[rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?
Martin Wheldon
martin.wheldon at greenhills-it.co.uk
Wed Oct 19 10:36:07 EDT 2016
Hi Malcolm,
The output from rt-ldapimport is normal if no changes are required, as
I've just tried it here in my lab and it is working.
Incidentally LDAPImport doesn't currently support TLS, I've written a
patch which
you are welcome to have if you would like it. I'm afraid I haven't
submitted it to BP
yet, but intend too when I get some time.
Best Regards
Martin
On 2016-10-19 14:21, Malcolm Galland wrote:
> Ah, yes. It looks like I had commented it out during testing, and
> that's what was causing the PeerHost error. Below is the section of
> SiteConfig dedicated to LDAPImport:
>
> Set($LDAPHost,'ggdc1.domain.int');
> Set($LDAPUser,'LDAP_ACCOUNT');
> Set($LDAPPassword,'LDAP_ACCOUNT_PASS');
> Set($LDAPBase, 'dc=domain,dc=int');
> Set($LDAPFilter, '(&(cn = users))');
> Set($LDAPMapping, {Name => 'uid', # required
> EmailAddress => 'mail',
> RealName => 'cn',
> WorkPhone => 'telephoneNumber',
> Organization => 'departmentName'});
>
> # If you want to sync Groups from LDAP into RT
>
> Set($LDAPGroupBase, 'dc=domain,dc=int');
> Set($LDAPGroupFilter, '(&(cn = Groups))');
> Set($LDAPGroupMapping, {Name => 'cn',
> Member_Attr => 'member',
> Member_Attr_Value => 'dn' });
>
> Interesting follow up question though, when I run rt-ldapimport I don't
> get any errors, but the output doesn't exactly instill a feeling of
> sucess either:
>
> /opt/rt4/sbin/rt-ldapimport --debug
> Running test import, no data will be changed
> Rerun command with --import to perform the import
> Rerun command with --debug for more information
> Testing group import
> Finished test
>
>
> On Wed, 2016-10-19 at 14:09 +0000, Martin Wheldon wrote:
>> Hi Malcolm,
>>
>> You are missing the LDAP import configuration, which is separate
>> from
>> the External auth config.
>> The following will help:
>>
>> https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html
>>
>> Best Regards
>>
>> Martin
>>
>> On 2016-10-19 13:37, Malcolm Galland wrote:
>> >
>> > I've set up RT, and am testing it with rt-server. Everything seems
>> > to
>> > be going smoothly except LDAP with RT::Authen::ExternalAuth. I
>> > read
>> > the docs and have implemented the suggested changes in
>> > /opt/rt4/etc/RT_SiteConfig.pm like so:
>> >
>> > Set( $ExternalAuthPriority, ["My_LDAP"] );
>> > Set( $ExternalInfoPriority, ["My_LDAP"] );
>> > Set($ExternalAuth, 1);
>> > Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
>> > Set($AutoCreateNonExternalUsers, 1);
>> > Set($ExternalSettings, {
>> > 'My_LDAP' => {
>> > 'type' => 'ldap',
>> > 'server' => 'ggdc1.domain.int',
>> > 'user' => 'LDAP_ACCOUNT',
>> > 'pass' => 'LDAP_ACCOUNT_PASS',
>> > 'base' => 'ou=Production,dc=domain,dc=int',
>> > 'filter' => '(objectClass=inetOrgPerson)',
>> > 'attr_match_list' => [
>> > 'Name',
>> > 'EmailAddress',
>> > ],
>> > 'attr_map' => {
>> > 'Name' => 'sAMAccountName',
>> > 'EmailAddress' => 'mail',
>> > 'RealName' => 'cn',
>> > 'WorkPhone' => 'telephoneNumber',
>> > 'Address1' => 'streetAddress',
>> > 'City' => 'l',
>> > 'State' => 'st',
>> > 'Zip' => 'postalCode',
>> > 'Country' => 'co',
>> > },
>> > },
>> > } );
>> >
>> > The issue is when I try to login the users aren't allowed access,
>> > and I
>> > get the following error from rt-server:
>> >
>> > [error]: FAILED LOGIN for username_redacted from IP_REDACTED
>> > (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
>> >
>> > Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug
>> > I get:
>> > [critical]: Expected 'PeerHost' at
>> > /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164.
>> > (/opt/rt4/sbin/../lib/RT.pm:390)
>> >
>> > Any ideas? I read every document I could find, but it's hard to
>> > know
>> > which non-official ones you can trust since RT has been around so
>> > long
>> > and ExternalAuth was just added to the core. Also, the official
>> > docs
>> > are a bit terse.
>> > ---------
>> > RT 4.4 and RTIR training sessions, and a new workshop day!
>> > https://bestpractical.com/training
>> > * Boston - October 24-26
>> > * Los Angeles - Q1 2017
More information about the rt-users
mailing list