Intergration with LDAP

RT Users
21

Nelson Pereira wrote:

How do I go back to standard auth…
This is not working and im getting tight on time…

when you made your changes i hope you didnt make them in the default
file but in the second one,
blow away the secondary config file, and you should be all good.

22

Yes I did make the changes to RT_SiteConfig.pm and not RT_Config.pm
Yet, when deleting the RT_SiteConfig.pm, I still get loads of errors
saying it’s trying to use an external authentication mechanisme… like
this error when I try to login with root…(I can no longuer login to RT
because of this)…

System error

error: Can’t use an undefined value as an ARRAY reference at
/opt/rt3/local/lib/RT/User_Vendor.pm line 56.

context: …
52: $RT::Logger->debug( (caller(0))[3],
53: “Trying External authentication”);
54:
55: # Get the prioritised list of external authentication services
56: my @auth_services = @$RT::ExternalAuthPriority;
57:
58: # For each of those services…
59: foreach my $service (@auth_services) {
60:

code stack: /opt/rt3/local/lib/RT/User_Vendor.pm:56
/opt/rt3/local/lib/RT/User_Vendor.pm:359
/opt/rt3/lib/RT/CurrentUser.pm:309
/opt/rt3/share/html/autohandler:247

raw error

Nelson Pereira
Senior Network Administrator

Protus IP Solutions Inc.
npereira@protus.com
phone: 613.733.0000 ext.528
MyFax: 613.822.5083

Refer your friends and colleagues to MyFax!
Click here for more information. www.MyFax.comFrom: Chaim Rieger [mailto:chaim.rieger@gmail.com]
Sent: Tuesday, April 08, 2008 3:32 PM
To: Nelson Pereira
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Intergration with LDAP (need togo back to
standard auth…?!?)

Nelson Pereira wrote:

How do I go back to standard auth…
This is not working and im getting tight on time…

when you made your changes i hope you didnt make them in the default
file but in the second one,
blow away the secondary config file, and you should be all good.

23

Nelson Pereira wrote:

So what are you saying?

     # The filter to use to match RT-Users
     'filter'                    =>  '(cn=*)',
     # The filter that will only match disabled users
     'd_filter'                  =>  '(objectClass=*)',

???

Just how explicit do I have to be?!

Are you even reading my replies? I don’t know whether you’re just really
inexperienced in IT or just not bothering to read what I’ve written.

I gave you the EXACT lines you need:

‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

How do I go back to standard auth…

I also told you the EXACT files/folders you need to remove from your RT
installation to remove the ExternalAuth extension:

$RTHOME/share/html/Callbacks/ExternalAuth
$RTHOME/local/etc/ExternalAuth/RT_SiteConfig.pm
$RTHOME/local/lib/RT/Authen/ExternalAuth.pm
$RTHOME/local/lib/RT/User_Vendor.pm

I’m really quite a patient person, but in this case I’m just flabbergasted.

I tried removing the
Set($ExternalSettings,
But I’m getting all sorts of errors …

Of COURSE you would! You can’t just remove the config options, you need
to remove the code as I told you before.
Kind Regards,

Mike Peachey, IT
Tel: +44 (0) 114 281 2655
Fax: +44 (0) 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK

Confidential

24

I’m sorry Mike, I guess I did not read your email correctly. Truly
sorry.
I guess I was impatient to get this working right and just got
frustrated…
Now this morning, I’m more relaxed, enjoying a coffee…

So I changed what you suggested and when login in, I get this error:

System error
error: Can’t use an undefined value as an ARRAY reference at
/opt/rt3/local/lib/RT/User_Vendor.pm line 56.

context: …
52: $RT::Logger->debug( (caller(0))[3],
53: “Trying External authentication”);
54:
55: # Get the prioritised list of external authentication services
56: my @auth_services = @$RT::ExternalAuthPriority;
57:
58: # For each of those services…
59: foreach my $service (@auth_services) {
60:

code stack: /opt/rt3/local/lib/RT/User_Vendor.pm:56
/opt/rt3/local/lib/RT/User_Vendor.pm:359
/opt/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:30
/opt/rt3/share/html/Elements/Callback:85
/opt/rt3/share/html/autohandler:240
raw error

Here is the RT_SiteConfig.pm :

Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($AutoCreate, {Privileged => 1});
Set($ExternalSettings, { ‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘auth’ => 1,
‘info’ => 1,
‘server’ => ‘p02.protus.org’,
‘user’ => ‘ldapintegration’,
‘pass’ => ‘*****',
‘base’ => ‘CN=Users,DC=protus,DC=org’,
‘filter’ => '(objectClass=)’,
‘d_filter’ =>
‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘net_ldap_args’ => [ version => 3 ],
‘group’ => ‘’,
‘group_attr’ => ‘’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
‘WorkPhone’,
‘Address2’ ],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);
1;

Regards,

Nelson PereiraFrom: mpeac@jennic.com [mailto:mpeac@jennic.com] On Behalf Of Mike
Peachey
Sent: Tuesday, April 08, 2008 5:07 PM
To: Nelson Pereira
Cc: Chaim Rieger; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Intergration with LDAP

Nelson Pereira wrote:

So what are you saying?

     # The filter to use to match RT-Users
     'filter'                    =>  '(cn=*)',
     # The filter that will only match disabled users
     'd_filter'                  =>  '(objectClass=*)',

???

Just how explicit do I have to be?!

Are you even reading my replies? I don’t know whether you’re just really

inexperienced in IT or just not bothering to read what I’ve written.

I gave you the EXACT lines you need:

‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

How do I go back to standard auth…

I also told you the EXACT files/folders you need to remove from your RT
installation to remove the ExternalAuth extension:

$RTHOME/share/html/Callbacks/ExternalAuth
$RTHOME/local/etc/ExternalAuth/RT_SiteConfig.pm
$RTHOME/local/lib/RT/Authen/ExternalAuth.pm
$RTHOME/local/lib/RT/User_Vendor.pm

I’m really quite a patient person, but in this case I’m just
flabbergasted.

I tried removing the
Set($ExternalSettings,
But I’m getting all sorts of errors …

Of COURSE you would! You can’t just remove the config options, you need
to remove the code as I told you before.
Kind Regards,

Mike Peachey, IT
Tel: +44 (0) 114 281 2655
Fax: +44 (0) 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK

Confidential

25

Nelson Pereira wrote:

I’m sorry Mike, I guess I did not read your email correctly. Truly
sorry.
I guess I was impatient to get this working right and just got
frustrated…
Now this morning, I’m more relaxed, enjoying a coffee…

So I changed what you suggested and when login in, I get this error:

System error
error: Can’t use an undefined value as an ARRAY reference at
/opt/rt3/local/lib/RT/User_Vendor.pm line 56.

context: …
52: $RT::Logger->debug( (caller(0))[3],
53: “Trying External authentication”);
54:
55: # Get the prioritised list of external authentication services
56: my @auth_services = @$RT::ExternalAuthPriority;
57:
58: # For each of those services…
59: foreach my $service (@auth_services) {
60:

Here is the RT_SiteConfig.pm :

Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);

Regards,

Nelson Pereira

You’re mixing and matching config settings. You have got the above
config settings which are for Jim Meyer’s User_Local overlay, but the
settings needed for RT::Authen::ExternalAuth are not the same.

This config setting:
Set($AuthMethods, [‘LDAP’, ‘Internal’]);

Has been replaced by these:
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);

This is because Info and Auth are treated as separate services, even
though you plan to use the same service for both, and now Internal
authentication is ALWAYS checked and ALWAYS checked last so the list you
specify cannot contain Internal.

Because of this, $LdapExternalAuth and $LdapExternalInfo are both
irrelevant and not used as well as LdapAutoCreateNonLdapUsers as they
have all been replaced.

Double check what you have against the RT_SiteConfig.pm that comes with
RT::Authen::ExternalAuth. If it’s related to LDAP and is NOT in the
sample config file I provided, then it shouldn’t be in your config.
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

26

Got it working… Thanks Mike…

A question I have, can I deleted the section about the My_MySQL? Or does
the script need that section also?

And the 2 settings for groups, how does this work?

Does authentication depend on group membership? What group name?

   'group'                     =>  '',

What is the attribute for the group object that determines membership?

   'group_attr'                =>  '',

What should I put for those 2 settings?

Regards,

Nelson PereiraFrom: Mike Peachey [mailto:mike.peachey@jennic.com]
Sent: Wednesday, April 09, 2008 10:09 AM
To: Nelson Pereira
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Intergration with LDAP

Nelson Pereira wrote:

I’m sorry Mike, I guess I did not read your email correctly. Truly
sorry.
I guess I was impatient to get this working right and just got
frustrated…
Now this morning, I’m more relaxed, enjoying a coffee…

So I changed what you suggested and when login in, I get this error:

System error
error: Can’t use an undefined value as an ARRAY reference at
/opt/rt3/local/lib/RT/User_Vendor.pm line 56.

context: …
52: $RT::Logger->debug( (caller(0))[3],
53: “Trying External authentication”);
54:
55: # Get the prioritised list of external authentication services
56: my @auth_services = @$RT::ExternalAuthPriority;
57:
58: # For each of those services…
59: foreach my $service (@auth_services) {
60:

Here is the RT_SiteConfig.pm :

Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);

Regards,

Nelson Pereira

You’re mixing and matching config settings. You have got the above
config settings which are for Jim Meyer’s User_Local overlay, but the
settings needed for RT::Authen::ExternalAuth are not the same.

This config setting:
Set($AuthMethods, [‘LDAP’, ‘Internal’]);

Has been replaced by these:
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);

This is because Info and Auth are treated as separate services, even
though you plan to use the same service for both, and now Internal
authentication is ALWAYS checked and ALWAYS checked last so the list you

specify cannot contain Internal.

Because of this, $LdapExternalAuth and $LdapExternalInfo are both
irrelevant and not used as well as LdapAutoCreateNonLdapUsers as they
have all been replaced.

Double check what you have against the RT_SiteConfig.pm that comes with
RT::Authen::ExternalAuth. If it’s related to LDAP and is NOT in the
sample config file I provided, then it shouldn’t be in your config.
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

27

Nelson Pereira wrote:

Got it working… Thanks Mike…

A question I have, can I deleted the section about the My_MySQL? Or does
the script need that section also?

As per the long e-mail last night, since you are not using an External
MySQL-based Authentication service, that example config is irrelevant
and it should be removed.

And the 2 settings for groups, how does this work?

Does authentication depend on group membership? What group name?

   'group'                     =>  '',

What is the attribute for the group object that determines membership?

   'group_attr'                =>  '',

What should I put for those 2 settings?

As per the long e-mail last night, if you are restricting access to RT
to members of a specific group that’s in your LDAP server, then you need
to put the group details in there.

If you’re not doing that (and you are almost certainly not) then you
must remove both of those options from the config.
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

28

Nelson Pereira wrote:

Got it working… Thanks Mike…

I am pleased it’s working for you.

By the way, you may wish to install v0.05 over the top because a new
version was uploaded to CPAN yesterday.

http://search.cpan.org/CPAN/authors/id/Z/ZO/ZORDRAK/RT-Authen-ExternalAuth-0.05.tar.gz
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

29

Nelson Pereira wrote:

Will do…
But since I used CPAN install can I simply do the same?
Or extract the tar and copy over the files?

If it’s been installed via CPAN then just do the exact same thing again
and it will overwrite automatically.

Alternatively you can follow the manual download/install instructions
from ExternalAuth - Request Tracker Wiki

But you should never have to extract the files and manually copy them
over one-by-one.
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England