[rt-users] ExternalAuth isn't updating EmailAddress
Karmi Simonov
karmi.simonov at panayainc.com
Tue Nov 27 12:54:51 EST 2012
Hi,
I'm running RT4.0.6 with the last ExternalAuth plugin.
It seems to be able to connect and authorize users against our LDAP, but for some reason when a new user logs in (a user that didn't log in to the system before), it doesn't get its Email address.
I can see a new user created in the DB, but it only gets its name.
PERL version is 5.10.
Any ideas?
RT_Siteconfig.pm:
##############################
# Active Directory Integration
##############################
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, ['My_LDAP'] );
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, ['My_LDAP'] );
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 0);
# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
Set($ExternalAuthPriority,['My_LDAP']);
#
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' => 'ldap',
# The server hosting the service
'server' => 'brain.panaya.int',
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
#
# The username RT should use to connect to the LDAP server
'user' => 'XXX',
# The password RT should use to connect to the LDAP server
'pass' => 'XXX',
#
# The LDAP search base
'base' => 'ou=Users,ou=Panaya,dc=panaya,dc=int',
#
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY A filter AND A d_filter!!
#
# The filter to use to match RT-Users
'filter' => '(objectClass=*)',
# A catch-all example filter: '(objectClass=*)'
#
# The filter that will only match disabled users
'd_filter' => '(objectClass=FooBarBaz)',
# A catch-none example d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use TLS to encrypt connections?
'tls' => 0,
# SSL Version to provide to Net::SSLeay *if* using SSL
'ssl_version' => 3,
# What other args should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args' => [ version => 3 ],
# Does authentication depend on group membership? What group name?
#'group' => 'GROUP_NAME',
# What is the scope of the group search? (base, one, sub)
# Optional; defaults to 'base', which is good enough for most cases. 'sub' is appropriate when you have nested groups
#'group_scope' => 'base',
# What is the attribute for the group object that determines membership?
#'group_attr' => 'GROUP_ATTR',
# What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to 'dn')
#'group_attr_value' => 'GROUP_ATTR_VALUE',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you *can* specify.. I recommend reducing this
# to just the Name and EmailAddress to save encountering problems later.
'attr_match_list' => [ 'Name',
'EmailAddress'
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail'
}
}
}
);
>From the log:
[Tue Nov 27 17:49:40 2012] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Nov 27 17:49:40 2012] [debug]: Calling UserExists with $username (tstuser) and $service (My_LDAP) (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:105)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: Password validation required for service - Executing... (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:155)
[Tue Nov 27 17:49:40 2012] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(sAMAccountName=tstuser)(objectClass=*)) == Attrs: dn (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Tue Nov 27 17:49:40 2012] [debug]: Found LDAP DN: CN=TestFirstName TestIn. TestLastName,OU=Users,OU=Panaya,DC=panaya,DC=int (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Tue Nov 27 17:49:40 2012] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): tstuser (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP password validation result: 1 (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:335)
[Tue Nov 27 17:49:40 2012] [debug]: Password Validation Check Result: 1 (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:159)
[Tue Nov 27 17:49:40 2012] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:179)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(objectClass=FooBarBaz)(sAMAccountName=tstuser)) == Attrs: uid (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth/LDAP.pm:398)
[Tue Nov 27 17:49:40 2012] [warning]: Couldn't enable user 65117 (/opt/rt4/sbin/../lib/RT/User.pm:1066)
[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $val in concatenation (.) or string at /opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $message in concatenation (.) or string at /opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [info]: User marked as ENABLED ( tstuser ) per External Service (, ) (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: RT::Authen::ExternalAuth::UpdateUserInfo SetName Failed. That is already the current value (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:302)
[Tue Nov 27 17:49:40 2012] [debug]: UPDATED user ( tstuser ) from External Service (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:308)
[Tue Nov 27 17:49:40 2012] [info]: Successful login for tstuser from 10.100.0.34 (/opt/rt4/sbin/../local/lib/RT/Authen/ExternalAuth.pm:219)
[Tue Nov 27 17:49:40 2012] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
Karmi Simonov | System Administrator
TEL +972.9.7618000 EXT. 148 | FAX +972.9.7467901 | karmi at panayainc.com<mailto:karmi at panayainc.com>
PANAYA Making ERP Easy | www.panayainc.com<http://www.panayainc.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121127/cb8cdaed/attachment.htm>
More information about the rt-users
mailing list