Re: [rt-users] AD integration for external auth
Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
[rt-users] AD integration for external auth
I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com mailto:y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net http://file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
Sorry about that, review the blog entry I sent you prior. I do see I did add that plugin, again, it's been a while since I wrestled with LDAP authentication. So, I threw my working config with notes, into that blog. On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net wrote: Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode',
Re: [rt-users] AD integration for external auth
Generally speaking, it is typical to create an 'LDAP User' for binding, and reading purposes within AD itself. LDAPImport does authenticate against the users in AD. And builds the user records within RT as I have mapped in my example. Cronjob to do the import, maybe every 15 minutes. Makes it much easier to use AD groups within RT as well. Very dynamic... On Tue, Jul 7, 2015 at 4:50 PM, Yan Seiner y...@seiner.com wrote: I'm kicking this back to the list only. I've been going round and round with this and I have some more information, but still not a solution. ldapsearch works: ldapsearch -H ldap://file_print.hpm.net -b dc=hpm,dc=net -s sub (sAMAccountName=yans) -D 'HPM\yans' -x -W uid But notice that I need to use either 'HPM\yans' for the user or the older ' y...@hpm.net' for the system to allow me to bind to the ldap server. The way we're set up, any user can bind to the server with valid credentials, but anonymous binds are not allowed. But the way ExternalAuth is set up, I have to provide the ldap userid and password, which in our system would be a real user. 'user' = 'rt_ldap_username', 'pass' = 'rt_ldap_password', Is there any way to get ExternalAuth to use the credentials entered in the login to bind to the ldap server? (As near as I can figure, the LDAPImport extension imports the userids from ldap, which is not what I need. I need to authenticate against AD in realtime.) --Yan On 7/7/2015 1:32 PM, Trev wrote: Sorry about that, review the blog entry I sent you prior. I do see I did add that plugin, again, it's been a while since I wrestled with LDAP authentication. So, I threw my working config with notes, into that blog. On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net wrote: Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found
Re: [rt-users] AD integration for external auth
I'm kicking this back to the list only. I've been going round and round with this and I have some more information, but still not a solution. ldapsearch works: ldapsearch -H ldap://file_print.hpm.net -b dc=hpm,dc=net -s sub (sAMAccountName=yans) -D 'HPM\yans' -x -W uid But notice that I need to use either 'HPM\yans' for the user or the older 'y...@hpm.net' for the system to allow me to bind to the ldap server. The way we're set up, any user can bind to the server with valid credentials, but anonymous binds are not allowed. But the way ExternalAuth is set up, I have to provide the ldap userid and password, which in our system would be a real user. 'user' = 'rt_ldap_username', 'pass' = 'rt_ldap_password', Is there any way to get ExternalAuth to use the credentials entered in the login to bind to the ldap server? (As near as I can figure, the LDAPImport extension imports the userids from ldap, which is not what I need. I need to authenticate against AD in realtime.) --Yan On 7/7/2015 1:32 PM, Trev wrote: Sorry about that, review the blog entry I sent you prior. I do see I did add that plugin, again, it's been a while since I wrestled with LDAP authentication. So, I threw my working config with notes, into that blog. On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net mailto:tre...@onepost.net wrote: Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net mailto:tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com mailto:y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com mailto:y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans))
Re: [rt-users] [rt-devel] alternative to edit comments
On Tue, Jul 7, 2015 at 8:01 AM, ARBEZ Christophe christophe.ar...@gmail.com wrote: Hi all, I know it is not possible to edit some message in RT. So, I would like how you do for a comment if you make a mistake in the content or the time worked ? You can update the ticket time after creating your txn. Perhaps that will help? For example, in a project or intern tickets in your company. Is there an alternative to edit transactions like comments? You could create an Edit Content link and add it to the txn links and from there create a custom form. You'll need something like: # {{{ # paper-trail auditor backdoor :) # Needed to change the txn's time taken via EditBilling.html package RT::Transaction; use strict; no warnings qw(redefine); sub _Set { my $self = shift; $self-SUPER::_Set(@_); } # }}} added to a loaded modules source. We do this for our billing stuff. We have a module named RT-Site-UMN-Duluth-EFS which the above code snippet lives in and a form named EditBilling.html which does the front-end work. Cheers, -m
Re: [rt-users] AD integration for external auth
On Tue, Jul 7, 2015 at 4:50 PM, Yan Seiner y...@seiner.com wrote: I'm kicking this back to the list only. I've been going round and round with this and I have some more information, but still not a solution. ldapsearch works: Excellent and vital first crawl. Next to stand up and walk: Can you interrogate your LDAP with Net::LDAP? URL:https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod ISTR having to pass some options when I last ran with RT's LDAP/AD integration. Happy hacking, John groenv...@acm.org
Re: [rt-users] using date calcs in reports
On Sun, Jul 5, 2015 at 11:46 PM, Chris Herrmann chrisherrma...@gmail.com wrote: Hi all, I can currently export a list of tickets with most of the data I need like this: rt list queue = 'myqueue' and ( ( Status = 'open' or Status = 'new') OR ( Resolved '$startdate' ) ) -f id,subject,status,timeworked,requestors,created,started, lastupdated,resolved /tmp/report.tsv Now... what I'd like to do is calculate the difference between Created Started... I'm pretty sure that Date::Calc - Delta_DHMS will give me what I want... but I'm not sure how to use this in the query above. Is that even possible? The following has not been tested with the 'rt' CLI tool. You could extend RT::Ticket to create a function called time_until_started, then create a ColumnMap for that new function. I've written something similar to this (for 3.8) where I wanted to get the previous owner of a ticket and be able to use that as a column in searches. Attached is the code. I'm not sure if there are changes necessary for 4.0 or 4.2. There are 3 important files: ./html/Callbacks/RT-Extension-PreviousOwner/Elements/RT__Ticket/ColumnMap/Once ./html/Callbacks/RT-Extension-PreviousOwner/Search/Elements/BuildFormatString/Default ./lib/RT/Extension/PreviousOwner.pm Cheers, -m rt-extension-previousowner.tar.gz Description: GNU Zip compressed data
[rt-users] alternative to edit comments
Hi all, I know it is not possible to edit some message in RT. So, I would like how you do for a comment if you make a mistake in the content or the time worked ? For example, in a project or intern tickets in your company. Is there an alternative to edit transactions like comments? Thanks, Christophe ARBEZ *Christophe ARBEZ | Stagiaire développement* Syloé 803 rue de Pinville - 34000 Montpellier Tél: +33983014518 Email: christophe.ar...@syloe.fr www.syloe.fr http://www.syloe.com/ | Blog.syloe.com http://blog.syloe.com/ | Twitter https://twitter.com/Syloe_SARL | Facebook https://www.facebook.com/pages/Sylo%C3%A9/188258434526095?ref=hl