RT::Authen::ExternalAuth Installed need Help

Good Morning all

I’ve installed the External Auth Plugin for our RT System.

But now i have no clue how to tackle it.

My Knowledge about SSO is really really limited

So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?

it would be really nice

best regards john

View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993192.html

Hi John,
you talk about SSO but it’s not clear from what you say if you either
want authentication based on

  • SSO
  • LDAP
  • SSO using LDAP

Can you please clarify?On 23/02/11 08:55, john s. wrote:

Good Morning all

I’ve installed the External Auth Plugin for our RT System.

But now i have no clue how to tackle it.

My Knowledge about SSO is really really limited

So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?

it would be really nice

best regards john

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Hello Guiseppe

I don’t exactly what I’m talking about … so I’LL describe in which way
should it work

The Authentification Server is an ActiveDirectory on an Windows2008 Server

so if you Logged in in the Main network system with username and Password
you have automallically

access to the rt interface without double authentification

in fact … the AD server should handle the Authentification to the RT
-Server

maybe if it’s fail an fallback to RT Authentifiaction would be nice but at
the moment it isn’t necessary.

An other option is to make the authentification from AD to Apache … so
this would be fit too.

like i said my background knowledge at this sector is very small

best regards john

Giuseppe Sollazzo-2 wrote:

Hi John,
you talk about SSO but it’s not clear from what you say if you either
want authentication based on

  • SSO
  • LDAP
  • SSO using LDAP

Can you please clarify?

Good Morning all

I’ve installed the External Auth Plugin for our RT System.

But now i have no clue how to tackle it.

My Knowledge about SSO is really really limited

So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?

it would be really nice

best regards john


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993406.html

i think this is sso per ldap to rt
or ldap to apache

View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993957.html

Hi John,
what you can do is either to plug AD authentication into RT, or to use a
SSO solution (such as CAS).

Give this a look: http://blank.org/memory/output/rt-ad-sso.html

Regards,
GiuseppeOn 23/02/11 10:59, john s. wrote:

i think this is sso per ldap to rt
or ldap to apache

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Hm… this article sounds like a little bit outdated … is this the proper
to get an solid sso via ad solution?

Another thing :

Is it normal that the apache2 server doesnt 't start anymore after i 've
installed the perl module RT::Authen::ExternalAuth ? … Remember nothing
is configured yet

Here is the error :

[Wed Feb 23 12:05:05 2011] [error] Can’t locate Net/LDAP.pm in @INC (@INC
contains: /opt/rt3/bin/…/local/lib
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/…/lib
/etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
/usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
/usr/local/lib/site_perl . /etc/apache2) at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation failed
in require at (eval 113) line 3.\n\t…propagated at
/usr/share/perl/5.10/base.pm line 93.\nBEGIN failed–compilation aborted at
/opt/rt3/bin/…/lib/RT/CurrentUser.pm line 96.\nCompilation failed in
require at /opt/rt3/bin/…/lib/RT.pm line 505.\nCompilation failed in
require at (eval 2) line 1.\n
[Wed Feb 23 12:05:05 2011] [error] Can’t load Perl file:
/opt/rt3/bin/webmux.pl for server localhost:80, exiting…

Giuseppe Sollazzo-2 wrote:

Hi John,
what you can do is either to plug AD authentication into RT, or to use a
SSO solution (such as CAS).

Give this a look: http://blank.org/memory/output/rt-ad-sso.html

Regards,
Giuseppe

i think this is sso per ldap to rt
or ldap to apache


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

best regards john
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994494.html

I have fixed my problem the perl module Net::LDAP was missing godsake now
RT is still running

but i think i’m tying to use these module

i must reading some background knowledge if i finished … i come back to
this thread
and ask some questions one more

john s. wrote:

Hm… this article sounds like a little bit outdated … is this the
proper way to get an solid solution based on sso via ad?

Another thing :

Is it normal that the apache2 server doesnt 't start anymore after i 've
installed the perl module RT::Authen::ExternalAuth ? … Remember nothing
is configured yet

Here is the error :

[Wed Feb 23 12:05:05 2011] [error] Can’t locate Net/LDAP.pm in @INC (@INC
contains: /opt/rt3/bin/…/local/lib
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/…/lib
/etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
/usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
/usr/local/lib/site_perl . /etc/apache2) at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nBEGIN failed–compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation
failed in require at (eval 113) line 3.\n\t…propagated at
/usr/share/perl/5.10/base.pm line 93.\nBEGIN failed–compilation aborted
at /opt/rt3/bin/…/lib/RT/CurrentUser.pm line 96.\nCompilation failed in
require at /opt/rt3/bin/…/lib/RT.pm line 505.\nCompilation failed in
require at (eval 2) line 1.\n
[Wed Feb 23 12:05:05 2011] [error] Can’t load Perl file:
/opt/rt3/bin/webmux.pl for server localhost:80, exiting…

Giuseppe Sollazzo-2 wrote:

Hi John,
what you can do is either to plug AD authentication into RT, or to use a
SSO solution (such as CAS).

Give this a look: http://blank.org/memory/output/rt-ad-sso.html

Regards,
Giuseppe

i think this is sso per ldap to rt
or ldap to apache


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

best regards john
View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994952.html

An other option is to make the authentification from AD to Apache … so
this would be fit too.

You could also authenticate directly to the AD server using Kerberos and/or
LDAP.

* mod_auth_kerb - http://modauthkerb.sourceforge.net/
* mod_auth_ldap -

http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html

To make the Kerberos setup a snap, Likewise Open is nice–“Open” is their
free product. http://www.likewise.com/

This should also allow for pass-through authentication using any modern
browser, provided the clients’ computer logon name and password matches that
of their AD credentials.

I don’t exactly what I’m talking about … so I’LL describe in which way
should it work

The Authentification Server is an ActiveDirectory on an Windows2008 Server

so if you Logged in in the Main network system with username and Password
you have automallically

access to the rt interface without double authentification

in fact … the AD server should handle the Authentification to the RT
-Server

maybe if it’s fail an fallback to RT Authentifiaction would be nice but at
the moment it isn’t necessary.

An other option is to make the authentification from AD to Apache … so
this would be fit too.

like i said my background knowledge at this sector is very small

You sound like you’re describing SPNEGO, which isn’t what
RT-Authen-ExternalAuth provides. Folks normally use mod_auth_kerb or
one of the commercial versions of that module to accomplish it.

-kevin