[rt-users] RT 4.2.10 and ExternalAuth using LDAP

Trev trevor at onepost.net
Mon Apr 20 08:22:40 EDT 2015


Hello Indrek,

  I had some problems with External Auth as well. I ended up going with
LDAP Import, authentication works based on LDAP credentials being imported.
You have a bit more control as you can filter on groups or user names if
you choose that route.

  I threw together a how to:


http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html

  Hope this offers some help.

  Thanks,

Trev


On Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas <indrekpaas at gmail.com> wrote:

> Hi,
>
> I'm setting up an RT server on:
> CentOS 7.1 x64
> Apache 2.4
> PostgreSQL
> Perl v5.16.3
>
> Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
> RT_SiteConfig.pm:
>
> Plugin( "RT::Authen::ExternalAuth" );
>
> Set( $ExternalAuthPriority, ["My_LDAP"] );
> Set( $ExternalInfoPriority, ["My_LDAP"] );
>
> Set($ExternalSettings, {
>         'My_LDAP'       =>  {
>                 'type'                      =>  'ldap',
>                 'server'                    =>  '1.1.1.1',
>                 'user'                      =>  'rtbinduser at domain.server
> ',
>                 'pass'                      =>  'rtbinduserpw',
>                 'base'                      =>  'ou=Dom Users,ou=Company
> AD,dc=domain,dc=server',
>
>                 'attr_match_list' => [
>                         'Name',
>                         'EmailAddress',
>                 ],
>                 'attr_map' => {
>                         'Name' => 'sAMAccountName',
>                         'EmailAddress' => 'mail',
>                         'Organization' => 'physicalDeliveryOfficeName',
>                         'RealName' => 'cn',
>                         'ExternalAuthId' => 'sAMAccountName',
>                         'Gecos' => 'sAMAccountName',
>                         'WorkPhone' => 'telephoneNumber',
>                         'Address1' => 'streetAddress',
>                         'City' => 'l',
>                         'State' => 'st',
>                         'Zip' => 'postalCode',
>                         'Country' => 'co'
>                         },
>                 },
>         } );
>
> I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
> Page loads in the browser and I can log in as root but when I try to log
> in using AD account I see in the logs:
>
> [warning]: Use of uninitialized value $filter in concatenation (.) or
> string at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> line 453.
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
>
> I have been digging through google and the LDAP.pm without success. When I
> messed with the 'base' value error changed:
>
> [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
> $filter in concatenation (.) or string at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> line 453.
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
> [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method "as_string"
> on an undefined value at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> line 357.
>
> Stack:
>
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
>
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
>
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
>   [/opt/rt4/sbin/../lib/RT/User.pm:141]
>
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
>   [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
>
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
>   [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
>   [/opt/rt4/share/html/autohandler:53]
> (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
>
>
> Any suggestions to a right direction are welcome.
>
> PS! Went with LDAP because other services on the server use it
> successfully. I have installed RT using Kerberos auth before but decided to
> use something "simpler". :D
>
> --
> Indrek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150420/b3820352/attachment.html>


More information about the rt-users mailing list