andrew fay wrote:

Hi Mike,

I was trying to get in to the irc room but my workplace’s firewall is
preventing this at the moment so until I can get access into the router
I cannot do that at the moment unfortunatly!

Ok.

I am pretty much following the guide for new installs half way down the
page -

Might I recommend that you give my extension a go instead? I’m certainly
better placed to help you with it. In case it’s not clear enough, the
LDAP page on the wiki contains three solutions. Apache Auth, My
Extension and Jim Meyer’s overlay code on which my extension is based.

I installed RT via the Synaotic package manager as I am learning to use
linux as I go,

This is generally not the best way to do it as it also means you are a
couple of versions out of date, but it will still work.

What is the excat line I need to put in RT_SiteConfig.pm for the log ?

Set($LogToSyslog, ‘’);
Set($LogToFile, ‘debug’);
Set($LogDir, ‘/var/log/rt’);
Set($LogToFileNamed , “rt.log”);

These can be found in RT_Config.pm which you should review as soon as
you can as it contains all of the options you can set. RT_SiteConfig.pm
is just used to override the defaults in RT_Config.pm

I never had a LogToFileNamed variable in there to begin with for some
reason ?

Because you didn’t put one in there yourself. RT_SiteConfig.pm depends
on you to make the necessary overrides from RT_Config.pm

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

andrew fay wrote:

oh i think i misunderstood the method part there,

I have

Set($AuthMethods, [‘LDAP’, ‘Internal’]);

Set up as my method, is this ok to access another machine with active
directory on our internal network ?

Yes, but it’s not what I meant by method… see the post I just fired off
a second a go (when it turns up on the list) regarding the three methods
on the LDAP wiki page.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

Hi Mike,

I have installed the ExternalAuth extention,

I now get this error on trying to log in :

What do you think ?

Cheers,

Andy
System error

error:
install_driver(DBI_DRIVER)
failed: Can’t locate DBD/DBI_DRIVER.pm in @INC (@INC contains:
/usr/local/share/request-tracker3.6/lib
/usr/share/request-tracker3.6/lib /etc/perl /usr/local/lib/perl/5.8.8
/usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .
/etc/apache2) at (eval 279) line 3.

Stack:
[(eval 279):3]
[/usr/lib/perl5/DBI.pm:614]
[/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:1088]
[/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:760]
[/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:61]
[/usr/share/request-tracker3.6/html/Elements/Callback:85]
[/usr/share/request-tracker3.6/html/autohandler:240]
Perhaps the DBD::DBI_DRIVER perl module hasn’t been fully installed,
or perhaps the capitalisation of ‘DBI_DRIVER’ isn’t right.
Available drivers: DBM, ExampleP, File, Gofer, Pg, Proxy, Sponge, mysql.
at /usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm line 1088

context:

 ... 
 




 98: 
 # whether they should generate a full stack trace (confess() and cluck())



 99: 
 # or simply report the caller's package (croak() and carp()), respectively.



 100: 
 # confess() and croak() die, carp() and cluck() warn.



 101: 
 




 102: 
 sub croak   { die  shortmess @_ }



 103: 
 sub confess { die  longmess  @_ }



 104: 
 sub carp    { warn shortmess @_ }



 105: 
 sub cluck   { warn longmess  @_ }



 106: 
 




 ... 

code stack:

    /usr/share/perl/5.8/Carp.pm:102

    /usr/lib/perl5/DBI.pm:768

    /usr/lib/perl5/DBI.pm:614

    /usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:1088

    /usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:760

    /usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:61

    /usr/share/request-tracker3.6/html/Elements/Callback:85

    /usr/share/request-tracker3.6/html/autohandler:240

raw error

Date: Thu, 3 Apr 2008 11:40:29 +0100
From: mike.peachey@jennic.com
To: andrew.fay@hotmail.co.uk; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP

andrew fay wrote:

oh i think i misunderstood the method part there,

I have

Set($AuthMethods, [‘LDAP’, ‘Internal’]);

Set up as my method, is this ok to access another machine with active
directory on our internal network ?

Yes, but it’s not what I meant by method… see the post I just fired off
a second a go (when it turns up on the list) regarding the three methods
on the LDAP wiki page.

–
Kind Regards,

---

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

---

Amazing prizes every hour with Live Search Big Snap
http://www.bigsnapsearch.com

andrew fay wrote:

Hi Mike,

I have installed the ExternalAuth extention,

I now get this error on trying to log in :

What do you think ?

It would appear that you haven’t modified the ExternalSettings from the
default.

You need to remove the example MySQL configuration.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

Hi,

I just left that there for reference, but it is removed now… almost there,

When I log in with an active directory user now i am getting this in the RT.log

[Thu Apr 3 13:19:43 2008] [debug]: Attempting to use external auth
service: My_LDAP
(/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:63)

[Thu Apr 3 13:19:48 2008] [critical]: RT::User::_GetBoundLdapObj :
Cannot connect to albex.albyn.local
(/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:1026)

[Thu Apr 3 13:19:48 2008] [info]: RT::User::IsExternalPassword
External Auth Failed: fjones
(/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:294)

[Thu Apr 3 13:19:48 2008] [debug]: RT::User::IsPassword External auth
FAILED (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:360)

[Thu Apr 3 13:19:48 2008] [info]: RT::User::IsInternalPassword AUTH
FAILED (no passwd): fjones
(/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:305)

[Thu Apr 3 13:19:48 2008] [debug]: RT::User::IsPassword Internal auth
FAILED (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:366)

albex being the server that active directory is on and albyn.local being the domain,

my ldap settings are :

{ # AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
‘type’ => ‘ldap’,
# Should the service be used for authentication?
‘auth’ => 1,
# Should the service be used for information?
‘info’ => 1,
# The server hosting the service
‘server’ => ‘albex.albyn.local’,
## SERVICE-SPECIFIC SECTION
# The LDAP search base
‘base’ => ‘ou=aber,dc=albyn,dc=local’,
# The filter to use to match RT-Users
‘filter’ => ‘(FILTER_STRING)’,
# The filter that will only match disabled users
‘d_filter’ => ‘(FILTER_STRING)’,
# Should we try to use TLS to encrypt connections?
‘tls’ => 0,
# What other args should I pass to Net::LDAP->new($host,@args)?
‘net_ldap_args’ => [ version => 3 ],
# Does authentication depend on group membership? What group name?
‘group’ => ‘GROUP_NAME’,
# What is the attribute for the group object that determines membership?
‘group_attr’ => ‘GROUP_ATTR’,
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
‘WorkPhone’,
‘Address2’
],
# The mapping of RT attributes on to LDAP attributes
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}

Thanks for the help,

It is much appreciated I am quite new to all of this!

Andy

Date: Thu, 3 Apr 2008 14:03:58 +0100
From: mike.peachey@jennic.com
To: andrew.fay@hotmail.co.uk; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP

andrew fay wrote:

Hi Mike,

I have installed the ExternalAuth extention,

I now get this error on trying to log in :

What do you think ?

It would appear that you haven’t modified the ExternalSettings from the
default.

You need to remove the example MySQL configuration.

–
Kind Regards,

---

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

---

Get Hotmail on your mobile. Text MSN to 63463 now!
http://mobile.uk.msn.com/pc/mail.aspx

I think our server requires a user to authenticate before performing LDAP searches… where can I enter this info ?

Cheers,

Andy

Date: Thu, 3 Apr 2008 14:03:58 +0100
From: mike.peachey@jennic.com
To: andrew.fay@hotmail.co.uk; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP

andrew fay wrote:

Hi Mike,

I have installed the ExternalAuth extention,

I now get this error on trying to log in :

What do you think ?

It would appear that you haven’t modified the ExternalSettings from the
default.

You need to remove the example MySQL configuration.

–
Kind Regards,

---

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

---

Win 100’s of Virgin Experience days with BigSnapSearch.com
http://www.bigsnapsearch.com

andrew fay wrote:

Hi,

I just left that there for reference, but it is removed now… almost there,

When I log in with an active directory user now i am getting this in the
RT.log

[Thu Apr 3 13:19:43 2008] [debug]: Attempting to use external auth
service: My_LDAP
(/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:63)
[Thu Apr 3 13:19:48 2008] [critical]: RT::User::_GetBoundLdapObj :
Cannot connect to albex.albyn.local

The problem ^^

my ldap settings are :

The filter to use to match RT-Users

‘filter’ => ‘(FILTER_STRING)’,

The filter that will only match disabled users

‘d_filter’ => ‘(FILTER_STRING)’,

You must replace FILTER_STRING with a valid LDAP filter.

For Active Directory where you want all users to match and disabled
users in active directory should be disabled in RT:

‘filter’ => ‘(objectclass=Person)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

Does authentication depend on group membership? What group name?

‘group’ => ‘GROUP_NAME’,

What is the

attribute for the group object that determines membership?

‘group_attr’ => ‘GROUP_ATTR’,

If you don’t plan on using the group attributes, you should remove them
from the config altogether.

I think our server requires a user to authenticate before performing
LDAP searches… where can I enter this info ?

It seems I forgot to add these to the default config as our server
allows anonymous searches.

inside the ldap config, add lines for user and pass:

‘user’ => ‘ldap_username_for_rt’,
‘pass’ => ‘ldap_password_for_rt’,

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

Mike Peachey wrote:

andrew fay wrote:

It seems I forgot to add these to the default config as our server
allows anonymous searches.

RT-Authen-ExternalAuth-0.04 has just been uploaded to CPAN with the new
example config options, although it’s of little use to you now

I have credited you in the changelog though

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

heh,

I am still trying to get this set up! looking good though,

cheers,

Date: Thu, 3 Apr 2008 15:22:38 +0100
From: mike.peachey@jennic.com
To: andrew.fay@hotmail.co.uk
CC: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP

Mike Peachey wrote:

andrew fay wrote:

It seems I forgot to add these to the default config as our server
allows anonymous searches.

RT-Authen-ExternalAuth-0.04 has just been uploaded to CPAN with the new
example config options, although it’s of little use to you now

I have credited you in the changelog though

–
Kind Regards,

---

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

---

Get Hotmail on your mobile. Text MSN to 63463 now!
http://mobile.uk.msn.com/pc/mail.aspx

andrew fay wrote:

got it working!

now we have a new IT support system!

many thanks,

No problem. I’m so pleased my extension has been helpful.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England