[rt-users] Problem configuring AD integration

Bruno Martins bmartins at galileu.pt
Thu Feb 2 11:21:48 EST 2012


Hello guys,

I'm having the following error when logging in with any Active Directory user on RT:

Can't call method "as_string" on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 304.

I've followed instructions at http://requesttracker.wikia.com/wiki/ExternalAuth to set this up.

My /opt/rt4/etc/RT_SiteConfig.pm is as follows:

Set( $DatabaseUser, 'rt_user' );
Set( $CorrespondAddress, '' );
Set( $rtname, 'galileu.pt' );
Set( $DatabaseRequireSSL, '' );
Set( $WebPort, '8080' );
Set( $Organization, 'galileu.pt' );
Set( $DatabaseType, 'mysql' );
Set( $DatabasePort, '' );
Set( $DatabasePassword, 'db_password' );
Set( $DatabaseAdmin, 'root' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'debian' );
Set( $DatabaseAdminPassword, 'db_password' );
Set( $CommentAddress, '' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $OwnerEmail, 'root at localhost' );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority,  [   'My_LDAP',
                                'My_MySQL',
                                'My_SSO_Cookie'
                            ]
);

Set($ExternalInfoPriority,  [   'My_MySQL',
                                'My_LDAP'
                            ]
);

Set($ExternalServiceUsesSSLorTLS,    0);

Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
                                'My_MySQL'   =>  {      ## GENERIC SECTION
                                                        # The type of service (db/ldap/cookie) 
                                                        'type'                      =>  'db',
                                                        # The server hosting the service
                                                        'server'                    =>  'localhost',
                                                        ## SERVICE-SPECIFIC SECTION
                                                        # The database name
                                                        'database'                  =>  'rt4',
                                                        # The database table
                                                        'table'                     =>  'USERS_TABLE',
                                                        # The user to connect to the database as
                                                        'user'                      =>  'DB_USER',
                                                        # The password to use to connect with
                                                        'pass'                      =>  'DB_PASS',
                                                        # The port to use to connect with (e.g. 3306)
                                                        'port'                      =>  'DB_PORT',
                                                        # The name of the Perl DBI driver to use (e.g. mysql)
                                                        'dbi_driver'                =>  'DBI_DRIVER',
                                                        # The field in the table that holds usernames
                                                        'u_field'                   =>  'username',
                                                        # The field in the table that holds passwords
                                                        'p_field'                   =>  'password',
                                                        # The Perl package & subroutine used to encrypt passwords
                                                        # e.g. if the passwords are stored using the MySQL v3.23 "PASSWORD"
                                                        # function, then you will need Crypt::MySQL::password, but for the
                                                        # MySQL4+ password function you will need Crypt::MySQL::password41
                                                        # Alternatively, you could use Digest::MD5::md5_hex or any other
                                                        # encryption subroutine you can load in your perl installation
                                                        'p_enc_pkg'                 =>  'Crypt::MySQL',
                                                        'p_enc_sub'                 =>  'password',
                                                        # If your p_enc_sub takes a salt as a second parameter, 
                                                        # uncomment this line to add your salt
                                                        #'p_salt'                    =>  'SALT',
                                                        #
                                                        # The field and values in the table that determines if a user should
                                                        # be disabled. For example, if the field is 'user_status' and the values
                                                        # are ['0','1','2','disabled'] then the user will be disabled if their
                                                        # user_status is set to '0','1','2' or the string 'disabled'.
                                                        # Otherwise, they will be considered enabled.
                                                        'd_field'                   =>  'disabled',
                                                        'd_values'                  =>  ['0'],
                                                        ## RT ATTRIBUTE MATCHING SECTION
                                                        # The list of RT attributes that uniquely identify a user
                                                        'attr_match_list'           =>  [   'Gecos',
                                                                                            'Name'
                                                                                        ],
                                                        # The mapping of RT attributes on to field names
                                                        'attr_map'                  =>  {   'Name' => 'username',
                                                                                            'EmailAddress' => 'email',
                                                                                            'ExternalAuthId' => 'username',
                                                                                            'Gecos' => 'userID'
                                                                                        }
                                                    },
                                # AN EXAMPLE LDAP SERVICE
                                'My_LDAP'       =>  {   ## GENERIC SECTION
                                                        # The type of service (db/ldap/cookie) 
                                                        'type'                      =>  'ldap',
                                                        # The server hosting the service
                                                        'server'                    =>  'jupiter.galileu-f.galileu.pt',
                                                        ## SERVICE-SPECIFIC SECTION
                                                        # If you can bind to your LDAP server anonymously you should 
                                                        # remove the user and pass config lines, otherwise specify them here:
                                                        # 
                                                        # The username RT should use to connect to the LDAP server 
                                                        'user'                      =>  'ldap_domainadmin',
                                                        # The password RT should use to connect to the LDAP server
                                                        'pass'                    =>  'ldap_password',
                                                        #
                                                        # The LDAP search base
                                                        'base'                      =>  'dc=galileu-f,dc=galileu,dc=pt',
                                                        #
                                                        # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
                                                        # YOU **MUST** SPECIFY A filter AND A d_filter!!
                                                        #
                                                        # The filter to use to match RT-Users
                                                        'filter'                    =>  'objectClass=*',
                                                        # A catch-all example filter: '(objectClass=*)'
                                                        #
                                                        # The filter that will only match disabled users
                                                        'd_filter'                  =>  'UserAccountControl:1.2.840.113556.1.4.803:=2',
                                                        # A catch-none example d_filter: '(objectClass=FooBarBaz)'
                                                        #
                                                        # Should we try to use TLS to encrypt connections?
                                                        'tls'                       =>  0,
                                                        # SSL Version to provide to Net::SSLeay *if* using SSL
                                                        'ssl_version'               =>  3,
                                                        # What other args should I pass to Net::LDAP->new($host, at args)?
                                                        'net_ldap_args'             => [    version =>  3 , port => 3268  ],
                                                        # Does authentication depend on group membership? What group name?
                                                        #'group'                     =>  'GROUP_NAME',
                                                        # What is the attribute for the group object that determines membership?
                                                        #'group_attr'                =>  'GROUP_ATTR',
                                                        ## RT ATTRIBUTE MATCHING SECTION
                                                        # The list of RT attributes that uniquely identify a user
							# This example shows what you *can* specify.. I recommend reducing this
                                                        # to just the Name and EmailAddress to save encountering problems later.
                                                        'attr_match_list'           => [    'Name',
                                                                                            'EmailAddress', 
                                                                                            'RealName',
                                                                                            'WorkPhone', 
                                                                                            'Address2'
                                                                                        ],
                                                        # The mapping of RT attributes on to LDAP attributes
                                                        'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'physicalDeliveryOfficeName',
                                                                                            'RealName' => 'cn',
                                                                                            'ExternalAuthId' => 'sAMAccountName',
                                                                                            'Gecos' => 'sAMAccountName',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    },
                                # An example SSO cookie service
                                'My_SSO_Cookie'  => {   # # The type of service (db/ldap/cookie)
                                                        'type'                      =>  'cookie',
                                                        # The name of the cookie to be used
                                                        'name'                      =>  'loginCookieValue',
                                                        # The users table
                                                        'u_table'                   =>  'users',
                                                        # The username field in the users table
                                                        'u_field'                   =>  'username',
                                                        # The field in the users table that uniquely identifies a user
                                                        # and also exists in the cookies table
                                                        'u_match_key'               =>  'userID',
                                                        # The cookies table
                                                        'c_table'                   =>  'login_cookie',
                                                        # The field that stores cookie values
                                                        'c_field'                   =>  'loginCookieValue',
                                                        # The field in the cookies table that uniquely identifies a user
                                                        # and also exists in the users table
                                                        'c_match_key'               =>  'loginCookieUserID',
                                                        # The DB service in this configuration to use to lookup the cookie information
                                                        'db_service_name'           =>  'My_MySQL'
                                                    }
                                }
);

1;

Am I missing something?

Thanks for your cooperation.

Best regards,

Bruno Martins



More information about the rt-users mailing list