ExternalAuth isn't updating EmailAddress

Hi,

I’m running RT4.0.6 with the last ExternalAuth plugin.
It seems to be able to connect and authorize users against our LDAP, but for some reason when a new user logs in (a user that didn’t log in to the system before), it doesn’t get its Email address.
I can see a new user created in the DB, but it only gets its name.
PERL version is 5.10.

Any ideas?

RT_Siteconfig.pm:

Active Directory Integration

The order in which the services defined in ExternalSettings

should be used to authenticate users. User is authenticated

if successfully confirmed by any service - no more services

are checked.

Set($ExternalAuthPriority, [‘My_LDAP’] );

The order in which the services defined in ExternalSettings

should be used to get information about users. This includes

RealName, Tel numbers etc, but also whether or not the user

should be considered disabled.

Once user info is found, no more services are checked.

You CANNOT use a SSO cookie for authentication.

Set($ExternalInfoPriority, [‘My_LDAP’] );

If this is set to true, then the relevant packages will

be loaded to use SSL/TLS connections. At the moment,

this just means “use Net::SSLeay;”

Set($ExternalServiceUsesSSLorTLS, 0);

If this is set to 1, then users should be autocreated by RT

as internal users if they fail to authenticate from an

external service.

Set($AutoCreateNonExternalUsers, 0);

These are the full settings for each external service as a HashOfHashes

Note that you may have as many external services as you wish. They will

be checked in the order specified in the Priority directives above.

e.g.

Set($ExternalAuthPriority,[‘My_LDAP’]);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
’My_LDAP’ => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
‘type’ => ‘ldap’,
# The server hosting the service
’server’ => ‘brain.panaya.int’,
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
# The username RT should use to connect to the LDAP server
’user’ => ‘XXX’,
# The password RT should use to connect to the LDAP server
’pass’ => ‘XXX’,
# The LDAP search base
’base’ => ‘ou=Users,ou=Panaya,dc=panaya,dc=int’,
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU MUST SPECIFY A filter AND A d_filter!!
# The filter to use to match RT-Users
’filter’ => ‘(objectClass=)’,
# A catch-all example filter: '(objectClass=
)’
# The filter that will only match disabled users
’d_filter’ => ‘(objectClass=FooBarBaz)’,
# A catch-none example d_filter: ‘(objectClass=FooBarBaz)’
# Should we try to use TLS to encrypt connections?
‘tls’ => 0,
# SSL Version to provide to Net::SSLeay if using SSL
’ssl_version’ => 3,
# What other args should I pass to Net::LDAP->new($host,@args)?
‘net_ldap_args’ => [ version => 3 ],
# Does authentication depend on group membership? What group name?
#‘group’ => ‘GROUP_NAME’,
# What is the scope of the group search? (base, one, sub)
# Optional; defaults to ‘base’, which is good enough for most cases. ‘sub’ is appropriate when you have nested groups
#‘group_scope’ => ‘base’,
# What is the attribute for the group object that determines membership?
#‘group_attr’ => ‘GROUP_ATTR’,
# What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to ‘dn’)
#‘group_attr_value’ => ‘GROUP_ATTR_VALUE’,
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you can specify… I recommend reducing this
# to just the Name and EmailAddress to save encountering problems later.
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
# The mapping of RT attributes on to LDAP attributes
’attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’
}
}
}
);

From the log:
[Tue Nov 27 17:49:40 2012] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Nov 27 17:49:40 2012] [debug]: Calling UserExists with $username (tstuser) and $service (My_LDAP) (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:105)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: Password validation required for service - Executing… (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:155)
[Tue Nov 27 17:49:40 2012] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(sAMAccountName=tstuser)(objectClass=
)) == Attrs: dn (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Tue Nov 27 17:49:40 2012] [debug]: Found LDAP DN: CN=TestFirstName TestIn. TestLastName,OU=Users,OU=Panaya,DC=panaya,DC=int (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Tue Nov 27 17:49:40 2012] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): tstuser (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP password validation result: 1 (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:335)
[Tue Nov 27 17:49:40 2012] [debug]: Password Validation Check Result: 1 (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:159)
[Tue Nov 27 17:49:40 2012] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:179)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=
)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(objectClass=FooBarBaz)(sAMAccountName=tstuser)) == Attrs: uid (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:398)
[Tue Nov 27 17:49:40 2012] [warning]: Couldn’t enable user 65117 (/opt/rt4/sbin/…/lib/RT/User.pm:1066)
[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $val in concatenation (.) or string at /opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $message in concatenation (.) or string at /opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [info]: User marked as ENABLED ( tstuser ) per External Service (, ) (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: RT::Authen::ExternalAuth::UpdateUserInfo SetName Failed. That is already the current value (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:302)
[Tue Nov 27 17:49:40 2012] [debug]: UPDATED user ( tstuser ) from External Service (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:308)
[Tue Nov 27 17:49:40 2012] [info]: Successful login for tstuser from 10.100.0.34 (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:219)
[Tue Nov 27 17:49:40 2012] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)

Karmi Simonov | System AdministratorTEL +972.9.7618000 EXT. 148 | FAX +972.9.7467901 | karmi@panayainc.commailto:karmi@panayainc.com
PANAYA Making ERP Easy | www.panayainc.comhttp://www.panayainc.com

I’m running RT4.0.6 with the last ExternalAuth plugin.

Please check your ExternalAuth version in Tools -> Configuration -> Tools ->
System Configuration, your debug lines don’t line up with the latest
version.

-kevin

RT::Authen::ExternalAuth is at 0.08.

Karmi.-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: 28 November 2012 05:04
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] ExternalAuth isn’t updating EmailAddress

On Tue, Nov 27, 2012 at 05:54:51PM +0000, Karmi Simonov wrote:

I’m running RT4.0.6 with the last ExternalAuth plugin.

Please check your ExternalAuth version in Tools → Configuration → Tools → System Configuration, your debug lines don’t line up with the latest version.

-kevin

RT::Authen::ExternalAuth is at 0.08.

The current release of RT-Authen-ExternalAuth is 0.12
Try that version.

-kevin