RT 4.2.10 and ExternalAuth using LDAP

RT Users
1

Hi,

I’m setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3

Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
RT_SiteConfig.pm:

Plugin( “RT::Authen::ExternalAuth” );

Set( $ExternalAuthPriority, [“My_LDAP”] );
Set( $ExternalInfoPriority, [“My_LDAP”] );

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘1.1.1.1’,
‘user’ => ‘rtbinduser@domain.server’,
‘pass’ => ‘rtbinduserpw’,
‘base’ => ‘ou=Dom Users,ou=Company
AD,dc=domain,dc=server’,

            'attr_match_list' => [
                    'Name',
                    'EmailAddress',
            ],
            'attr_map' => {
                    'Name' => 'sAMAccountName',
                    'EmailAddress' => 'mail',
                    'Organization' => 'physicalDeliveryOfficeName',
                    'RealName' => 'cn',
                    'ExternalAuthId' => 'sAMAccountName',
                    'Gecos' => 'sAMAccountName',
                    'WorkPhone' => 'telephoneNumber',
                    'Address1' => 'streetAddress',
                    'City' => 'l',
                    'State' => 'st',
                    'Zip' => 'postalCode',
                    'Country' => 'co'
                    },
            },
    } );

I start the RT using it’s own server : /opt/rt4/sbin/rt-server --port 8080
Page loads in the browser and I can log in as root but when I try to log in
using AD account I see in the logs:

[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)

I have been digging through google and the LDAP.pm without success. When I
messed with the ‘base’ value error changed:

[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can’t call method “as_string”
on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.

Stack:

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/…/lib/RT/User.pm:141]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/…/lib/RT/Interface/Web/Handler.pm:208)

Any suggestions to a right direction are welcome.

PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided to
use something “simpler”. :smiley:

Indrek

2

Hello Indrek,

I had some problems with External Auth as well. I ended up going with
LDAP Import, authentication works based on LDAP credentials being imported.
You have a bit more control as you can filter on groups or user names if
you choose that route.

I threw together a how to:

Hope this offers some help.

Thanks,

TrevOn Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas indrekpaas@gmail.com wrote:

Hi,

I’m setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3

Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
RT_SiteConfig.pm:

Plugin( “RT::Authen::ExternalAuth” );

Set( $ExternalAuthPriority, [“My_LDAP”] );
Set( $ExternalInfoPriority, [“My_LDAP”] );

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘1.1.1.1’,
‘user’ => 'rtbinduser@domain.server
',
‘pass’ => ‘rtbinduserpw’,
‘base’ => ‘ou=Dom Users,ou=Company
AD,dc=domain,dc=server’,

            'attr_match_list' => [
                    'Name',
                    'EmailAddress',
            ],
            'attr_map' => {
                    'Name' => 'sAMAccountName',
                    'EmailAddress' => 'mail',
                    'Organization' => 'physicalDeliveryOfficeName',
                    'RealName' => 'cn',
                    'ExternalAuthId' => 'sAMAccountName',
                    'Gecos' => 'sAMAccountName',
                    'WorkPhone' => 'telephoneNumber',
                    'Address1' => 'streetAddress',
                    'City' => 'l',
                    'State' => 'st',
                    'Zip' => 'postalCode',
                    'Country' => 'co'
                    },
            },
    } );

I start the RT using it’s own server : /opt/rt4/sbin/rt-server --port 8080
Page loads in the browser and I can log in as root but when I try to log
in using AD account I see in the logs:

[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)

I have been digging through google and the LDAP.pm without success. When I
messed with the ‘base’ value error changed:

[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can’t call method “as_string”
on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.

Stack:

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/…/lib/RT/User.pm:141]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/…/lib/RT/Interface/Web/Handler.pm:208)

Any suggestions to a right direction are welcome.

PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided to
use something “simpler”. :smiley:


Indrek

3

says:

filter

The filter to use to match RT users. You must specify
it and it must be a valid LDAP filter encased in parentheses.

For example:

filter => '(objectClass=*)',On 4/20/2015 5:16 AM, Indrek Paas wrote:

Hi,

I’m setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3

Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings
in RT_SiteConfig.pm:

Plugin( “RT::Authen::ExternalAuth” );

Set( $ExternalAuthPriority, [“My_LDAP”] );
Set( $ExternalInfoPriority, [“My_LDAP”] );

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘1.1.1.1’,
‘user’ => ‘rtbinduser@domain.server’,
‘pass’ => ‘rtbinduserpw’,
‘base’ => ‘ou=Dom Users,ou=Company
AD,dc=domain,dc=server’,

            'attr_match_list' => [
                    'Name',
                    'EmailAddress',
            ],
            'attr_map' => {
                    'Name' => 'sAMAccountName',
                    'EmailAddress' => 'mail',
                    'Organization' => 'physicalDeliveryOfficeName',
                    'RealName' => 'cn',
                    'ExternalAuthId' => 'sAMAccountName',
                    'Gecos' => 'sAMAccountName',
                    'WorkPhone' => 'telephoneNumber',
                    'Address1' => 'streetAddress',
                    'City' => 'l',
                    'State' => 'st',
                    'Zip' => 'postalCode',
                    'Country' => 'co'
                    },
            },
    } );

I start the RT using it’s own server : /opt/rt4/sbin/rt-server --port 8080
Page loads in the browser and I can log in as root but when I try to log
in using AD account I see in the logs:

[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)

I have been digging through google and the LDAP.pm without success. When
I messed with the ‘base’ value error changed:

[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can’t call method
“as_string” on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.

Stack:

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/…/lib/RT/User.pm:141]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/…/lib/RT/Interface/Web/Handler.pm:208)

Any suggestions to a right direction are welcome.

PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided
to use something “simpler”. :smiley:


Indrek

Jeff Blaine
kickflop.net
PGP/GnuPG Key ID: 0x0C8EDD02

4

Hi,

messing with the filter => ‘(objectClass=*)’, gave me FAILED LOGIN as did
=person. Then tested the LDAP Import plugin and it worked. Now I need to
see about AD user permissions (create tickets etc).

Thank you for the suggestions and thank you Trev for making it more
understandable. Your configuration helped me understand other needed values
as well.

Regards,
–IndrekOn Mon, Apr 20, 2015 at 4:19 PM Jeff Blaine jblaine@kickflop.net wrote:

RT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication - metacpan.org

says:

filter

The filter to use to match RT users. You must specify
it and it must be a valid LDAP filter encased in parentheses.

For example:

filter => '(objectClass=*)',

On 4/20/2015 5:16 AM, Indrek Paas wrote:

Hi,

I’m setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3

Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings
in RT_SiteConfig.pm:

Plugin( “RT::Authen::ExternalAuth” );

Set( $ExternalAuthPriority, [“My_LDAP”] );
Set( $ExternalInfoPriority, [“My_LDAP”] );

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘1.1.1.1’,
‘user’ => 'rtbinduser@domain.server
',
‘pass’ => ‘rtbinduserpw’,
‘base’ => ‘ou=Dom Users,ou=Company
AD,dc=domain,dc=server’,

            'attr_match_list' => [
                    'Name',
                    'EmailAddress',
            ],
            'attr_map' => {
                    'Name' => 'sAMAccountName',
                    'EmailAddress' => 'mail',
                    'Organization' => 'physicalDeliveryOfficeName',
                    'RealName' => 'cn',
                    'ExternalAuthId' => 'sAMAccountName',
                    'Gecos' => 'sAMAccountName',
                    'WorkPhone' => 'telephoneNumber',
                    'Address1' => 'streetAddress',
                    'City' => 'l',
                    'State' => 'st',
                    'Zip' => 'postalCode',
                    'Country' => 'co'
                    },
            },
    } );

I start the RT using it’s own server : /opt/rt4/sbin/rt-server --port
8080
Page loads in the browser and I can log in as root but when I try to log
in using AD account I see in the logs:

[warning]: Use of uninitialized value $filter in concatenation (.) or
string at

/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm

line 453.

(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)

I have been digging through google and the LDAP.pm without success. When
I messed with the ‘base’ value error changed:

[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at

/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm

line 453.

(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)

[25778] [Mon Apr 20 08:55:33 2015] [error]: Can’t call method
“as_string” on an undefined value at

/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm

line 357.

Stack:

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]

[/opt/rt4/sbin/…/lib/RT/User.pm:141]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]

[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]

[/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/…/lib/RT/Interface/Web/Handler.pm:208)

Any suggestions to a right direction are welcome.

PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided
to use something “simpler”. :smiley:


Indrek


Jeff Blaine
kickflop.net
PGP/GnuPG Key ID: 0x0C8EDD02