3.8.6: WritableAttributes error in Web.pm's AttemptExternalAuth

Philip_Shore · November 30, 2009, 6:38pm

I am trying to upgrade our 3.6.5 RT instance to 3.8.6 and I am getting
an error at the point of first log on.

There is new code in RT 3.8.6 that wasn’t present in 3.8.5 that is
throwing an error for me:

error: Can’t locate object method “WritableAttributes” via package
"pms52" (perhaps you forgot to
load “pms52”?) at /opt/rt3/bin/…/lib/RT/Interface/Web.pm line 367,
line 276.
context:
…
363: # now get user specific information, to better create our user.
364: my $new_user_info =
RT::Interface::Web::WebExternalAutoInfo($user);
365:
366: # set the attributes that have been defined.
367: foreach my $attribute ( $user->WritableAttributes ) {
368: $m->callback(
369: Attribute => $attribute,
370: User => $user,
371: UserInfo => $new_user_info,
…
code stack:
/opt/rt3/bin/…/lib/RT/Interface/Web.pm:367
/opt/rt3/bin/…/lib/RT/Interface/Web.pm:197
/opt/rt3/share/html/autohandler:53

I have RT configured to use WebExternalAuto, and so have an Apache
module providing the userid via REMOTE_USER and user info collected via
ldap. I logon with username “pms52” which appears in the error. I can
also see in the rt log that it has successfully retrieved my information
from our ldap server.

I am not a perl programmer but it looks to me like the RT code at line
367 is expecting a database object but has a String instead.

The AttemptExternalAuth subrouting is new in RT 3.8.6. Is there
something I have not configured correctly or is there a bug ? I have
pasted what I think are the relevant parts of our RT_SiteConfig below.

Many thanks,
Philip Shore.

Set($AuthMethods, [‘Internal’]);

Set($WebExternalAuth , 1);
Set($WebExternalAuto , 1);
Set($AutoCreate, { Privileged => 0 } );

Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘instID’,
‘RealName’ => ‘displayName’,
‘NickName’ => ‘title’,
‘ExternalContactInfoId’ => ‘mailAlternative’,
‘ExternalAuthId’ => ‘uid’,
‘Gecos’ => ‘uid’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘postalAddress’,
‘Address2’ => ‘postalAddress’}
);

Kevin_Falcone · November 30, 2009, 7:15pm

I am trying to upgrade our 3.6.5 RT instance to 3.8.6 and I am getting
an error at the point of first log on.

There is new code in RT 3.8.6 that wasn’t present in 3.8.5 that is
throwing an error for me:

I’d be interested to know if the untested attached patch fixes the
issue you’re seeing.

Your siteconfig is also really odd, it isn’t clear to me if you’re
using all in-house config, or some mix of apache auth and
RT-Authen-ExternalAuth or the much older ldap handler.

-kevin

writable.patch (629 Bytes)

Philip_Shore · December 1, 2009, 11:33am

Hi Keven,

Thanks for the quick response. That patch does indeed fix the error and
now I can see the self service interface after authenticating.

Re, our config. I have attached the complete config in case you would
like to provide any words of wisdom.

We are using a custom apache single sign on module that puts the users
id into remote_user then we auto create the user after lookup their
name, email address etc from an ldap source which I guess is the old
handler. I am taking a look at RT::Authen::ExternalAuth to see if it
would be a better solution for us.

Many thanks,
Philip Shore.

Kevin Falcone wrote:> On Mon, Nov 30, 2009 at 06:38:14PM +0000, Philip Shore wrote:

I am trying to upgrade our 3.6.5 RT instance to 3.8.6 and I am getting
an error at the point of first log on.

There is new code in RT 3.8.6 that wasn’t present in 3.8.5 that is
throwing an error for me:

I’d be interested to know if the untested attached patch fixes the
issue you’re seeing.

Your siteconfig is also really odd, it isn’t clear to me if you’re
using all in-house config, or some mix of apache auth and
RT-Authen-ExternalAuth or the much older ldap handler.

-kevin

error: Can’t locate object method “WritableAttributes” via package
“pms52” (perhaps you forgot to
load “pms52”?) at /opt/rt3/bin/…/lib/RT/Interface/Web.pm line 367,
line 276.
context:
…
363: # now get user specific information, to better create our user.
364: my $new_user_info =
RT::Interface::Web::WebExternalAutoInfo($user);
365:
366: # set the attributes that have been defined.
367: foreach my $attribute ( $user->WritableAttributes ) {
368: $m->callback(
369: Attribute => $attribute,
370: User => $user,
371: UserInfo => $new_user_info,
…
code stack:
/opt/rt3/bin/…/lib/RT/Interface/Web.pm:367
/opt/rt3/bin/…/lib/RT/Interface/Web.pm:197
/opt/rt3/share/html/autohandler:53

I have RT configured to use WebExternalAuto, and so have an Apache
module providing the userid via REMOTE_USER and user info collected via
ldap. I logon with username “pms52” which appears in the error. I can
also see in the rt log that it has successfully retrieved my information
from our ldap server.

I am not a perl programmer but it looks to me like the RT code at line
367 is expecting a database object but has a String instead.

The AttemptExternalAuth subrouting is new in RT 3.8.6. Is there
something I have not configured correctly or is there a bug ? I have
pasted what I think are the relevant parts of our RT_SiteConfig below.

Many thanks,
Philip Shore.

Set($AuthMethods, [‘Internal’]);

Set($WebExternalAuth , 1);
Set($WebExternalAuto , 1);
Set($AutoCreate, { Privileged => 0 } );

Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘instID’,
‘RealName’ => ‘displayName’,
‘NickName’ => ‘title’,
‘ExternalContactInfoId’ => ‘mailAlternative’,
‘ExternalAuthId’ => ‘uid’,
‘Gecos’ => ‘uid’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘postalAddress’,
‘Address2’ => ‘postalAddress’}
);

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

RT_SiteConfig.pm (25.2 KB)

Kevin_Falcone · December 1, 2009, 3:09pm

Thanks for the quick response. That patch does indeed fix the error and now I can see the
self service interface after authenticating.

Great, thanks for testing. I’ll commit that to the tree later today.

Re, our config. I have attached the complete config in case you would like to provide any
words of wisdom.

We are using a custom apache single sign on module that puts the users id into remote_user
then we auto create the user after lookup their name, email address etc from an ldap source
which I guess is the old handler. I am taking a look at RT::Authen::ExternalAuth to see if
it would be a better solution for us.

I don’t immediately recognize the module you’re using, but my guess is
that it is indeed a precursor to RT::Authen::ExternalAuth. RAE can
run in info-only mode (rather than auth + info) and is a more modern
way of doing the integration. I don’t know enough about how you’re
doing your apache auth to say if RAE makes sense as an auth source.
It may be worth playing with on a test system.

-kevin