Issues with RTExternalAuth

Hi every one.

I try to run a RT 4.4.0.

The

RT::Authen::ExternalAuth

don’t seem to work correctly.

I already check on this mailing list, and try the patch I seem. Nothing
seem to work correctly.

Here my RT_SiteConfig.pm

Set($WebExternalAuth, 1 );
Set($ExternalAuthPriority, [‘PLM’]);
Set($ExternalInfoPriority, [‘PLM’]);
Set($ExternalServiceUsesSSLorTLS, ‘0’);
Set($AutoCreateNonExternalUsers, ‘1’);
Set($ExternalSettings, { ‘PLM’ => { ‘type’ => ‘ldap’,
‘server’ => ‘’,
‘user’ => 'uid=nss,o=
’,
‘pass’ => ‘’,
‘base’ => '
’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘’,
‘tls’ => ‘0’,
‘ssl_version’ => ‘3’,
‘net_ldap_args’ => [ ‘version => 3’, ],
‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ],
‘attr_map’ => { ‘Name’ => ‘mail’, ‘EmailAddress’ => ‘mail’, ‘Organization’ => ‘ou’, ‘RealName’ => ‘displayName’, ‘WorkPhone’ => ‘telephoneNumber’, ‘City’ => ‘l’, },
}});

in that case I can authenticate in local without problem. But not against
my LDAP server.

If I add a

Set($ExternalAuth, 1 );

I can’t authenticate at all (either local or LDAP) and I get something like :

Jun 30 14:22:37 rt RT: [5913] Expected ‘PeerHost’ at /usr/local/lib/perl5/site_perl/Net/LDAP.pm line 164. Stack: [/usr/local/lib/perl5/site_perl/Carp.pm:167] [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:485] [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:386] [/usr/local/lib/perl5/5.20/mach/IO/Socket.pm:49] [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:353] [/usr/local/lib/perl5/site_perl/Net/LDAP.pm:164] [/usr/local/lib/perl5/site_perl/Net/LDAP.pm:122] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:646] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:510] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:581] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:328] [/usr/local/share/rt44/html/Elements/DoAuth:57] [/usr/local/lib/perl5/site_perl/RT/Interface/Web.pm:308] [/usr/local/share/rt44/html/autohandler:53]

I running a RT 4.4.0 under FreeBSD.

Any idea ?

Regards

JAS
Albert SHIH
DIO b�timent 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
T�l�phone : +33 1 45 07 76 26/+33 6 86 69 95 71
xmpp: jas@obspm.fr
Heure local/Local time:
jeu 30 jui 2016 14:24:34 CEST

try Enable the ExternalAuth adding below

Set($ExternalAuth, 1);

Regards,

DavisFrom: rt-users rt-users-bounces@lists.bestpractical.com on behalf of Albert Shih Albert.Shih@obspm.fr
Sent: Thursday, June 30, 2016 6:00:26 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Issues with RTExternalAuth

Hi every one.

I try to run a RT 4.4.0.

The

RT::Authen::ExternalAuth

don’t seem to work correctly.

I already check on this mailing list, and try the patch I seem. Nothing
seem to work correctly.

Here my RT_SiteConfig.pm

Set($WebExternalAuth, 1 );
Set($ExternalAuthPriority, [‘PLM’]);
Set($ExternalInfoPriority, [‘PLM’]);
Set($ExternalServiceUsesSSLorTLS, ‘0’);
Set($AutoCreateNonExternalUsers, ‘1’);
Set($ExternalSettings, { ‘PLM’ => { ‘type’ => ‘ldap’,
‘server’ => ‘’,
‘user’ => 'uid=nss,o=
’,
‘pass’ => ‘’,
‘base’ => '
’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘’,
‘tls’ => ‘0’,
‘ssl_version’ => ‘3’,
‘net_ldap_args’ => [ ‘version => 3’, ],
‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ],
‘attr_map’ => { ‘Name’ => ‘mail’, ‘EmailAddress’ => ‘mail’, ‘Organization’ => ‘ou’, ‘RealName’ => ‘displayName’, ‘WorkPhone’ => ‘telephoneNumber’, ‘City’ => ‘l’, },
}});

in that case I can authenticate in local without problem. But not against
my LDAP server.

If I add a

Set($ExternalAuth, 1 );

I can’t authenticate at all (either local or LDAP) and I get something like :

Jun 30 14:22:37 rt RT: [5913] Expected ‘PeerHost’ at /usr/local/lib/perl5/site_perl/Net/LDAP.pm line 164. Stack: [/usr/local/lib/perl5/site_perl/Carp.pm:167] [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:485] [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:386] [/usr/local/lib/perl5/5.20/mach/IO/Socket.pm:49] [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:353] [/usr/local/lib/perl5/site_perl/Net/LDAP.pm:164] [/usr/local/lib/perl5/site_perl/Net/LDAP.pm:122] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:646] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:510] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:581] [/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:328] [/usr/local/share/rt44/html/Elements/DoAuth:57] [/usr/local/lib/perl5/site_perl/RT/Interface/Web.pm:308] [/usr/local/share/rt44/html/autohandler:53]

I running a RT 4.4.0 under FreeBSD.

Any idea ?

Regards

JAS
Albert SHIH
DIO bâtiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
Téléphone : +33 1 45 07 76 26/+33 6 86 69 95 71
xmpp: jas@obspm.fr
Heure local/Local time:
jeu 30 jui 2016 14:24:34 CEST
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Los Angeles - September, 2016
    FCM Travel Solutions is one of the largest corporate travel management companies in the world. We are represented in over 90 countries with staff strength of over 6,500. Our work has been officially recognized at the esteemed World Travel Awards, earning us the title of World’s Leading Travel Management Company for five consecutive years in 2011, 2012, 2013, 2014 & 2015. Visit us at www.in.fcm.travel

This is what I use to auth against ldap and local.
(left out the ldap section ofcourse…

User Authentication

Set($ExternalAuth, 1);

Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalAuthPriority,[‘My_LDAP’]);

Set($ExternalSettings, {
‘My_LDAP’ => { ## GENERIC SECTION

Regards,

Tom

Plugin( “RT::Extension::LDAPImport” );

Uncomment for debug

#Set($LogToSyslog, ‘debug’);
Set( $DatabaseRequireSSL, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $WebDomain, ‘rt.domain_name.com’ );
Set( $WebPort, ‘80’ );
Set( $rtname, ‘DOMAIN_NAME’ ); # or whatever you plan to name the site

Email

Set( $CommentAddress, ‘rt-comments@domain_name.com’ );
Set( $CorrespondAddress, ‘rt-correspondance@domain_name.com’ );

DB config

Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseUser, ‘db_user_name’ );
Set( $Organization, ‘’ );
Set( $OwnerEmail, ‘email_address@domain_name.com’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );

My server is running on port 443, leaving the port 80 lines as reference

#Set(@ReferrerWhitelist, qw(rt:80 rt.domain_name.com:80));
Set(@ReferrerWhitelist, qw(rt.domain_name.com:443));

LDAP Configurations

LDAP Authentication

Set( @Plugins, qw(RT::Authen::ExternalAuth RT::Extension::LDAPImport));

LDAP USER IMPORT

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);
Set($LDAPHost,‘domain_name.com’);
Set($LDAPUser,‘domain_name\ldapreader’);
Set($LDAPPassword,‘your_ldapreader_password_here’);
#my base OU for users, yours will probably differ
Set($LDAPBase,‘ou=users,ou=services,dc=domain_name,dc=com’);
Set($LDAPFilter, ‘(&(objectClass=person))’);
Set($LDAPMapping, {
Name => ‘sAMAccountName’,
EmailAddress => ‘mail’,
Organization => ‘department’,
RealName => ‘cn’,
NickName => ‘givenName’,
ExternalAuthId => ‘sAMAccountName’,
Gecos => ‘sAMAccountName’,
WorkPhone => ‘telephoneNumber’,
MobilePhone => ‘mobile’,
Address1 => ‘streetAddress’,
City => ‘l’,
State => ‘st’,
Zip => ‘postalCode’,
Country => ‘co’
});

LDAP GROUP IMPORT AND MAPPINGS

Set($LDAPGroupMapping, {Name => ‘cn’,
Member_Attr => ‘member’,
Member_Attr_Value => ‘dn’});
#OU/basedn location of groups
Set($LDAPGroupBase, ‘ou=groups,dc=domain_name,dc=com’);

LDAP GROUP FILTERING, Below are 2 examples

#Set($LDAPGroupFilter, ‘cn=Information Technology’);

2 group import example

Set($LDAPGroupFilter, ‘(|(cn=Information Technology)(cn=Facilities))’);

LDAP Authentication

Set($ExternalAuthPriority, [ ‘My_LDAP’,
]
);
Set($ExternalInfoPriority, [ ‘My_LDAP’,
]
);
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘ldap://domain_name.com’,
‘user’ => ‘domain_name\ldapreader’,
‘pass’ => ‘ldapreader_password’,
‘base’ => ‘ou=users,ou=services,dc=domain_name,dc=com’,
‘filter’ => ‘(objectClass=person)’,
‘tls’ => 0,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
‘RealName’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘department’,
‘RealName’ => ‘cn’,
‘NickName’ => ‘givenName’,
‘ExternalAuthId’=> ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘MobilePhone’ => ‘mobile’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
},
},
} );
1;
1;On Tue, Jul 5, 2016 at 2:11 AM, Davis Johny davis.johny@in.fcm.travel wrote:

try Enable the ExternalAuth adding below

Set($ExternalAuth, 1);

Regards,

Davis

From: rt-users rt-users-bounces@lists.bestpractical.com on behalf of
Albert Shih Albert.Shih@obspm.fr
Sent: Thursday, June 30, 2016 6:00:26 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Issues with RTExternalAuth

Hi every one.

I try to run a RT 4.4.0.

The

RT::Authen::ExternalAuth

don’t seem to work correctly.

I already check on this mailing list, and try the patch I seem. Nothing
seem to work correctly.

Here my RT_SiteConfig.pm

Set($WebExternalAuth, 1 );
Set($ExternalAuthPriority, [‘PLM’]);
Set($ExternalInfoPriority, [‘PLM’]);
Set($ExternalServiceUsesSSLorTLS, ‘0’);
Set($AutoCreateNonExternalUsers, ‘1’);
Set($ExternalSettings, { ‘PLM’ => { ‘type’ => ‘ldap’,
‘server’ => ‘’,
‘user’ => 'uid=nss,o=
’,
‘pass’ => ‘’,
‘base’ => '
’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘’,
‘tls’ => ‘0’,
‘ssl_version’ => ‘3’,
‘net_ldap_args’ => [ ‘version => 3’, ],
‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ],
‘attr_map’ => { ‘Name’ => ‘mail’, ‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘ou’, ‘RealName’ => ‘displayName’, ‘WorkPhone’ =>
‘telephoneNumber’, ‘City’ => ‘l’, },
}});

in that case I can authenticate in local without problem. But not against
my LDAP server.

If I add a

Set($ExternalAuth, 1 );

I can’t authenticate at all (either local or LDAP) and I get something
like :

Jun 30 14:22:37 rt RT: [5913] Expected ‘PeerHost’ at
/usr/local/lib/perl5/site_perl/Net/LDAP.pm line 164. Stack:
[/usr/local/lib/perl5/site_perl/Carp.pm:167]
[/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:485]
[/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:386]
[/usr/local/lib/perl5/5.20/mach/IO/Socket.pm:49]
[/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:353]
[/usr/local/lib/perl5/site_perl/Net/LDAP.pm:164]
[/usr/local/lib/perl5/site_perl/Net/LDAP.pm:122]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:646]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:510]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:581]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:328]
[/usr/local/share/rt44/html/Elements/DoAuth:57]
[/usr/local/lib/perl5/site_perl/RT/Interface/Web.pm:308]
[/usr/local/share/rt44/html/autohandler:53]

I running a RT 4.4.0 under FreeBSD.

Any idea ?

Regards

JAS

Albert SHIH
DIO bâtiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
Téléphone : +33 1 45 07 76 26/+33 6 86 69 95 71
xmpp: jas@obspm.fr
Heure local/Local time:
jeu 30 jui 2016 14:24:34 CEST

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Los Angeles - September, 2016
    FCM Travel Solutions is one of the largest corporate travel management
    companies in the world. We are represented in over 90 countries with staff
    strength of over 6,500. Our work has been officially recognized at the
    esteemed World Travel Awards, earning us the title of World’s Leading
    Travel Management Company for five consecutive years in 2011, 2012, 2013,
    2014 & 2015. Visit us at www.in.fcm.travel

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Los Angeles - September, 2016

From the stack trace is looks like you may not be connecting to your ldap
server. Use use ldapsearch to confirm that you’re connecting. Here’s a
sample of a ldapsearch to my active directory domain.

$ ldapsearch -LLL -ZZ -y password.txt -D
CN=mybindaccount,OU=SERVICE,OU=ACCTS,DC=AD,DC=NYU,DC=EDU -h ad.nyu.edu -b
OU=ACCTS,DC=AD,DC=NYU,DC=EDU
’(&(distinguishedName=OU=BIOG,OU=FAS,OU=WSQ,OU=USERS,OU=ACCTS,DC=ad,DC=nyu,DC=edu))’

For Red Hat ‘yum install openldap-clients’ will install ldapsearch. I
don’t know what the equivalent is for OpenBSD.

John Bako
Manager, Scientific Computing
Department of Biology & Center for Genomics and Systems Biology
New York University
212-998-8207 (office)On Thu, Jun 30, 2016 at 8:30 AM, Albert Shih Albert.Shih@obspm.fr wrote:

Hi every one.

I try to run a RT 4.4.0.

The

RT::Authen::ExternalAuth

don’t seem to work correctly.

I already check on this mailing list, and try the patch I seem. Nothing
seem to work correctly.

Here my RT_SiteConfig.pm

Set($WebExternalAuth, 1 );
Set($ExternalAuthPriority, [‘PLM’]);
Set($ExternalInfoPriority, [‘PLM’]);
Set($ExternalServiceUsesSSLorTLS, ‘0’);
Set($AutoCreateNonExternalUsers, ‘1’);
Set($ExternalSettings, { ‘PLM’ => { ‘type’ => ‘ldap’,
‘server’ => ‘’,
‘user’ => 'uid=nss,o=
’,
‘pass’ => ‘’,
‘base’ => '
’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘’,
‘tls’ => ‘0’,
‘ssl_version’ => ‘3’,
‘net_ldap_args’ => [ ‘version => 3’, ],
‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ],
‘attr_map’ => { ‘Name’ => ‘mail’, ‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘ou’, ‘RealName’ => ‘displayName’, ‘WorkPhone’ =>
‘telephoneNumber’, ‘City’ => ‘l’, },
}});

in that case I can authenticate in local without problem. But not against
my LDAP server.

If I add a

Set($ExternalAuth, 1 );

I can’t authenticate at all (either local or LDAP) and I get something
like :

Jun 30 14:22:37 rt RT: [5913] Expected ‘PeerHost’ at
/usr/local/lib/perl5/site_perl/Net/LDAP.pm line 164. Stack:
[/usr/local/lib/perl5/site_perl/Carp.pm:167]
[/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:485]
[/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:386]
[/usr/local/lib/perl5/5.20/mach/IO/Socket.pm:49]
[/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:353]
[/usr/local/lib/perl5/site_perl/Net/LDAP.pm:164]
[/usr/local/lib/perl5/site_perl/Net/LDAP.pm:122]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:646]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth/LDAP.pm:510]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:581]
[/usr/local/lib/perl5/site_perl/RT/Authen/ExternalAuth.pm:328]
[/usr/local/share/rt44/html/Elements/DoAuth:57]
[/usr/local/lib/perl5/site_perl/RT/Interface/Web.pm:308]
[/usr/local/share/rt44/html/autohandler:53]

I running a RT 4.4.0 under FreeBSD.

Any idea ?

Regards

JAS

Albert SHIH
DIO bâtiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
Téléphone : +33 1 45 07 76 26/+33 6 86 69 95 71
xmpp: jas@obspm.fr
Heure local/Local time:
jeu 30 jui 2016 14:24:34 CEST

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Los Angeles - September, 2016