Team I am trying to get authentication happen between Microsoft Active Directory and RT using RT::Authen::ExternalAuth. I have successfully installed it and as per the README, I have configured the attached values in /etc/RT_SiteConfig.pm.
Now, I am getting the below error while authenticating to the site, regardless of local or external user account: Can't call method "as_string" on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 195. Can someone please help me in this? Thanks Raghu This message and any attachments thereto contain information that may be privileged, confidential or otherwise protected from disclosure and is the property of SumTotal Systems, Inc. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message, any attachments thereto or any part thereof. If you receive this message in error, please notify me at [email protected]<mailto:[email protected]> and delete all copies of this message and attachments. SumTotal Systems, Inc. has implemented anti-virus software on its computers and servers, however, it is the recipient's own responsibility to ensure that all attachments are scanned for viruses prior to usage.
# Plugins Information
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
# Enabling RT_ExternalAuthentication Module
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, [ 'My_LDAP',
'My_MySQL',
'My_SSO_Cookie'
]
);
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, [ 'My_LDAP',
'My_MySQL'
]
);
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 1);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 0);
# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
#
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
'My_MySQL' => { ## GENERIC SECTION
# The type of service
(db/ldap/cookie)
'type'
=> 'db',
# The server hosting
the service
'server'
=> 'localhost',
## SERVICE-SPECIFIC
SECTION
# The database name
'database'
=> 'rt4',
# The database table
'table'
=> 'Users',
# The user to connect
to the database as
'user'
=> 'xxxx',
# The password to use
to connect with
'pass'
=> 'xxxxx',
# The port to use to
connect with (e.g. 3306)
'port'
=> '3306',
# The name of the Perl
DBI driver to use (e.g. mysql)
'dbi_driver'
=> 'mysql',
# The field in the
table that holds usernames
'u_field'
=> 'Name',
# The field in the
table that holds passwords
'p_field'
=> 'Password',
# The Perl package & subroutine used
to encrypt passwords
# e.g. if the passwords are stored
using the MySQL v3.23 "PASSWORD"
# function, then you will need
Crypt::MySQL::password, but for the
# MySQL4+ password function you will
need Crypt::MySQL::password41
# Alternatively, you could use
Digest::MD5::md5_hex or any other
# encryption subroutine you can load
in your perl installation
'p_enc_pkg'
=> 'Crypt::MySQL',
'p_enc_sub'
=> 'password',
# If your p_enc_sub takes a salt as
a second parameter,
# uncomment this line to add your
salt
#'p_salt'
=> 'SALT',
#
# The field and values in the table
that determines if a user should
# be disabled. For example, if the
field is 'user_status' and the values
# are
['0','1','2','disabled'] then the user will be disabled if their
# user_status is set to
'0','1','2' or the string 'disabled'.
# Otherwise, they will
be considered enabled.
'd_field'
=> 'disabled',
'd_values'
=> ['0'],
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
'attr_match_list'
=> [ 'Gecos',
'Name'
],
# The mapping of RT
attributes on to field names
'attr_map'
=> { 'Name' => 'username',
'EmailAddress' => 'email',
'ExternalAuthId' => 'username',
'Gecos' => 'userID'
}
},
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of service
(db/ldap/cookie)
'type'
=> 'ldap',
# The server hosting
the service
'server'
=> 'xxxx.xxxx.com',
## SERVICE-SPECIFIC
SECTION
# If you can bind to
your LDAP server anonymously you should
# remove the user and
pass config lines, otherwise specify them here:
#
# The username RT
should use to connect to the LDAP server
'user'
=> 'username',
# The password RT
should use to connect to the LDAP server
'pass'
=> 'password',
#
# The LDAP search base
'base'
=> 'ou=xxx,dc=xxx,dc=xx,dc=com',
#
# ALL FILTERS MUST BE
VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY
A filter AND A d_filter!!
#
# The filter to use to
match RT-Users
'filter'
=> '(sAMAccountName=%u)',
# A catch-all example
filter: '(objectClass=*)'
#
# The filter that will
only match disabled users
#'d_filter'
=> '(&(objectCategory=person)(objectClass=user))',
# A catch-none example
d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use
TLS to encrypt connections?
'tls'
=> 0,
# SSL Version to
provide to Net::SSLeay *if* using SSL
'ssl_version'
=> 3,
# What other args
should I pass to Net::LDAP->new($host,@args)?
'net_ldap_args'
=> [ version => 3 ],
# Does authentication
depend on group membership? What group name?
#'group'
=> 'DataCenter User Group',
# What is the attribute
for the group object that determines membership?
#'group_attr'
=> 'DataCenter User Group',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
# This example shows
what you *can* specify.. I recommend reducing this
# to just the Name and
EmailAddress to save encountering problems later.
'attr_match_list'
=> [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
# The mapping of RT
attributes on to LDAP attributes
'attr_map'
=> { 'Name' => 'sAMAccountName',
#
'EmailAddress' => 'mail',
#
'Organization' => 'physicalDeliveryOfficeName',
#
'RealName' => 'cn',
#
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
#
'WorkPhone' => 'telephoneNumber',
#
'Address1' => 'streetAddress',
#
'City' => 'l',
#
'State' => 'st',
#
'Zip' => 'postalCode',
#
'Country' => 'co'
}
},
# An example SSO cookie service
'My_SSO_Cookie' => { # # The type of service
(db/ldap/cookie)
'type'
=> 'cookie',
# The name of the
cookie to be used
'name'
=> 'loginCookieValue',
# The users table
'u_table'
=> 'Users',
# The username field in
the users table
'u_field'
=> 'Name',
# The field in the
users table that uniquely identifies a user
# and also exists in
the cookies table
'u_match_key'
=> 'ID',
# The cookies table
'c_table'
=> 'login_cookie',
# The field that stores
cookie values
'c_field'
=> 'loginCookieValue',
# The field in the
cookies table that uniquely identifies a user
# and also exists in
the users table
'c_match_key'
=> 'loginCookieUserID',
# The DB service in
this configuration to use to lookup the cookie information
'db_service_name'
=> 'My_MySQL'
}
}
);
1;
-------- 2011 Training: http://bestpractical.com/services/training.html
