Problem with LDAP authentication after upgrading

hi,

I wanted to upgrade rt3 from version 3.6.1 to 3.6.6.
Therefore I installed a fresh version on a new host, following the
installation procedure described in the README file.
I ran configure with the following parameters:
./configure --prefix=/opt/rt3 --with-web-user=wwwrun --with-db-type=Pg
–with-db-dba=postgres
–with-db-database=rt3 --with-db-host=127.0.0.1
–with-apachectl=/usr/sbin/apache2ctl

I copied the old RT_SiteConfig.pm file to the new host, however, when I try
to login, it is not possible, and I see the following in the logs:

[Wed Apr 9 10:08:21 2008] [error]: FAILED LOGIN for sebastia from 10.0.0.9
(/opt/rt3/share/html/autohandler:251)

Stack trace:
HTML::Mason::Commands::ANON() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm:135
HTML::Mason::Component::run() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:1273
(eval)() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:1268
HTML::Mason::Request::comp() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:467
(eval)() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:467
(eval)() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:419
HTML::Mason::Request::exec() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:168
HTML::Mason::Request::ApacheHandler::exec() called
at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:825
HTML::Mason::ApacheHandler::handle_request() called
at /opt/rt3/bin/webmux.pl:125
(eval)() called at /opt/rt3/bin/webmux.pl:125
RT::Mason::handler() called at -e:0
(eval)() called at -e:0

My RT_SiteConfig.pm has the following contents:
Set( $rtname, ‘l00-bugdead-prods.de.de’);
Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAttrMap, {‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘o’,
‘RealName’ => ‘cn’,
‘ExternalContactInfoId’ => ‘dn’,
‘ExternalAuthId’ => ‘uid’,
‘Gecos’ => ‘uid’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘ou’,
‘Address2’ => ‘physicalDeliveryOfficeName’}
);
Set($LdapRTAttrMatchList, [‘Name’, ‘ExternalContactInfoId’,
‘EmailAddress’, ‘RealName’,
‘WorkPhone’, ‘Address2’]
);
Set($LdapEmailAttrMatchList, [‘mail’, ‘mailRoutingAddress’,
‘mailAlternateAddress’]
);
Set($LdapEmailAttrMatchPrefix, [‘’, ‘smtp:’, ‘SMTP:’] );
Set($LdapServer, ‘10.0.0.11’);
Set($LdapBase, ‘ou=People,dc=l00-bugdead-prods’);
Set($LdapFilter, ‘(objectclass=posixAccount)’);
Set($LdapDisableFilter, ‘(employmentStatus=Terminated)’);
Set($LdapTLS, 1);
Set($LdapSSLVersion, 3);
1;
Set($WebPort , 443);# + ($< * 7274) % 32766 + ($< && 1024));
Set($WebBaseURL , “https://tracker.ds9”);
Set($WebURL , $WebBaseURL . $WebPath . “/”);
Set($CorrespondAddress , ‘ithelp@l00-bugdead-prods.de.de’);
Set($CommentAddress , ‘ithelp@l00-bugdead-prods.de.de’);
Set($Organization , “l00-bugdead-prods.de.de”);
Set($RTAddressRegexp , ‘^rt@l00-bugdead-prods.de.de$’);
Set($AutoCreate, {Privileged => 1});

This configuration works well on the host with the rt3 3.6.1 installed, but
not on the host with the new installation. They are both intended to
authenticate against the same ldap server.

I created a new database and loaded the dump from the old version. As far as
I can see, there is no need to upgrade the database schema between these
versions. Also psql -h localhost -U postgres rt3 works well on the command
line.

Do I can enable more debugging output for the LDAP authentication part? Or
does anybody has an idea what I am still missing/might have made wrong?

kind regards

Sebastian Reitenbach wrote:

I installed a fresh version on a new host,
I ran configure
I copied the old RT_SiteConfig.pm file to the new host

however, when I try to login, it is not possible, and I see the following in the logs:

You don’t say whether you have actually applied the User_Local.pm
overlay and the relevant Auth Callback that you originally installed to
get LDAP working in the first place.

I would start there.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

mike.peachey@jennic.com wrote:

Sebastian Reitenbach wrote:

I installed a fresh version on a new host,
I ran configure
I copied the old RT_SiteConfig.pm file to the new host

however, when I try to login, it is not possible, and I see the
following in the logs:

You don’t say whether you have actually applied the User_Local.pm
overlay and the relevant Auth Callback that you originally installed to
get LDAP working in the first place.

I would start there.
That was the hint I needed. For some reason, my installation documentation
was missing this part about the User_Local.pm file. Just copied it over from
the old installation and the new one began to work as expected.

thanks a lot
Sebastian