Re: [rt-users] LDAP Authentication and User Account Creation 3.6.6. and latest ExternalAuth
On Monday 02 June 2008 04:25:17 Mike Peachey wrote: Carlos J. Velez-Rivera wrote: Mike, I'm one of those who has the issue you mention. I'd like to help. Do you want some more output enabled? Would you like me to add some code to my instance so you can output anything that might help you fix it? It's not something that is easily done by remote instruction. What I really need is someone who is vaguely familiar with perl and RT to run through the code with a few new debugging statements, and make adjustments to them where necessary based on the log output to determine where the ID is getting lost. Honestly, I'm not familiar with the RT code, but have done extensive perl programing in the past. I'd like to give it a try, if you are up for it! Let me know if you have any recommended reading before I jump in. -- Carlos J. Velez-Rivera Manager CK Computing Corporation [EMAIL PROTECTED] Voice: (787)464-1182 Fax: 866-910-4798 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] LDAP Authentication and User Account C reation 3.6.6. and latest ExternalAuth
of your own debugging statements may be able to help you work out why and I would love to know. If I can help I'm always around, especially in #rt on irc.perl.org. Just say Zordrak three times and I shall appear. I'm magic like that. This coupled with the error further UP the log: [Thu May 29 19:37:57 2008] [warning]: Transaction-Create couldn't, as you didn't specify an object type and id (/var/rt3/lib/RT/Record.pm:1486) Again, I think this is a red herring and completely unrelated as it is always there. leads me to believe that I might be missing like ONE setting that would allow this to all JIVE the way it should. Well, you're missing ExternalInfoPriority, but I only think that will fix your boogie-woogie problems, I think your jive-block is elsewhere. -- Carlos J. Velez-Rivera Manager CK Computing Corporation [EMAIL PROTECTED] Voice: (787)464-1182 Fax: 866-910-4798 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issues configuring RT::Authen::ExternalAuth
On Thursday 24 April 2008 08:56:48 Carlos J. Velez-Rivera wrote: On Thursday 24 April 2008 04:09:10 Mike Peachey wrote: Carlos J. Velez-Rivera wrote: Hello Mike, Thanks for your answer. Sorry for the delay in getting back to you. I had to take care of a fire... Here is the RT_SiteConfig.pm file. I thought it could be related to a bad filter... Thanks in advance for any pointers you might have! Carlos Since you're not using LDAP groups to determine access, remove the group and group_attr lines from ExternalSettings, then run it again and provide the debug log for what heppens. Made the change cleaned up the mason files and restarted apache just in case. It appears as though the same thing is happening. Here's the log. I also tried taking out the d_filter parameter in a separate try and there was no change. [Thu Apr 24 12:46:39 2008] [warning]: Transaction-Create couldn't, as you didn't specify an object type and id (/usr/share/request-tracker3.6/lib/RT/Record.pm:1466) [Thu Apr 24 12:46:39 2008] [debug]: RT::User::IsExternalPassword Trying External authentication (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:52) [Thu Apr 24 12:46:39 2008] [debug]: Attempting to use external auth service: My_LDAP (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:63) [Thu Apr 24 12:46:40 2008] [debug]: LDAP Search === Base: ou=people,dc=upr,dc=edu == Filter: ((uid=carlos.velez99)(objectclass=*)) == Attrs: dn (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:185) [Thu Apr 24 12:46:40 2008] [debug]: Found LDAP DN: uid=carlos.velez99,ou=people,dc=upr,dc=edu (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:217) [Thu Apr 24 12:46:40 2008] [info]: RT::User::IsExternalPassword External Auth OK ( My_LDAP ): carlos.velez99 (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:281) [Thu Apr 24 12:46:40 2008] [debug]: RT::User::IsPassword External auth SUCCEEDED (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:360) [Thu Apr 24 12:46:40 2008] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /usr/share/request-tracker3.6/lib/RT/User_Overlay.pm 190 with: Disabled: 0, EmailAddress: , Gecos: carlos.velez99, Name: carlos.velez99, Privileged: 0 (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:400) [Thu Apr 24 12:46:40 2008] [debug]: Attempting to get user info using this external service: My_LDAP (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:408) [Thu Apr 24 12:46:40 2008] [debug]: Attempting to use this canonicalization key: Name (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:417) [Thu Apr 24 12:46:40 2008] [debug]: LDAP Search === Base: ou=people,dc=upr,dc=edu == Filter: ((objectclass=*)(uid=carlos.velez99)) == Attrs: ,displayName,,eduPersonPrincipalName,uid,uid,eduPersonOrgDN,uid (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:538) [Thu Apr 24 12:46:40 2008] [info]: RT::User::LookupExternalUserInfo : Returning: Address1: , City: , Country: , EmailAddress: [EMAIL PROTECTED], ExternalAuthId: carlos.velez99, Gecos: carlos.velez99, Name: carlos.velez99, Organization: cn=Mayaguez,ou=people,dc=upr,dc=edu, RealName: Carlos J. Velez-Rivera, State: , WorkPhone: , Zip: (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:703) [Thu Apr 24 12:46:40 2008] [info]: RT::User::CanonicalizeUserInfo returning Address1: , City: , Country: , Disabled: 0, EmailAddress: [EMAIL PROTECTED], ExternalAuthId: carlos.velez99, Gecos: carlos.velez99, Name: carlos.velez99, Organization: cn=Mayaguez,ou=people,dc=upr,dc=edu, Privileged: 0, RealName: Carlos J. Velez-Rivera, State: , WorkPhone: , Zip: (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:444) [Thu Apr 24 12:46:41 2008] [info]: Autocreated authenticated user carlos.velez99 ( ) (/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:50) Hello: Do you have any pointers as to what in the Perl code I should look into in order to debug this issue? Where does the module look for the user name of the new account? Is it ExternalAuthId? Do you have any suspects you recommend I check? I am trying to avoid having to create a separate webapp to handle self service... We have about 100,000 accounts for students in the University. Thanks much! -- Carlos J. Velez-Rivera Manager CK Computing Corporation [EMAIL PROTECTED] Voice: (787)464-1182 Fax: 866-910-4798 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issues configuring RT::Authen::ExternalAuth
On Thursday 24 April 2008 04:09:10 Mike Peachey wrote: Carlos J. Velez-Rivera wrote: Hello Mike, Thanks for your answer. Sorry for the delay in getting back to you. I had to take care of a fire... Here is the RT_SiteConfig.pm file. I thought it could be related to a bad filter... Thanks in advance for any pointers you might have! Carlos Since you're not using LDAP groups to determine access, remove the group and group_attr lines from ExternalSettings, then run it again and provide the debug log for what heppens. Made the change cleaned up the mason files and restarted apache just in case. It appears as though the same thing is happening. Here's the log. I also tried taking out the d_filter parameter in a separate try and there was no change. [Thu Apr 24 12:46:39 2008] [warning]: Transaction-Create couldn't, as you didn't specify an object type and id (/usr/share/request-tracker3.6/lib/RT/Record.pm:1466) [Thu Apr 24 12:46:39 2008] [debug]: RT::User::IsExternalPassword Trying External authentication (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:52) [Thu Apr 24 12:46:39 2008] [debug]: Attempting to use external auth service: My_LDAP (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:63) [Thu Apr 24 12:46:40 2008] [debug]: LDAP Search === Base: ou=people,dc=upr,dc=edu == Filter: ((uid=carlos.velez99)(objectclass=*)) == Attrs: dn (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:185) [Thu Apr 24 12:46:40 2008] [debug]: Found LDAP DN: uid=carlos.velez99,ou=people,dc=upr,dc=edu (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:217) [Thu Apr 24 12:46:40 2008] [info]: RT::User::IsExternalPassword External Auth OK ( My_LDAP ): carlos.velez99 (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:281) [Thu Apr 24 12:46:40 2008] [debug]: RT::User::IsPassword External auth SUCCEEDED (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:360) [Thu Apr 24 12:46:40 2008] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /usr/share/request-tracker3.6/lib/RT/User_Overlay.pm 190 with: Disabled: 0, EmailAddress: , Gecos: carlos.velez99, Name: carlos.velez99, Privileged: 0 (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:400) [Thu Apr 24 12:46:40 2008] [debug]: Attempting to get user info using this external service: My_LDAP (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:408) [Thu Apr 24 12:46:40 2008] [debug]: Attempting to use this canonicalization key: Name (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:417) [Thu Apr 24 12:46:40 2008] [debug]: LDAP Search === Base: ou=people,dc=upr,dc=edu == Filter: ((objectclass=*)(uid=carlos.velez99)) == Attrs: ,displayName,,eduPersonPrincipalName,uid,uid,eduPersonOrgDN,uid (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:538) [Thu Apr 24 12:46:40 2008] [info]: RT::User::LookupExternalUserInfo : Returning: Address1: , City: , Country: , EmailAddress: [EMAIL PROTECTED], ExternalAuthId: carlos.velez99, Gecos: carlos.velez99, Name: carlos.velez99, Organization: cn=Mayaguez,ou=people,dc=upr,dc=edu, RealName: Carlos J. Velez-Rivera, State: , WorkPhone: , Zip: (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:703) [Thu Apr 24 12:46:40 2008] [info]: RT::User::CanonicalizeUserInfo returning Address1: , City: , Country: , Disabled: 0, EmailAddress: [EMAIL PROTECTED], ExternalAuthId: carlos.velez99, Gecos: carlos.velez99, Name: carlos.velez99, Organization: cn=Mayaguez,ou=people,dc=upr,dc=edu, Privileged: 0, RealName: Carlos J. Velez-Rivera, State: , WorkPhone: , Zip: (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:444) [Thu Apr 24 12:46:41 2008] [info]: Autocreated authenticated user carlos.velez99 ( ) (/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:50) -- Carlos J. Velez-Rivera Manager CK Computing Corporation [EMAIL PROTECTED] Voice: (787)464-1182 Fax: 866-910-4798 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issues configuring RT::Authen::ExternalAuth
'
= 0,
# What other args
should I pass to Net::LDAP-new($host,@args)?
'net_ldap_args'
= [version = 3 ],
# Does authentication
depend on group membership? What group name?
'group'
= '',
# What is the attribute
for the group object that determines membership?
'group_attr'
= '',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
'attr_match_list'
= ['Name' ],
# The mapping of RT
attributes on to LDAP attributes
'attr_map'
= { 'Name' = 'uid',
'EmailAddress' = 'eduPersonPrincipalName',
'Organization' = 'eduPersonOrgDN',
'RealName' = 'displayName',
'ExternalAuthId' = 'uid',
'Gecos' = 'uid',
'WorkPhone' = '',
'Address1' = '',
'City' = '',
'State' = '',
'Zip' = '',
'Country' = ''
}
}
}
);
Set($LogToSyslog, 'debug');
Set($LogToScreen, 'debug');
Set($LogToFile , 'debug');
Set($LogDir, '/var/log/request-tracker3.6');
Set($LogToFileNamed , rt.log);#log to rt.log
Set($LogStackTraces , 0);
# Set($LogoURL , $WebImagesURL . bplogo.gif);
#
1;
On Monday 21 April 2008 04:46:56 Mike Peachey wrote:
Carlos J. Velez-Rivera wrote:
I have followed a recent thread in the list to setup LDAP authentication
using
RT::Authen::ExternalAuth and it is kind of working, but the user doesn;t
actually get to use the system. The system just leaves the user at the
login
page and nothing happens. Is it that I'm using a bad disabled account
filter
or something?
As an additional observation, I logged in as root after trying this out and
even though the logs say the account was created I could not find the user.
Here is the log I get when I try to login carlos.velez99:
snip
Your attr_map seems a little broken, although that shouldn't affect user
creation. The cause of the problem seems related to this line:
[Sat Apr 19 22:19:46 2008] [info]: Autocreated authenticated user
carlos.velez99 ( )
The empty parenthesis at the end of this line is supposed to contain the
principal ID for the newly created user, which means that user creation
didn't succeed.
It's not clear what would cause that.
Perhaps if you provided your RT_SiteConfig.pm we might be better able to
work out what's going on..
--
Carlos J. Velez-Rivera
Manager
CK Computing Corporation
[EMAIL PROTECTED]
Voice: (787)464-1182
Fax: 866-910-4798
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
[rt-users] Issues configuring RT::Authen::ExternalAuth
I have followed a recent thread in the list to setup LDAP authentication using RT::Authen::ExternalAuth and it is kind of working, but the user doesn;t actually get to use the system. The system just leaves the user at the login page and nothing happens. Is it that I'm using a bad disabled account filter or something? As an additional observation, I logged in as root after trying this out and even though the logs say the account was created I could not find the user. Here is the log I get when I try to login carlos.velez99: [Sat Apr 19 22:19:45 2008] [warning]: Transaction-Create couldn't, as you didn't specify an object type and id (/usr/share/request-tracker3.6/lib/RT/Record.pm:1466) [Sat Apr 19 22:19:45 2008] [debug]: RT::User::IsExternalPassword Trying External authentication (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:52) [Sat Apr 19 22:19:45 2008] [debug]: Attempting to use external auth service: My_LDAP (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:63) [Sat Apr 19 22:19:45 2008] [debug]: LDAP Search === Base: ou=people,dc=upr,dc=edu == Filter: ((uid=carlos.velez99)(objectclass=*)) == Attrs: dn (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:185) [Sat Apr 19 22:19:45 2008] [debug]: Found LDAP DN: uid=carlos.velez99,ou=people,dc=upr,dc=edu (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:217) [Sat Apr 19 22:19:45 2008] [info]: RT::User::IsExternalPassword External Auth OK ( My_LDAP ): carlos.velez99 (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:281) [Sat Apr 19 22:19:45 2008] [debug]: RT::User::IsPassword External auth SUCCEEDED (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:360) [Sat Apr 19 22:19:45 2008] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /usr/share/request-tracker3.6/lib/RT/User_Overlay.pm 190 with: Disabled: 0, EmailAddress: , Gecos: carlos.velez99, Name: carlos.velez99, Privileged: 0 (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:400) [Sat Apr 19 22:19:45 2008] [debug]: Attempting to get user info using this external service: My_LDAP (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:408) [Sat Apr 19 22:19:45 2008] [debug]: Attempting to use this canonicalization key: Name (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:417) [Sat Apr 19 22:19:45 2008] [debug]: LDAP Search === Base: ou=people,dc=upr,dc=edu == Filter: ((objectclass=*)(uid=carlos.velez99)) == Attrs: ,displayName,,eduPersonPrincipalName,uid,uid,eduPersonOrgDN,uid (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:538) [Sat Apr 19 22:19:45 2008] [info]: RT::User::LookupExternalUserInfo : Returning: Address1: , City: , Country: , EmailAddress: [EMAIL PROTECTED], ExternalAuthId: carlos.velez99, Gecos: carlos.velez99, Name: carlos.velez99, Organization: cn=Mayaguez,ou=people,dc=upr,dc=edu, RealName: Carlos J. Velez-Rivera, State: , WorkPhone: , Zip: (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:703) [Sat Apr 19 22:19:45 2008] [info]: RT::User::CanonicalizeUserInfo returning Address1: , City: , Country: , Disabled: 0, EmailAddress: [EMAIL PROTECTED], ExternalAuthId: carlos.velez99, Gecos: carlos.velez99, Name: carlos.velez99, Organization: cn=Mayaguez,ou=people,dc=upr,dc=edu, Privileged: 0, RealName: Carlos J. Velez-Rivera, State: , WorkPhone: , Zip: (/usr/local/share/request-tracker3.6/lib/RT/User_Vendor.pm:444) [Sat Apr 19 22:19:46 2008] [info]: Autocreated authenticated user carlos.velez99 ( ) (/usr/share/request-tracker3.6/html/Callbacks/ExternalAuth/autohandler/Auth:50) -- Carlos J. Velez-Rivera Manager CK Computing Corporation [EMAIL PROTECTED] Voice: (787)464-1182 Fax: 866-910-4798 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
