Error with RT::Authen::ExtenalAuth against Active Directory W2k3

Hi,
I’m attempting to deploy RT(3.8.2) on a Centos5.2(apache 2.2.3) with
authentication against AD and local database users.
I have the machine joined to the AD domain I need to and with
WebExternalAuth and BasicAuth works well but locks the root account out so I
went for the RT::Authen::ExternalAuth option.

I’m almost there, I’ve installed the RT::Authen::ExternalAuth (0.0.8)module
from CPAN (I had to force it) and add the proper configuration on the
RT_SiteConfig.pm.
The problem is that is thoughing at me an error I’ve not been able to find
in any of the other resources to try to resolv this error:
On the browser:

Can’t locate object method “host” via package “URI::_generic” at
/opt/rt3/bin/…/lib/RT/Interface/Web.pm line 190, line 323.

On the rt.log, in debug mode:

[Wed Mar 25 20:58:26 2009] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)

[Wed Mar 25 20:58:26 2009] [debug]: Calling UserExists with $username
(max.leon) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Wed Mar 25 20:58:26 2009] [debug]: UserExists params:
username: max.leon , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Wed Mar 25 20:58:26 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=Person)(sAMAccountName=max.leon)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Wed Mar 25 20:58:26 2009] [debug]: Password validation required for service

  • Executing…
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
    [Wed Mar 25 20:58:26 2009] [debug]: Trying external auth service: My_LDAP
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
    [Wed Mar 25 20:58:26 2009] [debug]: LDAP Search === Base:
    cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
    (&(sAMAccountName=max.leon)(objectClass=Person)) == Attrs: dn
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
    [Wed Mar 25 20:58:26 2009] [debug]: Found LDAP DN: CN=Max
    Leon,CN=Users,DC=cr,DC=digitalarbor,DC=com
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
    [Wed Mar 25 20:58:26 2009] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth
    External Auth OK ( My_LDAP ): max.leon
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
    [Wed Mar 25 20:58:26 2009] [debug]: LDAP password validation result: 1
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
    [Wed Mar 25 20:58:26 2009] [debug]: Password Validation Check Result: 1
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
    [Wed Mar 25 20:58:26 2009] [debug]: Authentication successful. Now updating
    user information and attempting login.
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)
    [Wed Mar 25 20:58:26 2009] [warning]: DBD::mysql::db selectall_hashref
    failed: Unknown column ‘disabled’ in ‘field list’ at
    /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
    line 279, line 514.
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:279)
    [Wed Mar 25 20:58:26 2009] [warning]: Issuing rollback() for database handle
    being DESTROY’d without explicit disconnect() at
    /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
    line 279, line 514.
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:279)

As you can see the auth succeeds but then gives me this error, now the local
root account can access the system without any problems.
Any help will be more than appreciated.

Cheers!

Max Leon

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Wed Mar 25 20:58:26 2009] [debug]: Authentication successful. Now updating
user information and attempting login.
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)
[Wed Mar 25 20:58:26 2009] [warning]: DBD::mysql::db selectall_hashref
failed: Unknown column ‘disabled’ in ‘field list’ at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
line 279, line 514.
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:279)
[Wed Mar 25 20:58:26 2009] [warning]: Issuing rollback() for database handle
being DESTROY’d without explicit disconnect() at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
line 279, line 514.
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:279)

As you can see the auth succeeds but then gives me this error, now the local
root account can access the system without any problems.
Any help will be more than appreciated.

The log says that RT::Authen::ExternalAuth is trying MySQL
authentication also. Remove My_MySQL and My_SSO_Cookie from
$ExternalAuthPriority and $ExternalInfoPriority in your RT_SiteConfig.pm
and try. I setup this plugin for OpenLDAP server, for which
configuration differs marginally from Active Directory.

Regards, Terence.
i-hack GNU/Linux at DeepRoot Linux

Hi Terence,
Thanks for your reply, I’ll try that right away, but I might have
misunderstood the concept here. Isn’t possible to keep both authentication
methods at the same time, check DB and if fails go to the AD?
I mean, that will be heaven so you can deal with customers both internal and
external.On Wed, Mar 25, 2009 at 10:38 PM, Terence Monteiro terence@deeproot.co.inwrote:

On Wed, Mar 25, 2009 at 03:20:14PM -0600, Max León wrote:

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)

[Wed Mar 25 20:58:26 2009] [debug]: Authentication successful. Now
updating
user information and attempting login.

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)

[Wed Mar 25 20:58:26 2009] [warning]: DBD::mysql::db selectall_hashref
failed: Unknown column ‘disabled’ in ‘field list’ at

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm

line 279, line 514.

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:279)

[Wed Mar 25 20:58:26 2009] [warning]: Issuing rollback() for database
handle
being DESTROY’d without explicit disconnect() at

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm

line 279, line 514.

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:279)

As you can see the auth succeeds but then gives me this error, now the
local
root account can access the system without any problems.
Any help will be more than appreciated.

The log says that RT::Authen::ExternalAuth is trying MySQL
authentication also. Remove My_MySQL and My_SSO_Cookie from
$ExternalAuthPriority and $ExternalInfoPriority in your RT_SiteConfig.pm
and try. I setup this plugin for OpenLDAP server, for which
configuration differs marginally from Active Directory.


Regards, Terence.
i-hack GNU/Linux at DeepRoot Linux

said:

Thanks for your reply, I’ll try that right away, but I might have
misunderstood the concept here. Isn’t possible to keep both authentication
methods at the same time, check DB and if fails go to the AD?
I mean, that will be heaven so you can deal with customers both internal
and external.

I think you might be misunderstanding what the “DB” portion of
ExternalAuth does. It does not utilize RT’s internal authentication
which looks up users in RT’s database, it allows you to look up
authentication information in a different SQL database. With
ExternalAuth, if you only have LDAP configured and the LDAP auth lookup
fails then RT will fall back on its internal authentication and look up
internal users.

Thanks for the clarification, now is crystal clear.

Now, I did what you asked me to and well, that the error went away but I
have a new one.
Here it is what the browser displays:
Can’t call method “as_string” on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 398, line 514.

While the RT log shows:[Thu Mar 26 17:27:19 2009] [debug]: Attempting to use
external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)

[Thu Mar 26 17:27:19 2009] [debug]: Calling UserExists with $username
(max.leon) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)

[Thu Mar 26 17:27:19 2009] [debug]: UserExists
params:

username: max.leon , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 17:27:19 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=Person)(sAMAccountName=max.leon)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 17:27:19 2009] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 with:
Disabled: 0, EmailAddress: , Gecos: max.leon, Name: max.leon, Privileged: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)

[Thu Mar 26 17:27:19 2009] [debug]: Attempting to get user info using this
external service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)

[Thu Mar 26 17:27:19 2009] [debug]: Attempting to use this canonicalization
key: Name
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)

[Thu Mar 26 17:27:19 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=Person)(sAMAccountName=max.leon)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)

[Thu Mar 26 17:27:19 2009] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: ,
Country: , Disabled: 0, EmailAddress: max.leon@digitalarbor.com,
ExternalAuthId: max.leon, Gecos: max.leon, Name: max.leon, Organization: ,
Privileged: 0, RealName: Max Leon, State: , WorkPhone: 83646261, Zip:
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)

[Thu Mar 26 17:27:19 2009] [debug]: About to think about scrips for
transaction #31
(/opt/rt3/bin/…/lib/RT/Transaction_Overlay.pm:163)

[Thu Mar 26 17:27:19 2009] [debug]: About to think about scrips for
transaction #32
(/opt/rt3/bin/…/lib/RT/Transaction_Overlay.pm:163)

[Thu Mar 26 17:27:19 2009] [info]: Autocreated external user max.leon ( 28 )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:132)

[Thu Mar 26 17:27:19 2009] [debug]: Loading new user ( max.leon ) into
current session
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:138)
[Thu Mar 26 17:27:19 2009] [debug]: Password validation required for service

  • Executing…
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
    [Thu Mar 26 17:27:19 2009] [debug]: Trying external auth service: My_LDAP
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
    [Thu Mar 26 17:27:19 2009] [debug]: LDAP Search === Base:
    cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
    (&(sAMAccountName=max.leon)(objectClass=Person)) == Attrs: dn
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
    [Thu Mar 26 17:27:19 2009] [debug]: Found LDAP DN: CN=Max
    Leon,CN=Users,DC=cr,DC=digitalarbor,DC=com
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
    [Thu Mar 26 17:27:19 2009] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth
    External Auth OK ( My_LDAP ): max.leon
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
    [Thu Mar 26 17:27:19 2009] [debug]: LDAP password validation result: 1
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
    [Thu Mar 26 17:27:19 2009] [debug]: Password Validation Check Result: 1
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
    [Thu Mar 26 17:27:19 2009] [debug]: Authentication successful. Now updating
    user information and attempting login.
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)
    [Thu Mar 26 17:27:19 2009] [debug]: UserExists params:
    username: max.leon , service: My_LDAP
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
    [Thu Mar 26 17:27:19 2009] [debug]: LDAP Search === Base:
    cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
    (&(objectClass=Person)(sAMAccountName=max.leon)) == Attrs:
    l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
    [Thu Mar 26 17:27:19 2009] [debug]: UserExists params:
    username: max.leon , service: My_LDAP
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
    [Thu Mar 26 17:27:19 2009] [debug]: LDAP Search === Base:
    cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
    (&(objectClass=Person)(sAMAccountName=max.leon)) == Attrs:
    l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

For what I can make out of this log, everything went well but I cannot
access RT, something that gets my attention is the fact that the LDAP Search
occurs more than once but not sure if that is correct.

Thanks again for your advise.On Thu, Mar 26, 2009 at 10:52 AM, Nick Kartsioukas < change+lists.rt@nightwind.net change%2Blists.rt@nightwind.net> wrote:

On Thu, 26 Mar 2009 10:18:14 -0600, “Max León” mleon@wirewatchers.com
said:

Thanks for your reply, I’ll try that right away, but I might have
misunderstood the concept here. Isn’t possible to keep both
authentication
methods at the same time, check DB and if fails go to the AD?
I mean, that will be heaven so you can deal with customers both internal
and external.

I think you might be misunderstanding what the “DB” portion of
ExternalAuth does. It does not utilize RT’s internal authentication
which looks up users in RT’s database, it allows you to look up
authentication information in a different SQL database. With
ExternalAuth, if you only have LDAP configured and the LDAP auth lookup
fails then RT will fall back on its internal authentication and look up
internal users.

said:

Now, I did what you asked me to and well, that the error went away but I
have a new one.
Here it is what the browser displays:
Can’t call method “as_string” on an undefined value at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 398, line 514.

Ensure that you have valid LDAP search parameters defined for ‘base’,
‘filter’, and ‘d_filter’. In my configuration, I don’t need to narrow
down the search any more than what I defined in my LDAP search base, so
I set ‘filter’ to ‘(objectClass=*)’ and ‘d_filter’ to
’(objectClass=ThisWillNeverMatch)’.

Thanks so much Nick.
That indeed did the trick and I have it ready.
Thanks for the clarification as well.On Thu, Mar 26, 2009 at 11:37 AM, Nick Kartsioukas < change+lists.rt@nightwind.net change%2Blists.rt@nightwind.net> wrote:

On Thu, 26 Mar 2009 11:32:53 -0600, “Max León” mleon@wirewatchers.com
said:

Now, I did what you asked me to and well, that the error went away but I
have a new one.
Here it is what the browser displays:
Can’t call method “as_string” on an undefined value at

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm

line 398, line 514.

Ensure that you have valid LDAP search parameters defined for ‘base’,
‘filter’, and ‘d_filter’. In my configuration, I don’t need to narrow
down the search any more than what I defined in my LDAP search base, so
I set ‘filter’ to ‘(objectClass=*)’ and ‘d_filter’ to
’(objectClass=ThisWillNeverMatch)’.

Hi again,
I have an odd situation still.
I made the mistake to claim victory before further testing, and here I am.
I can connect with the same user from the AD that I was testing before but
any new one gives me this error on the browser:

Can’t locate object method “host” via package “URI::_generic” at
/opt/rt3/bin/…/lib/RT/Interface/Web.pm line 190.
Which takes me to this sub routine:
sub Redirect {
my $redir_to = shift;
untie $HTML::Mason::Commands::session;
my $uri = URI->new($redir_to);
my $server_uri = URI->new( RT->Config->Get(‘WebURL’) );

# If the user is coming in via a non-canonical
# hostname, don't redirect them to the canonical host,
# it will just upset them (and invalidate their credentials)
# don't do this if $RT::CanoniaclRedirectURLs is true
if (   !RT->Config->Get('CanonicalizeRedirectURLs')   <-- THIS IS THE

LINE OF THE ERROR
&& $uri->host eq $server_uri->host
&& $uri->port eq $server_uri->port )
{
if ( defined $ENV{HTTPS} and $ENV{‘HTTPS’} eq ‘on’ ) {
$uri->scheme(‘https’);
}
else {
$uri->scheme(‘http’);
}

    # [rt3.fsck.com #12716] Apache recommends use of $SERVER_HOST
    $uri->host( $ENV{'SERVER_HOST'} || $ENV{'HTTP_HOST'} );
    $uri->port( $ENV{'SERVER_PORT'} );
}

While on the RT log I can see this:

[Thu Mar 26 20:35:31 2009] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)

[Thu Mar 26 20:35:31 2009] [debug]: Calling UserExists with $username
(evol.johnson) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)

[Thu Mar 26 20:35:31 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 20:35:31 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 20:35:31 2009] [debug]: Password validation required for service

  • Executing…
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)

[Thu Mar 26 20:35:31 2009] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)

[Thu Mar 26 20:35:31 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(sAMAccountName=evol.johnson)(objectClass=*)) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)

[Thu Mar 26 20:35:31 2009] [debug]: Found LDAP DN: CN=Evol
Johnson,CN=Users,DC=cr,DC=digitalarbor,DC=com
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)

[Thu Mar 26 20:35:31 2009] [info]: My_LDAP AUTH FAILED evol.johnson (can’t
bind: LDAP_INVALID_CREDENTIALS 49 )
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:82)

[Thu Mar 26 20:35:31 2009] [debug]: LDAP password validation result: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)

[Thu Mar 26 20:35:31 2009] [debug]: Password Validation Check Result: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)

[Thu Mar 26 20:35:31 2009] [debug]: Autohandler called ExternalAuth.
Response: (0, Password Invalid)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

[Thu Mar 26 20:35:31 2009] [error]: FAILED LOGIN for evol.johnson from
192.168.0.71 (/opt/rt3/share/html/autohandler:268)
[Thu Mar 26 20:35:40 2009] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)

[Thu Mar 26 20:35:40 2009] [debug]: Calling UserExists with $username
(evol.johnson) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)

[Thu Mar 26 20:35:40 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 20:35:40 2009] [debug]: Password validation required for service

  • Executing…
    (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)

[Thu Mar 26 20:35:40 2009] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(sAMAccountName=evol.johnson)(objectClass=*)) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)

[Thu Mar 26 20:35:40 2009] [debug]: Found LDAP DN: CN=Evol
Johnson,CN=Users,DC=cr,DC=digitalarbor,DC=com
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)

[Thu Mar 26 20:35:40 2009] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth
External Auth OK ( My_LDAP ): evol.johnson
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:139)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP password validation result: 1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)

[Thu Mar 26 20:35:40 2009] [debug]: Password Validation Check Result: 1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)

[Thu Mar 26 20:35:40 2009] [debug]: Authentication successful. Now updating
user information and attempting login.
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)

[Thu Mar 26 20:35:40 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)

[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)

[Thu Mar 26 20:35:40 2009] [debug]: UserExists
params:

username: evol.johnson , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=
)(objectClass=nomatch)(sAMAccountName=evol.johnson)) ==
Attrs: uid
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:398)
[Thu Mar 26 20:35:40 2009] [info]: User marked as ENABLED ( evol.johnson )
per External Service (0, That is already the current value)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:274)
[Thu Mar 26 20:35:40 2009] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 with:
Name: evol.johnson
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Thu Mar 26 20:35:40 2009] [debug]: Attempting to get user info using this
external service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Thu Mar 26 20:35:40 2009] [debug]: Attempting to use this canonicalization
key: Name
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu Mar 26 20:35:40 2009] [debug]: LDAP Search === Base:
cn=users,dc=cr,dc=digitalarbor,dc=com == Filter:
(&(objectClass=*)(sAMAccountName=evol.johnson)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu Mar 26 20:35:40 2009] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: ,
Country: , EmailAddress: , ExternalAuthId: evol.johnson, Gecos:
evol.johnson, Name: evol.johnson, Organization: , RealName: Evol
Johnson,State: , WorkPhone: , Zip:
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Thu Mar 26 20:35:40 2009] [debug]: UPDATED user ( evol.johnson ) from
External Service
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:307)
[Thu Mar 26 20:35:40 2009] [info]: Successful login for evol.johnson from
192.168.0.71
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:219)
[Thu Mar 26 20:35:40 2009] [debug]: Autohandler called ExternalAuth.
Response: (1, Successful login)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

I’m not a coder so I cannot make much about this problem since I don’t
understand what is the root of it.

Thanks again.On Thu, Mar 26, 2009 at 2:22 PM, Max León mleon@wirewatchers.com wrote:

Thanks so much Nick.
That indeed did the trick and I have it ready.
Thanks for the clarification as well.

On Thu, Mar 26, 2009 at 11:37 AM, Nick Kartsioukas < change+lists.rt@nightwind.net change%2Blists.rt@nightwind.net> wrote:

On Thu, 26 Mar 2009 11:32:53 -0600, “Max León” mleon@wirewatchers.com
said:

Now, I did what you asked me to and well, that the error went away but I
have a new one.
Here it is what the browser displays:
Can’t call method “as_string” on an undefined value at

/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm

line 398, line 514.

Ensure that you have valid LDAP search parameters defined for ‘base’,
‘filter’, and ‘d_filter’. In my configuration, I don’t need to narrow
down the search any more than what I defined in my LDAP search base, so
I set ‘filter’ to ‘(objectClass=*)’ and ‘d_filter’ to
’(objectClass=ThisWillNeverMatch)’.