Re: [rt-users] Error when initializing database with external auth enabled
Shawn, Thanks for the fix. I'll rework my configuration once the commit is merged, things in that department are working ok at the moment and I'm still fighting other small fires from the transition. Much appreciate the update and fix though! Kind regards Bart Shawn Moore writes: > On 2016年5月24日 at 20:27:02, Bart Bunting (bart.bunt...@ursys.com.au) wrote: >> Hi there, > > Hi Bart, > >> I may be just missing something but this is failing miserably for me and >> I am not sure what the correct way to fix it is: >> >> Running rt 4.4.1 rc1 as of today. > > I’m glad to hear it. :) > >> When I have the external authentication configuration enabled in >> RT_SiteConfig.pm the >> initial database import breaks. I think this is because when it trys to >> add the "root" user it attempts to canonicalize the name from ldap which >> fails. > > You’re exactly right. It’s even trying to canonicalize the RT System and > Nobody users too. > >> I can work around this by having puppet install one version of >> RT_SiteConfig.pm without >> external authentication configured, run the database import and then >> replace it with a version with external auth enabled. >> >> This works, I've tested it. >> >> It just feels terribly ugly and wrong. > > Indeed it is, but hey, it works. > >> Can anyone suggest what I might be doing wrong here or is this a genuine >> issue? > > It’s a genuine issue. I’ve created an Issues ticket on your behalf: > > https://issues.bestpractical.com/Ticket/Display.html?id=32009 > > I’ve also fixed the underlying issue with the following two commits (the > first for RT System and Nobody, the latter for the root user): > > https://github.com/bestpractical/rt/commit/86b45ac4e26 > https://github.com/bestpractical/rt/commit/a32c5813bdd > > These fixes will be included in RT 4.4.1rc2, but if you want to apply the > patches ahead of time, you can get rid of your double SiteConfig hack. > >> Kind regards >> Bart > > Thank you for testing the RCs! > Shawn > - > RT 4.4 and RTIR Training Sessions https://bestpractical.com/training > * Los Angeles - September, 2016 Bart -- Bart Bunting - URSYS PH: 02 87452811 Mbl: 0409560005 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Error when initializing database with external auth enabled
On 2016年5月24日 at 20:27:02, Bart Bunting (bart.bunt...@ursys.com.au) wrote: > Hi there, Hi Bart, > I may be just missing something but this is failing miserably for me and > I am not sure what the correct way to fix it is: > > Running rt 4.4.1 rc1 as of today. I’m glad to hear it. :) > When I have the external authentication configuration enabled in > RT_SiteConfig.pm the > initial database import breaks. I think this is because when it trys to > add the "root" user it attempts to canonicalize the name from ldap which > fails. You’re exactly right. It’s even trying to canonicalize the RT System and Nobody users too. > I can work around this by having puppet install one version of > RT_SiteConfig.pm without > external authentication configured, run the database import and then > replace it with a version with external auth enabled. > > This works, I've tested it. > > It just feels terribly ugly and wrong. Indeed it is, but hey, it works. > Can anyone suggest what I might be doing wrong here or is this a genuine > issue? It’s a genuine issue. I’ve created an Issues ticket on your behalf: https://issues.bestpractical.com/Ticket/Display.html?id=32009 I’ve also fixed the underlying issue with the following two commits (the first for RT System and Nobody, the latter for the root user): https://github.com/bestpractical/rt/commit/86b45ac4e26 https://github.com/bestpractical/rt/commit/a32c5813bdd These fixes will be included in RT 4.4.1rc2, but if you want to apply the patches ahead of time, you can get rid of your double SiteConfig hack. > Kind regards > Bart Thank you for testing the RCs! Shawn - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Error when initializing database with external auth enabled
Hi Jim, Sorry for not posting the relevant details. It is a totally new install being built to replace our customized version of rt 3.6 :). Probably time for an upgrade :). Here are the configuration details that are to do with authentication. As previously mentioned I think the error is happening when RT is trying to use the external ldap server to canonicalize the root user when it's added from initialdata: use utf8; #* Authentication # configure external authentication #Set ($ExternalAuth, 1); Set( $ExternalAuthPriority, ['URSYS_LDAP'] ); Set( $ExternalInfoPriority, ['URSYS_LDAP'] ); # Make users created from LDAP Privileged Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); # Users should still be autocreated by RT as internal users if they # fail to exist in an external service; this is so requestors (who # are not in LDAP) can still be created when they email in. Set($AutoCreateNonExternalUsers, 1); # LDAP configuration; see RT::Authen::ExternalAuth::LDAP for # further details and examples Set($ExternalSettings, { 'URSYS_LDAP' => { 'type' => 'ldap', 'server' => 'xxx', 'base' => 'cn=users,cn=accounts,dc=xxx', 'user' => 'uid=system,cn=sysaccounts,cn=etc,dc=xxx', 'pass' => 'xxx', 'filter' => '(&(memberOf=cn=helpdesk-*))', 'attr_match_list' => [ 'Name', ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', }, }, } ); #* Ldapimport Configuration Set($LDAPBase,'cn=users,cn=accounts,dc=xxx'); Set($LDAPHost,'xxx'); Set($LDAPUser,'uid=system,cn=sysaccounts,cn=etc,dc=xxx'); Set($LDAPPassword,'xxx'); Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))'); Set($LDAPMapping, {Name => 'uid', # required EmailAddress => 'mail', RealName => 'cn', WorkPhone=> 'telephoneNumber', Organization => 'departmentName'}); # create users as privileged Set($LDAPCreatePrivileged, 1); # sync Groups from LDAP into RT Set($LDAPGroupBase, 'cn=accounts,dc=xxx'); Set($LDAPGroupFilter, '(&(objectClass=groupofnames)(cn=helpdesk-*))'); Set($LDAPGroupMapping, {Name => 'cn', Description => 'description', Member_Attr=> 'member', Member_Attr_Value => 'dn', }); #* Slack Notifier configuration # All parameters with the exclusion of Proxy are directly passed to the WebService::Slack::IncomingWebHook object Kind regards Bart Jim Brandt writes: > To clarify the previous question, if you were using > RT::Authen::ExternalAuth in a previous version of RT (pre-4.4) and have > it pulled in as a Plugin, you need to remove it because it is now in > core. It's not clear to me if your RT_SiteConfig.pm is from an earlier > RT version. If so, you will need to make some updates due to the RT > version change: > > https://docs.bestpractical.com/rt/4.4.1/UPGRADING-4.4.html > > On 5/25/16 10:21 PM, Bart Bunting wrote: >> Peter, >> >> Not sure, but this is a new install using rt 4.4. >> >> >> >> Kind regards >> Peter Viskup writes: >> >>> Couldn't this be related to RT::Authen::ExternalAuth migration to RT >>> core since 4.4 version? >>> >>> https://docs.bestpractical.com/rt/4.4.0/UPGRADING-4.4.html >>> >>> -- >>> Peter >>> >>> On Wed, May 25, 2016 at 2:26 AM, Bart Bunting >>> wrote: Hi there, I may be just missing something but this is failing miserably for me and I am not sure what the correct way to fix it is: Running rt 4.4.1 rc1 as of today. The situation is I have external authentication working fine using both RT::Authen::ExternalAuth and RT::LDAPImport. I use puppet to provision the machine. When I have the external authentication configuration enabled in RT_SiteConfig.pm the initial database import breaks. I think this is because when it trys to add the "root" user it attempts to canonicalize the name from ldap which fails. Here is an example of the run: make initialize-database /usr/bin/perl -I/opt/rt4/local/lib -I/opt/rt4/lib sbin/rt-setup-database --action init --prompt-for-dba-password In order to create or update your RT database, this script needs to connect to your mysql instance on localhost (port '') as root Please specify that user's database password below. If the user has no database password, just press return. Password: Working with: Type: mysql Host: localhost Port: Name: rt4 User: rt DBA:root Now creating a mysql database rt4 for RT. Done. Now populating database schema. Done. Now inserting database ACLs. Done. Now inserting RT
Re: [rt-users] Error when initializing database with external auth enabled
To clarify the previous question, if you were using RT::Authen::ExternalAuth in a previous version of RT (pre-4.4) and have it pulled in as a Plugin, you need to remove it because it is now in core. It's not clear to me if your RT_SiteConfig.pm is from an earlier RT version. If so, you will need to make some updates due to the RT version change: https://docs.bestpractical.com/rt/4.4.1/UPGRADING-4.4.html On 5/25/16 10:21 PM, Bart Bunting wrote: Peter, Not sure, but this is a new install using rt 4.4. Kind regards Peter Viskup writes: Couldn't this be related to RT::Authen::ExternalAuth migration to RT core since 4.4 version? https://docs.bestpractical.com/rt/4.4.0/UPGRADING-4.4.html -- Peter On Wed, May 25, 2016 at 2:26 AM, Bart Bunting wrote: Hi there, I may be just missing something but this is failing miserably for me and I am not sure what the correct way to fix it is: Running rt 4.4.1 rc1 as of today. The situation is I have external authentication working fine using both RT::Authen::ExternalAuth and RT::LDAPImport. I use puppet to provision the machine. When I have the external authentication configuration enabled in RT_SiteConfig.pm the initial database import breaks. I think this is because when it trys to add the "root" user it attempts to canonicalize the name from ldap which fails. Here is an example of the run: make initialize-database /usr/bin/perl -I/opt/rt4/local/lib -I/opt/rt4/lib sbin/rt-setup-database --action init --prompt-for-dba-password In order to create or update your RT database, this script needs to connect to your mysql instance on localhost (port '') as root Please specify that user's database password below. If the user has no database password, just press return. Password: Working with: Type: mysql Host: localhost Port: Name: rt4 User: rt DBA:root Now creating a mysql database rt4 for RT. Done. Now populating database schema. Done. Now inserting database ACLs. Done. Now inserting RT core system objects. [15076] [Wed May 25 00:15:29 2016] [critical]: Undefined subroutine &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at /opt/rt_source/sbin/../lib/RT/User.pm line 787. (/opt/rt_source/sbin/../lib/RT.pm:390) Undefined subroutine &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at /opt/rt_source/sbin/../lib/RT/User.pm line 787. Makefile:386: recipe for target 'initialize-database' failed make: *** [initialize-database] Error 2 root@rt-dev:/opt/rt_source# I can work around this by having puppet install one version of RT_SiteConfig.pm without external authentication configured, run the database import and then replace it with a version with external auth enabled. This works, I've tested it. It just feels terribly ugly and wrong. Can anyone suggest what I might be doing wrong here or is this a genuine issue? Kind regards Bart -- Bart Bunting - URSYS PH: 02 87452811 Mbl: 0409560005 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016 Bart - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Error when initializing database with external auth enabled
Peter, Not sure, but this is a new install using rt 4.4. Kind regards Peter Viskup writes: > Couldn't this be related to RT::Authen::ExternalAuth migration to RT > core since 4.4 version? > > https://docs.bestpractical.com/rt/4.4.0/UPGRADING-4.4.html > > -- > Peter > > On Wed, May 25, 2016 at 2:26 AM, Bart Bunting > wrote: >> >> Hi there, >> >> I may be just missing something but this is failing miserably for me and >> I am not sure what the correct way to fix it is: >> >> Running rt 4.4.1 rc1 as of today. >> >> The situation is I have external authentication working fine using both >> RT::Authen::ExternalAuth and RT::LDAPImport. >> >> I use puppet to provision the machine. >> >> When I have the external authentication configuration enabled in >> RT_SiteConfig.pm the >> initial database import breaks. I think this is because when it trys to >> add the "root" user it attempts to canonicalize the name from ldap which >> fails. >> >> Here is an example of the run: >> >> make initialize-database >> /usr/bin/perl -I/opt/rt4/local/lib -I/opt/rt4/lib sbin/rt-setup-database >> --action init --prompt-for-dba-password >> In order to create or update your RT database, this script needs to connect >> to your mysql instance on localhost (port '') as root >> Please specify that user's database password below. If the user has no >> database >> password, just press return. >> >> Password: >> Working with: >> Type: mysql >> Host: localhost >> Port: >> Name: rt4 >> User: rt >> DBA:root >> Now creating a mysql database rt4 for RT. >> Done. >> Now populating database schema. >> Done. >> Now inserting database ACLs. >> Done. >> Now inserting RT core system objects. >> [15076] [Wed May 25 00:15:29 2016] [critical]: Undefined subroutine >> &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at >> /opt/rt_source/sbin/../lib/RT/User.pm line 787. >> (/opt/rt_source/sbin/../lib/RT.pm:390) >> Undefined subroutine &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo >> called at /opt/rt_source/sbin/../lib/RT/User.pm line 787. >> Makefile:386: recipe for target 'initialize-database' failed >> make: *** [initialize-database] Error 2 >> root@rt-dev:/opt/rt_source# >> >> I can work around this by having puppet install one version of >> RT_SiteConfig.pm without >> external authentication configured, run the database import and then >> replace it with a version with external auth enabled. >> >> This works, I've tested it. >> >> It just feels terribly ugly and wrong. >> >> Can anyone suggest what I might be doing wrong here or is this a genuine >> issue? >> >> >> Kind regards >> Bart >> -- >> >> Bart Bunting - URSYS >> PH: 02 87452811 >> Mbl: 0409560005 >> - >> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training >> * Los Angeles - September, 2016 Bart -- Bart Bunting - URSYS PH: 02 87452811 Mbl: 0409560005 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] Error when initializing database with external auth enabled
Couldn't this be related to RT::Authen::ExternalAuth migration to RT core since 4.4 version? https://docs.bestpractical.com/rt/4.4.0/UPGRADING-4.4.html -- Peter On Wed, May 25, 2016 at 2:26 AM, Bart Bunting wrote: > > Hi there, > > I may be just missing something but this is failing miserably for me and > I am not sure what the correct way to fix it is: > > Running rt 4.4.1 rc1 as of today. > > The situation is I have external authentication working fine using both > RT::Authen::ExternalAuth and RT::LDAPImport. > > I use puppet to provision the machine. > > When I have the external authentication configuration enabled in > RT_SiteConfig.pm the > initial database import breaks. I think this is because when it trys to > add the "root" user it attempts to canonicalize the name from ldap which > fails. > > Here is an example of the run: > > make initialize-database > /usr/bin/perl -I/opt/rt4/local/lib -I/opt/rt4/lib sbin/rt-setup-database > --action init --prompt-for-dba-password > In order to create or update your RT database, this script needs to connect > to your mysql instance on localhost (port '') as root > Please specify that user's database password below. If the user has no > database > password, just press return. > > Password: > Working with: > Type: mysql > Host: localhost > Port: > Name: rt4 > User: rt > DBA:root > Now creating a mysql database rt4 for RT. > Done. > Now populating database schema. > Done. > Now inserting database ACLs. > Done. > Now inserting RT core system objects. > [15076] [Wed May 25 00:15:29 2016] [critical]: Undefined subroutine > &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at > /opt/rt_source/sbin/../lib/RT/User.pm line 787. > (/opt/rt_source/sbin/../lib/RT.pm:390) > Undefined subroutine &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo > called at /opt/rt_source/sbin/../lib/RT/User.pm line 787. > Makefile:386: recipe for target 'initialize-database' failed > make: *** [initialize-database] Error 2 > root@rt-dev:/opt/rt_source# > > I can work around this by having puppet install one version of > RT_SiteConfig.pm without > external authentication configured, run the database import and then > replace it with a version with external auth enabled. > > This works, I've tested it. > > It just feels terribly ugly and wrong. > > Can anyone suggest what I might be doing wrong here or is this a genuine > issue? > > > Kind regards > Bart > -- > > Bart Bunting - URSYS > PH: 02 87452811 > Mbl: 0409560005 > - > RT 4.4 and RTIR Training Sessions https://bestpractical.com/training > * Los Angeles - September, 2016 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
[rt-users] Error when initializing database with external auth enabled
Hi there, I may be just missing something but this is failing miserably for me and I am not sure what the correct way to fix it is: Running rt 4.4.1 rc1 as of today. The situation is I have external authentication working fine using both RT::Authen::ExternalAuth and RT::LDAPImport. I use puppet to provision the machine. When I have the external authentication configuration enabled in RT_SiteConfig.pm the initial database import breaks. I think this is because when it trys to add the "root" user it attempts to canonicalize the name from ldap which fails. Here is an example of the run: make initialize-database /usr/bin/perl -I/opt/rt4/local/lib -I/opt/rt4/lib sbin/rt-setup-database --action init --prompt-for-dba-password In order to create or update your RT database, this script needs to connect to your mysql instance on localhost (port '') as root Please specify that user's database password below. If the user has no database password, just press return. Password: Working with: Type: mysql Host: localhost Port: Name: rt4 User: rt DBA:root Now creating a mysql database rt4 for RT. Done. Now populating database schema. Done. Now inserting database ACLs. Done. Now inserting RT core system objects. [15076] [Wed May 25 00:15:29 2016] [critical]: Undefined subroutine &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at /opt/rt_source/sbin/../lib/RT/User.pm line 787. (/opt/rt_source/sbin/../lib/RT.pm:390) Undefined subroutine &RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo called at /opt/rt_source/sbin/../lib/RT/User.pm line 787. Makefile:386: recipe for target 'initialize-database' failed make: *** [initialize-database] Error 2 root@rt-dev:/opt/rt_source# I can work around this by having puppet install one version of RT_SiteConfig.pm without external authentication configured, run the database import and then replace it with a version with external auth enabled. This works, I've tested it. It just feels terribly ugly and wrong. Can anyone suggest what I might be doing wrong here or is this a genuine issue? Kind regards Bart -- Bart Bunting - URSYS PH: 02 87452811 Mbl: 0409560005 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016