ExternalAuth Installed but not working

I’m having a bit of trouble getting ExternalAuth to work. I’ve scoured
the archives and the net and found many suggestions, but none have made any
changes.

  • I’ve setup logging to go to a seperate file, but all I get is a Login
    Failure message in this file when I try to login:

[Thu Dec 8 23:38:32 2011] [error]: FAILED LOGIN for rbackman from
xx.xx.xx.xx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:424)

  • I’m seeing correct values in the online configuration view inside RT
    indicating that ExternalAuth is loaded as a Plugin and that
    ExternalAuthPriority is My_LDAP.

  • I can use the ldapsearch tool with the same variables on the same box
    successfully

Any help is much appreciated.

Below is my configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set ( $ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set ( $ExternalInfoPriority, [ ‘My_LDAP’ ] );

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘server.domain.edu’,
‘user’ => ‘CN=user,OU=admin…’,
‘pass’ => ‘pass’,
‘base’ => ‘dc=domain,…’,
‘filter’ =>
‘(&(objectClass=user)(memberOf=CN=Staff…)’,
‘d_filter’ => ‘(userAccountControl=514)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘group’ => ‘CN=All Users,…’,
‘group_attr’ => ‘member’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’
}
}
}
);

1;

Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576

Ryan,

Looks like you’re missing a right ) at the end of your filter line.

KennOn Thu, Dec 8, 2011 at 4:41 PM, Ryan Backman rbackman@georgefox.edu wrote:

I’m having a bit of trouble getting ExternalAuth to work. I’ve scoured
the archives and the net and found many suggestions, but none have made any
changes.

  • I’ve setup logging to go to a seperate file, but all I get is a Login
    Failure message in this file when I try to login:

[Thu Dec 8 23:38:32 2011] [error]: FAILED LOGIN for rbackman from
xx.xx.xx.xx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:424)

  • I’m seeing correct values in the online configuration view inside RT
    indicating that ExternalAuth is loaded as a Plugin and that
    ExternalAuthPriority is My_LDAP.

  • I can use the ldapsearch tool with the same variables on the same box
    successfully

Any help is much appreciated.

Below is my configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set ( $ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set ( $ExternalInfoPriority, [ ‘My_LDAP’ ] );

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘server.domain.edu’,
‘user’ => ‘CN=user,OU=admin…’,
‘pass’ => ‘pass’,
‘base’ => ‘dc=domain,…’,
‘filter’ =>
‘(&(objectClass=user)(memberOf=CN=Staff…)’,
‘d_filter’ => ‘(userAccountControl=514)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘group’ => ‘CN=All Users,…’,
‘group_attr’ => ‘member’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘ExternalAuthId’
=> ‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’
}
}
}
);

1;

=+=+=+=+=+=+=+=+=+
Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576
=+=+=+=+=+=+=+=+=+


RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston — March 5 & 6, 2012

I’m by no means an expert at this at all but I see you are using
sAMAccountName which leads me to believe you are connecting to Active
Directory.

I had to use the bitmask version of the d_filter for the ldap search to
filter out disabled users…

not sure if this has anything to do with why you aren’t able to login, but
it’s just something that stood out to me.

My d_filter line is below

    'd_filter'      =>

‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
Ken is also accurate in that you are missing a right parenthesis on your
filter line.

My filter line is below(so you can see how to use the (& )

    'filter'        =>  '(&(objectCategory=User) (ObjectClass=Person))',

Hope that helps!
Mike.On Thu, Dec 8, 2011 at 7:41 PM, Ryan Backman rbackman@georgefox.edu wrote:

I’m having a bit of trouble getting ExternalAuth to work. I’ve scoured
the archives and the net and found many suggestions, but none have made any
changes.

  • I’ve setup logging to go to a seperate file, but all I get is a Login
    Failure message in this file when I try to login:

[Thu Dec 8 23:38:32 2011] [error]: FAILED LOGIN for rbackman from
xx.xx.xx.xx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:424)

  • I’m seeing correct values in the online configuration view inside RT
    indicating that ExternalAuth is loaded as a Plugin and that
    ExternalAuthPriority is My_LDAP.

  • I can use the ldapsearch tool with the same variables on the same box
    successfully

Any help is much appreciated.

Below is my configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set ( $ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set ( $ExternalInfoPriority, [ ‘My_LDAP’ ] );

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘server.domain.edu’,
‘user’ => ‘CN=user,OU=admin…’,
‘pass’ => ‘pass’,
‘base’ => ‘dc=domain,…’,
‘filter’ =>
‘(&(objectClass=user)(memberOf=CN=Staff…)’,
‘d_filter’ => ‘(userAccountControl=514)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘group’ => ‘CN=All Users,…’,
‘group_attr’ => ‘member’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘ExternalAuthId’
=> ‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’
}
}
}
);

1;

=+=+=+=+=+=+=+=+=+
Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576
=+=+=+=+=+=+=+=+=+


RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston — March 5 & 6, 2012

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Thanks Mike and Kenn for the replies…

Kenn, I was a little overzealous when redacting out of the my example
config… my actual config has the double parenthesis at the end.
Mike, I’ve tried the both your example and a ‘(objectClass=DoesntExist)’
with no change.

Does anyone have any ideas about why I can’t see any log information from
ExternalAuth. It looks like its installed but the only log info I get is
about Web.pm.

Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576

Hmm,

Have you set ExternalAuth in your @Plugins?

Have you set your logging level to debug?On Sat, Dec 10, 2011 at 12:16 PM, Ryan Backman rbackman@georgefox.eduwrote:

Thanks Mike and Kenn for the replies…

Kenn, I was a little overzealous when redacting out of the my example
config… my actual config has the double parenthesis at the end.
Mike, I’ve tried the both your example and a ‘(objectClass=DoesntExist)’
with no change.

Does anyone have any ideas about why I can’t see any log information from
ExternalAuth. It looks like its installed but the only log info I get is
about Web.pm.

=+=+=+=+=+=+=+=+=+
Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576
=+=+=+=+=+=+=+=+=+


RT Training Sessions (http://bestpractical.com/services/training.html)

  • Boston — March 5 & 6, 2012

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Yes and Yes, Here are the configs. I can login to RT and see ExternalAuth
on the Configuration page as well.

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($LogToSyslog,‘warning’);
Set($LogToFile,‘debug’);
Set($LogToFileNamed,‘rt.log’);
Set($LogDir,‘/var/log/request-tracker3.8’);

Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576From: Mike Johnson mike.johnson@nosm.ca
To: rt-users@lists.bestpractical.com
Date: Mon, 12 Dec 2011 09:00:28 -0500
Subject: Re: [rt-users] ExternalAuth Installed but not working
Hmm,

Have you set ExternalAuth in your @Plugins?

Have you set your logging level to debug?

Here’s a twist on my inability to get ExternalAuth to log. I’ve started
developing some scripts using the REST API and I found that I will get
ExternalAuth debug information when I am creating a user.

Nice, verbose, wonderful debug information.

Unfortunatly, login attempts still only report the success or failure of
web.pm.

Any ideas?

Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576

Here’s a twist on my inability to get ExternalAuth to log. I’ve started developing some
scripts using the REST API and I found that I will get ExternalAuth debug information when I
am creating a user.
Nice, verbose, wonderful debug information.
Unfortunatly, login attempts still only report the success or failure of [1]web.pm.
Any ideas?

Your thread never seemed to contain an RT version and an
RT-Authen-ExternalAuth version. If you provided those and I missed
them, I’m sorry. Without them, I’d be guessing blindly about your
problem.

-kevin

Oops! I’m running RT 3.8.7 with ExternalAuth 0.0.9

Ryan Backman
Programmer / Analyst
George Fox University
503.554.2576
=+=+=+=+=+=+=+=+=+>