[rt-users] ExternalAuth - ActiveDirectory failed login

[Horst Kriegers]

Hi list,
I've installed the ExternalAuth extension and cannot find the solution
for my connexion problem to the Active Directory server.
I need your help.
 
 
Apache/2.2.6 (Unix)
mod_perl/2.0.4
Perl/v5.8.8
RT : 3.8.8
RT::Authen::ExternalAuth: 0.0.8
 
 
 
RT_SiteConfig.pm :
-
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority,  ['My_LDAP']);
 
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority,  ['My_LDAP']);
 
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS,0);
 
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers,0);
 
# These are the full settings for each external service as a
HashOfHashes
# Note that you may have as many external services as you wish. They
will
# be checked in the order specified in the Priority directives above.
# e.g.
#  
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, {
'My_LDAP' =>  {
'type'=>  'ldap',
'server'  =>  'ldap.office.loro.swiss',
'user'=>  'adit1',
'pass'=>  'xx',
'base'=> 
'OU=LORO,DC=office,DC=loro,DC=swiss',
'filter'  =>  '(objectclass=*)',
'd_filter'=> 
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' =>  0,
'ssl_version' =>  3,
'net_ldap_args'   => [
  version =>  3],
  'group' =>  'DC',
  'group_attr'=>  'office',
  'attr_match_list' => [
'Name',
   
'EmailAddress',
   
'RealName',
   
'WorkPhone',
'Address2'
   ],
# The mapping of RT attributes on to LDAP attributes
'attr_map'   =>  {
'Name'   => 'sAMAccountName',
'EmailAddress'   => 'mail',
'Organization'   =>
'physicalDeliveryOfficeName',
'RealName'   => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos'  => 'sAMAccountName',
'WorkPhone'  => 'telephoneNumber',
'Address1'   => 'streetAddress',
'City'   => 'l',
'State'  => 'st',
'Zip'=> 'postalCode',
'Country'=> 'co'
}
}
}
);

 
 
 
APACHE_LOG :
-
[Mon Mar  7 13:56:50 2011] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.office.loro.swiss
(/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
Trace begun at /opt/rt_dev/bin/../lib/RT.pm line 291
Log::Dispatch::__ANON__('Log::Dispatch=HASH(0x312cac0)',
'RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj', ': Cannot connect
to', 'ldap.office.loro.swiss') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 437
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj('HASH(0x9e6ef0)')
called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 298
RT::Authen::ExternalAuth::LDAP::UserExists('adit1', 'My_LDAP') called
at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 356
RT::Authen::ExternalAuth::UserExists('adit1', 'My_LDAP') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 106
RT::Authen::ExternalAuth::DoAuth('HASH(0x4399af0)', 'adit1',
'xx') called at
/opt/rt_dev/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth
line 25
HTML::Mason::Commands::__ANON__('pass', '

[rt-users] dumpfile-to-rt-3.0, incremental import failed

[Daniel Schwager]

Hi,

we would like to update from rt 2.0.11 to 3.8.8. 

Using dumpfile-to-rt-3.0, a full export/import works fine. 
The incremental import ended with the following error:

t-57701: ww[Mon Mar  7 14:26:48 2011] [crit]: 
Couldn't set EffectiveId: That is already the current value
(/opt/rt3/lib/RT/Ticket_Overlay.pm:504)

Couldn't create TICKET: Ticket could not be created due to an internal
error$VAR1 = {
  'Status' => 'stalled',
  'Queue' => 'support',
  'Started' => '2011-03-01 17:25:31',
  'Starts' => '1970-01-01 00:00:00',
  '_RecordTransaction' => '0',
  'id' => '57701',
  'LastUpdated' => '2011-03-01 17:25:31',
  'Requestor' => [
 '36060'
   ],
  'Cc' => [
  '24054'
],
  'Subject' => 'x',
  'Creator' => '36060',
  'Owner' => '65444',
  'EffectiveId' => '57701',
  'LastUpdatedBy' => '57822',
  'Created' => '2010-12-10 18:47:09',
  'Due' => '2010-12-10 18:47:09'
};
[Mon Mar  7 14:26:48 2011] [crit]: Died at /usr/bin/dumpfile-to-rt-3.0
line 716. (/opt/rt3/lib/RT.pm:382)
Died at /usr/bin/dumpfile-to-rt-3.0 line 716.


** Code around /opt/rt3/lib/RT.pm:382 looks like

   #Set the ticket's effective ID now that we've created it.

my ( $val, $msg ) = $self->__Set(
Field => 'EffectiveId',
Value => ( $args{'EffectiveId'} || $id )
);
unless ( $val ) {
$RT::Logger->crit("Couldn't set EffectiveId: $msg");
$RT::Handle->Rollback;
return ( 0, 0,
$self->loc("Ticket could not be created due to an internal
error")
);
}


I found a thread concerning this issue

http://www.gossamer-threads.com/lists/rt/users/89660?search_string=%20Co
uldn't%20set%20EffectiveId:%20That%20is%20already%20the%20current%20valu
e;#89660
but the solution was told to the community.

Is there a way to fix this problem with the "incremental import" ?

Kind regards
Danny

Re: [rt-users] Session take over while using RT::Authen::External

[Michael Polivanov]

On Fri, Mar 4, 2011 at 17:09, Thomas Sibley  wrote:
> 1) Can you send your entire Apache config (not just the RT vhost part)?
>  Private mail to me is fine if you don't want to share it with the list.

Is attached

Regards


apache-conf.tgz
Description: GNU Zip compressed data