[rt-users] Help - RT4.2.7 Authen::ExternalAuth via, OpenLDAP

William Clarke wclarke at simons-rock.edu
Mon Oct 6 14:34:40 EDT 2014


Thank you very much for the response Kevin.

RT 4.2.7 and RT-Authen-ExternalAuth-0.23

I triple-checked and this is surely my RT_SiteConfig.pm file and as you 
saw yes, the logs to definitely show it's populating the Gecos field 
when not requested and not populating the EmailAddress field. Please see 
RT debug logs below:

Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalAuthInfo,     ["My_LDAP"] );
Set( $ExternalSettings, {
         'My_LDAP'       =>  {
             'type'                      =>  'ldap',
             'server'                    => 'ldap2.simons-rock.edu',
             'base'                      => 'dc=simons-rock,dc=edu',
             'filter'                    => '(objectClass=*)',

             'attr_match_list' => [
                 'Name',
                 'EmailAddress',
             ],
             'attr_map' => {
                 'Name' => 'uid',
                 'EmailAddress' => 'mail',
             },
         },
     } );

# You must install Plugins on your own, this is only an example
# of the correct syntax to use when activating them:
#       Plugin( "RT::Extension::SLA" );
#       Plugin( "RT::Authen::ExternalAuth" );

         Plugin( "RT::Authen::ExternalAuth" );
#       Plugin( "RT::Extension::Assets" );
#       plugin( "RT::Extension::Assets::Import::CSV" );
1;

[29370] [Mon Oct  6 18:20:02 2014] [debug]: Attempting to use external 
auth service: My_LDAP 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
[29370] [Mon Oct  6 18:20:02 2014] [debug]: Calling UserExists with 
$username (wclarke) and $service (My_LDAP) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
[29370] [Mon Oct  6 18:20:02 2014] [debug]: UserExists params:
username: wclarke , service: My_LDAP 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
[29370] [Mon Oct  6 18:20:02 2014] [debug]: LDAP Search === Base: 
dc=simons-rock,dc=edu == Filter: (&(objectClass=*)(uid=wclarke)) == 
Attrs: uid,mail 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
[29370] [Mon Oct  6 18:20:02 2014] [debug]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by 
RT::Authen::ExternalAuth 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 
885 with: Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, 
Privileged: 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:792)
[29370] [Mon Oct  6 18:20:02 2014] [info]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , 
EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:868)
[29370] [Mon Oct  6 18:20:02 2014] [error]: Couldn't create user 
wclarke: Could not set user info 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:491)
[29370] [Mon Oct  6 18:20:02 2014] [debug]: Autohandler called 
ExternalAuth. Response: (0, No User) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:16)
[29370] [Mon Oct  6 18:20:02 2014] [error]: FAILED LOGIN for wclarke 
from 10.30.2.210 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)

Message: 4
Date: Mon, 6 Oct 2014 11:51:42 -0400
From: Kevin Falcone<falcone at bestpractical.com>
To:rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via
	OpenLDAP
Message-ID:<20141006155142.GJ2951 at jibsheet.com>
Content-Type: text/plain; charset="iso-8859-1"

On Fri, Oct 03, 2014 at 01:50:54PM -0400, William Clarke wrote:

> A little more info after checking rt4 logs:
> Oct? 3 10:20:16 rtracker6 RT: [16022]
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
> EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged:
> Oct? 3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke: Could not
> set user info
> Oct? 3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from 10.30.2.210

These are the more useful logs.
You should ensure you have your logs set to debug and show the
preceding lines which are important.

I find it suspicious that it didn't return an email address, but did
return a Gecos.  Implies your configuration is not what you sent to
the list.

You should also say your RT and RT-Authen-ExternalAuth versions
explicitly.

-kevin


-- 

William Clarke
ITS System Administrator
Bard College at Simon's Rock
84 Alford Road
Great Barrington, MA  01230
(413) 528-7428 (voice)
(413) 528-7405 (fax)
wclarke at simons-rock.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20141006/6d992bb5/attachment.htm>


More information about the rt-users mailing list