Hello, Testing 0.06 on RT 3.8.1, we are observing the same behaviour as Sean when a new user tries to log in.
The error message is: Can't call method "SetDisabled" on an undefined value at /opt/rt3pst/bin/../lib/RT/User_Overlay.pm line 1087. And the corresponding rows in the log are: Nov 4 12:06:15 socrate RT: Transaction->Create couldn't, as you didn't specify an object type and id (/opt/rt3pst/bin/../lib/RT/Record.pm:1439) Nov 4 12:06:15 socrate RT: Couldn't get principal for not loaded object (/opt/rt3pst/bin/../lib/RT/User_Overlay.pm:1113) Nov 4 12:06:15 socrate RT: RT::User::IsExternalPassword External Auth OK ( AD_LDAP ): franzga0 (/opt/rt3pst/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm: 281) Nov 4 12:06:15 socrate RT: Autocreated authenticated user franzga0 ( 52 ) (/opt/rt3pst/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/Externa lAuth/autohandler/Auth:64) Nov 4 12:06:15 socrate RT: No principal for user #52 (/opt/rt3pst/bin/../lib/RT/User_Overlay.pm:1120) Nov 4 12:06:21 socrate RT: No principal for user #52 (/opt/rt3pst/bin/../lib/RT/User_Overlay.pm:1120) Nov 4 12:06:21 socrate RT: Group::HasMember was called with an argument that isn't an RT::Principal or id. It's (undefined) (/opt/rt3pst/bin/../lib/RT/Group_Overlay.pm:1031) Nov 4 12:06:21 socrate RT: No principal for user #52 (/opt/rt3pst/bin/../lib/RT/User_Overlay.pm:1120) Nov 4 12:06:21 socrate RT: Group::HasMember was called with an argument that isn't an RT::Principal or id. It's (undefined) (/opt/rt3pst/bin/../lib/RT/Group_Overlay.pm:1031) Thanks a lot, Gabriele Franzini ICT Applications Manager Nerviano Medical Sciences SRL PO Box 11 - Viale Pasteur 10 20014 Nerviano Italy tel +39 0331581477 fax +39 0331581456 --------------------------------------------- Sean McCreadie wrote: > Mike, > > Thank you for looking at my problem. I disabled the log stack traces > as you suggested and attached the new log file. Now I can see that it > is indeed authenticating my test user "Joe User" with my AD. The > attached log file contains the results of first logging in > successfully as root and then as Joe User. When I try to login as the > AD user in the web UI I get the following error in the browser: > > > Can't call method "SetDisabled" on an undefined value at > /opt/rt3/bin/../lib/RT/User_Overlay.pm line 1087, line 514. It's a bit unusual. It seems that either the Autocreation is trying to re-use a principleID that already exists for the user, or for some reason it's creating the principle as a group instead of a user. Walking through the log: ************************************************************************ **** [Mon Nov 3 14:22:48 2008] [debug]: RT::User::IsPassword External auth SUCCEEDED (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:360 ) ExternalAuth checked your external source and is happy to allow access as the user provided. ************************************************************************ **** [Mon Nov 3 14:22:48 2008] [info]: Autocreated authenticated user juser ( 14 ) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu th/autohandler/Auth:64) Because no principle exists with that username, a user is being autocreated by RT and it has been assigned the principleID (i.e. userID/groupID) 14. ************************************************************************ **** [Mon Nov 3 14:22:48 2008] [debug]: LDAP Search === Base: dc=canyonpartners,dc=local == Filter: (&(objectClass=*)(sAMAccountName=juser)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber, sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:853 ) Information about the user is being looked up in your specified info database for importing into RT. ************************************************************************ **** [Mon Nov 3 14:22:48 2008] [debug]: LDAP Search === Base: dc=canyonpartners,dc=local == Filter: (&(objectClass=*)(userAccountControl:1.2.840.113556.1.4.803:=2)(sAMAccou ntName=juser)) == Attrs: uid (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm:893 ) RT is now looking to see if any results are returned when combining a search for the user specified and a search for disabled users. If a result is returned, the user should be set disabled, if not the user should be set enabled. In both cases, the method SetDisabled is used, just with different params for enable or disable. ************************************************************************ **** [Mon Nov 3 14:22:48 2008] [crit]: User #14 has principal of Group type (/opt/rt3/bin/../lib/RT/User_Overlay.pm:1123) Critical failure. RT is trying to use the SetDisabled method to make sure the user is enabled, but for some reason, the account with principleID 14 is not a User object, it is a Group object, and you cannot use RT::User::SetDisabled on a group, therefore RT doesn't know what to do and bombs out. ************************************************************************ **** So, either Autocreate is re-using #14 that already exists as a group where it shouldn't, or Autocreate is creating a Group object not a User object. I would guess the former, but the details of Autocreate are beyond what I'm familiar with. Hope that helps. -- Kind Regards, __________________________________________________ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __________________________________________________ _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
