Rt3 - LookupExternalUserInfo and LDAP auth

Attached is a file User_Local.pm Drop is it to yout /opt/rt3/lib/RT
directory, read the top of the file. This is a modification from (I think)
Marcelo Bartsch, I just had to make a few changes to work on my system,
basically tries a local auth, then an LDAP auth, hopefully there is not
any security issue from what I have done, but if there is I hope someone
spots it. Not extensivley tested in rt3. But so far seems to be ok for me.

I have rt2 getting information from LDAP when someone sends an email to
rt, they were lookedup in LDAP and the username in LDAP associated with
the email address in their account - basically it patched
LookupExternalUserInfo.

I have tried to do the same thing in rt3, but fouind that the
Auth::MailFrom seems to do it’s own thing (has it’s own GetCurrentUser(?)
that never makes use of the LookupExternalUserInfo. I have tried to create
a Auth::LDAPMail Module, but have not had much luck. Has anyone else got
this sort of thing happening in rt3 yet? I only want people who use the
system to be imported so rt-import.pl is not what I am after (although it
does not take match to get that owkring with rt3 - I tested that too).

ANyone with anyideas?

Thanks,

Stewart

User_Local.pm (3.25 KB)

Attached is a file User_Local.pm Drop is it to yout /opt/rt3/lib/RT
directory, read the top of the file.

Hello Stewart,
with rt-3.0.0rc3, I get the following error when trying to log in as
root:

System error
error: RT::User::Privileged Unimplemented in RT::CurrentUser.
(/opt/rt3/lib/RT/CurrentUser.pm line 283)
context:

277: }
278:
279: # All errors returned from this routine will be in exception form.
280: local $SIG{‘DIE’} = sub {
281: rethrow_exception( $_[0] );
282: };
283:
284: #
285: # $m is a dynamically scoped global containing this

code stack: /usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Request.pm:281
/usr/lib/perl5/site_perl/5.8.0/DBIx/SearchBuilder/Record.pm:458
/opt/rt3/lib/RT/CurrentUser.pm:283
/opt/rt3/share/html/autohandler:139

and the following when trying to log in as a user who exists locally
and in the database:

(local password)
error: RT::User::PrincipalObj Unimplemented in RT::User.
(/opt/rt3/lib/RT/User_Local.pm line 29)
context:

277: }
278:
279: # All errors returned from this routine will be in exception form.
280: local $SIG{‘DIE’} = sub {
281: rethrow_exception( $_[0] );
282: };
283:
284: #
285: # $m is a dynamically scoped global containing this

code stack: /usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Request.pm:281
/usr/lib/perl5/site_perl/5.8.0/DBIx/SearchBuilder/Record.pm:458
/opt/rt3/lib/RT/User_Local.pm:29
/opt/rt3/lib/RT/CurrentUser.pm:267
/opt/rt3/share/html/autohandler:121

(ldap password)
System error
error: RT::User::Privileged Unimplemented in RT::CurrentUser.
(/opt/rt3/lib/RT/CurrentUser.pm line 283)
context:

277: }
278:
279: # All errors returned from this routine will be in exception form.
280: local $SIG{‘DIE’} = sub {
281: rethrow_exception( $_[0] );
282: };
283:
284: #
285: # $m is a dynamically scoped global containing this

code stack: /usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Request.pm:281
/usr/lib/perl5/site_perl/5.8.0/DBIx/SearchBuilder/Record.pm:458
/opt/rt3/lib/RT/CurrentUser.pm:283
/opt/rt3/share/html/autohandler:139

any hints?

Regards,
Harald

Harald Wagener * FCB/Wilkens * An der Alster 42 * 20099 Hamburg

Bizarre,

I had absolutley no issues with it here when I moved to rc3. (Only this
morning).

I should have mentioned in the email that it only passes authentication to
LDAP, so the local username and LDAP username should match.

However, locally I was able to login with a local rt3 account and a LDAP
account that had an entry in rt3 without a problem. I was of course
rejected when I tried to use a username that did not have an entry in rt3.

I have to ask, do you have any errors when you don;t have User_Local.pm
installed?

I am at a little bit of a loss on this one at the moment - makes it
especially hard when I can replicate the error. Keep me informed and I
will do my best to help.

CHeers,

Stewart

Bizarre,

indeed (see below)

I had absolutley no issues with it here when I moved to rc3. (Only this
morning).

[snip]

I have to ask, do you have any errors when you don;t have User_Local.pm
installed?

It worked before. I removed User_Local.pm and it stopped working. I did
a ‘make upgrade && make fixperms’ from the rc3 installation directory
and normal auth worked again. I then dropped User_Local.pm into
/opt/rt3/lib/RT and lo and behold - LDAP auth works again.

I don’t know what freaked out, but it was certainly an error on my side.

Thanks for Your effort and help!

Regards,
Harald

Harald Wagener * FCB/Wilkens * An der Alster 42 * 20099 Hamburg