RT - Oracle db authentication as secondary methode

Hi all, I am trying o configure RT-Authen-ExternalAuth, as per the documentation
with this I can see you can have more than one mode of authentication (LDAP, DB
etc).
Now my LDAP (AD) integration is fine, but what my issue now is to get RT to
authenticate against Oracle DB as its secondary authentication method, and I am
lost with this.

Following are my system details
OS – Redhat 5.4 (64bit)
Oracle – 10g2 (64bit)
RT - 3.8.8
Perl - v5.12.2)
Modules which are loaded:
DBD::Oracle
DBI

I have done the following configuration
Set($ExternalAuthPriority, [ ‘My_LDAP’, ‘My_Oracle’ ]);
Set($ExternalInfoPriority, [ ‘My_LDAP’, ‘My_Oracle’ ]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
‘My_Oracle’ => { ## GENERIC SECTION
# The type of service
(db/ldap/cookie)

‘type’ => ‘db’,
# The server hosting the
service

‘server’ => localhost,
## SERVICE-SPECIFIC
SECTION
# The database name

        'database'                  =>  'RT',
                                                    # The database table

‘table’ => ‘USERS’,
# The user to connect to
the database as

‘user’ => ‘rtdb1’,
# The password to use to
connect with

‘pass’ => ‘rtdb1secret’,
# The port to use to
connect with (e.g. 3306)

 'port'                      =>  '1521',
                                                    # The name of the Perl 

DBI driver to use (e.g. mysql)

‘dbi_driver’ => ‘Oracle’,
# The field in the table
that holds usernames

‘u_field’ => ‘NAME’,
# The field in the table
that holds passwords

‘p_field’ => ‘PASSWORD’,
# The Perl package &
subroutine used to encrypt passwords
# e.g. if the passwords
are stored using the MySQL v3.23 “PASSWORD”
# function, then you
will need Crypt::MySQL::password, but for the
# MySQL4+ password
function you will need Crypt::MySQL::password41
# Alternatively, you
could use Digest::MD5::md5_hex or any other
# encryption subroutine
you can load in your perl installation

‘p_enc_pkg’ => ‘Crypt::MySQL’,

‘p_enc_sub’ => ‘password’,
# If your p_enc_sub
takes a salt as a second parameter,
# uncomment this line to
add your salt

#‘p_salt’ => ‘SALT’,
# The field and values
in the table that determines if a user should
# be disabled. For
example, if the field is ‘user_status’ and the values
# are
[‘0’,‘1’,‘2’,‘disabled’] then the user will be disabled if their
# user_status is set to
‘0’,‘1’,‘2’ or the string ‘disabled’.
# Otherwise, they will
be considered enabled.

‘d_field’ => ‘disabled’,

‘d_values’ => [‘0’],
## RT ATTRIBUTE MATCHING
SECTION
# The list of RT
attributes that uniquely identify a user

‘attr_match_list’ => [ ‘GECOS’,

‘NAME’

],
# The mapping of RT
attributes on to field names

‘attr_map’ => { ‘Name’ => ‘NAME’,

‘EmailAddress’ => ‘EMAILADDRESS’,

‘ExternalAuthId’ => ‘NAME’,

                                                                              'Gecos'

=> ‘GECOS’

}
},
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => { ## GENERIC SECTION
# The type of service
(db/ldap/cookie)

‘type’ => ‘ldap’,

                                                       ……………………………………………….

With the above configuration, when I try to login to RT the IE displays
following message.
DBI connect(‘database=RT;host=myhost.exampal.com;port=1521’,‘rtdb1’,…) failed:
Can’t connect using this syntax without specifying a HOST and one of SID
INSTANCE_NAME SERVER SERVICE_NAME at
/usr/local/rt-3.8.8-ora/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
line 440

Thanks and Best Reagards

Hi all, I am trying o configure RT-Authen-ExternalAuth, as per the
documentation with this I can see you can have more than one mode of
authentication (LDAP, DB etc).

Now my LDAP (AD) integration is fine, but what my issue now is to get RT
to authenticate against Oracle DB as its secondary authentication
method, and I am lost with this.

You appear to be trying to have ExternalAuth authenticate against the RT
users table as a fallback. Don’t configure it that way, it’s dangerous
and unnecessary. ExternalAuth will automatically fallback to internal
RT users without any configuration. Just get rid of the My_Oracle bits
entirely.

Thomas

Hi Thomas, thanks for the reply, I have removed all that MY_Oracle from the
config file and its works.

But when I go to select users it dont list database only users (I can see all
the LDAP users)