[rt-users] RT 4.2.10 and ExternalAuth using LDAP

Jeff Blaine jblaine at kickflop.net
Mon Apr 20 09:19:50 EDT 2015


https://metacpan.org/pod/RT::Authen::ExternalAuth::LDAP

says:

filter

    The filter to use to match RT users. You must specify
    it and it must be a valid LDAP filter encased in parentheses.

    For example:

    filter => '(objectClass=*)',

On 4/20/2015 5:16 AM, Indrek Paas wrote:
> Hi,
> 
> I'm setting up an RT server on: 
> CentOS 7.1 x64
> Apache 2.4
> PostgreSQL
> Perl v5.16.3
> 
> Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings
> in RT_SiteConfig.pm:
> 
> Plugin( "RT::Authen::ExternalAuth" );
> 
> Set( $ExternalAuthPriority, ["My_LDAP"] );
> Set( $ExternalInfoPriority, ["My_LDAP"] );
> 
> Set($ExternalSettings, {
>         'My_LDAP'       =>  {
>                 'type'                      =>  'ldap',
>                 'server'                    =>  '1.1.1.1',
>                 'user'                      =>  'rtbinduser at domain.server',
>                 'pass'                      =>  'rtbinduserpw',
>                 'base'                      =>  'ou=Dom Users,ou=Company
> AD,dc=domain,dc=server',
> 
>                 'attr_match_list' => [
>                         'Name',
>                         'EmailAddress',
>                 ],
>                 'attr_map' => {
>                         'Name' => 'sAMAccountName',
>                         'EmailAddress' => 'mail',
>                         'Organization' => 'physicalDeliveryOfficeName',
>                         'RealName' => 'cn',
>                         'ExternalAuthId' => 'sAMAccountName',
>                         'Gecos' => 'sAMAccountName',
>                         'WorkPhone' => 'telephoneNumber',
>                         'Address1' => 'streetAddress',
>                         'City' => 'l',
>                         'State' => 'st',
>                         'Zip' => 'postalCode',
>                         'Country' => 'co'
>                         },
>                 },
>         } );
> 
> I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
> Page loads in the browser and I can log in as root but when I try to log
> in using AD account I see in the logs:
> 
> [warning]: Use of uninitialized value $filter in concatenation (.) or
> string at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> line 453.
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
> 
> I have been digging through google and the LDAP.pm without success. When
> I messed with the 'base' value error changed:
> 
> [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
> $filter in concatenation (.) or string at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> line 453.
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
> [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method
> "as_string" on an undefined value at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
> line 357.
> 
> Stack:
>  
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
>  
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
>  
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
>   [/opt/rt4/sbin/../lib/RT/User.pm:141]
>  
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
>   [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
>  
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
>   [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
>   [/opt/rt4/share/html/autohandler:53]
> (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
> 
> 
> Any suggestions to a right direction are welcome.
> 
> PS! Went with LDAP because other services on the server use it
> successfully. I have installed RT using Kerberos auth before but decided
> to use something "simpler". :D
> 
> --
> Indrek

-- 
Jeff Blaine
kickflop.net
PGP/GnuPG Key ID: 0x0C8EDD02



More information about the rt-users mailing list