Authen::ExternalAuth and SelfService

I have been setting up RT 3.8.1 on RHEL5 with v0.06_02 this is working
fine for privileged user login. However I get no log entries for it even
being tried when a user tries to login to SelfService. I’m hoping I’ve
just missed some easy config setting for this.

Thanks all and mucho thanks to Mike P for this great module.

[root@tickets-dev ~]# cat /opt/rt3/etc/RT_SiteConfig.pm
Set($rtname, ‘GGU-Tickets-DEV’);
Set($Organization, ‘ggu.edu’);
Set($WebPort, 443);
Set($WebDomain, ‘tickets-dev.ggu.edu’ );
#Set($WebBaseURL , “https://tickets-dev.ggu.edu:443”);
#Set($WebPath , “”);
#Set($WebURL , $WebBaseURL . $WebPath . “/”);
#Set($WebImagesURL , $WebPath . “/NoAuth/images/”);
Set($DatabaseUser , “root”);
Set($DatabasePassword , “****”);
Set($OwnerEmail, “rt-admin[AT]ggu.edu”);

Default From Addess, over ridden by Queue settings

Set($CorrespondAddress , ‘support[AT]tickets-dev.ggu.edu’);
Set($CommentAddress , ‘support-comment[AT]tickets-dev.ggu.edu’);

Set($Timezone , ‘US/Pacific’); # obviously choose what suits you

THE DATABASE:

Set($DatabaseType, ‘mysql’); # e.g. Pg or mysql
Set($DatabaseName , ‘rtdb’);

Logging

Set($LogToSyslog, ‘’);
Set($LogToFile , ‘debug’);
Set($LogDir, ‘/opt/rt3/var/log’);
Set($LogToFileNamed, “rt.log”);

Other config items

Set($UseFriendlyToLine , 1);
Set($AutoLogoff, 480); # 8 Hours
Set(@Active_MakeClicky, qw(httpurl_overwrite)); # Create short clikable
links
Set($MaxInlineBody, 13456);
Set($StandaloneMinServers, 1);
Set($StandaloneMaxServers, 5);
Set($StandaloneMinSpareServers, 0);
Set($StandaloneMaxSpareServers, 2);
Set($StrictLinkACL, 0); # Allow user to link any two tickets if they can
modify one
Set($PreferRichText, 1);

Help ExternalAuth keep users logged in as mysql session seem to have

an issue Oct 2008
Set($WebSessionClass , ‘Apache::Session::File’);

GGU ExtrnalAuth

Set($ExternalAuthPriority, [ ‘server1’,
‘server2’
]
);
Set($ExternalInfoPriority, [ ‘server1’,
‘server2’
]
);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
# GGU Novell eDir
’server1’ => {
‘type’ => ‘ldap’,
‘auth’ => 1,
‘info’ => 1,
‘server’ => ‘server1’,
‘user’ =>
‘cn=access,o=ggu’,
‘pass’ => ‘****’,
‘base’ => ‘o=ggu’,
‘filter’ =>
’(objectClass=Person)’,
‘d_filter’ => ‘’,
‘tls’ => 1,
‘net_ldap_args’ => [ version
=> 3 ],
‘group’ => ‘’,
‘group_attr’ => ‘’,
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely
identify a user
’attr_match_list’ => [ ‘Name’,

‘EmailAddress’
],
# The mapping of RT attributes on to LDAP
attributes
’attr_map’ => { ‘Name’ =>
‘cn’,

‘EmailAddress’ => ‘mail’,

‘Organization’ => ‘ou’,

‘RealName’ => ‘fullName’,

‘ExternalAuthId’ => ‘cn’,
‘Gecos’
=> ‘cn’,

‘WorkPhone’ => ‘telephoneNumber’,

‘Address1’ => ‘’,
‘City’ => ‘’,
‘State’
=> ‘’,
‘Zip’ => ‘’,
‘Country’
=> ‘’
}
},
# GGU Novell eDir
’server2’ => {
‘type’ => ‘ldap’,
‘auth’ => 1,
‘info’ => 1,
‘server’ => ‘server2’,
‘user’ =>
‘cn=access,o=ggu’,
‘pass’ => ‘****’,
‘base’ => ‘o=ggu’,
‘filter’ =>
’(objectClass=Person)’,
‘d_filter’ => ‘’,
‘tls’ => 1,
‘net_ldap_args’ => [ version
=> 3 ],
‘group’ => ‘’,
‘group_attr’ => ‘’,
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely
identify a user
’attr_match_list’ => [ ‘Name’,

‘EmailAddress’
],
# The mapping of RT attributes on to LDAP
attributes
’attr_map’ => { ‘Name’ =>
‘cn’,

‘EmailAddress’ => ‘mail’,

‘Organization’ => ‘ou’,

‘RealName’ => ‘fullName’,

‘ExternalAuthId’ => ‘cn’,
‘Gecos’
=> ‘cn’,

‘WorkPhone’ => ‘telephoneNumber’,

‘Address1’ => ‘’,
‘City’ => ‘’,
‘State’
=> ‘’,
‘Zip’ => ‘’,
‘Country’
=> ‘’
}
}
}
);
1;

John McCoy, Jr wrote:

I have been setting up RT 3.8.1 on RHEL5 with v0.06_02 this is working
fine for privileged user login. However I get no log entries for it even
being tried when a user tries to login to SelfService. I’m hoping I’ve
just missed some easy config setting for this.

Thanks all and mucho thanks to Mike P for this great module.

I’m afraid my only immediate answer is to upgrade to 0.07_01. It may
still have some bugs in it, but as of yesterday 0.06 and all related
development builds should be considered do not use and will not be
supported.

In fact it’s possible they have actually be breaking databases when
autocreating users.

If the problem still occurs with 0.07_01, post some debug log examples
and I’ll see what I can do.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com