[rt-users] RT::User::ExternalAuthId Unimplemented in RT::Record

Daniel Burchfield dburchfield at medonehs.com
Thu Feb 2 14:59:47 EST 2017


Hello,

I am trying to get RT to pull in users from my local active directory and use AD for auth. Meaning when I change a user's password in AD it should reflect the change in RT. I'm running RT 4.4.1. Currently, when I run the import  I get the following error:

[root at Servername myuser]# /opt/rt4/sbin/rt-ldapimport --import --debug
[51270] [Thu Feb  2 19:56:59 2017] [warning]: RT::Authen::ExternalAuth has been cored since RT 4.4, please check the upgrade document for more details (/opt/rt4/sbin/../lib/RT.pm:748)
[51270] [Thu Feb  2 19:57:00 2017] [warning]: RT::Authen::ExternalAuth has been cored since RT 4.4, please check the upgrade document for more details (/opt/rt4/sbin/../lib/RT.pm:748)
Starting import
[51270] [Thu Feb  2 19:57:00 2017] [critical]: RT::User::ExternalAuthId Unimplemented in RT::Record. (/opt/rt4/sbin/../lib/RT/Record.pm line 958)  (/opt/rt4/sbin/../lib/RT.pm:390)
RT::User::ExternalAuthId Unimplemented in RT::Record. (/opt/rt4/sbin/../lib/RT/Record.pm line 958)

Here is my RT_SiteConfig.pm:

Plugin('RT::Extension::LDAPImport');
Plugin('RT::Authen::ExternalAuth');

# Uncomment for debug
#Set($LogToSyslog, 'debug');

Set( $CommentAddress, 'ithelpdesk at mydomain.com' );
Set( $CorrespondAddress, 'ithelpdesk at mydomain.com' );

Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $DatabasePassword, 'password' );
Set( $DatabasePort, '' );
Set( $DatabaseType, 'mysql' );
Set( $DatabaseUser, 'srv_rtir' );

Set( $Organization, '' );
Set( $OwnerEmail, 'ithelpdesk at mydomain.com' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'tracker.mydomain.local' );
Set( $WebPort, '8080' );
Set( $rtname, 'Mydomain-Tracker' );

# to fix that annoying error that the sites dont match
Set(@ReferrerWhitelist, qw(tracker.mydomain.local:8080));

# LDAP Authentication
Set( @Plugins, qw(RT::Extension::LDAPImport));
Set( @Plugins, qw(RT::Authen::ExternalAuth));

# LDAP user import
Set($LDAPHost,'mydomain.local');
Set($LDAPUser, 'mydomain\LDAPUser');
Set($LDAPPassword, 'password');
Set($LDAPBase, 'CN=Users,DC=mydomain,DC=local');
Set($LDAPFilter, '(&(objectCategory=person))');

Set($LDAPMapping, {

        Name            => 'sAMAccountName',

        EmailAddress    => 'mail',

        Organization    => 'department',

        RealName        => 'cn',

        NickName        => 'givenName',

        ExternalAuthId  => 'sAMAccountName',

        Gecos           => 'sAMAccountName',

        WorkPhone       => 'telephoneNumber',

        MobilePhone     => 'mobile',

        Address1        => 'streetAddress',

        City            => 'l',

        State           => 'st',

        Zip             => 'postalCode',

        Country         => 'co'
});

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);

## LDAP GROUP IMPORT AND MAPPINGS

Set($LDAPGroupMapping, {Name                    => 'cn',

                        Member_Attr             => 'member',

                        Member_Attr_Value       => 'dn'});



#OU/basedn location of groups

Set($LDAPGroupBase, 'ou=users,dc=mydomain,dc=local');



# LDAP GROUP FILTERING

Set($LDAPGroupFilter, '(|(cn=Domain Users)(cn=Technical Operations)(cn=Management))');


## LDAP Authentication

# Use the below LDAP source for both authentication, as well as user

    # information

    Set( $ExternalAuthPriority, ["My_LDAP"] );

    Set( $ExternalInfoPriority, ["My_LDAP"] );



    # Make users created from LDAP Privileged

    Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );



    # Users should still be autocreated by RT as internal users if they

    # fail to exist in an external service; this is so requestors (who

    # are not in LDAP) can still be created when they email in.

    Set($AutoCreateNonExternalUsers, 1);

  # Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for

    # further details and examples

    Set($ExternalSettings, {

        'My_LDAP'       =>  {

            'type'             =>  'ldap',

            'server'           =>  'internalIpAddress',

            # By not passing 'user' and 'pass' we are using an anonymous

            # bind, which some servers to not allow

            'base'             =>  'ou=Users,dc=mydomain,dc=local',

            'filter'           =>  '(objectClass=inetOrgPerson)',

            # Users are allowed to log in via email address or account

            # name

            'attr_match_list'  => [

                'Name',

                'EmailAddress',

            ],

            # Import the following properties of the user from LDAP upon

            # login

            'attr_map' => {

                'Name'         => 'sAMAccountName',

                'EmailAddress' => 'mail',

                'RealName'     => 'cn',

                'WorkPhone'    => 'telephoneNumber',

                'Address1'     => 'streetAddress',

                'City'         => 'l',
                'State'        => 'st',

                'Zip'          => 'postalCode',

                'Country'      => 'co',

            },

        },

    } );

1;




  Daniel Burchfield - Senior IT Systems Administrator
   1590 University Avenue [cid:image002.jpg at 01CEFB23.2CA2B190]  Dubuque, IA 52001
   Office 563-588-8748 ext. 1001 [cid:image002.jpg at 01CEFB23.2CA2B190]  Toll Free 888-884-6331 ext. 1001
   Office (direct): 563-293-8060 [cid:image002.jpg at 01CEFB23.2CA2B190]  Mobile 563-564-7074

[MedOne_Email_Signature]


The information contained in this message is confidential and intended for the addressee only.  If you have received this message in error, or there are any problems, please notify the sender immediately.  The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20170202/2be49d3e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 675 bytes
Desc: image001.jpg
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20170202/2be49d3e/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 8771 bytes
Desc: image002.jpg
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20170202/2be49d3e/attachment-0001.jpg>


More information about the rt-users mailing list