -kevin
> 
> > 
> > -----Original Message-----
> > From: rt-users-bounces at lists.bestpractical.com
> > [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin 
> > Falcone
> > Sent: Friday, September 16, 2011 10:07 AM
> > To: rt-users at lists.bestpractical.com
> > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
> > 
> > On Fri, Sep 16, 2011 at 09:51:11AM -0500, Izz Abdullah wrote:
> > > Here is the LDAP config porting in my RT_SiteConfig file:
> > > 
> > > Set($ExternalAuthPriority, 'My_LDAP');
> > > 
> > > Set($ExternalInfoPriority, 'My_LDAP');
> > 
> > Those aren't correct.  From the example config:
> > 
> > Set($ExternalAuthPriority,  [   'My_LDAP',
> > 
> > The [ is important, you're returning a list of 1 item, not a single item.  Make sure you also keep the closing ].
> > 
> > -kevin
> > --------
> > RT Training Sessions 
> > (http://bestpractical.com/services/training.html)
> > *  Chicago, IL, USA  September 26 & 27, 2011
> > *  San Francisco, CA, USA  October 18 & 19, 2011
> > *  Washington DC, USA  October 31 & November 1, 2011
> > *  Melbourne VIC, Australia  November 28 & 29, 2011
> > *  Barcelona, Spain  November 28 & 29, 2011
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  Chicago, IL, USA  September 26 & 27, 2011
> *  San Francisco, CA, USA  October 18 & 19, 2011
> *  Washington DC, USA  October 31 & November 1, 2011
> *  Melbourne VIC, Australia  November 28 & 29, 2011
> *  Barcelona, Spain  November 28 & 29, 2011
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26 & 27, 2011
*  San Francisco, CA, USA  October 18 & 19, 2011
*  Washington DC, USA  October 31 & November 1, 2011
*  Melbourne VIC, Australia  November 28 & 29, 2011
*  Barcelona, Spain  November 28 & 29, 2011
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26 & 27, 2011
*  San Francisco, CA, USA  October 18 & 19, 2011
*  Washington DC, USA  October 31 & November 1, 2011
*  Melbourne VIC, Australia  November 28 & 29, 2011
*  Barcelona, Spain  November 28 & 29, 2011



More information about the rt-users mailing list