Hi,
I’m running RT4.0.6 with the last ExternalAuth plugin.
It seems to be able to connect and authorize users against our LDAP, but for some reason when a new user logs in (a user that didn’t log in to the system before), it doesn’t get its Email address.
I can see a new user created in the DB, but it only gets its name.
PERL version is 5.10.
Any ideas?
RT_Siteconfig.pm:
Active Directory Integration
The order in which the services defined in ExternalSettings
should be used to authenticate users. User is authenticated
if successfully confirmed by any service - no more services
are checked.
Set($ExternalAuthPriority, [‘My_LDAP’] );
The order in which the services defined in ExternalSettings
should be used to get information about users. This includes
RealName, Tel numbers etc, but also whether or not the user
should be considered disabled.
Once user info is found, no more services are checked.
You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, [‘My_LDAP’] );
If this is set to true, then the relevant packages will
be loaded to use SSL/TLS connections. At the moment,
this just means “use Net::SSLeay;”
Set($ExternalServiceUsesSSLorTLS, 0);
If this is set to 1, then users should be autocreated by RT
as internal users if they fail to authenticate from an
external service.
Set($AutoCreateNonExternalUsers, 0);
These are the full settings for each external service as a HashOfHashes
Note that you may have as many external services as you wish. They will
be checked in the order specified in the Priority directives above.
e.g.
Set($ExternalAuthPriority,[‘My_LDAP’]);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
‘type’ => ‘ldap’,
# The server hosting the service
‘server’ => ‘brain.panaya.int’,
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
# The username RT should use to connect to the LDAP server
‘user’ => ‘XXX’,
# The password RT should use to connect to the LDAP server
‘pass’ => ‘XXX’,
# The LDAP search base
‘base’ => ‘ou=Users,ou=Panaya,dc=panaya,dc=int’,
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU MUST SPECIFY A filter AND A d_filter!!
# The filter to use to match RT-Users
‘filter’ => ‘(objectClass=)',
# A catch-all example filter: '(objectClass=)’
# The filter that will only match disabled users
‘d_filter’ => ‘(objectClass=FooBarBaz)’,
# A catch-none example d_filter: ‘(objectClass=FooBarBaz)’
# Should we try to use TLS to encrypt connections?
‘tls’ => 0,
# SSL Version to provide to Net::SSLeay if using SSL
‘ssl_version’ => 3,
# What other args should I pass to Net::LDAP->new($host,@args)?
‘net_ldap_args’ => [ version => 3 ],
# Does authentication depend on group membership? What group name?
#‘group’ => ‘GROUP_NAME’,
# What is the scope of the group search? (base, one, sub)
# Optional; defaults to ‘base’, which is good enough for most cases. ‘sub’ is appropriate when you have nested groups
#‘group_scope’ => ‘base’,
# What is the attribute for the group object that determines membership?
#‘group_attr’ => ‘GROUP_ATTR’,
# What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to ‘dn’)
#‘group_attr_value’ => ‘GROUP_ATTR_VALUE’,
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you can specify… I recommend reducing this
# to just the Name and EmailAddress to save encountering problems later.
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
# The mapping of RT attributes on to LDAP attributes
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’
}
}
}
);
From the log:
[Tue Nov 27 17:49:40 2012] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Nov 27 17:49:40 2012] [debug]: Calling UserExists with $username (tstuser) and $service (My_LDAP) (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:105)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: Password validation required for service - Executing… (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:155)
[Tue Nov 27 17:49:40 2012] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(sAMAccountName=tstuser)(objectClass=)) == Attrs: dn (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Tue Nov 27 17:49:40 2012] [debug]: Found LDAP DN: CN=TestFirstName TestIn. TestLastName,OU=Users,OU=Panaya,DC=panaya,DC=int (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Tue Nov 27 17:49:40 2012] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): tstuser (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:139)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP password validation result: 1 (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:335)
[Tue Nov 27 17:49:40 2012] [debug]: Password Validation Check Result: 1 (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:159)
[Tue Nov 27 17:49:40 2012] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:179)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: UserExists params:
username: tstuser , service: My_LDAP (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=)(sAMAccountName=tstuser)) == Attrs: mail,sAMAccountName (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Nov 27 17:49:40 2012] [debug]: LDAP Search === Base: ou=Users,ou=Panaya,dc=panaya,dc=int == Filter: (&(objectClass=*)(objectClass=FooBarBaz)(sAMAccountName=tstuser)) == Attrs: uid (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth/LDAP.pm:398)
[Tue Nov 27 17:49:40 2012] [warning]: Couldn’t enable user 65117 (/opt/rt4/sbin/…/lib/RT/User.pm:1066)
[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $val in concatenation (.) or string at /opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [warning]: Use of uninitialized value $message in concatenation (.) or string at /opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm line 274. (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [info]: User marked as ENABLED ( tstuser ) per External Service (, ) (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:274)
[Tue Nov 27 17:49:40 2012] [debug]: RT::Authen::ExternalAuth::UpdateUserInfo SetName Failed. That is already the current value (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:302)
[Tue Nov 27 17:49:40 2012] [debug]: UPDATED user ( tstuser ) from External Service (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:308)
[Tue Nov 27 17:49:40 2012] [info]: Successful login for tstuser from 10.100.0.34 (/opt/rt4/sbin/…/local/lib/RT/Authen/ExternalAuth.pm:219)
[Tue Nov 27 17:49:40 2012] [debug]: Autohandler called ExternalAuth. Response: (1, Successful login) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
Karmi Simonov | System AdministratorTEL +972.9.7618000 EXT. 148 | FAX +972.9.7467901 | karmi@panayainc.commailto:karmi@panayainc.com
PANAYA Making ERP Easy | www.panayainc.comhttp://www.panayainc.com