Configuring RT::Authen::ExternalAuth after successful install of RT4

RT Users
1

Team

I am trying to get authentication happen between Microsoft Active Directory and RT using RT::Authen::ExternalAuth. I have successfully installed it and as per the README, I have configured the attached values in /etc/RT_SiteConfig.pm.

Now, I am getting the below error while authenticating to the site, regardless of local or external user account:
Can’t call method “as_string” on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 195.

Can someone please help me in this?

Thanks
Raghu

This message and any attachments thereto contain information that may be privileged, confidential or otherwise protected from disclosure and is the property of SumTotal Systems, Inc. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message, any attachments thereto or any part thereof. If you receive this message in error, please notify me at RaghavendraLK@sumtotalsystems.commailto:RaghavendraLK@sumtotalsystems.com and delete all copies of this message and attachments. SumTotal Systems, Inc. has implemented anti-virus software on its computers and servers, however, it is the recipient’s own responsibility to ensure that all attachments are scanned for viruses prior to usage.

RT_ExternalAuthentication.txt (15.5 KB)

2

Team

I am trying to get authentication happen between Microsoft Active
Directory and RT using RT::Authen::ExternalAuth. I have successfully
installed it and as per the README, I have configured the attached values
in /etc/RT_SiteConfig.pm.

Now, I am getting the below error while authenticating to the site,
regardless of local or external user account:
Can’t call method “as_string” on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 195.

The config file has this comment:

ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!

YOU MUST SPECIFY A filter AND A d_filter!!

Your d_filter is commented out, so you don’t have a d_filter. You need
a d_filter.

3

Hi Nick/All

I have uncommented both filters and d_filters. Now, the configuration looks like below:

The filter to use to match RT-Users

                                                    'filter'                    =>  '(sAMAccountName=%u)',
                                                    # A catch-all example filter: '(objectClass=*)'
                                                    # The filter that will only match disabled users
                                                    'd_filter'                  =>  '(&(objectCategory=person)(objectClass=user))',

Now, I am not getting the below string error but my external authentication is still not successful. I am doubting if the above filter value is incorrect which is making RT unable to search for the user in AD.

Can someone please guide me to setup External Authentication (using AD)?

Thanks
RaghuFrom: Nick Kartsioukas [change+lists.rt@nightwind.net]
Sent: Thursday, July 21, 2011 11:59 PM
To: Raghavendra Lal Kalyankar; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Configuring RT::Authen::ExternalAuth after successful install of RT4

Team

I am trying to get authentication happen between Microsoft Active
Directory and RT using RT::Authen::ExternalAuth. I have successfully
installed it and as per the README, I have configured the attached values
in /etc/RT_SiteConfig.pm.

Now, I am getting the below error while authenticating to the site,
regardless of local or external user account:
Can’t call method “as_string” on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 195.

The config file has this comment:

ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!

YOU MUST SPECIFY A filter AND A d_filter!!

Your d_filter is commented out, so you don’t have a d_filter. You need
a d_filter.

This message and any attachments thereto contain information that may be privileged, confidential or otherwise protected from disclosure and is the property of SumTotal Systems, Inc. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message, any attachments thereto or any part thereof. If you receive this message in error, please notify me at RaghavendraLK@sumtotalsystems.commailto:RaghavendraLK@sumtotalsystems.com and delete all copies of this message and attachments. SumTotal Systems, Inc. has implemented anti-virus software on its computers and servers, however, it is the recipient’s own responsibility to ensure that all attachments are scanned for viruses prior to usage.

4

Hi Nick/All

I have uncommented both filters and d_filters. Now, the configuration looks like below:

The filter to use to match RT-Users

                                                    'filter'                    =>  '(sAMAccountName=%u)',

what’s %u here? There is no printf style interpretation of filters.
RT::Authen::ExternalAuth already builds (sAMAccountName=username) if you
configure the rest properly. This is a filter to ensure that you don’t
match the wrong type of user. If you don’t know what goes here, use the
catch-all example filter.

                                                    # A catch-all example filter: '(objectClass=*)'
                                                    #
                                                    # The filter that will only match disabled users
                                                    'd_filter'                  =>  '(&(objectCategory=person)(objectClass=user))',

Now, I am not getting the below string error but my external authentication is still not successful. I am doubting if the above filter value is incorrect which is making RT unable to search for the user in AD.

That says anyone who is a user and a person should be disabled.
Is that really what you want?

Leave it empty but not commented out if you don’t know what you want.

Also, run your install in debug logging mode, it’ll show you what it
is doing.

-kevin