RT::Authen::ExternalAuth using OpenLDAP on nginx

RT Users
1

Good Day to everyone

Ive been using RT for quite some time now, I’ve been trying to get
everything to work with nginx like Nagios, RT, whatnot…

The Problem I’m facing now is that the mason_handler.fcgi is Timing out
on nginx (weather I use 1 Process or more) whenever a LDAP user is
trying to login. User root can login without a problem (before the
mason_handler is going 100%).

USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
rt 42755 100.0 4.4 50308 45744 2 R+J 9:18PM 7:38.97
perl /usr/local/bin/mason_handler.fcgi (perl5.10.0)

This is basically a fresh Installation for now, no imports been done so
far.

Versions im using:

FreeBSD 8.0 Beta1
nginx-0.8.9
perl-5.10.0
RT-3.8.4
RT::Authen::ExternalAuth-0.08
OpenLDAP

Currently using RT_SiteConfig:
Set(@Plugins,qw(RT::Authen::ExternalAuth));

Set($WebBaseURL , “https://tracker.local”);
Set($WebPort, 443);
Set($LogDir, ‘/var/log’);
Set($LogToFile , ‘debug’);
Set($LogToScreen , ‘debug’);
Set($UseFriendlyFromLine , 0);
Set($DatabaseType , ‘Pg’);
Set($DatabaseHost , ‘dbhost’);
Set($DatabaseName , ‘rt3’);
Set($DatabaseRequireSSL , 1);
Set($UseSQLForACLChecks, 1);
Set($LoopsToRTOwner , 1);
Set($CanonicalizeRedirectURLs, 1);
Set($AutoCreate, 0);

Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘ldaphost’,
‘base’ => ‘dc=example,dc=com’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(objectClass=NONEEXISTANT)’,
‘tls’ => 1,
‘ssl_version’ => 3,
‘net_ldap_args’ => [version => 3 ],
‘attr_match_list’ => [‘Name’ ],‘attr_map’
=> {‘Name’ => ‘cn’}}}
);

The only Debug I get is the following (PGP hasn’t been configured
obviously):

[Sun Aug 23 20:53:24 2009] [debug]: RT’s GnuPG libraries couldn’t
successfully read your configured GnuPG home directory
(/var/run/rt38/data/gpg). PGP support has been disabled
(/usr/local/lib/perl5/site_perl/5.10.0/RT/Config.pm:380) [Sun Aug 23
20:53:43 2009] [debug]: Reloading RT::User to work around a bug in
RT-3.8.0 and RT-3.8.1
(/usr/local/share/rt38/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)

Would be nice if someone could give me any Hints on this.

Cheers
Tobias Lott

2

Good Day to everyone

Ive been using RT for quite some time now, I’ve been trying to get
everything to work with nginx like Nagios, RT, whatnot…

The Problem I’m facing now is that the mason_handler.fcgi is Timing
out on nginx (weather I use 1 Process or more) whenever a LDAP user is
trying to login. User root can login without a problem (before the
mason_handler is going 100%).

USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME
COMMAND rt 42755 100.0 4.4 50308 45744 2 R+J 9:18PM
7:38.97 perl /usr/local/bin/mason_handler.fcgi (perl5.10.0)

This is basically a fresh Installation for now, no imports been done
so far.

Versions im using:

FreeBSD 8.0 Beta1
nginx-0.8.9
perl-5.10.0
RT-3.8.4
RT::Authen::ExternalAuth-0.08
OpenLDAP

Currently using RT_SiteConfig:
Set(@Plugins,qw(RT::Authen::ExternalAuth));

Set($WebBaseURL , “https://tracker.local”);
Set($WebPort, 443);
Set($LogDir, ‘/var/log’);
Set($LogToFile , ‘debug’);
Set($LogToScreen , ‘debug’);
Set($UseFriendlyFromLine , 0);
Set($DatabaseType , ‘Pg’);
Set($DatabaseHost , ‘dbhost’);
Set($DatabaseName , ‘rt3’);
Set($DatabaseRequireSSL , 1);
Set($UseSQLForACLChecks, 1);
Set($LoopsToRTOwner , 1);
Set($CanonicalizeRedirectURLs, 1);
Set($AutoCreate, 0);

Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘ldaphost’,
‘base’ => ‘dc=example,dc=com’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ =>
‘(objectClass=NONEEXISTANT)’, ‘tls’ => 1,
‘ssl_version’ => 3,
‘net_ldap_args’ => [version => 3 ],
‘attr_match_list’ => [‘Name’ ],‘attr_map’
=> {‘Name’ => ‘cn’}}}
);

The only Debug I get is the following (PGP hasn’t been configured
obviously):

[Sun Aug 23 20:53:24 2009] [debug]: RT’s GnuPG libraries couldn’t
successfully read your configured GnuPG home directory
(/var/run/rt38/data/gpg). PGP support has been disabled
(/usr/local/lib/perl5/site_perl/5.10.0/RT/Config.pm:380) [Sun Aug 23
20:53:43 2009] [debug]: Reloading RT::User to work around a bug in
RT-3.8.0 and RT-3.8.1
(/usr/local/share/rt38/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)

Would be nice if someone could give me any Hints on this.

Cheers

I’ve tried github Stable (last commit
58efef36fa6655d44209e05a75d9bd93ff84e7da) now, but its still same
Behaviour, but got some more debug now:
http://pastebin.com/m6ba6a55e

Cheers

Tobias Lott