RT won't look at any changes you place in example RT_SiteConfig.pm files included with extensions (if that's why you've included that file in your previous e-mail). You need to copy the relevant changes into your RT installation's RT_SiteConfig.pm file. On 31/07/2014 3:12 am, "Rezty Felty" <rfe...@adknowledge.com> wrote:
> Jxplorer shows successful connection and authentication using the auth > info I have in rt. Here is my /opt/rt4/etc/RT_SiteConfig.pm: > > # Any configuration directives you include here will override > > # RT's default configuration file, RT_Config.pm > > # > > # To include a directive here, just copy the equivalent statement > > # from RT_Config.pm and change the value. We've included a single > > # sample value below. > > # > > # This file is actually a perl module, so you can include valid > > # perl code, as well. > > # > > # The converse is also true, if this file isn't valid perl, you're > > # going to run into trouble. To check your SiteConfig file, use > > # this command: > > # > > # perl -c /path/to/your/etc/RT_SiteConfig.pm > > # > > # You must restart your webserver after making changes to this file. > > > Set( $rtname, 'Adknowledge.com'); > > Set( $WebDomain, 'pkc-tracker02.ak-networks.com'); > > Set( $WebPort, 443); > > # You must install Plugins on your own, this is only an example > > # of the correct syntax to use when activating them. > > # Plugin( "RT::Extension::QuickDelete" ); > > # Plugin( "RT::Extension::CommandByMail" ); > > Set( @Plugins, qw(RT::Authen::ExternalAuth) ); > > and my /opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm, > which I would think more important in this case: > > =head1 NAME > > > External Authentication Configuration - Sample configs for > L<RT::Authen::ExternalAuth> > > > =head1 DESCRIPTION > > > L<RT::Authen::ExternalAuth> provides a lot of flexibility > > with many configuration options. This file describes these > > configuration options and is itself a sample configuration > > suitable for dropping into your C<etc/RT_SiteConfig.pm> > > file and modifying. > > > =over 4 > > > =item C<$ExternalAuthPriority> > > > The order in which the services defined in ExternalSettings > > should be used to authenticate users. User is authenticated > > if successfully confirmed by any service - no more services > > are checked. > > > You should remove services you don't use. For example, > > if you're only using My_LDAP, remove My_MySQL and My_SSO_Cookie. > > > =cut > > > Set($ExternalAuthPriority, [ 'My_LDAP', > > 'My_MySQL', > > 'My_SSO_Cookie' > > ] > > ); > > > =item C<$ExternalInfoPriority> > > > When multiple auth services are available, this value defines > > the order in which the services defined in ExternalSettings > > should be used to get information about users. This includes > > RealName, Tel numbers etc, but also whether or not the user > > should be considered disabled. > > > Once a user record is found, no more services are checked. > > > You CANNOT use a SSO cookie to retrieve information. > > > You should remove services you don't use, but you must define > > at least one service. > > > =cut > > > Set($ExternalInfoPriority, [ 'My_LDAP', > > 'My_MySQL', > > ] > > ); > > > =item C<$ExternalServiceUsesSSLorTLS> > > > If this is set to true, then the relevant packages will > > be loaded to use SSL/TLS connections. At the moment, > > this just means L<Net::SSLeay>. > > > =cut > > > Set($ExternalServiceUsesSSLorTLS, 0); > > > =item C<$AutoCreateNonExternalUsers> > > > If this is set to 1, then users should be autocreated by RT > > as internal users if they fail to authenticate from an > > external service. This is useful if you have users outside > > your organization who might interface with RT, perhaps by sending > > email to a support email address. > > > =cut > > > Set($AutoCreateNonExternalUsers, 0); > > > =item C<$ExternalSettings> > > > These are the full settings for each external service as a HashOfHashes. > > Note that you may have as many external services as you wish. They will > > be checked in the order specified in $ExternalAuthPriority and > > $ExternalInfoPriority directives above. > > > The outer structure is a key with the authentication option (name of > external > > source). The value is a hash reference with configuration keys and values, > > for example: > > > Set($ExternalSettings, { > > MyLDAP => { > > type => 'ldap', > > ... other options ... > > }, > > MyMySQL => { > > type => 'db', > > ... other options ... > > }, > > ... other sources ... > > } ); > > > As shown above, each description should have 'type' defined. > > The following types are supported: > > > =over 4 > > > =item ldap > > > Authenticate against and sync information with LDAP servers. > > See L<RT::Authen::ExternalAuth::LDAP> for details. > > > =item db > > > Authenticate against and sync information with external RDBMS, > > supported by Perl's L<DBI> interface. See L<RT::Authen::ExternalAuth::DBI> > > for details. > > > =item cookie > > > Authenticate by cookie. See L<RT::Authen::ExternalAuth::DBI::Cookie> > > for details. > > > =back > > > See the modules noted above for configuration options specific to each > type. > > The following apply to all types. > > > =over 4 > > > =item attr_match_list > > > The list of RT attributes that uniquely identify a user. These values > > are used, in order, to find users in the selected authentication > > source. Each value specified here must have a mapping in the > > L</"attr_map"> section below. You can remove values you don't > > expect to match, but it's recommended to use 'Name' and 'EmailAddress' > > at minimum. For example: > > > 'attr_match_list' => [ > > 'Name', > > 'EmailAddress', > > ], > > > You should not use items that can map to multiple users (such as a > > RealName or building name). > > > =item attr_map > > > Mapping of RT attributes on to attributes in the external source. > > Valid keys are attributes of an > > L<RT::User|http://bestpractical.com/rt/docs/latest/RT/User.html>. > > The values are attributes from your authentication source. > > For example, an LDAP mapping might look like: > > > 'attr_map' => { > > 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > 'Organization' => 'physicalDeliveryOfficeName', > > 'RealName' => 'cn', > > ... > > }, > > > =back > > > =cut > > > Set($ExternalSettings, { > > # AN EXAMPLE DB SERVICE > > 'My_MySQL' => { > > 'type' => 'db', > > 'server' => 'server.domain.tld', > > 'database' => 'DB_NAME', > > 'table' => 'USERS_TABLE', > > 'user' => 'DB_USER', > > 'pass' => 'DB_PASS', > > 'port' => 'DB_PORT', > > 'dbi_driver' => 'DBI_DRIVER', > > 'u_field' => 'username', > > 'p_field' => 'password', > > 'p_enc_pkg' => 'Crypt::MySQL', > > 'p_enc_sub' => 'password', > > 'd_field' => 'disabled', > > 'd_values' => ['0'], > > 'attr_match_list' => [ > > 'Gecos', > > 'Name', > > ], > > 'attr_map' => { > > 'Name' => 'username', > > 'EmailAddress' => 'email', > > 'ExternalAuthId' => 'username', > > 'Gecos' => 'userID', > > }, > > }, > > # AN EXAMPLE LDAP SERVICE > > 'My_LDAP' => { > > 'type' => 'ldap', > > 'server' => '10.201.0.200', > > 'user' => 'apachel...@adknowledge.com', > > 'pass' => ‘redacted', > > 'base' => 'dc=adknowledge,dc=com', > > 'filter' => '(FILTER_STRING)', > > 'd_filter' => '(FILTER_STRING)', > > 'group' => 'GROUP_NAME', > > 'group_attr' => 'GROUP_ATTR', > > 'tls' => 0, > > 'ssl_version' => 3, > > 'net_ldap_args' => [ version => 3 ], > > 'group_scope' => 'base', > > 'group_attr_value' => 'GROUP_ATTR_VALUE', > > 'attr_match_list' => [ > > 'Name', > > 'EmailAddress', > > 'RealName', > > ], > > 'attr_map' => { > > 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > 'Organization' => 'physicalDeliveryOfficeName', > > 'RealName' => 'cn', > > 'ExternalAuthId' => 'sAMAccountName', > > 'Gecos' => 'sAMAccountName', > > 'WorkPhone' => 'telephoneNumber', > > 'Address1' => 'streetAddress', > > 'City' => 'l', > > 'State' => 'st', > > 'Zip' => 'postalCode', > > 'Country' => 'co' > > }, > > }, > > # An example SSO cookie service > > 'My_SSO_Cookie' => { > > 'type' => 'cookie', > > 'name' => 'loginCookieValue', > > 'u_table' => 'users', > > 'u_field' => 'username', > > 'u_match_key' => 'userID', > > 'c_table' => 'login_cookie', > > 'c_field' => 'loginCookieValue', > > 'c_match_key' => 'loginCookieUserID', > > 'db_service_name' => 'My_MySQL' > > }, > > } ); > > > 1; > > Thanks, > Rezty Felty > Senior Linux Administrator > Adknowledge > 816-559-1196 > > From: Marco Agostini <comunelev...@gmail.com> > Date: Wednesday, July 30, 2014 at 11:38 AM > To: Rezty Felty <rfe...@adknowledge.com> > Subject: Re: [rt-users] Difficulty implementing LDAP/AD Authorization > > > Il 30/lug/2014 17:34 "Rezty Felty" <rfe...@adknowledge.com> ha scritto: > > > > I have a new install of RT 4.2.4 running on Centos 6.4 64 bit with > Apache 2.2.15. I have installed RT::Authen::ExternalAuth and Net::LDAP, > and have configured > my /opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm with > the right server address and LDAP user and password, and added Set( > @Plugins, qw(RT::Authen::ExternalAuth) ); to the > file /opt/rt4/etc/RT_SiteConfig.pm. I have restarted https, restarted the > entire server, but i continue to see the same results, e.g. I can log in to > RT with the default installed root account, but when I try any AD user, it > fails, and the error I receive in both /var/log/messages and > /var/log/httpd/error_log is the same: “FAILED LOGIN for <user> from > <serveraddress> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:811) > > > > Any suggestions on where to begin troubleshooting this would be > appreciated. > > > > Use these tool http://jxplorer.org/ to test the parameter that you are > using in RT. > > Post the content of /opt/rt4/etc/RT_SiteConfig.pm > > -- > RT Training - Boston, September 9-10 > http://bestpractical.com/training >
-- RT Training - Boston, September 9-10 http://bestpractical.com/training