[rt-users] Implementing LDAP Authentication in RT 4.0.2
Izz Abdullah
Izz.Abdullah at hibbett.com
Mon Sep 19 09:52:36 EDT 2011
Actually during the paste operation I did miss one '}' at the end, but it is there in my config file.
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Monday, September 19, 2011 8:41 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
So I had a typo causing the timeout, but I am still unable to get LDAP authentication to work. I am sure it is a configuration issue, as I can login with the mysql db root account just fine. I can't find detailed documentation on what each of the arguments takes, so I am posting my config back here for some assistance. I am also receiving in the apache logs
"syntax error at [RTHOME]/etc/RT_SiteConfig.pm line xx, near "}"
"Missing right curly or square bracket at ..."
Everything is open and closed below, correct? I thought this was odd...
Is there any way possible for me to see a debugging log of RT trying (or not trying) to talk to our AD server?
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { 'My_LDAP' => {
'type' => 'ldap',
'server' => '****.****.hibbett.com',
#temporarily commented this out
#'user' => '****',
#'pass' => '****',
'base' => 'ou=****,dc=****,dc=hibbett,dc=com',
'filter' => '(objectClass=*)',
'd_filter' => '(objectClass=NoOneAtALL)',
#not using tls or ssl
#'tls' => 0,
#'ssl_version' => 3,
#I don't know what the ldap args should be...is this in the net::ldap perl module?
#'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [ 'Name',
'EmailAddress' ],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
);
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:18 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
I hate to do this...but now, it is timing out with communication to fast CGI. I can only see this in apache logs, I can't see anything in RT logs (they are not being created). How can I turn debugging off so that I can see what else is going on? Why would the changes in authentication affect FCGI?
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:08 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
Ok...so I found the missing opening braces. I truly appreciate your help Kevin! When staring at code for so long, it needs another set of eyes. ;)
I changed it, and have refreshed the login page, it's been in the 'waiting for <servername>' for quite some time now. I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time). I'll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)
Thanks again!
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
On Fri, Sep 16, 2011 at 10:37:58AM -0500, Izz Abdullah wrote:
> The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.
Go compare your line
Set($ExternalSettings, 'My_LDAP' => {
to the version in the example siteconfig
You're missing an important character (and an important closing character).
-kevin
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin
> Falcone
> Sent: Friday, September 16, 2011 10:33 AM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
>
> On Fri, Sep 16, 2011 at 10:23:08AM -0500, Izz Abdullah wrote:
> > Ok...so I changed it to:
> > Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority,
> > ['My_LDAP']);
> >
> > #and for weird one off testing, since it is a list, I even tried ['My_LDAP',]; by adding a comma to denote a list of one item.
>
> The comma is irrelevant and unnecessary.
>
> > I am still receiving "Can't use string ("My_LDAP") as a HASH ref while "strict refs" in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63."
>
> You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.
>
> -kevin
>
> >
> > -----Original Message-----
> > From: rt-users-bounces at lists.bestpractical.com
> > [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin
> > Falcone
> > Sent: Friday, September 16, 2011 10:07 AM
> > To: rt-users at lists.bestpractical.com
> > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2
> >
> > On Fri, Sep 16, 2011 at 09:51:11AM -0500, Izz Abdullah wrote:
> > > Here is the LDAP config porting in my RT_SiteConfig file:
> > >
> > > Set($ExternalAuthPriority, 'My_LDAP');
> > >
> > > Set($ExternalInfoPriority, 'My_LDAP');
> >
> > Those aren't correct. From the example config:
> >
> > Set($ExternalAuthPriority, [ 'My_LDAP',
> >
> > The [ is important, you're returning a list of 1 item, not a single item. Make sure you also keep the closing ].
> >
> > -kevin
> > --------
> > RT Training Sessions
> > (http://bestpractical.com/services/training.html)
> > * Chicago, IL, USA September 26 & 27, 2011
> > * San Francisco, CA, USA October 18 & 19, 2011
> > * Washington DC, USA October 31 & November 1, 2011
> > * Melbourne VIC, Australia November 28 & 29, 2011
> > * Barcelona, Spain November 28 & 29, 2011
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Chicago, IL, USA September 26 & 27, 2011
> * San Francisco, CA, USA October 18 & 19, 2011
> * Washington DC, USA October 31 & November 1, 2011
> * Melbourne VIC, Australia November 28 & 29, 2011
> * Barcelona, Spain November 28 & 29, 2011
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA September 26 & 27, 2011
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Melbourne VIC, Australia November 28 & 29, 2011
* Barcelona, Spain November 28 & 29, 2011
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA September 26 & 27, 2011
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Melbourne VIC, Australia November 28 & 29, 2011
* Barcelona, Spain November 28 & 29, 2011
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA September 26 & 27, 2011
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Melbourne VIC, Australia November 28 & 29, 2011
* Barcelona, Spain November 28 & 29, 2011
More information about the rt-users
mailing list