Kevin Thanks for the info. We are on 3.8.7 and working on going to 4.x by Spring or Summer 2012
Joe On Mon, Sep 19, 2011 at 9:58 AM, <[email protected]>wrote: > Send RT-Users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of RT-Users digest..." > > > Today's Topics: > > 1. Re: RT4.0.1 ExternalAuth and SSO (Thomas Sibley) > 2. Re: Implementing LDAP Authentication in RT 4.0.2 (Izz Abdullah) > 3. Re: Implementing LDAP Authentication in RT 4.0.2 (Izz Abdullah) > 4. Re: Custom Field Order issue (Kevin Falcone) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 19 Sep 2011 09:21:57 -0400 > From: Thomas Sibley <[email protected]> > To: [email protected] > Subject: Re: [rt-users] RT4.0.1 ExternalAuth and SSO > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8 > > On 09/19/2011 04:51 AM, declaya wrote: > > > > Hi all, > > > > my RT installation is just a little step away from being absolutely > perfect. > > > > I'm currently trying to get a single sign-on behavior for all users in > our > > network. > > Until now, ExternalAuth is working fine, all users can log in with their > > credentials, they are recognized in our AD. My problem now is the SSO > > config. I have no idea what I have to set in the RT_SiteConfig.pm. > > As far as now my config looks like this: > > For AD SSO, you very likely want to use mod_auth_krb or similar > commercial products to do the authentication at the Apache level. RT > can then trust Apache's auth with the right configuration, and you won't > really need ExternalAuth anymore since RT has the WebExternalAuth settings. > > Thomas > > > ------------------------------ > > Message: 2 > Date: Mon, 19 Sep 2011 08:41:06 -0500 > From: Izz Abdullah <[email protected]> > To: "[email protected]" > <[email protected]> > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > Message-ID: > < > bab510d4da891440a7ce408f3c08635301c85952d...@hsg-mail-001.corp01.hibbett.com > > > > Content-Type: text/plain; charset="us-ascii" > > So I had a typo causing the timeout, but I am still unable to get LDAP > authentication to work. I am sure it is a configuration issue, as I can > login with the mysql db root account just fine. I can't find detailed > documentation on what each of the arguments takes, so I am posting my config > back here for some assistance. I am also receiving in the apache logs > "syntax error at [RTHOME]/etc/RT_SiteConfig.pm line xx, near "}" > "Missing right curly or square bracket at ..." > Everything is open and closed below, correct? I thought this was odd... > > Is there any way possible for me to see a debugging log of RT trying (or > not trying) to talk to our AD server? > > > Set($ExternalAuthPriority, [ 'My_LDAP' ]); > > Set($ExternalInfoPriority, [ 'My_LDAP' ]); > > Set($ExternalServiceUsesSSLorTLS, 0); > > Set($AutoCreateNonExternalUsers, 0); > > Set($ExternalSettings, { 'My_LDAP' => { > 'type' => 'ldap', > 'server' => '****.****.hibbett.com', > #temporarily commented this out > #'user' => '****', > #'pass' => '****', > 'base' => > 'ou=****,dc=****,dc=hibbett,dc=com', > 'filter' => '(objectClass=*)', > 'd_filter' => '(objectClass=NoOneAtALL)', > #not using tls or ssl > #'tls' => 0, > #'ssl_version' => 3, > #I don't know what the ldap args should be...is this in the > net::ldap perl module? > #'net_ldap_args' => [ version => 3 ], > 'attr_match_list' => [ 'Name', > 'EmailAddress' ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'cn', > 'ExternalAuthId' => 'sAMAccountName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co' > } > } > ); > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Izz Abdullah > Sent: Friday, September 16, 2011 11:18 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > I hate to do this...but now, it is timing out with communication to fast > CGI. I can only see this in apache logs, I can't see anything in RT logs > (they are not being created). How can I turn debugging off so that I can > see what else is going on? Why would the changes in authentication affect > FCGI? > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Izz Abdullah > Sent: Friday, September 16, 2011 11:08 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > Ok...so I found the missing opening braces. I truly appreciate your help > Kevin! When staring at code for so long, it needs another set of eyes. ;) > > I changed it, and have refreshed the login page, it's been in the 'waiting > for <servername>' for quite some time now. I can deal with that as it is > probably a query to LDAP caching out (correct me if I am wrong, as I would > like to have an overview of the inner-workings some time). I'll look > through the code to see exactly what it does when I have the time, for now I > just need to get it to work, just once will be nice for the boss. =) > > Thanks again! > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kevin Falcone > Sent: Friday, September 16, 2011 10:44 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > On Fri, Sep 16, 2011 at 10:37:58AM -0500, Izz Abdullah wrote: > > The comma is no longer there. The only thing I stripped was only using > LDAP as an external source, the mysql db resides locally and is defined > elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the > two GROUP mappings. > > Go compare your line > > Set($ExternalSettings, 'My_LDAP' => { > > to the version in the example siteconfig > > You're missing an important character (and an important closing character). > > -kevin > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Kevin > > Falcone > > Sent: Friday, September 16, 2011 10:33 AM > > To: [email protected] > > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > > > On Fri, Sep 16, 2011 at 10:23:08AM -0500, Izz Abdullah wrote: > > > Ok...so I changed it to: > > > Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, > > > ['My_LDAP']); > > > > > > #and for weird one off testing, since it is a list, I even tried > ['My_LDAP',]; by adding a comma to denote a list of one item. > > > > The comma is irrelevant and unnecessary. > > > > > I am still receiving "Can't use string ("My_LDAP") as a HASH ref while > "strict refs" in use at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm > line 63." > > > > You stripped even more things when copying from the example to your > config. Go look at your version of ExternalSettings as compared to the > sample. > > > > -kevin > > > > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] On Behalf Of Kevin > > > Falcone > > > Sent: Friday, September 16, 2011 10:07 AM > > > To: [email protected] > > > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > > > > > On Fri, Sep 16, 2011 at 09:51:11AM -0500, Izz Abdullah wrote: > > > > Here is the LDAP config porting in my RT_SiteConfig file: > > > > > > > > Set($ExternalAuthPriority, 'My_LDAP'); > > > > > > > > Set($ExternalInfoPriority, 'My_LDAP'); > > > > > > Those aren't correct. From the example config: > > > > > > Set($ExternalAuthPriority, [ 'My_LDAP', > > > > > > The [ is important, you're returning a list of 1 item, not a single > item. Make sure you also keep the closing ]. > > > > > > -kevin > > > -------- > > > RT Training Sessions > > > (http://bestpractical.com/services/training.html) > > > * Chicago, IL, USA September 26 & 27, 2011 > > > * San Francisco, CA, USA October 18 & 19, 2011 > > > * Washington DC, USA October 31 & November 1, 2011 > > > * Melbourne VIC, Australia November 28 & 29, 2011 > > > * Barcelona, Spain November 28 & 29, 2011 > > -------- > > RT Training Sessions (http://bestpractical.com/services/training.html) > > * Chicago, IL, USA September 26 & 27, 2011 > > * San Francisco, CA, USA October 18 & 19, 2011 > > * Washington DC, USA October 31 & November 1, 2011 > > * Melbourne VIC, Australia November 28 & 29, 2011 > > * Barcelona, Spain November 28 & 29, 2011 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 > > > ------------------------------ > > Message: 3 > Date: Mon, 19 Sep 2011 08:52:36 -0500 > From: Izz Abdullah <[email protected]> > To: "[email protected]" > <[email protected]> > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > Message-ID: > < > bab510d4da891440a7ce408f3c08635301c85952d...@hsg-mail-001.corp01.hibbett.com > > > > Content-Type: text/plain; charset="us-ascii" > > Actually during the paste operation I did miss one '}' at the end, but it > is there in my config file. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Izz Abdullah > Sent: Monday, September 19, 2011 8:41 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > So I had a typo causing the timeout, but I am still unable to get LDAP > authentication to work. I am sure it is a configuration issue, as I can > login with the mysql db root account just fine. I can't find detailed > documentation on what each of the arguments takes, so I am posting my config > back here for some assistance. I am also receiving in the apache logs > "syntax error at [RTHOME]/etc/RT_SiteConfig.pm line xx, near "}" > "Missing right curly or square bracket at ..." > Everything is open and closed below, correct? I thought this was odd... > > Is there any way possible for me to see a debugging log of RT trying (or > not trying) to talk to our AD server? > > > Set($ExternalAuthPriority, [ 'My_LDAP' ]); > > Set($ExternalInfoPriority, [ 'My_LDAP' ]); > > Set($ExternalServiceUsesSSLorTLS, 0); > > Set($AutoCreateNonExternalUsers, 0); > > Set($ExternalSettings, { 'My_LDAP' => { > 'type' => 'ldap', > 'server' => '****.****.hibbett.com', > #temporarily commented this out > #'user' => '****', > #'pass' => '****', > 'base' => > 'ou=****,dc=****,dc=hibbett,dc=com', > 'filter' => '(objectClass=*)', > 'd_filter' => '(objectClass=NoOneAtALL)', > #not using tls or ssl > #'tls' => 0, > #'ssl_version' => 3, > #I don't know what the ldap args should be...is this in the > net::ldap perl module? > #'net_ldap_args' => [ version => 3 ], > 'attr_match_list' => [ 'Name', > 'EmailAddress' ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'cn', > 'ExternalAuthId' => 'sAMAccountName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co' > } > } > ); > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Izz Abdullah > Sent: Friday, September 16, 2011 11:18 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > I hate to do this...but now, it is timing out with communication to fast > CGI. I can only see this in apache logs, I can't see anything in RT logs > (they are not being created). How can I turn debugging off so that I can > see what else is going on? Why would the changes in authentication affect > FCGI? > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Izz Abdullah > Sent: Friday, September 16, 2011 11:08 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > Ok...so I found the missing opening braces. I truly appreciate your help > Kevin! When staring at code for so long, it needs another set of eyes. ;) > > I changed it, and have refreshed the login page, it's been in the 'waiting > for <servername>' for quite some time now. I can deal with that as it is > probably a query to LDAP caching out (correct me if I am wrong, as I would > like to have an overview of the inner-workings some time). I'll look > through the code to see exactly what it does when I have the time, for now I > just need to get it to work, just once will be nice for the boss. =) > > Thanks again! > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kevin Falcone > Sent: Friday, September 16, 2011 10:44 AM > To: [email protected] > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > On Fri, Sep 16, 2011 at 10:37:58AM -0500, Izz Abdullah wrote: > > The comma is no longer there. The only thing I stripped was only using > LDAP as an external source, the mysql db resides locally and is defined > elsewhere within RT_SiteConfig, and within LDAP itself, I only removed the > two GROUP mappings. > > Go compare your line > > Set($ExternalSettings, 'My_LDAP' => { > > to the version in the example siteconfig > > You're missing an important character (and an important closing character). > > -kevin > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Kevin > > Falcone > > Sent: Friday, September 16, 2011 10:33 AM > > To: [email protected] > > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > > > On Fri, Sep 16, 2011 at 10:23:08AM -0500, Izz Abdullah wrote: > > > Ok...so I changed it to: > > > Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, > > > ['My_LDAP']); > > > > > > #and for weird one off testing, since it is a list, I even tried > ['My_LDAP',]; by adding a comma to denote a list of one item. > > > > The comma is irrelevant and unnecessary. > > > > > I am still receiving "Can't use string ("My_LDAP") as a HASH ref while > "strict refs" in use at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm > line 63." > > > > You stripped even more things when copying from the example to your > config. Go look at your version of ExternalSettings as compared to the > sample. > > > > -kevin > > > > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] On Behalf Of Kevin > > > Falcone > > > Sent: Friday, September 16, 2011 10:07 AM > > > To: [email protected] > > > Subject: Re: [rt-users] Implementing LDAP Authentication in RT 4.0.2 > > > > > > On Fri, Sep 16, 2011 at 09:51:11AM -0500, Izz Abdullah wrote: > > > > Here is the LDAP config porting in my RT_SiteConfig file: > > > > > > > > Set($ExternalAuthPriority, 'My_LDAP'); > > > > > > > > Set($ExternalInfoPriority, 'My_LDAP'); > > > > > > Those aren't correct. From the example config: > > > > > > Set($ExternalAuthPriority, [ 'My_LDAP', > > > > > > The [ is important, you're returning a list of 1 item, not a single > item. Make sure you also keep the closing ]. > > > > > > -kevin > > > -------- > > > RT Training Sessions > > > (http://bestpractical.com/services/training.html) > > > * Chicago, IL, USA September 26 & 27, 2011 > > > * San Francisco, CA, USA October 18 & 19, 2011 > > > * Washington DC, USA October 31 & November 1, 2011 > > > * Melbourne VIC, Australia November 28 & 29, 2011 > > > * Barcelona, Spain November 28 & 29, 2011 > > -------- > > RT Training Sessions (http://bestpractical.com/services/training.html) > > * Chicago, IL, USA September 26 & 27, 2011 > > * San Francisco, CA, USA October 18 & 19, 2011 > > * Washington DC, USA October 31 & November 1, 2011 > > * Melbourne VIC, Australia November 28 & 29, 2011 > > * Barcelona, Spain November 28 & 29, 2011 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 > > > ------------------------------ > > Message: 4 > Date: Mon, 19 Sep 2011 09:58:13 -0400 > From: Kevin Falcone <[email protected]> > To: [email protected] > Subject: Re: [rt-users] Custom Field Order issue > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > On Sat, Sep 17, 2011 at 01:13:06PM -0400, Joe Kirby wrote: > > I have 2 cf's on a screen and I cannot get the screens to recognize > > the order I want even though it would appear I have it setup right > > when I am in the queue admin screen under Custom Fields > > > > Any ideas. The newer one is desired to show ahead of the old one as > > I have then linked via the category option > > Joe - I don't remember what version you're running, but that sounds > like a bug we fixed for non-mysql databases around the middle of the > 3.8 series. > > -kevin > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: not available > Type: application/pgp-signature > Size: 195 bytes > Desc: not available > URL: < > http://lists.bestpractical.com/pipermail/rt-users/attachments/20110919/16ebbcf5/attachment.pgp > > > > ------------------------------ > > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA — September 26 & 27, 2011 > * San Francisco, CA, USA — October 18 & 19, 2011 > * Washington DC, USA — October 31 & November 1, 2011 > * Melbourne VIC, Australia — November 28 & 29, 2011 > * Barcelona, Spain — November 28 & 29, 2011 > RT-Users mailing list > [email protected] > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > > > End of RT-Users Digest, Vol 90, Issue 59 > **************************************** > -- -- Joe Kirby , Assistant Vice President, Business Systems Division of Information Technology (DoIT) Support Response - http://www.umbc.edu/oit Administration 627 Office - 410-455-3020 Email - [email protected]
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011
