Hello guys,
I'm having the following error when logging in with any Active Directory user on RT:
Can't call method "as_string" on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 304.
I've followed instructions at http://requesttracker.wikia.com/wiki/ExternalAuth to set this up.
My /opt/rt4/etc/RT_SiteConfig.pm is as follows:
Set( $DatabaseUser, 'rt_user' );
Set( $CorrespondAddress, '' );
Set( $rtname, 'galileu.pt' );
Set( $DatabaseRequireSSL, '' );
Set( $WebPort, '8080' );
Set( $Organization, 'galileu.pt' );
Set( $DatabaseType, 'mysql' );
Set( $DatabasePort, '' );
Set( $DatabasePassword, 'db_password' );
Set( $DatabaseAdmin, 'root' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'debian' );
Set( $DatabaseAdminPassword, 'db_password' );
Set( $CommentAddress, '' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $OwnerEmail, 'root at localhost' );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ 'My_LDAP',
'My_MySQL',
'My_SSO_Cookie'
]
);
Set($ExternalInfoPriority, [ 'My_MySQL',
'My_LDAP'
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
'My_MySQL' => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'db',
# The server hosting the service
'server' => 'localhost',
## SERVICE-SPECIFIC SECTION
# The database name
'database' => 'rt4',
# The database table
'table' => 'USERS_TABLE',
# The user to connect to the database as
'user' => 'DB_USER',
# The password to use to connect with
'pass' => 'DB_PASS',
# The port to use to connect with (e.g. 3306)
'port' => 'DB_PORT',
# The name of the Perl DBI driver to use (e.g. mysql)
'dbi_driver' => 'DBI_DRIVER',
# The field in the table that holds usernames
'u_field' => 'username',
# The field in the table that holds passwords
'p_field' => 'password',
# The Perl package & subroutine used to encrypt passwords
# e.g. if the passwords are stored using the MySQL v3.23 "PASSWORD"
# function, then you will need Crypt::MySQL::password, but for the
# MySQL4+ password function you will need Crypt::MySQL::password41
# Alternatively, you could use Digest::MD5::md5_hex or any other
# encryption subroutine you can load in your perl installation
'p_enc_pkg' => 'Crypt::MySQL',
'p_enc_sub' => 'password',
# If your p_enc_sub takes a salt as a second parameter,
# uncomment this line to add your salt
#'p_salt' => 'SALT',
#
# The field and values in the table that determines if a user should
# be disabled. For example, if the field is 'user_status' and the values
# are ['0','1','2','disabled'] then the user will be disabled if their
# user_status is set to '0','1','2' or the string 'disabled'.
# Otherwise, they will be considered enabled.
'd_field' => 'disabled',
'd_values' => ['0'],
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
'attr_match_list' => [ 'Gecos',
'Name'
],
# The mapping of RT attributes on to field names
'attr_map' => { 'Name' => 'username',
'EmailAddress' => 'email',
'ExternalAuthId' => 'username',
'Gecos' => 'userID'
}
},
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'ldap',
# The server hosting the service
'server' => 'jupiter.galileu-f.galileu.pt',
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
#
# The username RT should use to connect to the LDAP server
'user' => 'ldap_domainadmin',
# The password RT should use to connect to the LDAP server
'pass' => 'ldap_password',
#
# The LDAP search base
'base' => 'dc=galileu-f,dc=galileu,dc=pt',
#
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY A filter AND A d_filter!!
#
# The filter to use to match RT-Users
'filter' => 'objectClass=*',
# A catch-all example filter: '(objectClass=*)'
#
# The filter that will only match disabled users
'd_filter' => 'UserAccountControl:1.2.840.113556.1.4.803:=2',
# A catch-none example d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use TLS to encrypt connections?
'tls' => 0,
# SSL Version to provide to Net::SSLeay *if* using SSL
'ssl_version' => 3,
# What other args should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args' => [ version => 3 , port => 3268 ],
# Does authentication depend on group membership? What group name?
#'group' => 'GROUP_NAME',
# What is the attribute for the group object that determines membership?
#'group_attr' => 'GROUP_ATTR',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you *can* specify.. I recommend reducing this
# to just the Name and EmailAddress to save encountering problems later.
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
},
# An example SSO cookie service
'My_SSO_Cookie' => { # # The type of service (db/ldap/cookie)
'type' => 'cookie',
# The name of the cookie to be used
'name' => 'loginCookieValue',
# The users table
'u_table' => 'users',
# The username field in the users table
'u_field' => 'username',
# The field in the users table that uniquely identifies a user
# and also exists in the cookies table
'u_match_key' => 'userID',
# The cookies table
'c_table' => 'login_cookie',
# The field that stores cookie values
'c_field' => 'loginCookieValue',
# The field in the cookies table that uniquely identifies a user
# and also exists in the users table
'c_match_key' => 'loginCookieUserID',
# The DB service in this configuration to use to lookup the cookie information
'db_service_name' => 'My_MySQL'
}
}
);
1;
Am I missing something?
Thanks for your cooperation.
Best regards,
Bruno Martins