Hi Jim,
Sorry for not posting the relevant details. It is a totally new install
being built to replace our customized version of rt 3.6 :). Probably
time for an upgrade :).
Here are the configuration details that are to do with authentication.
As previously mentioned I think the error is happening when RT is trying
to use the external ldap server to canonicalize the root user when it's
added from initialdata:
use utf8;
#* Authentication
# configure external authentication
#Set ($ExternalAuth, 1);
Set( $ExternalAuthPriority, ['URSYS_LDAP'] );
Set( $ExternalInfoPriority, ['URSYS_LDAP'] );
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);
# LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'URSYS_LDAP' => {
'type' => 'ldap',
'server' => 'xxx',
'base' => 'cn=users,cn=accounts,dc=xxx',
'user' => 'uid=system,cn=sysaccounts,cn=etc,dc=xxx',
'pass' => 'xxx',
'filter' => '(&(memberOf=cn=helpdesk-*))',
'attr_match_list' => [
'Name',
],
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
},
},
} );
#* Ldapimport Configuration
Set($LDAPBase,'cn=users,cn=accounts,dc=xxx');
Set($LDAPHost,'xxx');
Set($LDAPUser,'uid=system,cn=sysaccounts,cn=etc,dc=xxx');
Set($LDAPPassword,'xxx');
Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))');
Set($LDAPMapping, {Name => 'uid', # required
EmailAddress => 'mail',
RealName => 'cn',
WorkPhone=> 'telephoneNumber',
Organization => 'departmentName'});
# create users as privileged
Set($LDAPCreatePrivileged, 1);
# sync Groups from LDAP into RT
Set($LDAPGroupBase, 'cn=accounts,dc=xxx');
Set($LDAPGroupFilter, '(&(objectClass=groupofnames)(cn=helpdesk-*))');
Set($LDAPGroupMapping, {Name => 'cn',
Description => 'description',
Member_Attr=> 'member',
Member_Attr_Value => 'dn',
});
#* Slack Notifier configuration
# All parameters with the exclusion of Proxy are directly passed to the
WebService::Slack::IncomingWebHook object
Kind regards
Bart
Jim Brandt writes:
> To clarify the previous question, if you were using
> RT::Authen::ExternalAuth in a previous version of RT (pre-4.4) and have
> it pulled in as a Plugin, you need to remove it because it is now in
> core. It's not clear to me if your RT_SiteConfig.pm is from an earlier
> RT version. If so, you will need to make some updates due to the RT
> version change:
>
> https://docs.bestpractical.com/rt/4.4.1/UPGRADING-4.4.html
>
> On 5/25/16 10:21 PM, Bart Bunting wrote:
>> Peter,
>>
>> Not sure, but this is a new install using rt 4.4.
>>
>>
>>
>> Kind regards
>> Peter Viskup writes:
>>
>>> Couldn't this be related to RT::Authen::ExternalAuth migration to RT
>>> core since 4.4 version?
>>>
>>> https://docs.bestpractical.com/rt/4.4.0/UPGRADING-4.4.html
>>>
>>> --
>>> Peter
>>>
>>> On Wed, May 25, 2016 at 2:26 AM, Bart Bunting
>>> wrote:
Hi there,
I may be just missing something but this is failing miserably for me and
I am not sure what the correct way to fix it is:
Running rt 4.4.1 rc1 as of today.
The situation is I have external authentication working fine using both
RT::Authen::ExternalAuth and RT::LDAPImport.
I use puppet to provision the machine.
When I have the external authentication configuration enabled in
RT_SiteConfig.pm the
initial database import breaks. I think this is because when it trys to
add the "root" user it attempts to canonicalize the name from ldap which
fails.
Here is an example of the run:
make initialize-database
/usr/bin/perl -I/opt/rt4/local/lib -I/opt/rt4/lib sbin/rt-setup-database
--action init --prompt-for-dba-password
In order to create or update your RT database, this script needs to
connect to your mysql instance on localhost (port '') as root
Please specify that user's database password below. If the user has no
database
password, just press return.
Password:
Working with:
Type: mysql
Host: localhost
Port:
Name: rt4
User: rt
DBA:root
Now creating a mysql database rt4 for RT.
Done.
Now populating database schema.
Done.
Now inserting database ACLs.
Done.
Now inserting RT