RT::User::ExternalAuthId Unimplemented in RT::Record

RT Users
1

Hello,

I am trying to get RT to pull in users from my local active directory and use AD for auth. Meaning when I change a user’s password in AD it should reflect the change in RT. I’m running RT 4.4.1. Currently, when I run the import I get the following error:

[root@Servername myuser]# /opt/rt4/sbin/rt-ldapimport --import --debug
[51270] [Thu Feb 2 19:56:59 2017] [warning]: RT::Authen::ExternalAuth has been cored since RT 4.4, please check the upgrade document for more details (/opt/rt4/sbin/…/lib/RT.pm:748)
[51270] [Thu Feb 2 19:57:00 2017] [warning]: RT::Authen::ExternalAuth has been cored since RT 4.4, please check the upgrade document for more details (/opt/rt4/sbin/…/lib/RT.pm:748)
Starting import
[51270] [Thu Feb 2 19:57:00 2017] [critical]: RT::User::ExternalAuthId Unimplemented in RT::Record. (/opt/rt4/sbin/…/lib/RT/Record.pm line 958) (/opt/rt4/sbin/…/lib/RT.pm:390)
RT::User::ExternalAuthId Unimplemented in RT::Record. (/opt/rt4/sbin/…/lib/RT/Record.pm line 958)

Here is my RT_SiteConfig.pm:

Plugin(‘RT::Extension::LDAPImport’);
Plugin(‘RT::Authen::ExternalAuth’);

Uncomment for debug

#Set($LogToSyslog, ‘debug’);

Set( $CommentAddress, ‘ithelpdesk@mydomain.com’ );
Set( $CorrespondAddress, ‘ithelpdesk@mydomain.com’ );

Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘srv_rtir’ );

Set( $Organization, ‘’ );
Set( $OwnerEmail, ‘ithelpdesk@mydomain.com’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘tracker.mydomain.local’ );
Set( $WebPort, ‘8080’ );
Set( $rtname, ‘Mydomain-Tracker’ );

to fix that annoying error that the sites dont match

Set(@ReferrerWhitelist, qw(tracker.mydomain.local:8080));

LDAP Authentication

Set( @Plugins, qw(RT::Extension::LDAPImport));
Set( @Plugins, qw(RT::Authen::ExternalAuth));

LDAP user import

Set($LDAPHost,‘mydomain.local’);
Set($LDAPUser, ‘mydomain\LDAPUser’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘CN=Users,DC=mydomain,DC=local’);
Set($LDAPFilter, ‘(&(objectCategory=person))’);

Set($LDAPMapping, {

    Name            => 'sAMAccountName',

    EmailAddress    => 'mail',

    Organization    => 'department',

    RealName        => 'cn',

    NickName        => 'givenName',

    ExternalAuthId  => 'sAMAccountName',

    Gecos           => 'sAMAccountName',

    WorkPhone       => 'telephoneNumber',

    MobilePhone     => 'mobile',

    Address1        => 'streetAddress',

    City            => 'l',

    State           => 'st',

    Zip             => 'postalCode',

    Country         => 'co'

});

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);

LDAP GROUP IMPORT AND MAPPINGS

Set($LDAPGroupMapping, {Name => ‘cn’,

                    Member_Attr             => 'member',

                    Member_Attr_Value       => 'dn'});

#OU/basedn location of groups

Set($LDAPGroupBase, ‘ou=users,dc=mydomain,dc=local’);

LDAP GROUP FILTERING

Set($LDAPGroupFilter, ‘(|(cn=Domain Users)(cn=Technical Operations)(cn=Management))’);

LDAP Authentication

Use the below LDAP source for both authentication, as well as user

# information

Set( $ExternalAuthPriority, ["My_LDAP"] );

Set( $ExternalInfoPriority, ["My_LDAP"] );



# Make users created from LDAP Privileged

Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );



# Users should still be autocreated by RT as internal users if they

# fail to exist in an external service; this is so requestors (who

# are not in LDAP) can still be created when they email in.

Set($AutoCreateNonExternalUsers, 1);

Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for

# further details and examples

Set($ExternalSettings, {

    'My_LDAP'       =>  {

        'type'             =>  'ldap',

        'server'           =>  'internalIpAddress',

        # By not passing 'user' and 'pass' we are using an anonymous

        # bind, which some servers to not allow

        'base'             =>  'ou=Users,dc=mydomain,dc=local',

        'filter'           =>  '(objectClass=inetOrgPerson)',

        # Users are allowed to log in via email address or account

        # name

        'attr_match_list'  => [

            'Name',

            'EmailAddress',

        ],

        # Import the following properties of the user from LDAP upon

        # login

        'attr_map' => {

            'Name'         => 'sAMAccountName',

            'EmailAddress' => 'mail',

            'RealName'     => 'cn',

            'WorkPhone'    => 'telephoneNumber',

            'Address1'     => 'streetAddress',

            'City'         => 'l',
            'State'        => 'st',

            'Zip'          => 'postalCode',

            'Country'      => 'co',

        },

    },

} );

1;

Daniel Burchfield - Senior IT Systems Administrator
1590 University Avenue [cid:image002.jpg@01CEFB23.2CA2B190] Dubuque, IA 52001
Office 563-588-8748 ext. 1001 [cid:image002.jpg@01CEFB23.2CA2B190] Toll Free 888-884-6331 ext. 1001
Office (direct): 563-293-8060 [cid:image002.jpg@01CEFB23.2CA2B190] Mobile 563-564-7074

[MedOne_Email_Signature]

The information contained in this message is confidential and intended for the addressee only. If you have received this message in error, or there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden.

1 Like
2

I am trying to get RT to pull in users from my local active directory
and use AD for auth. Meaning when I change a user’s password in AD it
should reflect the change in RT. I’m running RT 4.4.1. Currently,
when I run the import I get the following error:

Set($LDAPMapping, {
Name => ‘sAMAccountName’,
EmailAddress => ‘mail’,
Organization => ‘department’,
RealName => ‘cn’,
NickName => ‘givenName’,
ExternalAuthId => ‘sAMAccountName’,

This is the culprit line – this column was removed in RT 4.4. Remove
this line from your configuration, and it should resolve the issue.

  • Alex
1 Like
3

That got rid of the error. Thanks.

Now I am having trouble getting RT to check active directory for passwords. Is there something else I need to add to my config?

Plugin(‘RT::Extension::LDAPImport’);
Plugin(‘RT::Authen::ExternalAuth’);

Uncomment for debug

#Set($LogToSyslog, ‘debug’);

Set( $CommentAddress, ‘ithelpdesk@mydomain.com’ );
Set( $CorrespondAddress, ‘ithelpdesk@ mydomain.com’ );

Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘srv_rtir’ );

Set( $Organization, ‘’ );
Set( $OwnerEmail, ‘ithelpdesk@ mydomain.com’ );
Set( $SendmailPath, ‘/usr/sbin/sendmail’ );
Set( $WebDomain, ‘tracker. mydomain.local’ );
Set( $WebPort, ‘8080’ );
Set( $rtname, ‘Medone-Tracker’ );

to fix that annoying error that the sites dont match

Set(@ReferrerWhitelist, qw(tracker. mydomain.local:8080));

LDAP Authentication

Set( @Plugins, qw(RT::Extension::LDAPImport));
Set( @Plugins, qw(RT::Authen::ExternalAuth));

LDAP user import

Set($LDAPHost,’ mydomain.local’);
Set($LDAPUser, ’ mydomain \LDAPUser’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘CN=Users,DC= mydomain,DC=local’);
Set($LDAPFilter, ‘(&(objectCategory=person))’);

Set($LDAPMapping, {

    Name            => 'sAMAccountName',

    EmailAddress    => 'mail',

    Organization    => 'department',

    RealName        => 'cn',

    NickName        => 'givenName',

    Gecos           => 'sAMAccountName',

    WorkPhone       => 'telephoneNumber',

    MobilePhone     => 'mobile',

    Address1        => 'streetAddress',

    City            => 'l',

    State           => 'st',

    Zip             => 'postalCode',

    Country         => 'co'

});

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);

LDAP GROUP IMPORT AND MAPPINGS

Set($LDAPGroupMapping, {Name => ‘cn’,

                    Member_Attr             => 'member',

                    Member_Attr_Value       => 'dn'});

#OU/basedn location of groups

Set($LDAPGroupBase, ‘ou=users,dc= mydomain,dc=local’);

LDAP GROUP FILTERING

Set($LDAPGroupFilter, ‘(|(cn=Domain Users)(cn=Technical Operations)(cn=Management))’);

LDAP Authentication

Use the below LDAP source for both authentication, as well as user

# information

Set( $ExternalAuthPriority, ["My_LDAP"] );

Set( $ExternalInfoPriority, ["My_LDAP"] );

# Make users created from LDAP Privileged

Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );



# Users should still be autocreated by RT as internal users if they

# fail to exist in an external service; this is so requestors (who

# are not in LDAP) can still be created when they email in.

Set($AutoCreateNonExternalUsers, 1);



# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for

# further details and examples

Set($ExternalSettings, {

    'My_LDAP'       =>  {

        'type'             =>  'ldap',

        'server'           =>  '10.0.2.10',

        # By not passing 'user' and 'pass' we are using an anonymous

        # bind, which some servers to not allow

        'base'             =>  'ou=Users,dc= mydomain,dc=local',

        'filter'           =>  '(objectClass=inetOrgPerson)',

        # Users are allowed to log in via email address or account

        # name

        'attr_match_list'  => [

            'Name',

            'EmailAddress',

        ],

        # Import the following properties of the user from LDAP upon

      # login

        'attr_map' => {

            'Name'         => 'sAMAccountName',

            'EmailAddress' => 'mail',

            'RealName'     => 'cn',

            'WorkPhone'    => 'telephoneNumber',

            'Address1'     => 'streetAddress',

            'City'         => 'l',

            'State'        => 'st',

            'Zip'          => 'postalCode',

            'Country'      => 'co',

        },

    },

} );

1;

Daniel Burchfield - Senior IT Systems Administrator
1590 University Avenue Dubuque, IA 52001
Office 563-588-8748 ext. 1001 Toll Free 888-884-6331 ext. 1001
Office (direct): 563-293-8060 Mobile 563-564-7074

The information contained in this message is confidential and intended for the addressee only. If you have received this message in error, or there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden.-----Original Message-----
From: Alex Vandiver [mailto:alex@chmrr.net]
Sent: Thursday, February 2, 2017 11:16 PM
To: Daniel Burchfield dburchfield@medonehs.com
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT::User::ExternalAuthId Unimplemented in RT::Record

On Thu, 2 Feb 2017 19:59:47 +0000 Daniel Burchfield dburchfield@medonehs.com wrote:

I am trying to get RT to pull in users from my local active directory
and use AD for auth. Meaning when I change a user’s password in AD it
should reflect the change in RT. I’m running RT 4.4.1. Currently, when
I run the import I get the following error:

Set($LDAPMapping, {
Name => ‘sAMAccountName’,
EmailAddress => ‘mail’,
Organization => ‘department’,
RealName => ‘cn’,
NickName => ‘givenName’,
ExternalAuthId => ‘sAMAccountName’,

This is the culprit line – this column was removed in RT 4.4. Remove this line from your configuration, and it should resolve the issue.

  • Alex
4

I also has not imported my groups.

Daniel Burchfield - Senior IT Systems Administrator
1590 University Avenue Dubuque, IA 52001
Office 563-588-8748 ext. 1001 Toll Free 888-884-6331 ext. 1001
Office (direct): 563-293-8060 Mobile 563-564-7074

The information contained in this message is confidential and intended for the addressee only. If you have received this message in error, or there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden.From: Daniel Burchfield
Sent: Tuesday, February 7, 2017 9:15 AM
To: ‘Alex Vandiver’ alex@chmrr.net
Cc: rt-users@lists.bestpractical.com
Subject: RE: [rt-users] RT::User::ExternalAuthId Unimplemented in RT::Record

That got rid of the error. Thanks.

Now I am having trouble getting RT to check active directory for passwords. Is there something else I need to add to my config?

Plugin(‘RT::Extension::LDAPImport’);
Plugin(‘RT::Authen::ExternalAuth’);

Uncomment for debug

#Set($LogToSyslog, ‘debug’);

Set( $CommentAddress, ‘ithelpdesk@mydomain.com’ ); Set( $CorrespondAddress, ‘ithelpdesk@ mydomain.com’ );

Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt4’ );
Set( $DatabasePassword, ‘password’ );
Set( $DatabasePort, ‘’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘srv_rtir’ );

Set( $Organization, ‘’ );
Set( $OwnerEmail, ‘ithelpdesk@ mydomain.com’ ); Set( $SendmailPath, ‘/usr/sbin/sendmail’ ); Set( $WebDomain, ‘tracker. mydomain.local’ ); Set( $WebPort, ‘8080’ ); Set( $rtname, ‘Medone-Tracker’ );

to fix that annoying error that the sites dont match Set(@ReferrerWhitelist, qw(tracker. mydomain.local:8080));

LDAP Authentication

Set( @Plugins, qw(RT::Extension::LDAPImport)); Set( @Plugins, qw(RT::Authen::ExternalAuth));

LDAP user import

Set($LDAPHost,’ mydomain.local’);
Set($LDAPUser, ’ mydomain \LDAPUser’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘CN=Users,DC= mydomain,DC=local’); Set($LDAPFilter, ‘(&(objectCategory=person))’);

Set($LDAPMapping, {

    Name            => 'sAMAccountName',

    EmailAddress    => 'mail',

    Organization    => 'department',

    RealName        => 'cn',

    NickName        => 'givenName',

    Gecos           => 'sAMAccountName',

    WorkPhone       => 'telephoneNumber',

    MobilePhone     => 'mobile',

    Address1        => 'streetAddress',

    City            => 'l',

    State           => 'st',

    Zip             => 'postalCode',

    Country         => 'co'

});

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);

LDAP GROUP IMPORT AND MAPPINGS

Set($LDAPGroupMapping, {Name => ‘cn’,

                    Member_Attr             => 'member',

                    Member_Attr_Value       => 'dn'});

#OU/basedn location of groups

Set($LDAPGroupBase, ‘ou=users,dc= mydomain,dc=local’);

LDAP GROUP FILTERING

Set($LDAPGroupFilter, ‘(|(cn=Domain Users)(cn=Technical Operations)(cn=Management))’);

LDAP Authentication

Use the below LDAP source for both authentication, as well as user

# information

Set( $ExternalAuthPriority, ["My_LDAP"] );

Set( $ExternalInfoPriority, ["My_LDAP"] );

# Make users created from LDAP Privileged

Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );



# Users should still be autocreated by RT as internal users if they

# fail to exist in an external service; this is so requestors (who

# are not in LDAP) can still be created when they email in.

Set($AutoCreateNonExternalUsers, 1);



# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for

# further details and examples

Set($ExternalSettings, {

    'My_LDAP'       =>  {

        'type'             =>  'ldap',

        'server'           =>  '10.0.2.10',

        # By not passing 'user' and 'pass' we are using an anonymous

        # bind, which some servers to not allow

        'base'             =>  'ou=Users,dc= mydomain,dc=local',

        'filter'           =>  '(objectClass=inetOrgPerson)',

        # Users are allowed to log in via email address or account

        # name

        'attr_match_list'  => [

            'Name',

            'EmailAddress',

        ],

        # Import the following properties of the user from LDAP upon

      # login

        'attr_map' => {

            'Name'         => 'sAMAccountName',

            'EmailAddress' => 'mail',

            'RealName'     => 'cn',

            'WorkPhone'    => 'telephoneNumber',

            'Address1'     => 'streetAddress',

            'City'         => 'l',

            'State'        => 'st',

            'Zip'          => 'postalCode',

            'Country'      => 'co',

        },

    },

} );

1;

Daniel Burchfield - Senior IT Systems Administrator
1590 University Avenue Dubuque, IA 52001
Office 563-588-8748 ext. 1001 Toll Free 888-884-6331 ext. 1001
Office (direct): 563-293-8060 Mobile 563-564-7074

The information contained in this message is confidential and intended for the addressee only. If you have received this message in error, or there are any problems, please notify the sender immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden.

5

This line is faulty:
ExternalAuthId => ‘sAMAccountName’,