Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hello Indrek,
I had some problems with External Auth as well. I ended up going with
LDAP Import, authentication works based on LDAP credentials being imported.
You have a bit more control as you can filter on groups or user names if
you choose that route.
I threw together a how to:
http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html
Hope this offers some help.
Thanks,
Trev
On Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas indrekp...@gmail.com wrote:
Hi,
I'm setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3
Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
RT_SiteConfig.pm:
Plugin( RT::Authen::ExternalAuth );
Set( $ExternalAuthPriority, [My_LDAP] );
Set( $ExternalInfoPriority, [My_LDAP] );
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server'= '1.1.1.1',
'user' = 'rtbinduser@domain.server
',
'pass' = 'rtbinduserpw',
'base' = 'ou=Dom Users,ou=Company
AD,dc=domain,dc=server',
'attr_match_list' = [
'Name',
'EmailAddress',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );
I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
Page loads in the browser and I can log in as root but when I try to log
in using AD account I see in the logs:
[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
I have been digging through google and the LDAP.pm without success. When I
messed with the 'base' value error changed:
[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method as_string
on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.
Stack:
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/../lib/RT/User.pm:141]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
Any suggestions to a right direction are welcome.
PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided to
use something simpler. :D
--
Indrek
Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
https://metacpan.org/pod/RT::Authen::ExternalAuth::LDAP
says:
filter
The filter to use to match RT users. You must specify
it and it must be a valid LDAP filter encased in parentheses.
For example:
filter = '(objectClass=*)',
On 4/20/2015 5:16 AM, Indrek Paas wrote:
Hi,
I'm setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3
Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings
in RT_SiteConfig.pm:
Plugin( RT::Authen::ExternalAuth );
Set( $ExternalAuthPriority, [My_LDAP] );
Set( $ExternalInfoPriority, [My_LDAP] );
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server'= '1.1.1.1',
'user' = 'rtbinduser@domain.server',
'pass' = 'rtbinduserpw',
'base' = 'ou=Dom Users,ou=Company
AD,dc=domain,dc=server',
'attr_match_list' = [
'Name',
'EmailAddress',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );
I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
Page loads in the browser and I can log in as root but when I try to log
in using AD account I see in the logs:
[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
I have been digging through google and the LDAP.pm without success. When
I messed with the 'base' value error changed:
[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method
as_string on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.
Stack:
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/../lib/RT/User.pm:141]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
Any suggestions to a right direction are welcome.
PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided
to use something simpler. :D
--
Indrek
--
Jeff Blaine
kickflop.net
PGP/GnuPG Key ID: 0x0C8EDD02
[rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hi,
I'm setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3
Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
RT_SiteConfig.pm:
Plugin( RT::Authen::ExternalAuth );
Set( $ExternalAuthPriority, [My_LDAP] );
Set( $ExternalInfoPriority, [My_LDAP] );
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server'= '1.1.1.1',
'user' = 'rtbinduser@domain.server',
'pass' = 'rtbinduserpw',
'base' = 'ou=Dom Users,ou=Company
AD,dc=domain,dc=server',
'attr_match_list' = [
'Name',
'EmailAddress',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );
I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
Page loads in the browser and I can log in as root but when I try to log in
using AD account I see in the logs:
[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
I have been digging through google and the LDAP.pm without success. When I
messed with the 'base' value error changed:
[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method as_string
on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.
Stack:
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/../lib/RT/User.pm:141]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
Any suggestions to a right direction are welcome.
PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided to
use something simpler. :D
--
Indrek
Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hi,
messing with the filter = '(objectClass=*)', gave me FAILED LOGIN as did
=person. Then tested the LDAP Import plugin and it worked. Now I need to
see about AD user permissions (create tickets etc).
Thank you for the suggestions and thank you Trev for making it more
understandable. Your configuration helped me understand other needed values
as well.
Regards,
--Indrek
On Mon, Apr 20, 2015 at 4:19 PM Jeff Blaine jbla...@kickflop.net wrote:
https://metacpan.org/pod/RT::Authen::ExternalAuth::LDAP
says:
filter
The filter to use to match RT users. You must specify
it and it must be a valid LDAP filter encased in parentheses.
For example:
filter = '(objectClass=*)',
On 4/20/2015 5:16 AM, Indrek Paas wrote:
Hi,
I'm setting up an RT server on:
CentOS 7.1 x64
Apache 2.4
PostgreSQL
Perl v5.16.3
Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings
in RT_SiteConfig.pm:
Plugin( RT::Authen::ExternalAuth );
Set( $ExternalAuthPriority, [My_LDAP] );
Set( $ExternalInfoPriority, [My_LDAP] );
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server'= '1.1.1.1',
'user' = 'rtbinduser@domain.server
',
'pass' = 'rtbinduserpw',
'base' = 'ou=Dom Users,ou=Company
AD,dc=domain,dc=server',
'attr_match_list' = [
'Name',
'EmailAddress',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );
I start the RT using it's own server : /opt/rt4/sbin/rt-server --port
8080
Page loads in the browser and I can log in as root but when I try to log
in using AD account I see in the logs:
[warning]: Use of uninitialized value $filter in concatenation (.) or
string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
I have been digging through google and the LDAP.pm without success. When
I messed with the 'base' value error changed:
[25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
$filter in concatenation (.) or string at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 453.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
[25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method
as_string on an undefined value at
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.
Stack:
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
[/opt/rt4/sbin/../lib/RT/User.pm:141]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
[/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
[/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
[/opt/rt4/share/html/autohandler:53]
(/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)
Any suggestions to a right direction are welcome.
PS! Went with LDAP because other services on the server use it
successfully. I have installed RT using Kerberos auth before but decided
to use something simpler. :D
--
Indrek
--
Jeff Blaine
kickflop.net
PGP/GnuPG Key ID: 0x0C8EDD02
