Implementing LDAP Authentication in RT 4.0.2

I have yet to find some definitive documentation on implementing LDAP authentication in RT 4.0.x. I found this wiki: http://requesttracker.wikia.com/wiki/LdapSiteConfigSettings

I’ve also found a lot of other things related to outdated, very early 3.x, versions of RT. I would appreciate if anyone could assist in pointing me in the right direction.

Thanks,
Izz

I have yet to find some definitive documentation on implementing LDAP authentication in RT
4.0.x. I found this wiki: [1]http://requesttracker.wikia.com/wiki/LdapSiteConfigSettings

I’ve also found a lot of other things related to outdated, very early 3.x, versions of RT. I
would appreciate if anyone could assist in pointing me in the right direction.

You appear to have found another wildly out of date wiki page.
Thanks, I’ve added the appropriate category.

If you review:

It points at the relevant options.

RT-Authen-ExternalAuth 0.09 or mod_auth_kerb work fine with RT4

-kevin

Thanks a ton. I got this installed and tweaked the RT_SiteConfig file, but I get the following error:
Can’t use string (“My_LDAP”) as an ARRAY ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 55.

If I comment the use strict; out of the ExternalAuth perl directive, then I can access RT, but not utilizing LDAP. Any ideas?-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Thursday, September 15, 2011 2:47 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

On Thu, Sep 15, 2011 at 02:04:18PM -0500, Izz Abdullah wrote:

I have yet to find some definitive documentation on implementing LDAP authentication in RT
4.0.x. I found this wiki: [1]http://requesttracker.wikia.com/wiki/LdapSiteConfigSettings

I’ve also found a lot of other things related to outdated, very early 3.x, versions of RT. I
would appreciate if anyone could assist in pointing me in the right direction.

You appear to have found another wildly out of date wiki page.
Thanks, I’ve added the appropriate category.

If you review:

It points at the relevant options.

RT-Authen-ExternalAuth 0.09 or mod_auth_kerb work fine with RT4

-kevin

So I have checked a few things and am still stumped. The Net::LDAP and child modules are loaded, and so is the RT::Authen::ExternalAuth. The log file is NOT being generated in [RTHOME]/var/log…the directory is empty, so I can’t see what the LDAP module is ‘spitting out’. Do I need to turn on debugging somewhere for LDAP authentication so I can at least see why I am not able to login? I’ve tried various login types (email address, AD login ID, and even DOMAIN\loginID with my AD credentials and it says ‘invalid username or password’. I am still able to login with the root account, and I don’t have any other accounts setup yet on this install (we will migrate our 3.8.4 mysql db to this installation once we’ve tweaked it).

I would appreciate some direction, or what I need to post here for direction…something to keep me from pulling the rest of my hair out. =)From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Thursday, September 15, 2011 4:50 PM
To: 'rt-users@lists.bestpractical.com’
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Thanks a ton. I got this installed and tweaked the RT_SiteConfig file, but I get the following error:
Can’t use string (“My_LDAP”) as an ARRAY ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 55.

If I comment the use strict; out of the ExternalAuth perl directive, then I can access RT, but not utilizing LDAP. Any ideas?

Thanks a ton. I got this installed and tweaked the RT_SiteConfig file, but I get the following error:
Can’t use string (“My_LDAP”) as an ARRAY ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 55.

Your config is wrong, but since you haven’t posted it we can’t tell
you how it is wrong.

-kevin

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, ‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘blankedout.hibbett.com’,
‘user’ => ‘blankedout’,
‘pass’ => ‘blankedout’,
‘base’ => ‘ou=blankedout,dc=blankedout,dc=hibbett,dc=com’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(objectClass=NoOneAtALL)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’ ],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
);

Why is the attr_match_list utilizing [] when the attr_map is utilizing {}?From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 9:27 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Thanks a ton. I got this installed and tweaked the RT_SiteConfig file, but I get the following error:
Can’t use string (“My_LDAP”) as an ARRAY ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 55.

Your config is wrong, but since you haven’t posted it we can’t tell you how it is wrong.

-kevin

If I comment the use strict; out of the ExternalAuth perl directive, then I can access RT, but not utilizing LDAP. Any ideas?

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Thursday, September 15, 2011 2:47 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

I have yet to find some definitive documentation on implementing LDAP authentication in RT
4.0.x. I found this wiki:
[1]http://requesttracker.wikia.com/wiki/LdapSiteConfigSettings

I’ve also found a lot of other things related to outdated, very early 3.x, versions of RT. I
would appreciate if anyone could assist in pointing me in the right direction.

You appear to have found another wildly out of date wiki page.
Thanks, I’ve added the appropriate category.

If you review:
http://requesttracker.wikia.com/wiki/LDAP

It points at the relevant options.

RT-Authen-ExternalAuth 0.09 or mod_auth_kerb work fine with RT4

-kevin

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single
item. Make sure you also keep the closing ].

-kevin

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

Line 63 is:
my $config = $RT::ExternalSettings->{$service};-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

On Fri, Sep 16, 2011 at 09:51:11AM -0500, Izz Abdullah wrote:

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your
config. Go look at your version of ExternalSettings as compared to
the sample.

-kevin

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:33 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]); Set($ExternalInfoPriority,
[‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, ‘My_LDAP’ => {

to the version in the example siteconfig

You’re missing an important character (and an important closing
character).

-kevin

Ok…so I found the missing opening braces. I truly appreciate your help Kevin! When staring at code for so long, it needs another set of eyes. :wink:

I changed it, and have refreshed the login page, it’s been in the 'waiting for ’ for quite some time now. I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time). I’ll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)

Thanks again!From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, ‘My_LDAP’ => {

to the version in the example siteconfig

You’re missing an important character (and an important closing character).

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:33 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]); Set($ExternalInfoPriority,
[‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

RT Training Sessions
(http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

I hate to do this…but now, it is timing out with communication to fast CGI. I can only see this in apache logs, I can’t see anything in RT logs (they are not being created). How can I turn debugging off so that I can see what else is going on? Why would the changes in authentication affect FCGI?From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:08 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I found the missing opening braces. I truly appreciate your help Kevin! When staring at code for so long, it needs another set of eyes. :wink:

I changed it, and have refreshed the login page, it’s been in the 'waiting for ’ for quite some time now. I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time). I’ll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)

Thanks again!

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, ‘My_LDAP’ => {

to the version in the example siteconfig

You’re missing an important character (and an important closing character).

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:33 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]); Set($ExternalInfoPriority,
[‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

RT Training Sessions
(http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

Another stupid typo. My apologies to everyone on the list.From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:18 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

I hate to do this…but now, it is timing out with communication to fast CGI. I can only see this in apache logs, I can’t see anything in RT logs (they are not being created). How can I turn debugging off so that I can see what else is going on? Why would the changes in authentication affect FCGI?

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:08 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I found the missing opening braces. I truly appreciate your help Kevin! When staring at code for so long, it needs another set of eyes. :wink:

I changed it, and have refreshed the login page, it’s been in the 'waiting for ’ for quite some time now. I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time). I’ll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)

Thanks again!

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, ‘My_LDAP’ => {

to the version in the example siteconfig

You’re missing an important character (and an important closing character).

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:33 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]); Set($ExternalInfoPriority,
[‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

RT Training Sessions
(http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

So I had a typo causing the timeout, but I am still unable to get LDAP authentication to work. I am sure it is a configuration issue, as I can login with the mysql db root account just fine. I can’t find detailed documentation on what each of the arguments takes, so I am posting my config back here for some assistance. I am also receiving in the apache logs
"syntax error at [RTHOME]/etc/RT_SiteConfig.pm line xx, near “}”
"Missing right curly or square bracket at …"
Everything is open and closed below, correct? I thought this was odd…

Is there any way possible for me to see a debugging log of RT trying (or not trying) to talk to our AD server?

Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);

Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, { ‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘..hibbett.com’,
#temporarily commented this out
#‘user’ => ‘’,
#‘pass’ => '
’,
‘base’ => ‘ou=,dc=,dc=hibbett,dc=com’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(objectClass=NoOneAtALL)’,
#not using tls or ssl
#‘tls’ => 0,
#‘ssl_version’ => 3,
#I don’t know what the ldap args should be…is this in the net::ldap perl module?
#‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’ ],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
);From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:18 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

I hate to do this…but now, it is timing out with communication to fast CGI. I can only see this in apache logs, I can’t see anything in RT logs (they are not being created). How can I turn debugging off so that I can see what else is going on? Why would the changes in authentication affect FCGI?

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:08 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I found the missing opening braces. I truly appreciate your help Kevin! When staring at code for so long, it needs another set of eyes. :wink:

I changed it, and have refreshed the login page, it’s been in the 'waiting for ’ for quite some time now. I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time). I’ll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)

Thanks again!

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, ‘My_LDAP’ => {

to the version in the example siteconfig

You’re missing an important character (and an important closing character).

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:33 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]); Set($ExternalInfoPriority,
[‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

RT Training Sessions
(http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

Actually during the paste operation I did miss one ‘}’ at the end, but it is there in my config file.From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Monday, September 19, 2011 8:41 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

So I had a typo causing the timeout, but I am still unable to get LDAP authentication to work. I am sure it is a configuration issue, as I can login with the mysql db root account just fine. I can’t find detailed documentation on what each of the arguments takes, so I am posting my config back here for some assistance. I am also receiving in the apache logs
"syntax error at [RTHOME]/etc/RT_SiteConfig.pm line xx, near “}”
"Missing right curly or square bracket at …"
Everything is open and closed below, correct? I thought this was odd…

Is there any way possible for me to see a debugging log of RT trying (or not trying) to talk to our AD server?

Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);

Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, { ‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘..hibbett.com’,
#temporarily commented this out
#‘user’ => ‘’,
#‘pass’ => '
’,
‘base’ => ‘ou=,dc=,dc=hibbett,dc=com’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(objectClass=NoOneAtALL)’,
#not using tls or ssl
#‘tls’ => 0,
#‘ssl_version’ => 3,
#I don’t know what the ldap args should be…is this in the net::ldap perl module?
#‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’ ],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
);

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:18 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

I hate to do this…but now, it is timing out with communication to fast CGI. I can only see this in apache logs, I can’t see anything in RT logs (they are not being created). How can I turn debugging off so that I can see what else is going on? Why would the changes in authentication affect FCGI?

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Izz Abdullah
Sent: Friday, September 16, 2011 11:08 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I found the missing opening braces. I truly appreciate your help Kevin! When staring at code for so long, it needs another set of eyes. :wink:

I changed it, and have refreshed the login page, it’s been in the 'waiting for ’ for quite some time now. I can deal with that as it is probably a query to LDAP caching out (correct me if I am wrong, as I would like to have an overview of the inner-workings some time). I’ll look through the code to see exactly what it does when I have the time, for now I just need to get it to work, just once will be nice for the boss. =)

Thanks again!

From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Friday, September 16, 2011 10:44 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

The comma is no longer there. The only thing I stripped was only using LDAP as an external source, the mysql db resides locally and is defined elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the two GROUP mappings.

Go compare your line

Set($ExternalSettings, ‘My_LDAP’ => {

to the version in the example siteconfig

You’re missing an important character (and an important closing character).

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:33 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Ok…so I changed it to:
Set($ExternalAuthPriority, [‘My_LDAP’]); Set($ExternalInfoPriority,
[‘My_LDAP’]);

#and for weird one off testing, since it is a list, I even tried [‘My_LDAP’,]; by adding a comma to denote a list of one item.

The comma is irrelevant and unnecessary.

I am still receiving “Can’t use string (“My_LDAP”) as a HASH ref while “strict refs” in use at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 63.”

You stripped even more things when copying from the example to your config. Go look at your version of ExternalSettings as compared to the sample.

-kevin

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone
Sent: Friday, September 16, 2011 10:07 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2

Here is the LDAP config porting in my RT_SiteConfig file:

Set($ExternalAuthPriority, ‘My_LDAP’);

Set($ExternalInfoPriority, ‘My_LDAP’);

Those aren’t correct. From the example config:

Set($ExternalAuthPriority, [ ‘My_LDAP’,

The [ is important, you’re returning a list of 1 item, not a single item. Make sure you also keep the closing ].

-kevin

RT Training Sessions
(http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011

RT Training Sessions (http://bestpractical.com/services/training.html)

  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011
    RT Training Sessions (http://bestpractical.com/services/training.html)
  • Chicago, IL, USA September 26 & 27, 2011
  • San Francisco, CA, USA October 18 & 19, 2011
  • Washington DC, USA October 31 & November 1, 2011
  • Melbourne VIC, Australia November 28 & 29, 2011
  • Barcelona, Spain November 28 & 29, 2011