Jeff I put mine at the beginning, but I am pretty sure it does not matter.
Don't forget when you make changes to this config you need to restart Apache. Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 . 262-783-6261 ext. 2296 [email protected] www.copesan.com "Servicing North America with Local Care" -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Solberg Sent: Monday, July 01, 2013 11:38 AM To: [email protected] Subject: Re: [rt-users] External Auth config with RT on Debian Sensitivity: Confidential -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Do I just add the $SetToLog options anywhere in the RT_SiteConfig.pm? - -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Falcone Sent: Monday, July 01, 2013 9:29 AM To: [email protected] Subject: [secure] Re: [rt-users] External Auth config with RT on Debian Sensitivity: Confidential * PGP Signed by an unknown key On Mon, Jul 01, 2013 at 04:24:51PM +0000, Jeff Solberg wrote: > > - -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Kevin > > Falcone > > Sent: Monday, July 01, 2013 9:14 AM > > To: [email protected] > > Subject: [secure] Re: [rt-users] External Auth config with RT on > > Debian > > Sensitivity: Confidential > > > > > Old Signed by an unknown key > > > > On Fri, Jun 28, 2013 at 12:29:22PM -0700, jsolberg wrote: > > > Default settings till here.... > > > #PLUGINS > > > Set( @Plugins, qw(RT::Authen::ExternalAuth)); > > > > > > #External Auth Settings > > > > > > Set($ExternalAuthPriority, [ 'My_LDAP',] ); > > > Set($ExternalInfoPriority, [ 'My_LDAP',] ); > > > Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, > > > 0); Set($ExternalSettings, { > > > 'My_LDAP' => { > > > 'type' => 'ldap', > > > 'server' => 'dc2.xxxxxx.com', > > > 'user' => 'cn=Bind > > > Ldap,ou=User,Logins,dc=intrepidls,dc=com', > > > 'pass' => 'xxxxxxx', > > > 'base' => 'dc=xxxx,dc=com', > > > 'filter' => > > > '(&(ObjectCategory=User)(ObjectClass=Person))', > > > 'd_filter' => > > > '(userAccountControl:1.2.840.113556.1.4.803=2)', > > > 'group' => 'cn=Domain > > > Users,ou=Groups_Security,dc=xxxxx,dc=com', > > > 'group_attr' => 'member', > > > 'tls' => 0, > > > 'ssl_version' => 3, > > > 'net_ldap_args' => [ version => 3, port => 3268 > > > ], > > > 'group_scope' => 'base', > > > 'group_attr_value' => 'GROUP_ATTR_VALUE', > > > 'attr_match_list' => [ > > > 'Name', > > > 'EmailAddress', > > > 'RealName', > > > ], > > > 'attr_map' => { > > > 'Name' => 'sAMAccountName', > > > 'EmailAddress' => 'mail', > > > 'Organization' => 'physicalDeliveryOfficeName', > > > 'RealName' => 'cn', > > > 'ExternalAuthId' => 'sAMAccountName', > > > 'Gecos' => 'sAMAccountName', > > > 'WorkPhone' => 'telephoneNumber', > > > 'Address1' => 'streetAddress', > > > 'City' => 'l', > > > 'State' => 'st', > > > 'Zip' => 'postalCode', > > > 'Country' => 'co' > > > }, > > > }, > > > # An example SSO cookie service > > > 'My_SSO_Cookie' => { > > > 'type' => 'cookie', > > > 'name' => 'loginCookieValue', > > > 'u_table' => 'users', > > > 'u_field' => 'username', > > > 'u_match_key' => 'userID', > > > 'c_table' => 'login_cookie', > > > 'c_field' => 'loginCookieValue', > > > 'c_match_key' => 'loginCookieUserID', > > > 'db_service_name' => 'My_MySQL' > > > }, > > > } ); > > > > > > 1; > > > > > > I then use update-rt-siteconfig to merge these settings into > > > RT_SiteConfig.pm. From what I read this is all correct and "Should" > > > allow AD accounts to log in. Here is what is logging in the apache2 error > > > log: > > > > > > [Fri Jun 28 19:01:58 2013] [warning]: The actual HTTP_HOST > > > (admin-rt4) does NOT match the configured WebDomain (localhost). > > > Perhaps you should Set($WebDomain, 'admin-rt4'); in > > > RT_SiteConfig.pm, otherwise your internal links may be broken. > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194) > > > [Fri Jun 28 19:02:09 2013] [error]: FAILED LOGIN for > > > [email protected] from 10.10.30.62 > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > [Fri Jun 28 19:02:40 2013] [error]: FAILED LOGIN for jsolberg from > > > 10.10.30.62 ( > > > /usr/share/request-tracker4/lib/RT/Interface/Web.pm:740) > > > [Fri Jun 28 19:02:52 2013] [info]: Successful login for root from > > > 10.10.30.62 > > > (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745) > > > root@admin-rt4:/usr/share/request-tracker4/lib# > > > > Navigate to Tools -> Configuration -> System Configuration and check that > > Plugins contains RT::Authen::ExternalAuth. > > > Thanks for your reply. In the sys config it shows the following under PLUGINS: > > Plugins [ > 'RT::Authen::ExternalAuth' > ] Great - now go make sure your $LogToScreen is set to 'debug' and log in again. root will always be able to log in because it has a local password set, you're more concerned about getting useful debugging messages for your jsolberg user. - -kevin * Unknown Key * 0x9E42250A -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.1 (Build 4940) Charset: us-ascii wsBVAwUBUdGwfU8vfChWkpdqAQgoxgf+IW3MwbDxATCMSx7dEOEgPjjTY2ZfJD0z 7Ez7SM+J0ke7+ljDhRYkZC7uMX2XF9O1N1JY1mv1O390ECPNUmXegDd54gmp7KHh Er9zx6AT77ZavXpf43nwGFty4pmlQfDRf5YfhDWJu8qQe+MivSHLbqw50JDKHNYe /R3A3DwC20Eukc76AQUpKJxDQrxL7mty8BxEaOgXquPl/S8JUWbJTpuTvL1cLoG5 yyfRECXvxrCYQKwttst5iaEQlPZ3zu0ja+sE10+dwdEW9oYC6/RBHlus3fASJxVj siDp0h56GDQFDmgCm0oMVRQEh5kPMu01U4PP2TA+X66rKFSQyl69ng== =4cdn -----END PGP SIGNATURE-----
