RT-3.8.3, RT-Authen-ExternalAuth-0.08 login issue

Matt_Millard · June 3, 2009, 6:24pm

I’m doing a fresh install of RT-3.8.3, RT-Authen-ExternalAuth-0.08, and
AD for authentication. All running on RHEL5 x86_64 for the OS. I had
this all working with RT-3.6.7 and RT-Authen-ExternalAuth-0.05, but had
the brilliant idea that I needed to be current since 3.8.3 was released
on the same day I got the old version working. Oh well… Any thoughts
on where to go with this?

Here is what I get in my error_log when I login with a verified
username/password.

[Wed Jun 3 17:46:08 2009] [error]: FAILED LOGIN for myuser from
192.168.1.100 (/opt/rt3/share/html/autohandler:268)
Trace begun at /opt/rt3/bin/…/lib/RT.pm line 289
Log::Dispatch::ANON(‘Log::Dispatch=HASH(0x2aeca7462620)’, ‘FAILED
LOGIN for myuser from 192.168.1.100’) called at
/opt/rt3/share/html/autohandler line 268
HTML::Mason::Commands::ANON(‘pass’, ‘mypass’, ‘user’, ‘myuser’)
called at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Component.pm line
135
HTML::Mason::Component::run(‘HTML::Mason::Component::FileBased=HASH(0x2aeca75a3180)’,
‘pass’, ‘mypass’, ‘user’, ‘myuser’) called at
/usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {…} at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm
line 1268
HTML::Mason::Request::comp(undef, undef, undef, ‘pass’, ‘mypass’,
‘user’, ‘myuser’) called at
/usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {…} at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm
line 467
eval {…} at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/Request.pm
line 419
HTML::Mason::Request::exec(‘RT::Interface::Web::Request=HASH(0x2aeca74a6ff0)’)
called at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 168
HTML::Mason::Request::ApacheHandler::exec(‘RT::Interface::Web::Request=HASH(0x2aeca74a6ff0)’)
called at /usr/lib/perl5/vendor_perl/5.8.8/HTML/Mason/ApacheHandler.pm
line 825
HTML::Mason::ApacheHandler::handle_request(‘HTML::Mason::ApacheHandler=HASH(0x2aeca42ab740)’,
‘Apache2::RequestRec=SCALAR(0x2aeca3f49f70)’) called at
/opt/rt3/bin/webmux.pl line 163
eval {…} at /opt/rt3/bin/webmux.pl line 163
RT::Mason::handler(‘Apache2::RequestRec=SCALAR(0x2aeca3f49f70)’) called
at -e line 0

Site Config from web interface:
Loaded perl modules

Perl v5.8.8 under linux
Apache2::Const v2.000004;
Apache2::Log v2.000004;
Apache2::RequestIO v2.000004;
Apache2::RequestRec v2.000004;
Apache2::RequestUtil v2.000004;
Apache2::Response v2.000004;
Apache2::ServerUtil v2.000004;
Apache2::Status v4.00;
Apache::Session v1.86;
Apache::Session::Generate::MD5 v2.1;
Apache::Session::MySQL v1.01;
Apache::Session::MySQL v1.01;
Apache::Session::Serialize::Storable v1.01;
Apache::Session::Store::DBI v1.02;
Apache::Session::Store::MySQL v1.04;
APR v0.009000;
APR::Pool v0.009000;
APR::Table v0.009000;
AutoLoader v5.60;
base v2.07;
bytes v1.02;
Cache::Simple::TimedExpiry v0.27;
Carp v1.04;
CGI v3.43;
CGI::Cookie v1.29;
CGI::Util v1.5_01;
Class::Accessor v0.33;
Class::Accessor::Fast v0.33;
Class::Container v0.12;
Class::Data::Inheritable v0.06;
Class::Inspector v1.24;
Class::ISA v0.33;
Class::ReturnValue v0.55;
Clone v0.27;
constant v1.05;
Convert::ASN1 v0.22;
CSS::Squish v0.07;
Cwd v3.12;
Data::Dumper v2.121_08;
DateTime v0.50;
DateTime::Locale v0.42;
DateTime::TimeZone v0.91;
DateTime::TimeZone::Floating v0.01;
DateTime::TimeZone::Local v0.01;
DateTime::TimeZone::OffsetOnly v0.02;
DateTime::TimeZone::UTC v0.01;
DBD::mysql v3.0007;
DBI v1.52;
DBIx::SearchBuilder v1.54;
DBIx::SearchBuilder::Union v0;
DBIx::SearchBuilder::Unique v0.01;
Devel::StackTrace v1.20;
Devel::StackTraceFrame v1.20;
Digest::base v1.00;
Digest::MD5 v2.36;
DynaLoader v1.05;
Email::Address v1.889;
Encode v2.33;
Encode::Alias v2.12;
Encode::Config v2.05;
Encode::Encoding v2.05;
Errno v1.0901;
Exception::Class v1.23;
Exception::Class::Base v1.2;
Exporter v5.58;
Exporter::Heavy v5.58;
Fcntl v1.05;
File::Basename v2.74;
File::Glob v1.05;
File::Path v1.08;
File::ShareDir v1.00;
File::Spec v3.12;
File::Spec::Unix v1.5;
File::Temp v0.21;
FileHandle v2.01;
GD v2.35;
GD::Image v2.27;
HTML::Element v3.23;
HTML::Entities v1.35;
HTML::Formatter v2.04;
HTML::FormatText v2.04;
HTML::Mason v1.39;
HTML::Mason::ApacheHandler v1.69;
HTML::Mason::Exception v1.1;
HTML::Mason::Exception::Abort v1.1;
HTML::Mason::Exception::Compilation v1.1;
HTML::Mason::Exception::Compilation::IncompatibleCompiler v1.1;
HTML::Mason::Exception::Compiler v1.1;
HTML::Mason::Exception::Decline v1.1;
HTML::Mason::Exception::Params v1.1;
HTML::Mason::Exception::Syntax v1.1;
HTML::Mason::Exception::System v1.1;
HTML::Mason::Exception::TopLevelNotFound v1.1;
HTML::Mason::Exception::VirtualMethod v1.1;
HTML::Mason::Exceptions v1.43;
HTML::Parser v3.55;
HTML::Scrubber v0.08;
HTML::Tagset v3.10;
HTML::TreeBuilder v3.23;
I18N::LangTags v0.35;
I18N::LangTags::Detect v1.03;
integer v1.00;
IO v1.22;
IO::File v1.13;
IO::Handle v1.25;
IO::InnerFile v2.110;
IO::Lines v2.110;
IO::ScalarArray v2.110;
IO::Seekable v1.1;
IO::Select v1.17;
IO::Socket v1.29;
IO::Socket::INET v1.29;
IO::Socket::UNIX v1.22;
IO::WrapTie v2.110;
IPC::Open2 v1.02;
IPC::Open3 v1.02;
List::MoreUtils v0.22;
List::Util v1.19;
Locale::Maketext v1.09;
Locale::Maketext::Fuzzy v0.10;
Locale::Maketext::Lexicon v0.62;
Locale::Maketext::Lexicon::Gettext v0.15;
Log::Dispatch v2.20;
Log::Dispatch::Base v1.09;
Log::Dispatch::Output v1.26;
Log::Dispatch::Screen v1.17;
Log::Dispatch::Syslog v1.18;
Mail::Address v1.77;
Mail::Field v1.77;
Mail::Field::AddrList v1.77;
Mail::Field::Date v1.77;
Mail::Header v1.77;
Mail::Internet v1.77;
Mail::Mailer v1.77;
MIME::Base64 v3.07;
MIME::Body v5.427;
MIME::Decoder v5.427;
MIME::Entity v5.427;
MIME::Field::ContDisp v5.427;
MIME::Field::ConTraEnc v5.427;
MIME::Field::ContType v5.427;
MIME::Field::ParamVal v5.427;
MIME::Head v5.427;
MIME::Parser v5.427;
MIME::QuotedPrint v3.07;
MIME::Tools v5.427;
MIME::Words v5.427;
mod_perl v2.000004;
mod_perl2 v2.000004;
ModPerl::Const v2.000004;
Module::Versions::Report v1.06;
Net::LDAP v0.33;
Net::LDAP::ASN v0.03;
Net::LDAP::Constant v0.04;
Net::LDAP::Filter v0.14;
Net::LDAP::Message v1.08;
Net::LDAP::Util v0.10;
overload v1.04;
Params::Util v0.38;
Params::Validate v0.88;
PerlIO v1.04;
PerlIO::scalar v0.04;
POSIX v1.09;
re v0.05;
Regexp::Common v2.120;
Regexp::Common::delimited v2.104;
RT v3.8.3;
RT::Authen::ExternalAuth v0.08;
RT::Interface::Email v2;
RT::Interface::Web::Request v0.30;
Scalar::Util v1.19;
SelectSaver v1.01;
Socket v1.78;
Storable v2.15;
strict v1.03;
Symbol v1.06;
Sys::Syslog v0.27;
Text::Template v1.45;
Text::Wrapper v1.01;
Tie::Hash v1.02;
Time::HiRes v1.9715;
Time::JulianDay v2003.1125;
Time::Local v1.11;
Time::ParseDate v2003.1126;
Time::Timezone v2003.0211;
Time::Zone v2.22;
UNIVERSAL v1.01;
UNIVERSAL::require v0.11;
URI v1.35;
URI::Escape v3.28;
URI::file v4.19;
utf8 v1.06;
vars v1.01;
warnings v1.05;
warnings::register v1.01;
XSLoader v0.06;

RT Config
ARRAY(0x2b804abbe930) My_LDAP
site config
ActiveStatus new, open, stalled
core config
Active_MakeClicky
core config
AmbiguousDayInFuture 0
core config
AmbiguousDayInPast 0
core config
ApprovalRejectionNotes 1
core config
AutoCreateNonExternalUsers 0
site config
AutoLogoff 0
core config
CanonicalizeOnCreate 0
core config
CanonicalizeRedirectURLs 0
core config
CommentAddress
core config
CorrespondAddress
core config
CustomFieldValuesSources
core config
DashboardAddress
core config
DashboardSubject %s Dashboard: %s
core config
DatabaseHost localhost
core config
DatabaseName drm_rt3
site config
DatabasePassword Password not printed
site config
DatabasePort
core config
DatabaseRTHost localhost
core config
DatabaseType mysql
core config
DatabaseUser drm_rt_user
site config
DateDayBeforeMonth 1
core config
DateTimeFormat DefaultFormat
core config
DefaultSearchResultFormat ‘id/TITLE:#’,
‘Subject/TITLE:Subject’,
Status, QueueName, OwnerName, Priority, ‘NEWLINE’, ‘’,
‘Requestors’, ‘CreatedRelative’,
‘ToldRelative’,
‘LastUpdatedRelative’, ‘TimeLeft’
core config
DefaultSummaryRows 10
core config
DefaultTimeUnitsToHours 0
core config
DevelMode 0
core config
DisableGraphViz 1
core config
EmailFrequency Individual messages
core config
EmailInputEncodings utf-8, iso-8859-1, us-ascii
core config
EmailOutputEncoding utf-8
core config
EnableReminders 1
core config
ExternalAuthPriority My_LDAP
site config
ExternalInfoPriority My_LDAP
site config
ExternalServiceUsesSSLorTLS 0
site config
ExternalSettings My_LDAP, HASH(0x2b804db99850)
site config
ExtractSubjectTagMatch Regexp
core config
ExtractSubjectTagNoMatch Regexp
core config
ForwardFromUser 0
core config
FriendlyFromLineFormat “%s via RT” <%s>
core config
FriendlyToLineFormat “%s of helpdesk.example.com Ticket #%s”:;
core config
GnuPG RejectOnBadData, 1, Enable, 0, RejectOnMissingPrivateKey, 1,
AllowEncryptDataInDB, 0, OutgoingMessagesFormat, RFC
core config
GnuPGOptions homedir, /opt/rt3/var/data/gpg
core config
HomePageRefreshInterval 0
core config
HomeRefreshPeriod 300
site config
HomepageComponents QuickCreate, Quicksearch, MyAdminQueues,
MySupportQueues, MyReminders, RefreshHomepage, Dashboards
core config
InactiveStatus resolved, rejected, deleted
core config
LexiconLanguages *
core config
LinkTransactionsRun1Scrip 0
core config
LogDir /opt/rt3/var/log
core config
LogStackTraces debug
site config
LogToFileNamed rt.log
core config
LogToScreen info
core config
LogToSyslog info
site config
LogToSyslogConf
core config
LogoAltText DRMHelpdesk
site config
LogoHeight 82
site config
LogoImageURL /rt3/NoAuth/Images/logo.gif
site config
LogoLinkURL http://helpdesk.example.com/
site config
LogoURL logo.gif
site config
LogoWidth 161
site config
LoopsToRTOwner 1
core config
MailCommand sendmailpipe
core config
MailParams
core config
MasonParameters
core config
MaxAttachmentSize 10000000
core config
MaxInlineBody 12000
core config
MessageBoxHeight 15
core config
MessageBoxIncludeSignature 1
core config
MessageBoxRichText 1
core config
MessageBoxRichTextHeight 200
core config
MessageBoxWidth 72
core config
MessageBoxWrap HARD
core config
MinimumPasswordLength 8
site config
MyRequestsLength 20
site config
MyTicketsLength 20
site config
NetServerOptions
core config
NotifyActor 0
core config
OldestTransactionsFirst 1
core config
Organization helpdesk.example.com
site config
OwnerEmail millard.matt@example.com
site config
PlainTextPre 0
core config
Plugins RT::Authen::ExternalAuth
site config
PreviewScripMessages 0
core config
RTAddressRegexp ^rt@example.com$
core config
RecordOutgoingEmail 1
core config
RedistributeAutoGeneratedMessages privileged
core config
SMTPDebug 0
core config
SearchResultsRefreshInterval 0
core config
SelfServiceRegex Regexp
core config
SendmailArguments -oi -t
core config
SendmailBounceArguments -f “<>”
core config
SendmailPath /usr/sbin/sendmail
core config
ShowBccHeader 0
core config
ShowTransactionImages 1
core config
ShowUnreadMessageNotifications 1
core config
StandaloneMaxServers 1
core config
StandaloneMaxSpareServers 0
core config
StandaloneMinServers 1
core config
StandaloneMinSpareServers 0
core config
StrictLinkACL 1
core config
TicketsRefreshPeriod 300
site config
Timezone US/Central
site config
UseFriendlyFromLine 1
core config
UseFriendlyToLine 0
core config
UseTransactionBatch 1
core config
UsernameFormat concise
core config
WebBaseURL http://helpdesk.example.com:80
site config
WebDefaultStylesheet web2
core config
WebDomain localhost
core config
WebExternalAuto true
site config
WebFlushDbCacheEveryRequest 1
core config
WebImagesURL /rt3/NoAuth/images/
core config
WebNoAuthRegex Regexp
core config
WebPath /rt3
site config
WebPort 80
core config
WebSecureCookies 0
core config
WebURL http://helpdesk.example.com:80/rt3/
core config
WikiImplicitLinks 0
core config
rtname helpdesk.example.com
site config
RT Variables
RT::BasePath /opt/rt3
RT::BinPath /opt/rt3/bin
RT::EtcPath /opt/rt3/etc
RT::LocalEtcPath /opt/rt3/local/etc
RT::LocalLexiconPath /opt/rt3/local/po
RT::LocalLibPath /opt/rt3/local/lib
RT::LocalPath /opt/rt3/local
RT::LocalPluginPath /opt/rt3/local/plugins
RT::MasonComponentRoot /opt/rt3/share/html
RT::MasonDataDir /opt/rt3/var/mason_data
RT::MasonLocalComponentRoot /opt/rt3/local/html
RT::MasonSessionDir /opt/rt3/var/session_data
RT::SbinPath /opt/rt3/sbin
RT::VERSION 3.8.3
RT::VarPath /opt/rt3/var
RT Size
Tickets 0
Queues 2
Transactions 24
Groups 18
Privileged Users 1
Unprivileged Users 2
Perl configuration

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
Platform:
osname=linux, osvers=2.6.18-128.1.1.el5,
archname=x86_64-linux-thread-multi
uname=‘linux hs20-bc1-5.build.redhat.com 2.6.18-128.1.1.el5 #1 smp
mon jan 26 13:58:24 est 2009 x86_64 x86_64 x86_64 gnulinux ’
config_args=’-des -Doptimize=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
–param=ssp-buffer-size=4 -m64 -mtune=generic -Dversion=5.8.8
-Dmyhostname=localhost -Dperladmin=root@localhost -Dcc=gcc
-Dcf_by=Red Hat, Inc. -Dinstallprefix=/usr -Dprefix=/usr
-Dlibpth=/usr/local/lib64 /lib64 /usr/lib64
-Dprivlib=/usr/lib/perl5/5.8.8
-Dsitelib=/usr/lib/perl5/site_perl/5.8.8
-Dvendorlib=/usr/lib/perl5/vendor_perl/5.8.8
-Darchlib=/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
-Dsitearch=/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
-Dvendorarch=/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
-Darchname=x86_64-linux -Dvendorprefix=/usr -Dsiteprefix=/usr
-Duseshrplib -Dusethreads -Duseithreads -Duselargefiles -Dd_dosuid
-Dd_semctl_semun -Di_db -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog
-Dman3ext=3pm -Duseperlio -Dinstallusrbinperl=n -Ubincompat5005
-Uversiononly -Dpager=/usr/bin/less -isr -Dd_gethostent_r_proto
-Ud_endhostent_r_proto -Ud_sethostent_r_proto -Ud_endprotoent_r_proto
-Ud_setprotoent_r_proto -Ud_endservent_r_proto -Ud_setservent_r_proto
-Dinc_version_list=5.8.7 5.8.6 5.8.5 -Dscriptdir=/usr/bin’
hint=recommended, useposix=true, d_sigaction=define
usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=define use64bitall=define uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc=‘gcc’, ccflags =‘-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing
-pipe -Wdeclaration-after-statement -I/usr/local/include
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm’,
optimize=‘-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic’,
cppflags=‘-D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe
-Wdeclaration-after-statement -I/usr/local/include
-I/usr/include/gdbm’
ccversion=‘’, gccversion=‘4.1.2 20080704 (Red Hat 4.1.2-44)’,
gccosandvers=‘’
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype=‘long’, ivsize=8, nvtype=‘double’, nvsize=8, Off_t=‘off_t’,
lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld=‘gcc’, ldflags =‘’
libpth=/usr/local/lib64 /lib64 /usr/lib64
libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread -lc
perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
libc=, so=so, useshrplib=true, libperl=libperl.so
gnulibc_version=‘2.5’
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=‘-Wl,-E
-Wl,-rpath,/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE’
cccdlflags=‘-fPIC’, lddlflags=‘-shared -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
–param=ssp-buffer-size=4 -m64 -mtune=generic’

Perl Include Paths (@INC)

/opt/rt3/bin/…/local/lib
/opt/rt3/bin/…/lib
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl/5.8.7
/usr/lib/perl5/site_perl/5.8.6
/usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl/5.8.7
/usr/lib/perl5/vendor_perl/5.8.6
/usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/vendor_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8
.
/etc/httpd

Here is my
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

The order in which the services defined in ExternalSettings

should be used to authenticate users. User is authenticated

if successfully confirmed by any service - no more services

are checked.

Set($ExternalAuthPriority, [ ‘My_LDAP’
]
);

The order in which the services defined in ExternalSettings

should be used to get information about users. This includes

RealName, Tel numbers etc, but also whether or not the user

should be considered disabled.

Once user info is found, no more services are checked.

You CANNOT use a SSO cookie for authentication.

Set($ExternalInfoPriority, [ ‘My_LDAP’
]
);

If this is set to true, then the relevant packages will

be loaded to use SSL/TLS connections. At the moment,

this just means “use Net::SSLeay;”

Set($ExternalServiceUsesSSLorTLS, 0);

If this is set to 1, then users should be autocreated by RT

as internal users if they fail to authenticate from an

external service.

Set($AutoCreateNonExternalUsers, 0);

These are the full settings for each external service as a

HashOfHashes

Note that you may have as many external services as you wish. They

will

be checked in the order specified in the Priority directives above.

e.g.

Set(ExternalAuthPriority,[‘My_LDAP’,‘My_MySQL’,‘My_Oracle’,‘SecondaryLDAP’,‘Other-DB’]);
Set($ExternalAuthPriority,[‘My_LDAP’]);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => { ## GENERIC SECTION
# The type of service (db/ldap/cookie)
‘type’ => ‘ldap’,
# The server hosting the service
‘server’ => ‘ldap://dcldap.example.com’,
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them
here:
# The username RT should use to connect to the LDAP server
‘user’ =>
‘CN=MYADID,OU=Users,OU=IS,DC=example,DC=corp,DC=example,DC=com’,
# The password RT should use to connect to the LDAP server
‘pass’ => ‘MyADpass’,
# The LDAP search base
‘base’ =>
‘DC=exampleusa,DC=corp,DC=example,DC=com’,
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU MUST SPECIFY A filter AND A d_filter!!
# The filter to use to match RT-Users
‘filter’ => ‘(objectclass=)',
# A catch-all example filter: '(objectClass=)’
# The filter that will only match disabled users
‘d_filter’ => ‘(msRTCSIP-UserEnabled=FALSE)’,
# A catch-none example d_filter: ‘(objectClass=FooBarBaz)’
# Should we try to use TLS to encrypt connections?
‘tls’ => 0,
# SSL Version to provide to Net::SSLeay if using SSL
‘ssl_version’ => 3,
# What other args should I pass to Net::LDAP->new($host,@args)?
‘net_ldap_args’ => [ version => 3 ],
# Does authentication depend on group membership? What group name?
#‘group’ => ‘GROUP_NAME’,
# What is the attribute for the group object that determines
membership?
#‘group_attr’ => ‘GROUP_ATTR’,
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you can specify… I recommend reducing
this
# to just the Name and EmailAddress to save encountering problems
later.
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
# The mapping of RT attributes on to LDAP attributes
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ =>
‘displayName’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘Address2’ =>
‘extensionAttribute2’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’
}
}
}
);

1;

Here is my /opt/rt3/etc/RT_SiteConfig.pm:

Any configuration directives you include here will override

RT’s default configuration file, RT_Config.pm

To include a directive here, just copy the equivalent statement

from RT_Config.pm and change the value. We’ve included a single

sample value below.

This file is actually a perl module, so you can include valid

perl code, as well.

The converse is also true, if this file isn’t valid perl, you’re

going to run into trouble. To check your SiteConfig file, use

this comamnd:

perl -c /path/to/your/etc/RT_SiteConfig.pm

Set(@Plugins,(qw(Extension::QuickDelete)));
Set(@Plugins, qw(RT::Authen::ExternalAuth));
require
“/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm”;
Set($rtname , “helpdesk.example.com”);
Set($Organization , “helpdesk.example.com”);
Set($MinimumPasswordLength , “8”);
Set($Timezone , ‘US/Central’);
Set($OwnerEmail , ‘myuserid@example.com’);
#Set($RTAddressRegexp , ‘^rt@example.com$’);
#Set($CorrespondAddress , ‘rt’);
#Set($CommentAddress , ‘rt’);
Set($WebBaseURL , “http://helpdesk.example.com:80”);
Set( $WebPath , “/rt3”);
Set($LogoLinkURL, ‘http://helpdesk.example.com/’);
Set($LogoImageURL, $WebPath . ‘/NoAuth/Images/logo.gif’);
Set($LogoAltText, ‘Helpdesk’);
Set($LogoWidth, 161);
Set($LogoHeight, 82);
Set($MyTicketsLength, 20);
Set($MyRequestsLength, 20);

$LogoURL points to the URL of the RT logo displayed in the web UI

Set($LogoURL , $WebImagesURL . “logo.gif”);
Set($DatabasePassword, DRMh31p);
Set($DatabaseName, rt3);
Set($DatabaseUser, rt_user);
Set($LogToSyslog, ‘info’);
Set($LogStackTraces, ‘debug’);

$WebExternalAuto will create users under the same name as REMOTE_USER

upon login, if it’s missing in the Users table.

Set($WebExternalAuto , “true”);

#Adding the following to RT_SiteConfig.pm causes Mason compilation
#errors to not be logged to screen:

#@MasonParameters = ( error_mode => ‘fatal’ );

HomeRefreshPeriod specifies the default refresh interval in seconds

for refreshing the home page. Actual values are defined in

share/html/Elements/Refresh and must be one of

“120”, “300”, “600”, “1200”, “3600” or “7200”.

Set($HomeRefreshPeriod, “300”);

TicketsRefreshPeriod specifies the default refresh interval in seconds

for refreshing the ticket search page. It uses the same values as

HomeRefreshPeriod.

Set($TicketsRefreshPeriod, “300”);

@AuthOrder specifies the authentication methods to use and the

order in which to use them. The keywords must be one or more of

“LDAP”, “SMB”, “Web” and “Internal”. If any authentication method

fails to authenticate the user, authentication will proceed to the

next method in the list. Any method not in the list is effectively

disabled. Note: WebExternalAuth does not affect this code.

@AuthOrder = (“LDAP”, “Web”, “Internal”);

the tree, the attributes to use and the filter to apply to the

search.

1;

Matt Millard
gocyclones@eml.cc
http://photos.millardfam.com
http://snipurl.com/mattsshareditems

Mike_Peachey · June 4, 2009, 8:27am

Wed 03 Jun 2009 19:24:45 GMT
Matt Millard wrote:

I’m gonna keep this brief:

Remove ldap:// from the server URI, I don’t know off the top of my
head if it would work or not, but it certainly works without it.
As per the README, the ExternalAuth settings need to be pasted into
your normal RT_SiteConfig.pm. If you leave them in the example file in
the plugins directory, they will not be read.
You have a dead line in your config:
Set(ExternalAuthPriority,[‘My_LDAP’,‘My_MySQL’,‘My_Oracle’,‘SecondaryLDAP’,‘Other-DB’]);
Set($ExternalAuthPriority,[‘My_LDAP’]);

Kill the first one.

The stack trace for the Failed Login message is of no use. You need
to enable debug logging, and log to file. This will give you very
verbose output as to precisely what is happening with the LDAP side of
things.

Have fun.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Matt_Millard · June 4, 2009, 4:52pm

Wed 03 Jun 2009 19:24:45 GMT
Matt Millard wrote:

I'm gonna keep this brief:

1. Remove ldap:// from the server URI, I don't know off the top of
my
head if it would work or not, but it certainly works without it.

Removed and made no difference.

2. As per the README, the ExternalAuth settings need to be pasted
into
your normal RT_SiteConfig.pm. If you leave them in the example file
in
the plugins directory, they will not be read.

The should be included if I add the “require” line in my
RT_SiteConfig.pm though. I moved them over to the RT_SiteConfig.pm
anyway and removed the require. No difference.

3. You have a dead line in your config:
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
Set($ExternalAuthPriority,['My_LDAP']);

This first line was actually already commented out. So no difference.

Kill the first one.

4. The stack trace for the Failed Login message is of no use. You
need
to enable debug logging, and log to file. This will give you very
verbose output as to precisely what is happening with the LDAP side
of
things.

Logging turned on now and I still was just seeing invalid user/password
errors. So I started going line by line through my config and triple
checking everything. It turns out I had a typo in the ldap server name.
Very frustrating as that was cleansed when I sent to the list. At
least it is working now. Very frustrated that it was a typo on my part
though.

Have fun.

Kind Regards,


Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Matt Millard
gocyclones@eml.cc
http://photos.millardfam.com
http://snipurl.com/mattsshareditems