[rt-users] Call external script in scrip
Hi list ! I want to set up a process to create a LDAP account automatically after admin validation. Currently, to create an account, user open a ticket and we run an homemade bash script with the username as argument. It create the account, set some options, and return the password. I want to automatize this task. The idea is to create three CF : Status, Username and Password. When an user create a ticket for a new LDAP account and if the admin agrees, he will set the CF-Username and valide the request by setting the CF-Status to OK. At this time, a scrip must be launched, call the bash script, set a random password, and send the credentials to user and close the ticket. Also, for test purpose, I've created this basic bash script (/opt/rt4/bin/create_user.sh): /opt/rt4/bin/rt edit $1 set CF.{PASS}=Passwd /opt/rt4/bin/rt edit $1 set CF.{Validation}=Send exit 0 And theses scrips : CreateUser: Custom condition : my $Ticket = $self-TicketObj; return 0 unless $self-TicketObj-FirstCustomFieldValue('Status') eq 'OK'; return 1; Custom Action: my $ticket = $self-TicketObj; my $id = $ticket-Id; system(/opt/rt4/bin/create_user.sh $id /tmp/debug); return 1; SendCredentials: Custom Condition : my $Ticket = $self-TicketObj; return 0 unless $self-TicketObj-FirstCustomFieldValue('Status') eq 'Send'; return 1; Action : Notify requestor and Cc Template : Custom with credentials When I set a the CF Status to OK, the scrip is correctly launched, and I see the first connection of the bash script is the system log : Feb 3 12:08:58 bob RT: [10535] Successful login for Anthony from localhost Then, apache did not respond during many seconds, and I see the second connection : Feb 3 12:09:31 bob RT: [10534] Successful login for Anthony from localhost And then, few seconds after : Feb 3 12:09:50 bob RT: [10535] DBD::mysql::st execute failed: Lock wait timeout exceeded; try restarting transaction at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 589. Feb 3 12:09:50 bob RT: [10535] RT::Handle=HASH(0x71041f8) couldn't execute the query 'SELECT * FROM Tickets WHERE id = ? FOR UPDATE' at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 602.#012#011DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0x71041f8), SELECT * FROM Tickets WHERE id = ? FOR UPDATE, 28) called at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Record.pm line 1234#012#011DBIx::SearchBuilder::Record::_LoadFromSQL(RT::Ticket=HASH(0x420fff0), SELECT * FROM Tickets WHERE id = ? FOR UPDATE, 28) called at /opt/rt4/sbin/../lib/RT/Record.pm line 1605#012#011RT::Record::LockForUpdate(RT::Ticket=HASH(0x420fff0)) called at /opt/rt4/sbin/../lib/RT/Record.pm line 1641#012#011RT::Record::_NewTransaction(RT::Ticket=HASH(0x420fff0), Type, CustomField, Field, 3, OldReference, undef, NewReference, RT::ObjectCustomFieldValue=HASH(0x422c5b8), ...) called at /opt/rt4/sbin/../lib/RT/Record.pm line 2034#012#011RT::Record::_AddCustomFieldValue(RT::Ticket=HASH(0x420fff0), Field, RT::CustomField=HASH(0x4211c20), Value, waza) called at /opt/rt4/sbin/../lib/RT/Record.pm line 1913#012#011RT::Record::AddCustomFieldValue(RT::Ticket=HASH(0x420fff0), Field, RT::CustomField=HASH(0x4211c20), Value, waza) called at /opt/rt4/share/html/REST/1.0/Forms/ticket/default line 403#012#011HTML::Mason::Commands::__ANON__(id, 28, args, undef, format, undef, changes, HASH(0x41ed280)) called at /usr/local/share/perl/5.14.2/HTML/Mason/Component.pm line 138#012#011HTML::Mason::Component::run(HTML::Mason::Component::FileBased=HASH(0x420f990), id, 28, args, undef, format, undef, changes, HASH(0x41ed280), ...) called at /usr/local/share/perl/5.14.2/HTML/Mason/Request.pm line 1300#012#011eval {...} called at /usr/local/share/perl/5.14.2/HTML/Mason/Request.pm line 1295#012#011HTML::Mason::Request::comp(undef, undef, id, 28, args, undef, format, undef, changes, ...) called at /opt/rt4/share/html/REST/1.0/dhandler line 299#012#011HTML::Mason::Commands::__ANON__(pass Feb 3 12:09:50 bob RT: [10535] rt-4.2.2-10535-1391425790-954.28-1...@support.bob #28/633 - Scrip 18 SendCredentials Feb 3 12:09:50 bob RT: [10535] rt-4.2.2-10535-1391425790-954.28-1...@support.bob sent To: anthony@test.localhost Feb 3 12:10:04 bob RT: [10534] rt-4.2.2-10534-1391425804-931.28-1...@support.bob #28/635 - Scrip 18 SendCredentials Feb 3 12:10:04 bob RT: [10534] rt-4.2.2-10534-1391425804-931.28-1...@support.bob sent To: anthony@test.localhost Feb 3 12:10:05 bob RT: [10529] Use of uninitialized value in string eq at (eval 449) line 2. Feb 3 12:10:05 bob RT: [10529] Use of uninitialized value in string eq at (eval 451) line 2. Feb 3 12:10:05 bob RT: [10529] Use of uninitialized value in string eq at (eval 457) line 2. Feb 3 12:10:05 bob RT: [10529] Use of uninitialized value in string eq at (eval 459) line 2. Feb 3 12:10:05 bob RT: [10538] Malformed UTF-8 character (unexpected end of string) in string ne at /usr/share/perl/5.14/Locale/Maketext.pm line 538. And in the ticket
Re: [rt-users] Extract Attachment as Mime
Hi Kevin, Thanks for this reply. Effectively, with this mistake, the scrip will not be right... I did lot of test, maybe the fatigue... SO, I will follow your advises and get the list informed. Regards, Anthony 2013/4/2 Kevin Falcone falc...@bestpractical.com On Tue, Apr 02, 2013 at 03:19:36PM +0200, Anthony Brodard wrote: At the very least, you'll note that these two variables aren't the same ($content vs $Content). However, it's more complicated than that since you have the declaration buried so deep in scope that the later code can't even see it. At the very least, you'll need to forward declared $Content early, set it, and then check it before Creating. my $content = $attachment-ContentAsMIME; MIMEObj = $Content, I've not ready any of the other code closely, the syntax error just jumped out. -kevin
[rt-users] Extract Attachment as Mime
Hi list, Hi try to create a scrip which will create a new ticket in an other queue, with the last comment as body. Description : On close Create ticket in alerts Condition : On close Action : Defined by user Modèle : null Step : TransactionCreate Pre-action code: return 1; Custom action : my $ticket = $self-TicketObj; my $CF = $ticket-FirstCustomFieldValue('VALIDATION'); my $child_ticket = RT::Ticket-new ( $RT::SystemUser ); my $queue_name = 'Alerts'; return 0 if ($CF ne $queue_name ); my $transactions = $ticket-Transactions; $transactions-Limit( FIELD = 'Type', VALUE = 'Comment' ); while (my $transaction = $transactions-Next){ $RT::Logger-info(Transaction . $transaction-id); my $attachments = $transaction-Attachments; while (my $attachment = $attachments-Next) { $RT::Logger-info(Attachment. $attachment-id); my $content = $attachment-ContentAsMIME; } } my ($child_id, $child_transobj, $errormsg ) = $child_ticket-Create( Queue = $queue_name , Subject = $ticket-Subject, RefersTo = $ticket-id , Owner = $ticket-Owner , MIMEObj = $Content, ); unless ( $child_id ) { $RT::Logger-debug(Error : . $errormsg); return 0; }; return 1; So, without the while loop and the MIMEObj parameter, the scrip works fine, and a new ticket is created in the other queue, but with an empty body. When I add the loop, the scrip fail, and I don't any error log. Do you have any idea about this problem ? Best regards, Anthony
[rt-users] Manage user rights
Hi list, I'm running on RT 3.8.7. I have some fonctionnal user which appear in the Query Builder, in the list of possible tickets owners. I would to drop there users from the list. They don't have the Own Ticket right. They are only used as admin-cc in queues, and are not privileged. But they always are in the list. Did you know which right cause this problem ? How do you manage your users / groups / files rights ? And have you any tool which permit to see right for a specific user / group / file ? I've tried to install the plugin RTx-RightsMatrix, but it isn't compatible with this version of RT. Thanks, Anthony RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
[rt-users] Modify graph's color
Hi everybody! I'm actually searching how modify appareance or just color of my graph' in RT 3.8.7 I've just installed the package libgd-graph-perl and reload apache server, but graph are not eye-attractive. I found this: http://wiki.bestpractical.com/view/rt-google-charts but I don't understand how to implement it. Is somebody success to install it? Or just help me to change the chart's default color? Regards, Anthony RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] External Authentication with LDAPS
It works! I've configured the connection without SSL (port 389) and it works fine. So, I've modify the file * /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm * * * I add this perl module: *use Net::LDAPS;* And modify the function _GetBoundLdapObj ( l.422): sub _GetBoundLdapObj { # Config as hashref my $config = shift; # Figure out what's what my $ldap_server = $config-{'server'}; *my $ldap_port = $config-{'port'};* *my $ldap_ca_path = $config-{'ca_path'};* my $ldap_user = $config-{'user'}; my $ldap_pass = $config-{'pass'}; my $ldap_tls= $config-{'tls'}; my $ldap_ssl_ver= $config-{'ssl_version'}; my $ldap_args = $config-{'net_ldap_args'}; *my $ldap = new Net::LDAPS($ldap_server, @$ldap_args, $ldap_port, $ldap_ca_path);* unless ($ldap) { $RT::Logger-critical( (caller(0))[3], : Cannot connect to, $ldap_server); return undef; } RT_SiteConfig.pm: Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 1); Set($AutoCreateNonExternalUsers,1); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'ldap.domain.tld', * 'port' = '636',* *'ca_path' = '/etc/ssl/certs/',* 'user' = 'cn=xxx,o=xxx,dc=xxx,dc=xxx', 'pass' = 'xx', 'base' = 'dc=xxx,dc=xxx', 'filter' = '(uid=*)', 'd_filter' = '(objectClass=pwdPolicy)', 'tls' = 1, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3 ], # 'group' = # 'group_attr' = 'attr_match_list' = ['Name','EmailAddress'], 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail'}, } }); Sincere thanks for your help Mike Best regards, Anthony 0/8/3 Mike Johnson mike.john...@nosm.ca filter is your LDAP query string to determine if a particular CN is a user. If you are connecting to an AD it would be ((objectCategory=User) (Object Class=Person)) d_filter is your LDAP query to determine disabled users. If you are connecting to an AD it would be a bitmask like so (userAccountControl:1.2.840.113556.1.4.803:=2) group is your LDAP CN that all your RT users would be a part of. This should be the full CN group_attr is the attribute of the user CN that determines what groups they are in. In AD this would be member One thing I would test is getting an LDAP browser and connecting using the same info you are attempting to connect with in RT, verify the user you are using works... Then troubleshoot from there.. Good luck! Mike. On Mon, Aug 2, 2010 at 8:08 AM, Anthony BRODARD brodard.anth...@gmail.com wrote: And here, another logs generate with debug: [Mon Aug 2 12:05:00 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) [Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 2 12:05:01 2010] [debug]: UserExists params: username: anthony.brodard , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 2 12:05:01 2010
Re: [rt-users] External Authentication with LDAPS
Hi Mike! Thanks for your replies. After i had try what you said in your last mail, i've decide to reinstall a new clean RT, and test only the external authentication plugin. So, this is a part of my new RT_SiteConfig, with your last recommendations: Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 1); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'ldap.mydomain', 'user' = 'cn=auth,o=others,dc=blanked,dc=fr', 'pass' = 'x', 'base' = 'dc=blanked,dc=fr', 'filter' = '(uid=*)', 'd_filter' = 'objectClass=Nothing', 'tls' = 1, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3 ], # 'group' = # 'group_attr' = 'attr_match_list' = ['Name'], 'attr_map' = { 'Name' = 'uid'}, } }); And in my error-rt.log: [Mon Aug 2 09:26:09 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blank.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 09:26:09 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) I don't understand how to sets the fields d_filter, group, group_attr. Thanks Anthony BRODARD 2010/7/29 Mike Johnson mike.john...@nosm.ca make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.com wrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
And here, another logs generate with debug: [Mon Aug 2 12:05:00 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) [Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 2 12:05:01 2010] [debug]: UserExists params: username: anthony.brodard , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) 2010/7/29 Mike Johnson mike.john...@nosm.ca make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.com wrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
Hi Mike, thanks to help me! I've turned on RT's debug mode ( addSet($LogToFile, '*debug*'); Set($LogDir, '/var/log/rt'); in my RT_Siteconfig.pm). Now, when I try to loggin with a LDAP account, this lines are written in my log file: [Thu Jul 29 07:46:08 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Thu Jul 29 07:46:08 2010] [debug]: Attempting to use external auth service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Thu Jul 29 07:46:08 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Thu Jul 29 07:46:08 2010] [debug]: UserExists params: username: anthony.brodard , service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) *[Thu Jul 29 07:46:30 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.[Blanked].fr (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) * [Thu Jul 29 07:46:30 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Thu Jul 29 07:46:30 2010] [error]: FAILED LOGIN for anthony.brodard from [IP] (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) I try a telnet on server: [rt-test]~ # telnet ldap.[Blanked].fr 636 Trying [IP]... Connected to ldap.[Blanked].fr. Escape character is '^]'. Maybe RT use the LDAP's default port (389), not the LDAPS (636). How can i see it or modify in RT_Siteconfig.pm ? Regards, Anthony 2010/7/28 Mike Johnson mike.john...@nosm.ca Hi, Try turning on RT's logging in debug mode. That helped me figure out what was going on with my ExternalAuth. In the log, before the FAILED line you should see a few lines showing you if it's connecting to your LDAP, finding user etc. Work from there! Mike. Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] External Authentication with LDAPS
Hi, I've installed RT 3.8.7 on a debian lenny with the manual procedure listed here: http://wiki.bestpractical.com/view/ExternalAuth So, now i try to configure my RT_Siteconfig.pm to acces at RT via my LDAPS serveur. This is a part of my configuration: #PLUGINS: Set(@Plugins,(qw( RT::Extension::MandatorySubject RT::Extension::MandatoryRequestor RT::Extension::SearchResults::XLS RT::Extension::UserDetails RT::FM RT::IR RTx::Tags RT::Extension::WatchedQueues RT::Extension::ServiceUpdates RT::Authen::ExternalAuth ))); # AUTHENTICATION Set($ExternalAuthPriority, ['LDAP',] ); Set($ExternalInfoPriority, ['LDAP',] ); Set($ExternalServiceUsesSSLorTLS, 1); # DATABASES CONFIGURATION Set($ExternalSettings, { 'LDAP' = { 'type' = 'ldap', 'server'= 'ldap.BLANKED', 'user' = 'BLANKED', 'pass' = 'BLANKED', 'base' = 'dc=blanked,dc=fr', 'filter'= '(uid=*)', 'd_filter' = '(objectClass=foobar)', 'tls' = 1, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3 ], # 'group' = 'GROUP-NAME', # 'group_attr'= 'GROUP_ATTR', 'attr_match_list' = 'uid', 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', # 'Organization' = '', 'RealName' = 'cn', # 'ExternalAuthId' = '', # 'Gecos' = '', # 'WorkPhone' = 'telephonenumber', # 'Address1' = '', # 'City' = '', # 'State' = '', # 'Zip' = '', # 'Country' = '' } } }, ); 1; When i try to log on, i have a message which said that m'y username or my password isn't correct. In the log files (/var/log/apache2/error.log), i have only : [Tue Jul 27 14:35:28 2010] [error]: FAILED LOGIN for anthony.brodard from MY_IP (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) Do you know where is the mistake? After that, i want to activate a session's timeout on RT with mod_perl. Do you know how can i do? Regards, Anthony BRODARD Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com