[rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please

Parish, Brent bparish at cognex.com
Fri Oct 18 07:51:10 EDT 2013 

Hi Matthew

It sounds to me like you were authenticating ok initially, but getting an error in creating the user.

And to answer your initial question about the group and group_attr settings, I don’t use those at all and it works fine for me.

I would recommend putting things back to how you first had them (to generate the error your originally posted), turn the log level up to debug, and try again.
There are some debug statements within that method that may help identify where it is choking.


-          Brent



From: Mathew Snyder [mailto:mathew.snyder at gmail.com<mailto:mathew.snyder at gmail.com>]
Sent: Thursday, October 17, 2013 1:50 PM

To: Jeff Solberg
Cc: rt-users at lists.bestpractical.com<mailto:rt-users at lists.bestpractical.com>
Subject: Re: [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please

I found another thread that indicated that the solution to the second problem was to add @domain to the end of the username. That just reverted to the previous list of errors with a couple new ones.

Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $_[1] in join or string at /usr/local/share/perl5/Log/Dispatch.pm line 42.
Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value $service in hash element at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 611.
Oct 17 16:47:50 zen-rt RT: [24673] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613.
Oct 17 16:47:50 zen-rt RT: [24673] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged:
Oct 17 16:47:50 zen-rt RT: [24673] Couldn't create user user: Could not set user info
Oct 17 16:47:50 zen-rt RT: [24673] FAILED LOGIN for user from 192.168.236.102




From: rt-users-bounces at lists.bestpractical.com<mailto:rt-users-bounces at lists.bestpractical.com> [mailto:rt-users-bounces at lists.bestpractical.com<mailto:rt-users-bounces at lists.bestpractical.com>] On Behalf Of Mathew Snyder
Sent: Thursday, October 17, 2013 1:19 PM
To: rt-users at lists.bestpractical.com<mailto:rt-users at lists.bestpractical.com>
Subject: [rt-users] I need help with the RT-Authen-ExternalAuth LDAP settings, please

These are the settings I've started with:

Set($ExternalSettings, {
    'AD'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'domain_controller.example.com<http://domain_controller.example.com>',
        'base'                      =>  'dc=example,dc=com',
        'user'                      =>  'rtuser',
        'pass'                      =>  '********',
        'filter'                    =>  '(ObjectClass=*)',
        'tls'                       =>  0,
        'ssl_version'               =>  3,
        'net_ldap_args'             => [    version =>  3   ],
        'attr_match_list' => [
            'EmailAddress',
        ],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
        },

They aren't working. Whenever someone attempts an initial login with just their username (which should create their RT account) the following error is logged:
Oct 17 15:02:29 zen-rt RT: [23131] Use of uninitialized value in string eq at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 613.
Oct 17 15:02:29 zen-rt RT: [23131] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: user, Name: user, Privileged:
Oct 17 16:14:01 zen-rt RT: [24382] Couldn't create user user: Could not set user info
Oct 17 16:14:01 zen-rt RT: [24382] FAILED LOGIN for user from 192.168.236.102

When initial logins are attempted with either example\username or example.com<http://example.com>\username only the FAILED LOGIN line is displayed.

We also have our Openfire Jabber server authenticating successfully. Those settings are
ldap.autoFollowAliasReferrals = true
ldap.autoFollowReferrals = false
ldap.baseDN = dc=example,dc=com
ldap.connectionPoolEnabled = true
ldap.debugEnabled = false
ldap.emailField = mail
ldap.encloseDNs = true
ldap.groupDescriptionField = description
ldap.groupMemberField = member
ldap.groupNameField = cn
ldap.groupSearchFilter = (objectClass=group)
ldap.host = domain_controller.example.com<http://domain_controller.example.com>
ldap.ldapDebugEnabled = false
ldap.nameField = cn
ldap.port = 389
ldap.searchFilter = (objectClass=*)
ldap.usernameField = sAMAccountName


I know they don't match up exactly in terms of what Openfire calls the settings vs. what RT does, but I'm hoping someone can help me sort out what should be plugged in where on the RT side. For example, I don't know what the group_attr or group_attr_value setting should contain (if anything) in the RT_SiteConfig.pm file. Basically, anything from the "group" settings.

-Mathew

"When you do things right, people won't be sure you've done anything at all." - God; Futurama

"We'll get along much better once you accept that you're wrong and neither am I." - Me




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20131018/7815a732/attachment.htm>

More information about the rt-users mailing list