RT::Authen::ExternalAuth

We had to set MaxPageSize on the DC we were querying. There is a default MaxPageSize of 1000 records, meaning you can only query 1000 records at a time. You can change it on the DC though to whatever View and set Lightweight Directory Access Protocol (LDAP) policy with Ntdsutil - Windows Server | Microsoft Learn

It was dying for me as well until we changed that. Cron runs it now.

Jason Ledford
Systems Analyst
The Biltmore Company
One North Pack Square
Asheville, NC 28801
(828) 225-6127From: rt-users-bounces@lists.bestpractical.com [rt-users-bounces@lists.bestpractical.com] On Behalf Of Peter Barton [PBarton@iesi.com]
Sent: Wednesday, September 01, 2010 6:13 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT::Authen::ExternalAuth

After I wrote this email earlier I did some searches and found the
LDAPImport script. I have messed with it all day and now have it
working pretty reliably. I have two questions though.

1. If I try to search from the top of my AD Tree the script crashes and
   says the search is too large, so I am forced to run this multiple times
   and refine my baseDN each time. Anyone know of a way to increase the
   size of the search so I can do my entire tree each night?

2. I have Custom Fields added to my user information ( Manager, Title )
   and I was wondering if the LDAPImport script can import into the custom
   fields?

Thanks for any help,

Peter Barton

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year – Learn how to get the most out of RT!

We had to set MaxPageSize on the DC we were querying. There is a default MaxPageSize of 1000 records, meaning you can only query 1000 records at a time. You can change it on the DC though to whatever View and set Lightweight Directory Access Protocol (LDAP) policy with Ntdsutil - Windows Server | Microsoft Learn

It was dying for me as well until we changed that. Cron runs it now.

Alternatively, you could modify the LDAP import script to use
Net::LDAP::Control::Paged.

Cheers,
Dominic.

Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford

signature.asc (197 Bytes)

Hello everyone, i have a problem with RT::Authen::ExternalAuth plugin

I get this error:

[error]
Can’t locate RT/Authen/ExternalAuth.pm in @INC (@INC contains:
/usr/local/lib/rt3/lib /usr/lib/perl5/vendor_perl/5.10.0
/usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
/usr/local/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi
/usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl . /etc/httpd) at
/usr/lib/perl5/vendor_perl/5.10.0/RT.pm line 627.\nCompilation failed in
require at (eval 2) line 1.\n[error] Can’t load Perl file: /usr/sbin/webmux.pl for server example:80, exiting…

I have installed the plugin manually from source.

This is the external authentication config in RT_SiteConfig.pm

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [ ‘My_LDAP’,# ‘My_MySQL’,# ‘My_SSO_Cookie’ ]);

Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);Set($ExternalSettings, { # AN EXAMPLE DB SERVICE

‘My_LDAP’ => { ‘type’ => ‘ldap’,‘server’ => ‘exampler’, ‘user’ => ‘user’, ‘pass’ => ‘xxxxxx’, ‘base’ => ‘ou=Users,Groups,dc=example,dc=com,dc=mk’, ‘net_ldap_args’ => [ version => 3 ], ‘filter’ => ‘(sAMAccountName=%u)’, ‘d_filter’ => ‘(&(objectCategory=person)(objectClass=user))’, ‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ‘RealName’,# ‘WorkPhone’,# ‘Address2’ ], ‘attr_map’ => { ‘Name’ => ‘sAMAccountName’, ‘EmailAddress’ => ‘mail’, ‘RealName’ => ‘cn’, ‘Organization’ => ‘physicalDeliveryOfficeName’, } }, });

thanks

http://mail.secureroot.com/ - free mailbox for hackers and geeks

Hi there,you’ve probably checked this already but… have you installed RT::Authen::ExternalAuth with cpan or any other means?

Giuseppe

On 03/02/11, “Mr.Taske” <taske@secureroot.com> wrote:

Hello everyone, i have a problem with RT::Authen::ExternalAuth plugin

I get this error:

[error] Can’t locate RT/Authen/ExternalAuth.pm in @INC (@INC contains: /usr/local/lib/rt3/lib /usr/lib/perl5/vendor_perl/5.10.0 /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl . /etc/httpd) at /usr/lib/perl5/vendor_perl/5.10.0/RT.pm line 627.\nCompilation failed in require at (eval 2) line 1.\n[error] Can’t load Perl file: /usr/sbin/webmux.pl for server example:80, exiting…

I have installed the plugin manually from source.

This is the external authentication config in RT_SiteConfig.pm

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [ ‘My_LDAP’,# ‘My_MySQL’,# ‘My_SSO_Cookie’ ]);

Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 0);Set($ExternalSettings, { # AN EXAMPLE DB SERVICE

‘My_LDAP’ => { ‘type’ => ‘ldap’,‘server’ => ‘exampler’, ‘user’ => ‘user’, ‘pass’ => ‘xxxxxx’, ‘base’ => ‘ou=Users,Groups,dc=example,dc=com,dc=mk’, ‘net_ldap_args’ => [ version => 3 ], ‘filter’ => ‘(sAMAccountName=%u)’, ‘d_filter’ => ‘(&(objectCategory=person)(objectClass=user))’, ‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ‘RealName’,# ‘WorkPhone’,# ‘Address2’ ], ‘attr_map’ => { ‘Name’ => ‘sAMAccountName’, ‘EmailAddress’ => ‘mail’, ‘RealName’ => ‘cn’, ‘Organization’ => ‘physicalDeliveryOfficeName’, } }, });

thanks

---

---

http://mail.secureroot.com/ - free mailbox for hackers and geeks

Giuseppe Sollazzo

Senior Systems Analyst

Computing Services

Information Services

St. George’s, University Of London

Cranmer Terrace

London SW17 0RE

Email: gsollazz@sgul.ac.uk

Direct Dial: +44 20 8725 5160

Fax: +44 20 8725 3583

This means that RT::Authen::ExternalAuth can not be found in your
path. You say you installed this from source. Did you install it in
your path (which is listed here)? If not, you need to either move it
(or reinstall it) somewhere in that path, OR add its location to your
path for the user (likely apache, www-data, nobody) which is invoking
it.

– HughOn Thu, 3 Feb 2011 06:01:24 -0800 “Mr.Taske” taske@secureroot.com wrote:

[error] Can’t locate RT/Authen/ExternalAuth.pm in @INC (@INC contains: /usr/local/lib/rt3/lib /usr/lib/perl5/vendor_perl/5.10.0 /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl . /etc/httpd) at /usr/lib/perl5/vendor_perl/5.10.0/RT.pm line 627.\nCompilation failed in require at (eval 2) line 1.\n
[error] Can’t load Perl file: /usr/sbin/webmux.pl for server example:80, exiting…

Hugh Esco
skype: hresco3_ ; 678-921-8186
http://www.CampaignFoundations.com/
Providing Application Hosting,
Telephony and IT Development Services
to Green Candidates, Green Parties and
the non profits working for a just and sustainable future.

if( $insurance->rationing() ) { $people->die(); }

FYISubject: Re: [rt-users] RT::Authen::ExternalAuth [SOLVED]
Date: Fri, 04 Feb 2011 00:43:56 -0800
From: Mr.Taske taske@secureroot.com
Reply-To: taske@secureroot.com
To: Giuseppe Sollazzo gsollazz@sgul.ac.uk

Coping /usr/local/lib/rt3/plugins/RT-Authen-ExternalAuth/lib/* to
/usr/local/lib/rt3/lib solved the problem.

Thanks for the help.

— gsollazz@sgul.ac.uk wrote:

From: Giuseppe Sollazzo gsollazz@sgul.ac.uk
To: taske@secureroot.com
Subject: Re: [rt-users] RT::Authen::ExternalAuth
Date: Thu, 03 Feb 2011 15:14:15 +0000 (GMT)

Hi there,
unfortunately I’m not a perl expert and this looks like a perl error.
Basically, the problem is that @INC (that is your “include path” of
perl) does not contain the required ExternalAuth library.
This usually mean that you’ve installed it in a path that is not part of
any of the paths in @INC.
As Hugh Esco suggest in the mailing list, you will just need to
reinstall/move ExternalAuth to a path in the @INC and it should work.

Best wishes,
Giuseppe

I think somehow i managed to work but for very short. Dont know how
it worked?? First added this line
perl -c
/usr/local/lib/rt3/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
restart httpd and failed to start
then, i removed and add this line
perl -l
/usr/local/lib/rt3/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
but also failed to start
then removed the line, restart httpd and it started.
When tried to log in i get an error:

[error]: FAILED LOGIN for user from ip_address
(/usr/share/rt3/html/autohandler:268)
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't
bind: LDAP_INVALID_CREDENTIALS 49
(/usr/local/lib/rt3/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)

i tried to change credentials due to the error but the httpd woht
start again. Get the same error Can't locate
RT/Authen/ExternalAuth.pm in @INC...

Strange?

--- gsollazz@sgul.ac.uk wrote:

From: Giuseppe Sollazzo <gsollazz@sgul.ac.uk>
To: taske@secureroot.com
Subject: Re: [rt-users] RT::Authen::ExternalAuth
Date: Thu, 03 Feb 2011 14:41:38 +0000 (GMT)


 >
 > # perl -e 'use RT::Authen::ExternalAuth;'
 > Can't locate RT/Authen/ExternalAuth.pm in @INC (@INC contains:
/usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
/usr/local/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5/site_perl .) at -e line 1.
 > BEGIN failed--compilation aborted at -e line 1.
 >
 >

Uhm I think PERL's missing some imports, specifically those from RT
which you should see in @INC. For example, you might need to set
correctly the PERL5LIB/PERLLIB environmental variable to also
contain (in my case) /opt/rt3/lib.
Look here: http://perldoc.perl.org/lib.html

Giuseppe


 > --- gsollazz@sgul.ac.uk wrote:
 >
 > From: Giuseppe Sollazzo <gsollazz@sgul.ac.uk>
 > To: taske@secureroot.com
 > Subject: Re: [rt-users] RT::Authen::ExternalAuth
 > Date: Thu, 03 Feb 2011 14:29:14 +0000 (GMT)
 >
 > What does
 >
 > perl -e 'use RT::Authen::ExternalAuth;'
 >
 > reports?
 >
 > Giuseppe
 >

 > >
 > >
 > > Yes I have tried that one to. Thanks
 > >
 > > --- gsollazz@sgul.ac.uk wrote:
 > >
 > > From: Giuseppe Sollazzo <gsollazz@sgul.ac.uk>
 > > To: taske@secureroot.com, rt-users@lists.bestpractical.com
 > > Subject: Re: [rt-users] RT::Authen::ExternalAuth
 > > Date: Thu, 03 Feb 2011 14:08:37 +0000 (GMT)
 > >
 > >
 > >
 > > Hi there,
 > > you've probably checked this already but... have you installed
RT::Authen::ExternalAuth with cpan or any other means?
 > >
 > > Giuseppe
 > >

 > > >
 > > >
 > > >
 > > > Hello everyone, i have a problem
with RT::Authen::ExternalAuth plugin
 > > >
 > > >
 > > > I get this error:
 > > >
 > > >
 > > >
 > > > [error] Can't locate RT/Authen/ExternalAuth.pm in @INC (@INC
contains: /usr/local/lib/rt3/lib /usr/lib/perl5/vendor_perl/5.10.0
/usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi
/usr/local/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5/site_perl . /etc/httpd) at
/usr/lib/perl5/vendor_perl/5.10.0/RT.pm line 627.\nCompilation
failed in require at (eval 2) line 1.\n
 > > > [error] Can't load Perl file: /usr/sbin/webmux.pl for server
example:80, exiting...
 > > >
 > > >
 > > > I have installed the plugin manually from source.
 > > >
 > > >
 > > > This is the external authentication config in RT_SiteConfig.pm
 > > >
 > > >
 > > > Set( @Plugins, qw(RT::Authen::ExternalAuth) );
 > > >
 > > >
 > > > Set($ExternalAuthPriority,      [   'My_LDAP',
 > > > #                                       'My_MySQL',
 > > > #                                'My_SSO_Cookie'
 > > >                                 ]
 > > > );
 > > >
 > > >
 > > > Set($ExternalInfoPriority,  [  'My_LDAP'
 > > >                             ]
 > > > );
 > > >
 > > >
 > > > Set($ExternalServiceUsesSSLorTLS,    0);
 > > >
 > > >
 > > > Set($AutoCreateNonExternalUsers,    0);
 > > > Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
 > > >
 > > >
 > > >                                 'My_LDAP'       =>  {
 > > >                                 'type'                    
  =>  'ldap',
 > > > 'server'                    =>  'exampler',
 > > >
 > > >                                 'user'                    
  =>  'user',
 > > >                                 'pass'                    =>
  'xxxxxx',
 > > >                                 'base'                    
  =>  'ou=Users,Groups,dc=example,dc=com,dc=mk',
 > > >                                 'net_ldap_args'            
=> [    version =>  3   ],
 > > >                                 'filter' =>
'(sAMAccountName=%u)',
 > > >                                 'd_filter' =>
'(&(objectCategory=person)(objectClass=user))',
 > > >                                 'attr_match_list'          
=> [    'Name',
 > > >                                                             
        'EmailAddress',
 > > >                                                             
        'RealName',
 > > > #                                                            
        'WorkPhone',
 > > > #                                                            
        'Address2'
 > > >                                                             
                        ],
 > > >                                 'attr_map'                
  =>  {   'Name' => 'sAMAccountName',
 > > >                                 'EmailAddress' => 'mail',
 > > >                                 'RealName' => 'cn',
 > > >                                 'Organization' =>
'physicalDeliveryOfficeName',
 > > >                                                                 }
 > > >                                                     },
 > > >                                 }
 > > > );
 > > >
 > > >
 > > >
 > > >
 > > > thanks
 > > >
 > > > ---
 > > > http://mail.secureroot.com/ (http://mail.secureroot.com/)
<http://mail.secureroot.com/%29> - free mailbox for hackers and geeks
 > >
 > >
 > > --
 > >
 > > Giuseppe Sollazzo
 > > Senior Systems Analyst
 > > Computing Services
 > > Information Services
 > > St. George's, University Of London
 > > Cranmer Terrace
 > > London SW17 0RE
 > >
 > > Email: gsollazz@sgul.ac.uk
 > > Direct Dial: +44 20 8725 5160
 > > Fax: +44 20 8725 3583
 > >
 > >
 > > ---
 > > http://mail.secureroot.com/ (http://mail.secureroot.com/)
<http://mail.secureroot.com/%29> - free mailbox for hackers and geeks
 >
 >
 > --
 >
 > Giuseppe Sollazzo
 > Senior Systems Analyst
 > Computing Services
 > Information Services
 > St. George's, University Of London
 > Cranmer Terrace
 > London SW17 0RE
 >
 > Email: gsollazz@sgul.ac.uk
 > Direct Dial: +44 20 8725 5160
 > Fax: +44 20 8725 3583
 >
 >
 >
 >
 >
 >
 > _____________________________________________________________
 > ---
 > http://mail.secureroot.com/ (http://mail.secureroot.com/)
<http://mail.secureroot.com/%29> - free mailbox for hackers and geeks



Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583






http://mail.secureroot.com/ - free mailbox for hackers and geeks

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

http://mail.secureroot.com/ - free mailbox for hackers and geeks

FYI

Coping /usr/local/lib/rt3/plugins/RT-Authen-ExternalAuth/lib/* to
/usr/local/lib/rt3/lib solved the problem.

This implies you never set your @Plugins up correctly.

-kevin