Hi Folks,

Let me try to give all of you a scenario.

In advance sorry for my English.

I’m new to RT and Perl, but with some good skills with Linux.

Have installed successfully RT, logging on with no errors with local
users end logging on successful with AD credentials except for one
error message in the browser.

When I log on with AD credentials I get an error message then I click
in browser’s address bar press enter and I’m logged on.

Haven’t tried the system (RT) yet because of this error, but things
look OK apparently.

Below are some information about version I’m using and logs from
rt.log, at the bottom a copy of my RT_SiteConfig.pm.

Some readings I made pointed to a filter problem, I have tried some
combinations but no success.

I’m using RT-Authen-ExternalAuth-0.07_01.

I also tryed RT-Authen-ExternalAuth-0.06_02 (browser error below, no
log info).

Probably the solution is blinking in front of my eyes but I can’t see
it.

Any suggestion, link, etc is appreciate.

Here goes the extra information.

Installed versions

Windows 2000 AD

RT 3.8.1

RTFM 2.4.0

RT-Authen-ExternalAuth-0.07_01

mod_perl 2.0.2-2.4

Local user login (rt.log)

==> rt.log <==

[Fri Dec 5 12:00:01 2008] [error]: Working around bug in RT and
reloading RT::User
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:12)

[Fri Dec 5 12:00:02 2008] [debug]: $pass defined (senhadoroot),
Running IsPassword
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:69)

[Fri Dec 5 12:00:02 2008] [debug]: Trying External Authentication (
root )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:24)

[Fri Dec 5 12:00:02 2008] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:150)

[Fri Dec 5 12:00:02 2008] [debug]: Trying external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:13)

[Fri Dec 5 12:00:02 2008] [debug]: LDAP Search === Base:
dc=alergs,dc=br == Filter: (&(sAMAccountName=root)) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:40)

[Fri Dec 5 12:00:02 2008] [info]: My_LDAP AUTH FAILED: root User not
found or more than one user found
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:63)

[Fri Dec 5 12:00:02 2008] [debug]: RT::User::IsPassword EXTERNAL AUTH
FAILED
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:30)

[Fri Dec 5 12:00:02 2008] [info]: RT::User::IsPassword INTERNAL AUTH
OKAY: root
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:43)

[Fri Dec 5 12:00:02 2008] [debug]: UserExists params:

username: root , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:271)

[Fri Dec 5 12:00:02 2008] [debug]: LDAP Search === Base:
dc=alergs,dc=br == Filter: (&(sAMAccountName=root)) == Attrs:
cn,mail,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:301)

[Fri Dec 5 12:00:02 2008] [debug]: User Check Failed :: ( My_LDAP )
root User not found
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:315)

[Fri Dec 5 12:00:02 2008] [debug]: User ( root ) doesn’t exist in
service ( My_LDAP ) - Cannot update information - Skipping…
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:218)

[Fri Dec 5 12:00:02 2008] [info]: User marked as ENABLED ( root ) per
External Service (0, That is already the current value)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:70)

[Fri Dec 5 12:00:02 2008] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 87
with: Name: root
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:257)

[Fri Dec 5 12:00:02 2008] [debug]: Attempting to get user info using
this external service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:265)

[Fri Dec 5 12:00:02 2008] [debug]: Attempting to use this
canonicalization key: Name
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)

[Fri Dec 5 12:00:02 2008] [debug]: LDAP Search === Base:
dc=alergs,dc=br == Filter: (&(sAMAccountName=root)) == Attrs:
cn,mail,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:192)

[Fri Dec 5 12:00:02 2008] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)

[Fri Dec 5 12:00:02 2008] [debug]: This attribute ( EmailAddress ) is
not defined in the attr_match_list for this service ( My_LDAP )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:276)

[Fri Dec 5 12:00:02 2008] [debug]: Attempting to use this
canonicalization key: RealName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)

[Fri Dec 5 12:00:02 2008] [debug]: This attribute ( RealName ) is not
defined in the attr_match_list for this service ( My_LDAP )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:276)

[Fri Dec 5 12:00:02 2008] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Name: root
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:338)

[Fri Dec 5 12:00:03 2008] [debug]: UPDATED user ( root ) from External
Service
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:103)

[Fri Dec 5 12:00:03 2008] [info]: Successful login for root from
172.30.10.10
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:112)

Browser: successful login

AC user login (rt.log)

[Fri Dec 5 12:02:11 2008] [debug]: $pass defined (987654321), Running
IsPassword
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:69)

[Fri Dec 5 12:02:11 2008] [debug]: Trying External Authentication (
dsi )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:24)

[Fri Dec 5 12:02:11 2008] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:150)

[Fri Dec 5 12:02:11 2008] [debug]: Trying external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:13)

[Fri Dec 5 12:02:11 2008] [debug]: LDAP Search === Base:
dc=alergs,dc=br == Filter: (&(sAMAccountName=dsi)) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:40)

[Fri Dec 5 12:02:11 2008] [debug]: Found LDAP DN:
CN=dsi,OU=Rede,OU=DSI - Sistemas e
Informatica,OU=Corporativo,DC=alergs,DC=br
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:72)

Browser error message:

with RT-Authen-ExternalAuth-0.07_01

Can’t call method “as_string” on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 97, line 514.

with RT-Authen-ExternalAuth-0.06_02

RT::User::UpdateFromExternal Unimplemented in HTML::Mason::Commands.
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
line 73)

RT_SiteConfig.pm

Set($rtname , “ALERGS”);

Set($Organization , “rt.al.rs.gov.br”);

Set($Timezone , ‘America/Sao_Paulo’);

Set($DatabaseType , ‘mysql’);

Set($DatabaseHost , ‘localhost’);

Set($DatabaseRTHost , ‘localhost’);

Set($DatabasePort , ‘3306’);

Set($DatabaseUser , ‘rtuser’);

Set($DatabasePassword , ‘********’);

Set($DatabaseName , ‘rt3’);

Set($WebDefaultStylesheet, ‘web2’);

Set($WebPath, “”);

Set($WebDomain, ‘rt.alergs.br’ );

Set($WebPort, 80); # + ($< * 7274) % 32766 +
($< && 1024));

Set($WebBaseURL, ‘http://’ .
RT->Config->Get(‘WebDomain’) . ‘:’ .
RT->Config->Get(‘WebPort’));

Set($WebURL, RT->Config->Get(‘WebBaseURL’) .
RT->Config->Get(‘WebPath’) . “/”);

Set($RTAddressRegexp , ‘dsi.$@al.rs.gov.br’);

Set($CorrespondAddress , ‘dsi.rede@al.rs.gov.br’);

Set($CommentAddress , ‘dsi.redeadm@al.rs.gov.br’);

#Set(@EmailInputEncodings, qw(utf-8 iso-8859-1 us-ascii));

#Set($EmailOutputEncoding, ‘utf-8’);

#Set($UseFriendlyFromLine, 1);

#Set($FriendlyFromLineFormat, “"%s via RT" <%s>”);

Set($AutoLogoff, 30); # minutos

#Set($DateTimeFormat, ‘DefaultFormat’);

Set($DateDayBeforeMonth , 1);

Set($EnableReminders,1);

temporario ate funcionar

Set($LogDir, ‘/opt/rt3/var/log’);

Set($LogToFileNamed , “rt.log”);

Set($LogToFile , ‘warning’);

Set($LogToFile , ‘debug’);

problema de lentidao com ticket merge

adding

@LogToSyslogConf = ( socket => ‘native’ ) unless

(@LogToSyslogConf);

to RT_SiteConfig.pm sped up the merged ticket display from 260 seconds

to about 6 seconds for us.

Set( @Plugins, (qw(RT::Authen::ExternalAuth RT::FM)));

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

Set($ExternalAuthPriority, [‘My_LDAP’]);

Set($ExternalInfoPriority, [‘My_LDAP’]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {

    'My_LDAP'       =>  {


            'type'                      =>  'ldap',


            'auth'                      =>  1,


            'info'                      =>  1,


            'server'                    =>  'ds1.alergs.br',


            #'user'                      =>  'cn=adrt,ou=Contas

de Servicos,ou=DSI - Sistemas e
Informatica,ou=Corporativo,dc=alergs,dc=br’,

            'user'                      => 

‘cn=adrt,ou=Corporativo,dc=alergs,dc=br’,

            #'user'                      =>  'adrt',


            'pass'                      =>  '********',


            'base'                      =>  'dc=alergs,dc=br',


            'filter'                    =>  '',

‘filter’ =>

‘(objectClass=user)’,

‘d_filter’ =>

‘((&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(!name=_*)))’,

            'd_filter'                  =>  '',


            'tls'                       =>  0,


            'net_ldap_args'             => [    version => 

3 ],

            'group'                     =>  'Domain Users',

‘group’ => ‘DSI_Rede_Usu’,

            'group_attr'                =>  '',


            'attr_match_list'           => [  'Name',


                                              'EmailAddress', 


                                              'RealName'

‘WorkPhone’,

‘Address1’

                                           ],

ATENCAO para a virgula no final da linha

            'attr_map'                  =>  {   'Name' =>

‘sAMAccountName’,

                                                'EmailAddress'

=> ‘mail’,

‘Organization’

=> ‘physicalDeliveryOfficeName’,

                                                'RealName' =>

‘cn’

‘ExternalAuthId’

=> ‘sAMAccountName’,

‘Gecos’ =>

‘sAMAccountName’,

‘WorkPhone’ =>

‘telephoneNumber’,

‘Address1’ =>

‘streetAddress’,

‘City’ => ‘l’,

‘State’ => ‘st’,

‘Zip’ =>

‘postalCode’,

‘Country’ =>

‘co’

                                             }


                           }


           }

);

1;

Elton S. Fenner,

Analista de Rede,

Assembléia Legislativa do RS.

+55 51 3210-1202

Elton S. Fenner,

Analista de Rede,

Assembléia Legislativa do RS.

+55 51 3210-1202

I hope someone please take a moment to look at this… and point me to
a way to go to solve this.

I installed RT 3.8.1, follow instructions from
http://wiki.bestpractical.com/view/ExternalAuth and lot of other sites
I googled.

The installation of RT::Authen::ExternalAuth 0.07_01 was made by hand
because via CPAN I got this message: Warning: Cannot install
RT::Authen::ExternalAuth, don’t know what it is.

I can login but get this message in browser:

Can’t call
method “as_string” on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 97, line 514.

Here is the log output:

[Mon Dec 8 18:19:58 2008] [debug]: $pass defined
(**********), Running IsPassword
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:69)

[Mon Dec 8 18:19:58 2008] [debug]: Trying External
Authentication ( dsi )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:24)

[Mon Dec 8 18:19:58 2008] [debug]: Attempting to use
external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:150)

[Mon Dec 8 18:19:59 2008] [debug]: Trying external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:13)

[Mon Dec 8 18:20:03 2008] [debug]: LDAP Search === Base:
dc=alergs,dc=br == Filter: (&(sAMAccountName=dsi)(objectClass=*))
== Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:40)

[Mon Dec 8 18:20:04 2008] [debug]: Found LDAP DN:
CN=dsi,OU=Rede,OU=DSI - Sistemas e
Informatica,OU=Corporativo,DC=alergs,DC=br
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:72)

This is my /opt/rt3/etc/RT_SiteConfig.pm

Set($rtname , “ALERGS”);

Set($Organization , “rt.al.rs.gov.br”);

Set($Timezone , ‘America/Sao_Paulo’);

Set($DatabaseType , ‘mysql’);

Set($DatabaseHost , ‘localhost’);

Set($DatabaseRTHost , ‘localhost’);

Set($DatabasePort , ‘3306’);

Set($DatabaseUser , ‘rtuser’);

Set($DatabasePassword , ‘********’);

Set($DatabaseName , ‘rt3’);

Set($WebDefaultStylesheet, ‘web2’);

Set($WebPath, “”);

Set($WebDomain, ‘rt.alergs.br’ );

Set($WebPort, 80); # + ($< * 7274) % 32766 +
($< && 1024));

Set($WebBaseURL, ‘http://’ . RT->Config->Get(‘WebDomain’) . ‘:’ .
RT->Config->Get(‘WebPort’));

Set($WebURL, RT->Config->Get(‘WebBaseURL’) .
RT->Config->Get(‘WebPath’) . “/”);

Set($RTAddressRegexp , ‘dsi.$@al.rs.gov.br’);

Set($CorrespondAddress , ‘dsi.rede@al.rs.gov.br’);

Set($CommentAddress , ‘dsi.redeadm@al.rs.gov.br’);

Set($AutoLogoff, 30); # minutos

Set($DateDayBeforeMonth , 1);

Set($EnableReminders,1);

Set($LogToSyslog , ‘’);

Set($LogDir, ‘/opt/rt3/var/log’);

Set($LogToFileNamed , “rt.log”);

Set($LogToFile , ‘debug’);

Set( @Plugins, (qw(RT::Authen::ExternalAuth RT::FM)));

Set($ExternalAuthPriority, [‘My_LDAP’]);

Set($ExternalInfoPriority, [‘My_LDAP’]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {

    'My_LDAP'       =>  {


            'type'                      =>  'ldap',


            'auth'                      =>  1,


            'info'                      =>  1,


            'server'                    =>  'ds1.alergs.br',


            'user'                      => 

‘cn=adrt,ou=Corporativo,dc=alergs,dc=br’,

            'pass'                      =>  '************',


            'base'                      =>  'dc=alergs,dc=br',


            'filter'                    => '(objectClass=*)',


            'd_filter'                  =>

‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

            'tls'                       =>  0,


            'net_ldap_args'             => [    version => 

3 ],

            'group'                     =>  'DSI_Rede_Usu',


            'group_attr'                =>  '',


            'attr_match_list'           => [  'Name',


                                              'EmailAddress'


                                           ],




            'attr_map'                  =>  {   'Name' =>

‘sAMAccountName’,

                                                'EmailAddress'

=> ‘mail’,

                                                'RealName' =>

‘cn’

                                             }


                           }


           }

);

1;

Elton S. Fenner,

Analista de Rede,

Assembléia Legislativa do RS.

+55 51 3210-1202

I can login but get this message in browser:
*Can’t call method “as_string” on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 97, line 514. *

This looks like it’s the section of code checking the group.

•            'group'                     =>  'DSI_Rede_Usu',
            'group_attr'                =>  '',*
  

Have you tried with these two lines commented out? I would think group_attr
must be set. I believe ‘uniqueMember’ is what openldap uses, and active
directory uses ‘member’. I also think group would be a full DN, but the code
may search. I’ve never used these before myself.

Bryan

Bryan McLellan wrote:> On Mon, Dec 8, 2008 at 10:44 AM, Elton S. Fenner <elton.fenner@al.rs.gov.br mailto:elton.fenner@al.rs.gov.br> wrote:

I can login but get this message in browser:
*Can't call method "as_string" on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 97,  line 514. *

This looks like it’s the section of code checking the group.

*                'group'                     =>  'DSI_Rede_Usu',
                'group_attr'                =>  '',*

Either comment both out or use both. If group is set, group_attr MUST be
set or you end up with broken code trying to build an LDAP filter.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

Bryan, thanks, you pointed me a direction.

Mike, thank you so much, authentication is working fine.

Just to help other user ‘group’ must be a full DN and ‘group_attr’ for
MS Active Directory must be set with ‘member’ as Bryan said.

Attached is my RT_SiteConfig.pm as an working example to other users.

My scenario:

RT 3.8.1

RTFM 2.4.0

RT-Authen-ExternalAuth-0.07_01

mod_perl 2.0.2-2.4

Thanks again.

Elton S. Fenner,

Analista de Rede,

Assembléia Legislativa do RS.

+55 51 3210-1202

Mike Peachey wrote:

Bryan McLellan wrote:
  

On Mon, Dec 8, 2008 at 10:44 AM, Elton S. Fenner
<elton.fenner@al.rs.gov.br<mailto:elton.fenner@al.rs.gov.br>> wrote:
I can login but get this message in browser:
*Can't call method "as_string" on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 97,  line 514. *

This looks like it’s the section of code checking the group.
*                'group'                     =&gt;  'DSI_Rede_Usu',
                'group_attr'                =&gt;  '',*
</pre></blockquote>

Either comment both out or use both. If group is set, group_attr MUST be
set or you end up with broken code trying to build an LDAP filter.

  

RT_SiteConfig.pm (3.58 KB)