[rt-users] External authentication and RT's REST API
Hello rt-users, So, I've implemented a Google Sign In flow into Request Tracker with WebRemoteUserAuth enabled and an Apache module called mod_auth_openidc. Now, I'd like to access RT's REST API with an account authenticated through the external flow. Since these accounts don't have a standard login flow , you can't just do REST/1.0/?something=something=USERNAME=PASSWORD right? So, I was wondering how to let those kinds of users access the REST API. These users don't necessarily have an RT password - eg autocreated. Thanks, Anthony - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - Q1 2017
Re: [rt-users] External Authentication
I am pretty sure the issue is with the install for the unixodbc and Freetds see
output below.
linux-jrlt:/usr/bin/gcc # odbcinst -q -d
[FreeTDS]
[SQLServer]
linux-jrlt:/usr/bin/gcc # odbcinst -q -s
[MSSQL]
[Default]
linux-jrlt:/usr/bin/gcc # odbcinst -j
unixODBC 2.2.12
DRIVERS: /etc/unixODBC/odbcinst.ini
SYSTEM DATA SOURCES: /etc/unixODBC/odbc.ini
USER DATA SOURCES..: /root/.odbc.ini
linux-jrlt:/usr/bin/gcc # isql -v MSSQL
[IM002][unixODBC][Driver Manager]Data source name not found, and no default
driver specified
[ISQL]ERROR: Could not SQLConnect
ODBC.ini
[ODBC Data Sources]
MSSQL=TDS connection
[MSSQL]
Description = Microsoft SQL Server
Driver = FreeTDS
Server = 192.168.000.000
Database = DBName
Port = 1433
UsageCount = 1
FileUsage = 1
TDS_Version = 8.0
[ODBC]
Trace=255
[Default]
Driver = SQLServer
ODBCinst.ini
[FreeTDS]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
UsageCount = 1
FileUsage = 1
Trace = Yes
TraceFile = /tmp/freetds.log
[SQLServer]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
Trace = Yes
TraceFile = /tmp/freetds.log
FileUsage = 1
UsageCount = 1
FreeTDS.conf
[global]
timeout = 10
connect timeout = 10
text size = 64512
[MSSQL]
host = 192.168.000.000
port = 1433
tds version = 8.0
instance = SSLSQLDB
dump file = /tmp/dump.log
I think the unixodbc is not reading these files I am not even getting a trace
file. I do not know why. Can anyone see the issue?
Thnaks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Tuesday, June 25, 2013 4:26 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
I change the dbi_Driver option to ODBC. Now I get the following error
[Tue Jun 25 21:21:29 2013] [error]: DBI
connect('database=RapidTrax6a;host=192.168.250.29;port=1433','HelpDeskOTRS',...)
failed: [unixODBC][Driver Manager]Data source name not found, and no default
driver specified (SQL-IM002) at
/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 446.
Odbc Information
linux-jrlt:~ # perl -MDBD::ODBC -e 'print $DBD::ODBC::VERSION;'
1.33
linux-jrlt:~ # perl -MDBI -e 'DBI-installed_versions;'
Perl: 5.016002(x86_64-linux-thread-multi)
OS : linux (3.4.6-2.10-xen)
DBI : 1.627
DBD::mysql : 4.021
DBD::Sponge : 12.010002
DBD::Proxy : 0.2004
DBD::ODBC : 1.33
DBD::Gofer : 0.015326
DBD::File : 0.41
DBD::ExampleP : 12.014310
DBD::DBM: 0.08
Still don't know what I am missing.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Tuesday, June 25, 2013 4:12 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
On 06/25/2013 02:05 PM, Bryon Baker wrote:
Sorry I screwed on both.
Made change and now I get the following messages. LDAP works by the way.
[Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth
service: Connect_MSSQL
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test
with. Nexting
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214)
[Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth
service: Connect_LDAP
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test
with. Nexting
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214)
[Tue Jun 25 20:58:13 2013] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/usr/share/request-tracker/local/plugins/RT-Authen-ExternalAuth/html/
Elements/DoAuth:11)
This means that your MSSQL auth source didn't find a user, so it moved on to
your LDAP source where it also didn't find a user (presumably because some
users are in MSSQL and others are in LDAP).
Re: [rt-users] External Authentication
Update
I uninstall FreeTDS and UnixODBC, then install FreeTDS first and then UnixODBC
and edited the ini files and now I have both isql and tsql working.
I am now moving back to try and get Request Tracker to work.
Progress I love it. Even when it is slow and painful.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 9:50 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
I am pretty sure the issue is with the install for the unixodbc and Freetds see
output below.
linux-jrlt:/usr/bin/gcc # odbcinst -q -d [FreeTDS] [SQLServer]
linux-jrlt:/usr/bin/gcc # odbcinst -q -s [MSSQL] [Default]
linux-jrlt:/usr/bin/gcc # odbcinst -j unixODBC 2.2.12
DRIVERS: /etc/unixODBC/odbcinst.ini SYSTEM DATA SOURCES:
/etc/unixODBC/odbc.ini USER DATA SOURCES..: /root/.odbc.ini
linux-jrlt:/usr/bin/gcc # isql -v MSSQL [IM002][unixODBC][Driver Manager]Data
source name not found, and no default driver specified
[ISQL]ERROR: Could not SQLConnect
ODBC.ini
[ODBC Data Sources]
MSSQL=TDS connection
[MSSQL]
Description = Microsoft SQL Server
Driver = FreeTDS
Server = 192.168.000.000
Database = DBName
Port = 1433
UsageCount = 1
FileUsage = 1
TDS_Version = 8.0
[ODBC]
Trace=255
[Default]
Driver = SQLServer
ODBCinst.ini
[FreeTDS]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
UsageCount = 1
FileUsage = 1
Trace = Yes
TraceFile = /tmp/freetds.log
[SQLServer]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
Trace = Yes
TraceFile = /tmp/freetds.log
FileUsage = 1
UsageCount = 1
FreeTDS.conf
[global]
timeout = 10
connect timeout = 10
text size = 64512
[MSSQL]
host = 192.168.000.000
port = 1433
tds version = 8.0
instance = SSLSQLDB
dump file = /tmp/dump.log
I think the unixodbc is not reading these files I am not even getting a trace
file. I do not know why. Can anyone see the issue?
Thnaks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Tuesday, June 25, 2013 4:26 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
I change the dbi_Driver option to ODBC. Now I get the following error
[Tue Jun 25 21:21:29 2013] [error]: DBI
connect('database=RapidTrax6a;host=192.168.250.29;port=1433','HelpDeskOTRS',...)
failed: [unixODBC][Driver Manager]Data source name not found, and no default
driver specified (SQL-IM002) at
/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 446.
Odbc Information
linux-jrlt:~ # perl -MDBD::ODBC -e 'print $DBD::ODBC::VERSION;'
1.33
linux-jrlt:~ # perl -MDBI -e 'DBI-installed_versions;'
Perl: 5.016002(x86_64-linux-thread-multi)
OS : linux (3.4.6-2.10-xen)
DBI : 1.627
DBD::mysql : 4.021
DBD::Sponge : 12.010002
DBD::Proxy : 0.2004
DBD::ODBC : 1.33
DBD::Gofer : 0.015326
DBD::File : 0.41
DBD::ExampleP : 12.014310
DBD::DBM: 0.08
Still don't know what I am missing.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Tuesday, June 25, 2013 4:12 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
On 06/25/2013 02:05 PM, Bryon Baker wrote:
Sorry I screwed on both.
Made change and now I get the following messages. LDAP works by the way.
[Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth
service: Connect_MSSQL
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test
with. Nexting
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214)
[Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth
service: Connect_LDAP
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test
with. Nexting
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214)
[Tue Jun 25 20:58:13 2013] [debug]: Autohandler called ExternalAuth.
Response
Re: [rt-users] External Authentication
When the DBI_Driver string = SQLServer I get the following error..
[Wed Jun 26 15:48:22 2013] [error]: install_driver(SQLServer) failed: Can't
locate DBD/SQLServer.pm in @INC (@INC contains: /srv/www/perl-lib
/usr/share/request-tracker/local/lib /usr/lib/perl5/vendor_perl/5.16.2
/usr/lib/perl5/vendor_perl/5.16.2/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.16.2/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.16.2 /usr/lib/perl5/5.16.2/x86_64-linux-thread-multi
/usr/lib/perl5/5.16.2 /usr/lib/perl5/site_perl . /srv/www) at (eval 1431) line
3.
When the DBI_Driver string = ODBC I get the following error..
[Wed Jun 26 15:51:06 2013] [error]: DBI
connect('database=RapidTrax6a;host=192.168.250.29;port=1433','HelpDeskOTRS',...)
failed: [unixODBC][Driver Manager]Data source name not found, and no default
driver specified (SQL-IM002) at
/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 446.
I need to know what the proper DBI_driver string should be when using and ODBC
connection to a MS-SQL database. I have test tslq and isql so I know that the
ODBC configuration is correct. Just need to get the correct information in the
RT_SiteConfig.pm
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 10:39 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
Update
I uninstall FreeTDS and UnixODBC, then install FreeTDS first and then UnixODBC
and edited the ini files and now I have both isql and tsql working.
I am now moving back to try and get Request Tracker to work.
Progress I love it. Even when it is slow and painful.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 9:50 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
I am pretty sure the issue is with the install for the unixodbc and Freetds see
output below.
linux-jrlt:/usr/bin/gcc # odbcinst -q -d [FreeTDS] [SQLServer]
linux-jrlt:/usr/bin/gcc # odbcinst -q -s [MSSQL] [Default]
linux-jrlt:/usr/bin/gcc # odbcinst -j unixODBC 2.2.12
DRIVERS: /etc/unixODBC/odbcinst.ini SYSTEM DATA SOURCES:
/etc/unixODBC/odbc.ini USER DATA SOURCES..: /root/.odbc.ini
linux-jrlt:/usr/bin/gcc # isql -v MSSQL [IM002][unixODBC][Driver Manager]Data
source name not found, and no default driver specified
[ISQL]ERROR: Could not SQLConnect
ODBC.ini
[ODBC Data Sources]
MSSQL=TDS connection
[MSSQL]
Description = Microsoft SQL Server
Driver = FreeTDS
Server = 192.168.000.000
Database = DBName
Port = 1433
UsageCount = 1
FileUsage = 1
TDS_Version = 8.0
[ODBC]
Trace=255
[Default]
Driver = SQLServer
ODBCinst.ini
[FreeTDS]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
UsageCount = 1
FileUsage = 1
Trace = Yes
TraceFile = /tmp/freetds.log
[SQLServer]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
Trace = Yes
TraceFile = /tmp/freetds.log
FileUsage = 1
UsageCount = 1
FreeTDS.conf
[global]
timeout = 10
connect timeout = 10
text size = 64512
[MSSQL]
host = 192.168.000.000
port = 1433
tds version = 8.0
instance = SSLSQLDB
dump file = /tmp/dump.log
I think the unixodbc is not reading these files I am not even getting a trace
file. I do not know why. Can anyone see the issue?
Thnaks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Tuesday, June 25, 2013 4:26 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
I change the dbi_Driver option to ODBC. Now I get the following error
[Tue Jun 25 21:21:29 2013] [error]: DBI
connect('database=RapidTrax6a;host=192.168.250.29;port=1433','HelpDeskOTRS',...)
failed: [unixODBC][Driver Manager]Data source name not found, and no default
driver specified (SQL-IM002) at
/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 446.
Odbc Information
linux-jrlt:~ # perl -MDBD::ODBC -e 'print $DBD::ODBC::VERSION;'
1.33
linux-jrlt:~ # perl -MDBI -e 'DBI-installed_versions;'
Perl: 5.016002
Re: [rt-users] External Authentication
Update
Working with the first error I created a SQLServer.pm with the correct connect
string. (I tested using Perl).
Now I get this error.
DBD::SQLServer initialisation failed: Can't locate object method driver via
package DBD::SQLServer at
/usr/lib/perl5/vendor_perl/5.16.2/x86_64-linux-thread-multi/DBI.pm line 820.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 11:04 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
When the DBI_Driver string = SQLServer I get the following error..
[Wed Jun 26 15:48:22 2013] [error]: install_driver(SQLServer) failed: Can't
locate DBD/SQLServer.pm in @INC (@INC contains: /srv/www/perl-lib
/usr/share/request-tracker/local/lib /usr/lib/perl5/vendor_perl/5.16.2
/usr/lib/perl5/vendor_perl/5.16.2/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.16.2/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.16.2 /usr/lib/perl5/5.16.2/x86_64-linux-thread-multi
/usr/lib/perl5/5.16.2 /usr/lib/perl5/site_perl . /srv/www) at (eval 1431) line
3.
When the DBI_Driver string = ODBC I get the following error..
[Wed Jun 26 15:51:06 2013] [error]: DBI
connect('database=RapidTrax6a;host=192.168.250.29;port=1433','HelpDeskOTRS',...)
failed: [unixODBC][Driver Manager]Data source name not found, and no default
driver specified (SQL-IM002) at
/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 446.
I need to know what the proper DBI_driver string should be when using and ODBC
connection to a MS-SQL database. I have test tslq and isql so I know that the
ODBC configuration is correct. Just need to get the correct information in the
RT_SiteConfig.pm
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 10:39 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
Update
I uninstall FreeTDS and UnixODBC, then install FreeTDS first and then UnixODBC
and edited the ini files and now I have both isql and tsql working.
I am now moving back to try and get Request Tracker to work.
Progress I love it. Even when it is slow and painful.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 9:50 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
I am pretty sure the issue is with the install for the unixodbc and Freetds see
output below.
linux-jrlt:/usr/bin/gcc # odbcinst -q -d [FreeTDS] [SQLServer]
linux-jrlt:/usr/bin/gcc # odbcinst -q -s [MSSQL] [Default]
linux-jrlt:/usr/bin/gcc # odbcinst -j unixODBC 2.2.12
DRIVERS: /etc/unixODBC/odbcinst.ini SYSTEM DATA SOURCES:
/etc/unixODBC/odbc.ini USER DATA SOURCES..: /root/.odbc.ini
linux-jrlt:/usr/bin/gcc # isql -v MSSQL [IM002][unixODBC][Driver Manager]Data
source name not found, and no default driver specified
[ISQL]ERROR: Could not SQLConnect
ODBC.ini
[ODBC Data Sources]
MSSQL=TDS connection
[MSSQL]
Description = Microsoft SQL Server
Driver = FreeTDS
Server = 192.168.000.000
Database = DBName
Port = 1433
UsageCount = 1
FileUsage = 1
TDS_Version = 8.0
[ODBC]
Trace=255
[Default]
Driver = SQLServer
ODBCinst.ini
[FreeTDS]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
UsageCount = 1
FileUsage = 1
Trace = Yes
TraceFile = /tmp/freetds.log
[SQLServer]
Description = FreeTDS unixODBC Driver
Driver = /usr/lib64/libtdsodbc.so.0
Trace = Yes
TraceFile = /tmp/freetds.log
FileUsage = 1
UsageCount = 1
FreeTDS.conf
[global]
timeout = 10
connect timeout = 10
text size = 64512
[MSSQL]
host = 192.168.000.000
port = 1433
tds version = 8.0
instance = SSLSQLDB
dump file = /tmp/dump.log
I think the unixodbc is not reading these files I am not even getting a trace
file. I do not know why. Can anyone see the issue?
Thnaks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message
Re: [rt-users] External Authentication
On 06/26/2013 10:03 AM, Bryon Baker wrote: Update Working with the first error I created a SQLServer.pm with the correct connect string. (I tested using Perl). Now I get this error. DBD::SQLServer initialisation failed: Can't locate object method driver via package DBD::SQLServer at /usr/lib/perl5/vendor_perl/5.16.2/x86_64-linux-thread-multi/DBI.pm line 820. You shouldn't be trying to write a DBI driver class; that's madness. You probably to use ODBC with a connect (dsn) string that includes the correct odbc (sub)driver to use.
Re: [rt-users] External Authentication
I agree Thomas. As stated before I have the correct information and setup for the ODBC drivers I have tested this with isql and tsql and I wrote a quick perl scrip to test the connection string and that works. What I can's figure out is what information needs to be put in the 'dbi_driver'= 'DBI_DRIVER', so that RT will use the DSN entry in the ODBC configs. Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 • 262-783-6261 ext. 2296 bba...@copesan.com www.copesan.com Servicing North America with Local Care -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley Sent: Wednesday, June 26, 2013 12:21 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] External Authentication On 06/26/2013 10:03 AM, Bryon Baker wrote: Update Working with the first error I created a SQLServer.pm with the correct connect string. (I tested using Perl). Now I get this error. DBD::SQLServer initialisation failed: Can't locate object method driver via package DBD::SQLServer at /usr/lib/perl5/vendor_perl/5.16.2/x86_64-linux-thread-multi/DBI.pm line 820. You shouldn't be trying to write a DBI driver class; that's madness. You probably to use ODBC with a connect (dsn) string that includes the correct odbc (sub)driver to use.
Re: [rt-users] External Authentication
On 06/26/2013 10:25 AM, Bryon Baker wrote: I agree Thomas. As stated before I have the correct information and setup for the ODBC drivers I have tested this with isql and tsql and I wrote a quick perl scrip to test the connection string and that works. What I can's figure out is what information needs to be put in the 'dbi_driver'= 'DBI_DRIVER', so that RT will use the DSN entry in the ODBC configs. RT::Authen::ExternalAuth expects to build a DSN like so: dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port Yet ODBC wants a sub-driver, so try this hack: dbi_driver = 'ODBC', database = 'FooBar;driver=FreeTDS',
Re: [rt-users] External Authentication
Looks like to me that is a little closer. [Wed Jun 26 18:48:08 2013] [debug]: Calling UserExists with $username (bbaker) and $service (Connect_MSSQL) (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:227) [Wed Jun 26 18:48:08 2013] [warning]: DBD::ODBC::db selectall_hashref failed: [unixODBC][FreeTDS][SQL Server]Incorrect syntax near the keyword 'USER'. (SQL-42000) at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219. (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm:219) [Wed Jun 26 18:48:08 2013] [warning]: Issuing rollback() due to DESTROY without explicit disconnect() of DBD::ODBC::db handle database=RapidTrax6a;Driver=SQLServer;DSN=SQLServer;host=192.168.250.29;port=1433 at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219. (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm:219) [Wed Jun 26 18:48:08 2013] [error]: DBD::ODBC::db selectall_hashref failed: [unixODBC][FreeTDS][SQL Server]Incorrect syntax near the keyword 'USER'. (SQL-42000) at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219. Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 • 262-783-6261 ext. 2296 bba...@copesan.com www.copesan.com Servicing North America with Local Care -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley Sent: Wednesday, June 26, 2013 1:32 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] External Authentication On 06/26/2013 10:25 AM, Bryon Baker wrote: I agree Thomas. As stated before I have the correct information and setup for the ODBC drivers I have tested this with isql and tsql and I wrote a quick perl scrip to test the connection string and that works. What I can's figure out is what information needs to be put in the 'dbi_driver'= 'DBI_DRIVER', so that RT will use the DSN entry in the ODBC configs. RT::Authen::ExternalAuth expects to build a DSN like so: dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port Yet ODBC wants a sub-driver, so try this hack: dbi_driver = 'ODBC', database = 'FooBar;driver=FreeTDS',
Re: [rt-users] External Authentication
This is the Perl connect string that I test and works. DBI-connect(dbi:ODBC:Driver=SQLServer;DSN=SQLServer;UID=UserID;PWD=password); Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 • 262-783-6261 ext. 2296 bba...@copesan.com www.copesan.com Servicing North America with Local Care -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker Sent: Wednesday, June 26, 2013 1:51 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] External Authentication Looks like to me that is a little closer. [Wed Jun 26 18:48:08 2013] [debug]: Calling UserExists with $username (bbaker) and $service (Connect_MSSQL) (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:227) [Wed Jun 26 18:48:08 2013] [warning]: DBD::ODBC::db selectall_hashref failed: [unixODBC][FreeTDS][SQL Server]Incorrect syntax near the keyword 'USER'. (SQL-42000) at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219. (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm:219) [Wed Jun 26 18:48:08 2013] [warning]: Issuing rollback() due to DESTROY without explicit disconnect() of DBD::ODBC::db handle database=RapidTrax6a;Driver=SQLServer;DSN=SQLServer;host=192.168.250.29;port=1433 at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219. (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm:219) [Wed Jun 26 18:48:08 2013] [error]: DBD::ODBC::db selectall_hashref failed: [unixODBC][FreeTDS][SQL Server]Incorrect syntax near the keyword 'USER'. (SQL-42000) at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219. Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 • 262-783-6261 ext. 2296 bba...@copesan.com www.copesan.com Servicing North America with Local Care -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley Sent: Wednesday, June 26, 2013 1:32 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] External Authentication On 06/26/2013 10:25 AM, Bryon Baker wrote: I agree Thomas. As stated before I have the correct information and setup for the ODBC drivers I have tested this with isql and tsql and I wrote a quick perl scrip to test the connection string and that works. What I can's figure out is what information needs to be put in the 'dbi_driver'= 'DBI_DRIVER', so that RT will use the DSN entry in the ODBC configs. RT::Authen::ExternalAuth expects to build a DSN like so: dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port Yet ODBC wants a sub-driver, so try this hack: dbi_driver = 'ODBC', database = 'FooBar;driver=FreeTDS',
Re: [rt-users] External Authentication
Update
ok I have successful connection and select of database. Used this
configuration
'type' = 'db',
'server'= '192.168.000.000',
'database' = 'DBName;Driver=SQLServer;DSN=SQLServer',
'table' = '[USER]', *** Put square brackets
because user is a keyword.
'user' = 'SearchUserID',
'pass' = ' SearchUserPassword ',
'port' = '1433',
'dbi_driver'= 'ODBC',
'u_field' = 'Email',
'p_field' = 'password',
'p_enc_pkg' = 'Digest::SHA1',
'p_enc_sub' = 'password',
'd_field' = 'disabled',
'd_values' = ['0'],
'attr_match_list' = [ 'Gecos'
],
'attr_map' = { 'Name' = 'Firstname',
'EmailAddress' = 'Email',
'ExternalAuthId' = 'Email',
'Gecos' = 'Email'
}
},
Now on to the next problem the password are stored in the database using SHA.
None of the user I am using to test pass authentication.
Do I have the right configuration for RT to use this kind of Hash?
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 2:10 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
This is the Perl connect string that I test and works.
DBI-connect(dbi:ODBC:Driver=SQLServer;DSN=SQLServer;UID=UserID;PWD=pas
DBI-sword);
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bryon Baker
Sent: Wednesday, June 26, 2013 1:51 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
Looks like to me that is a little closer.
[Wed Jun 26 18:48:08 2013] [debug]: Calling UserExists with $username (bbaker)
and $service (Connect_MSSQL)
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:227)
[Wed Jun 26 18:48:08 2013] [warning]: DBD::ODBC::db selectall_hashref failed:
[unixODBC][FreeTDS][SQL Server]Incorrect syntax near the keyword 'USER'.
(SQL-42000) at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm
line 219. (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm:219)
[Wed Jun 26 18:48:08 2013] [warning]: Issuing rollback() due to DESTROY without
explicit disconnect() of DBD::ODBC::db handle
database=RapidTrax6a;Driver=SQLServer;DSN=SQLServer;host=192.168.250.29;port=1433
at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 219.
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm:219)
[Wed Jun 26 18:48:08 2013] [error]: DBD::ODBC::db selectall_hashref failed:
[unixODBC][FreeTDS][SQL Server]Incorrect syntax near the keyword 'USER'.
(SQL-42000) at /usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm
line 219.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Wednesday, June 26, 2013 1:32 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
On 06/26/2013 10:25 AM, Bryon Baker wrote:
I agree Thomas.
As stated before I have the correct information and setup for the ODBC
drivers I have tested this with isql and tsql and I wrote a quick perl
scrip to test the connection string and that works.
What I can's figure out is what information needs to be put in the
'dbi_driver'= 'DBI_DRIVER', so that RT will use
the DSN entry in the ODBC configs.
RT::Authen::ExternalAuth expects to build a DSN like so:
dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port
Yet ODBC wants a sub-driver, so try this hack:
dbi_driver = 'ODBC',
database = 'FooBar;driver=FreeTDS',
[rt-users] External Authentication
Has anyone configures RT to authenticate against MSSQL using SHA1 or SHA256? If so, can someone post some sample configs? Thanks in advance for the help. -- View this message in context: http://requesttracker.8502.n7.nabble.com/External-Authentication-tp54436.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] External Authentication
Here is an update
Config being used.
#Testing SQL Connection
'Connect_MSSQL' = { ## GENERIC SECTION
'type' = 'db',
'server'= '192.168.***.***,
'database' = 'TheDataBase',
'table' = 'TheTable',
'user' = 'UserWithReadAccess',
'pass' = 'PasswordToAboveUser',
'port' = 'MSSQLDefaultPort',
'dbi_driver'= 'DBI_ODBC',
'u_field' = 'Email',
'p_field' = 'password',
'p_enc_pkg' = 'Digest::SHA1',
'p_enc_sub' = 'password',
'd_field' = 'disabled',
'd_values' = ['0'],
'attr_match_list' = [ 'Gecos'
],
'attr_map' = { 'Name' = 'Firstname',
'EmailAddress' = 'Email',
'ExternalAuthId' = 'Email',
'Gecos' = 'Email'
}
},
Getting following error
[Tue Jun 25 20:32:34 2013] [debug]: Attempting to use external auth service:
Connect__MSSQL
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:32:34 2013] [debug]: Calling UserExists with $username
(bba...@copesan.com) and $service (Connect__MSSQL)
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:227)
[Tue Jun 25 20:32:34 2013] [debug]: Invalid service type for UserExists:
Connect__MSSQL
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:490)
Thanks in advance for the help
--
View this message in context:
http://requesttracker.8502.n7.nabble.com/External-Authentication-tp54436p54441.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] External Authentication
On 06/25/2013 01:39 PM, bba...@copesan.com wrote:
'Connect_MSSQL' = { ## GENERIC SECTION
Typo. Compare above to message below.
[Tue Jun 25 20:32:34 2013] [debug]: Invalid service type for UserExists:
Connect__MSSQL
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:490)
Re: [rt-users] External Authentication
On 06/25/2013 01:45 PM, Bryon Baker wrote: Not a typo I am trying to us a Microsoft SQL database not MySQL. Please keep replies on the list. And look more closely at what you typed. One has a single underscore, the other two. I know you're using MSSQL not MySQL.
Re: [rt-users] External Authentication
Sorry I screwed on both. Made change and now I get the following messages. LDAP works by the way. [Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth service: Connect_MSSQL (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186) [Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test with. Nexting (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214) [Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth service: Connect_LDAP (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186) [Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test with. Nexting (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214) [Tue Jun 25 20:58:13 2013] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) Thanks Bryon Baker Network Operations Manager Copesan - Specialists in Pest Solutions 800-267-3726 • 262-783-6261 ext. 2296 bba...@copesan.com www.copesan.com Servicing North America with Local Care -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley Sent: Tuesday, June 25, 2013 3:48 PM To: RT Users Subject: Re: [rt-users] External Authentication On 06/25/2013 01:45 PM, Bryon Baker wrote: Not a typo I am trying to us a Microsoft SQL database not MySQL. Please keep replies on the list. And look more closely at what you typed. One has a single underscore, the other two. I know you're using MSSQL not MySQL.
Re: [rt-users] External Authentication
On 06/25/2013 02:05 PM, Bryon Baker wrote: Sorry I screwed on both. Made change and now I get the following messages. LDAP works by the way. [Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth service: Connect_MSSQL (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186) [Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test with. Nexting (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214) [Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth service: Connect_LDAP (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186) [Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test with. Nexting (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214) [Tue Jun 25 20:58:13 2013] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) This means that your MSSQL auth source didn't find a user, so it moved on to your LDAP source where it also didn't find a user (presumably because some users are in MSSQL and others are in LDAP).
Re: [rt-users] External Authentication
I change the dbi_Driver option to ODBC. Now I get the following error
[Tue Jun 25 21:21:29 2013] [error]: DBI
connect('database=RapidTrax6a;host=192.168.250.29;port=1433','HelpDeskOTRS',...)
failed: [unixODBC][Driver Manager]Data source name not found, and no default
driver specified (SQL-IM002) at
/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth/DBI.pm line 446.
Odbc Information
linux-jrlt:~ # perl -MDBD::ODBC -e 'print $DBD::ODBC::VERSION;'
1.33
linux-jrlt:~ # perl -MDBI -e 'DBI-installed_versions;'
Perl: 5.016002(x86_64-linux-thread-multi)
OS : linux (3.4.6-2.10-xen)
DBI : 1.627
DBD::mysql : 4.021
DBD::Sponge : 12.010002
DBD::Proxy : 0.2004
DBD::ODBC : 1.33
DBD::Gofer : 0.015326
DBD::File : 0.41
DBD::ExampleP : 12.014310
DBD::DBM: 0.08
Still don't know what I am missing.
Thanks
Bryon Baker
Network Operations Manager
Copesan - Specialists in Pest Solutions
800-267-3726 • 262-783-6261 ext. 2296
bba...@copesan.com
www.copesan.com
Servicing North America with Local Care
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: Tuesday, June 25, 2013 4:12 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Authentication
On 06/25/2013 02:05 PM, Bryon Baker wrote:
Sorry I screwed on both.
Made change and now I get the following messages. LDAP works by the way.
[Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth
service: Connect_MSSQL
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test
with. Nexting
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214)
[Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth
service: Connect_LDAP
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186)
[Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test
with. Nexting
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214)
[Tue Jun 25 20:58:13 2013] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/usr/share/request-tracker/local/plugins/RT-Authen-ExternalAuth/html/
Elements/DoAuth:11)
This means that your MSSQL auth source didn't find a user, so it moved on to
your LDAP source where it also didn't find a user (presumably because some
users are in MSSQL and others are in LDAP).
Re: [rt-users] External Authentication with LDAP menssager erro!
Hi,
This file only contains an example, this config isn't used for RT:
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_Siteconfig
The content however can be included in this file:
/opt/rt4/etc/RT_Siteconfig
In there you'll have to make sure that everything is configured for your
situation.
Adding this line to your RT_SiteConfig will help finding problems, might
help a bit:
Set($LogToSyslog, debug);
And, last but not least. Make sure you've loaded the plugin in your
RT_SiteConfig:
# How we have the plugins set, ExternalAuth at the end.
Set(@Plugins, (qw(RT::Extension::SLA RT::Extension::HistoryFilter
RT::Extension::ResetPassword RT::Extension::MergeUsers
RT::Authen::ExternalAuth)));
Hope this helps a bit, otherwise you'll have to provide us with more info
on what your trying to do + what your current RT_SiteConfig.pm looks like.
(and possibly debug info if available)
-- Bart
Op 6 december 2011 13:15 schreef Arlon Sousa arlon.so...@ispm.com.br het
volgende:
After the configuration / opt/rt4/etc/RT_Siteconfig and /
opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_Siteconfig he show me
this Feedback below.
** **
Set up where I can be wrong or WHAT?
** **
** **
%# BEGIN BPS TAGGED BLOCK {{{ %# %# COPYRIGHT: %# %# This software is
Copyright (c) 1996-2011 Best Practical Solutions, LLC %# %# %# (Except
where explicitly superseded by other copyright notices) %# %# %# LICENSE:
%# %# This work is made available to you under the terms of Version 2 of %#
the GNU General Public License. A copy of that license should have %# been
provided with this software, but in any event can be snarfed %# from
www.gnu.org. %# %# This work is distributed in the hope that it will be
useful, but %# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU %#
General Public License for more details. %# %# You should have received a
copy of the GNU General Public License %# along with this program; if not,
write to the Free Software %# Foundation, Inc., 51 Franklin Street, Fifth
Floor, Boston, MA %# 02110-1301 or visit their web page on the internet at
%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. %# %# %#
CONTRIBUTION SUBMISSION POLICY: %# %# (The following paragraph is not
intended to limit the rights granted %# to you to modify and distribute
this software under the terms of %# the GNU General Public License and is
only of importance to you if %# you choose to contribute your changes and
enhancements to the %# community by submitting them to Best Practical
Solutions, LLC.) %# %# By intentionally submitting any modifications,
corrections or %# derivatives to this work, or any other work intended for
use with %# Request Tracker, to Best Practical Solutions, LLC, you confirm
that %# you are the copyright holder for those contributions and you grant
%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, %#
royalty-free, perpetual, license to use, copy, create derivative %# works
based on those contributions, and sublicense and distribute %# those
contributions and any derivatives thereof. %# %# END BPS TAGGED BLOCK }}}
%init my ($good, $msg) =
RT::Interface::Web::AttemptPasswordAuthentication(\%ARGS); $ARGS{'actions'}
= [$msg] if not $good and $msg; /Elements/Login, %ARGS
** **
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5 6, 2012
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 6, 2012
Re: [rt-users] External Authentication with LDAPS
It works!
I've configured the connection without SSL (port 389) and it works fine.
So, I've modify the file *
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
*
*
*
I add this perl module:
*use Net::LDAPS;*
And modify the function _GetBoundLdapObj ( l.422):
sub _GetBoundLdapObj {
# Config as hashref
my $config = shift;
# Figure out what's what
my $ldap_server = $config-{'server'};
*my $ldap_port = $config-{'port'};*
*my $ldap_ca_path = $config-{'ca_path'};*
my $ldap_user = $config-{'user'};
my $ldap_pass = $config-{'pass'};
my $ldap_tls= $config-{'tls'};
my $ldap_ssl_ver= $config-{'ssl_version'};
my $ldap_args = $config-{'net_ldap_args'};
*my $ldap = new Net::LDAPS($ldap_server, @$ldap_args, $ldap_port,
$ldap_ca_path);*
unless ($ldap) {
$RT::Logger-critical( (caller(0))[3],
: Cannot connect to,
$ldap_server);
return undef;
}
RT_SiteConfig.pm:
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers,1);
Set($ExternalSettings, { 'My_LDAP' = {
'type' = 'ldap',
'server' = 'ldap.domain.tld',
* 'port' = '636',*
*'ca_path' = '/etc/ssl/certs/',*
'user' = 'cn=xxx,o=xxx,dc=xxx,dc=xxx',
'pass' = 'xx',
'base' = 'dc=xxx,dc=xxx',
'filter' = '(uid=*)',
'd_filter' = '(objectClass=pwdPolicy)',
'tls' = 1,
'ssl_version' = 3,
'net_ldap_args' = [ version = 3 ],
# 'group' =
# 'group_attr' =
'attr_match_list' = ['Name','EmailAddress'],
'attr_map' = { 'Name' = 'uid',
'EmailAddress' = 'mail'},
}
});
Sincere thanks for your help Mike
Best regards,
Anthony
0/8/3 Mike Johnson mike.john...@nosm.ca
filter is your LDAP query string to determine if a particular CN is a
user. If you are connecting to an AD it would be ((objectCategory=User)
(Object Class=Person))
d_filter is your LDAP query to determine disabled users. If you are
connecting to an AD it would be a bitmask like so
(userAccountControl:1.2.840.113556.1.4.803:=2)
group is your LDAP CN that all your RT users would be a part of. This
should be the full CN
group_attr is the attribute of the user CN that determines what groups they
are in. In AD this would be member
One thing I would test is getting an LDAP browser and connecting using the
same info you are attempting to connect with in RT, verify the user you are
using works...
Then troubleshoot from there..
Good luck!
Mike.
On Mon, Aug 2, 2010 at 8:08 AM, Anthony BRODARD brodard.anth...@gmail.com
wrote:
And here, another logs generate with debug:
[Mon Aug 2 12:05:00 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from
10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103)
Software caused connection abort at
/usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020
(/opt/rt3/bin/webmux.pl:168)
[Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username
(anthony.brodard) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Aug 2 12:05:01 2010] [debug]: UserExists params:
username: anthony.brodard , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Aug 2 12:05:01 2010]
Re: [rt-users] External Authentication with LDAPS
filter is your LDAP query string to determine if a particular CN is a user. If you are connecting to an AD it would be ((objectCategory=User) (Object Class=Person)) d_filter is your LDAP query to determine disabled users. If you are connecting to an AD it would be a bitmask like so (userAccountControl:1.2.840.113556.1.4.803:=2) group is your LDAP CN that all your RT users would be a part of. This should be the full CN group_attr is the attribute of the user CN that determines what groups they are in. In AD this would be member One thing I would test is getting an LDAP browser and connecting using the same info you are attempting to connect with in RT, verify the user you are using works... Then troubleshoot from there.. Good luck! Mike. On Mon, Aug 2, 2010 at 8:08 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: And here, another logs generate with debug: [Mon Aug 2 12:05:00 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) [Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 2 12:05:01 2010] [debug]: UserExists params: username: anthony.brodard , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) 2010/7/29 Mike Johnson mike.john...@nosm.ca make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.com wrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a
Re: [rt-users] External Authentication with LDAPS
Hi Mike!
Thanks for your replies.
After i had try what you said in your last mail, i've decide to reinstall a
new clean RT, and test only the external authentication plugin.
So, this is a part of my new RT_SiteConfig, with your last recommendations:
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 1);
Set($AutoCreateNonExternalUsers,0);
Set($ExternalSettings, { 'My_LDAP' = {
'type' = 'ldap',
'server' = 'ldap.mydomain',
'user' = 'cn=auth,o=others,dc=blanked,dc=fr',
'pass' = 'x',
'base' = 'dc=blanked,dc=fr',
'filter' = '(uid=*)',
'd_filter' = 'objectClass=Nothing',
'tls' = 1,
'ssl_version' = 3,
'net_ldap_args' = [ version = 3 ],
# 'group' =
# 'group_attr' =
'attr_match_list' = ['Name'],
'attr_map' = { 'Name' = 'uid'},
}
});
And in my error-rt.log:
[Mon Aug 2 09:26:09 2010] [critical]:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to
ldap.blank.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
[Mon Aug 2 09:26:09 2010] [error]: FAILED LOGIN for anthony.brodard from
10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
I don't understand how to sets the fields d_filter, group, group_attr.
Thanks
Anthony BRODARD
2010/7/29 Mike Johnson mike.john...@nosm.ca
make sure you reply to the list, very important to share all this so others
can learn.
The only thing I could think of is your LDAP settings are incorrect
somewhere.
Some things I found when I was setting things up
1. user = the fully qualified CN of the user(ie CN=Mike
Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local
2. filter and d_filter have to have valid settings
3. Group/Group_Attr had to have settings.
I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and
2 hold true for any LDAP.
HTH
Mike.
On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD
brodard.anth...@gmail.com wrote:
TLS argument is already sets to 1.
I don't know how to see if it's the ldap's server which refuses the
connection, or it's an other problem.
2010/7/29 Mike Johnson mike.john...@nosm.ca
Oops, looking at it again, i was looking at the mysql config part, not
ldap.
i think the only way you can adjust what port you are connecting to
through LDAP is specifying if it's TLS or not(I believe TLS is 636? google
to confirm).
You said you are supposed to be connecting on 636, so set the tls
argument in your LDAP settings to 1.
restart apache and give it a shot.
Good luck!
Mike.
On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote:
If you read the ExternalAuth's RT_SiteConfig.pm in
/RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
It shows you how to set the port you are connecting on.
Set that to the port your LDAP server is listening to.
Good luck
MIke.
--
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.john...@nosm.ca
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
And here, another logs generate with debug: [Mon Aug 2 12:05:00 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) [Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 2 12:05:01 2010] [debug]: UserExists params: username: anthony.brodard , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) 2010/7/29 Mike Johnson mike.john...@nosm.ca make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.com wrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
Hi Mike, thanks to help me! I've turned on RT's debug mode ( addSet($LogToFile, '*debug*'); Set($LogDir, '/var/log/rt'); in my RT_Siteconfig.pm). Now, when I try to loggin with a LDAP account, this lines are written in my log file: [Thu Jul 29 07:46:08 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Thu Jul 29 07:46:08 2010] [debug]: Attempting to use external auth service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Thu Jul 29 07:46:08 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Thu Jul 29 07:46:08 2010] [debug]: UserExists params: username: anthony.brodard , service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) *[Thu Jul 29 07:46:30 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.[Blanked].fr (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) * [Thu Jul 29 07:46:30 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Thu Jul 29 07:46:30 2010] [error]: FAILED LOGIN for anthony.brodard from [IP] (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) I try a telnet on server: [rt-test]~ # telnet ldap.[Blanked].fr 636 Trying [IP]... Connected to ldap.[Blanked].fr. Escape character is '^]'. Maybe RT use the LDAP's default port (389), not the LDAPS (636). How can i see it or modify in RT_Siteconfig.pm ? Regards, Anthony 2010/7/28 Mike Johnson mike.john...@nosm.ca Hi, Try turning on RT's logging in debug mode. That helped me figure out what was going on with my ExternalAuth. In the log, before the FAILED line you should see a few lines showing you if it's connecting to your LDAP, finding user etc. Work from there! Mike. Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. On Thu, Jul 29, 2010 at 4:04 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: Hi Mike, thanks to help me! I've turned on RT's debug mode ( addSet($LogToFile, '*debug*'); Set($LogDir, '/var/log/rt'); in my RT_Siteconfig.pm). Now, when I try to loggin with a LDAP account, this lines are written in my log file: [Thu Jul 29 07:46:08 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Thu Jul 29 07:46:08 2010] [debug]: Attempting to use external auth service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Thu Jul 29 07:46:08 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Thu Jul 29 07:46:08 2010] [debug]: UserExists params: username: anthony.brodard , service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) *[Thu Jul 29 07:46:30 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.[Blanked].fr (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) * [Thu Jul 29 07:46:30 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Thu Jul 29 07:46:30 2010] [error]: FAILED LOGIN for anthony.brodard from [IP] (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) I try a telnet on server: [rt-test]~ # telnet ldap.[Blanked].fr 636 Trying [IP]... Connected to ldap.[Blanked].fr. Escape character is '^]'. Maybe RT use the LDAP's default port (389), not the LDAPS (636). How can i see it or modify in RT_Siteconfig.pm ? Regards, Anthony 2010/7/28 Mike Johnson mike.john...@nosm.ca Hi, Try turning on RT's logging in debug mode. That helped me figure out what was going on with my ExternalAuth. In the log, before the FAILED line you should see a few lines showing you if it's connecting to your LDAP, finding user etc. Work from there! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] External Authentication with LDAPS
Hi,
I've installed RT 3.8.7 on a debian lenny with the manual procedure listed
here: http://wiki.bestpractical.com/view/ExternalAuth
So, now i try to configure my RT_Siteconfig.pm to acces at RT via my LDAPS
serveur.
This is a part of my configuration:
#PLUGINS:
Set(@Plugins,(qw(
RT::Extension::MandatorySubject
RT::Extension::MandatoryRequestor
RT::Extension::SearchResults::XLS
RT::Extension::UserDetails
RT::FM
RT::IR
RTx::Tags
RT::Extension::WatchedQueues
RT::Extension::ServiceUpdates
RT::Authen::ExternalAuth
)));
# AUTHENTICATION
Set($ExternalAuthPriority, ['LDAP',]
);
Set($ExternalInfoPriority, ['LDAP',]
);
Set($ExternalServiceUsesSSLorTLS, 1);
# DATABASES CONFIGURATION
Set($ExternalSettings,
{
'LDAP' = {
'type' = 'ldap',
'server'= 'ldap.BLANKED',
'user' = 'BLANKED',
'pass' = 'BLANKED',
'base' = 'dc=blanked,dc=fr',
'filter'= '(uid=*)',
'd_filter' =
'(objectClass=foobar)',
'tls' = 1,
'ssl_version' = 3,
'net_ldap_args' = [ version = 3 ],
# 'group' = 'GROUP-NAME',
# 'group_attr'= 'GROUP_ATTR',
'attr_match_list' = 'uid',
'attr_map' = {
'Name' = 'uid',
'EmailAddress' = 'mail',
# 'Organization' = '',
'RealName' = 'cn',
# 'ExternalAuthId' = '',
# 'Gecos' = '',
# 'WorkPhone' = 'telephonenumber',
# 'Address1' = '',
# 'City' = '',
# 'State' = '',
# 'Zip' = '',
# 'Country' = ''
}
}
},
);
1;
When i try to log on, i have a message which said that m'y username or my
password isn't correct.
In the log files (/var/log/apache2/error.log), i have only :
[Tue Jul 27 14:35:28 2010] [error]: FAILED LOGIN for anthony.brodard from
MY_IP (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
Do you know where is the mistake?
After that, i want to activate a session's timeout on RT with mod_perl. Do
you know how can i do?
Regards,
Anthony BRODARD
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
Hi,
Try turning on RT's logging in debug mode. That helped me figure out what
was going on with my ExternalAuth. In the log, before the FAILED line you
should see a few lines showing you if it's connecting to your LDAP, finding
user etc.
Work from there!
Mike.
On Wed, Jul 28, 2010 at 3:23 AM, Anthony BRODARD
brodard.anth...@gmail.comwrote:
Hi,
I've installed RT 3.8.7 on a debian lenny with the manual procedure listed
here: http://wiki.bestpractical.com/view/ExternalAuth
So, now i try to configure my RT_Siteconfig.pm to acces at RT via my LDAPS
serveur.
This is a part of my configuration:
#PLUGINS:
Set(@Plugins,(qw(
RT::Extension::MandatorySubject
RT::Extension::MandatoryRequestor
RT::Extension::SearchResults::XLS
RT::Extension::UserDetails
RT::FM
RT::IR
RTx::Tags
RT::Extension::WatchedQueues
RT::Extension::ServiceUpdates
RT::Authen::ExternalAuth
)));
# AUTHENTICATION
Set($ExternalAuthPriority, ['LDAP',]
);
Set($ExternalInfoPriority, ['LDAP',]
);
Set($ExternalServiceUsesSSLorTLS, 1);
# DATABASES CONFIGURATION
Set($ExternalSettings,
{
'LDAP' = {
'type' = 'ldap',
'server'= 'ldap.BLANKED',
'user' = 'BLANKED',
'pass' = 'BLANKED',
'base' = 'dc=blanked,dc=fr',
'filter'= '(uid=*)',
'd_filter' =
'(objectClass=foobar)',
'tls' = 1,
'ssl_version' = 3,
'net_ldap_args' = [ version = 3 ],
# 'group' = 'GROUP-NAME',
# 'group_attr'= 'GROUP_ATTR',
'attr_match_list' = 'uid',
'attr_map' = {
'Name' = 'uid',
'EmailAddress' = 'mail',
# 'Organization' = '',
'RealName' = 'cn',
# 'ExternalAuthId' = '',
# 'Gecos' = '',
# 'WorkPhone' = 'telephonenumber',
# 'Address1' = '',
# 'City' = '',
# 'State' = '',
# 'Zip' = '',
# 'Country' = ''
}
}
},
);
1;
When i try to log on, i have a message which said that m'y username or my
password isn't correct.
In the log files (/var/log/apache2/error.log), i have only :
[Tue Jul 27 14:35:28 2010] [error]: FAILED LOGIN for anthony.brodard from
MY_IP (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
Do you know where is the mistake?
After that, i want to activate a session's timeout on RT with mod_perl. Do
you know how can i do?
Regards,
Anthony BRODARD
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
--
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.john...@nosm.ca
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication
The best way that I have found to do this is to run wireshark or similar on the box itself and increase the debug output on the web server. The wireshark output though will give you all the LDAP details and will show you what the server's response is. It will also show you how you are putting together your bind strings, which is usually what's wrong. Also, take a look at the AD with ldp which is part of the support tools package. You can use this to make sure that you have your DNs correct. Berny 2009/4/23 Jeff Lucas jlu...@eagleinvsys.com: I’ve configured a DEV instance of RT 3.8.2 to test AD authentication but am getting the following in my rt.log… [Thu Apr 23 19:37:58 2009] [error]: FAILED LOGIN for jeff from 10.x.x.x (/apps/rt-3.8.2-dev/share/html/autohandler:268) I do not admin and therefore do not have access to monitor things on the AD side. Is there any way I can further debug the issue via log files, etc. on my RT server? I know AD is working as I can query it using ldapsearch, however, I’m unsure if I’ve configured my RT_SiteConfig.pm correctly based on the working query. My ldapsearch command uses the following flags… -D CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com -w password -b OU=Eagle Access,DC=eagleinvsys,DC=com I’m unsure what my “base” should be set to in RT_SiteConfig.pm since I’m using different settings for –D and –b. Also, does a user have to exist in RT (and have credentials) before the user can be authenticated via AD? Thanks. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication
Thu 23 Apr 2009 21:26:12 GMT Jeff Lucas wrote: I’ve configured a DEV instance of RT 3.8.2 to test AD authentication but am getting the following in my rt.log… *[Thu Apr 23 19:37:58 2009] [error]: FAILED LOGIN for jeff from 10.x.x.x (/apps/rt-3.8.2-dev/share/html/autohandler:268)* You need to turn on debug logging, provide the debug log output, provide the version ExternalAuth you're using, and provide your Site_Config I do not admin and therefore do not have access to monitor things on the AD side. Is there any way I can further debug the issue via log files, etc. on my RT server? I never use the AD side for debugging, it can all be done from the RT server. I know AD is working as I can query it using ldapsearch, however, I’m unsure if I’ve configured my RT_SiteConfig.pm correctly based on the working query. Which is why you need to provide it. My ldapsearch command uses the following flags… -D CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com -w password -b OU=Eagle Access,DC=eagleinvsys,DC=com I’m unsure what my “base” should be set to in RT_SiteConfig.pm since I’m using different settings for –D and –b. This is an LDAP understanding issue. You need to know a little more. The above search says that your base is OU=Eagle Access,DC=eagleinvsys,DC=com and you do not have anonymous bind enabled on your AD server suggesting that you need to specify the user CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com and the password for that user inside your external auth config. Also, does a user have to exist in RT (and have credentials) before the user can be authenticated via AD? No. The user is automatically created inside RT when successful AD authentication occurs. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication to AD
Michael Mai wrote: Hi, I have an user that has multiple email addresses and would like to send in requests from all of them. From example: asm...@company.com asm...@gmail.com If it is only one person that needs this functionality, simply merge the two autocreated users (I believe this is included in 3.8.x - if not, install RT::Extension::MergeUsers from cpan). This way, mail sent from either account will result in the same requestor assigned. Currently I have AD working fine but don't want to set up another Auth source. How can I do this? Thanks Michael Mai ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Drew Barnes Applications Analyst Network Resources Department Raymond Walters College University of Cincinnati ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] External Authentication
Hi All, I am trying to figure out why External Authentication in my production RT (version 3.6) works, but the test server I set up using (version 3.8.2) is not authenticating against the same ldap server? I followed the steps in http://wiki.bestpractical.com/view/ExternalAuth and yet it is not working! Some relevant info on the test server (version 3.8.2) are: Loaded perl modules Perl v5.8.8 under linux Net::LDAP v0.33; Net::LDAP::ASN v0.03; Net::LDAP::Constant v0.04; Net::LDAP::Filter v0.14; Net::LDAP::Message v1.08; Net::LDAP::Util v0.10; RT Config Plugins RTx::Calendar, RT::Authen::ExternalAuth Perl Include Paths (@INC) /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RTx-Calendar/lib /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib Server is functioning fine and I can use local authentication, but no LDAP! Any help/advise is greatly appreciated. Hossein -- _ _ _ _ _ _ _ Hossein Rafighi |_ _|| _ \ |_ _|| | | || \_/ || __|TRIUMF, 4004 Wesbrook Mall | | | |_| ) | | | | | || || |__ Vancouver BC, Canada, V6T 2A3 | | | _ / | | | \_/ || \_/ || __|Voice: (604) 222-1047 | | | | \ \ _| |_ | || | | || | Fax: (604) 222-1074 |_| |_| \_\|_| \___/ |_| |_||_| Website: http://www.triumf.ca ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] External Authentication to AD
Hi, I have an user that has multiple email addresses and would like to send in requests from all of them. From example: asm...@company.com asm...@gmail.com Currently I have AD working fine but don't want to set up another Auth source. How can I do this? Thanks Michael Mai ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication
Please ignore my previous email. I solved my problem. Hossein Hossein Rafighi wrote: Hi All, I am trying to figure out why External Authentication in my production RT (version 3.6) works, but the test server I set up using (version 3.8.2) is not authenticating against the same ldap server? I followed the steps in http://wiki.bestpractical.com/view/ExternalAuth and yet it is not working! Some relevant info on the test server (version 3.8.2) are: Loaded perl modules Perl v5.8.8 under linux Net::LDAP v0.33; Net::LDAP::ASN v0.03; Net::LDAP::Constant v0.04; Net::LDAP::Filter v0.14; Net::LDAP::Message v1.08; Net::LDAP::Util v0.10; RT Config Plugins RTx::Calendar, RT::Authen::ExternalAuth Perl Include Paths (@INC) /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RTx-Calendar/lib /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib Server is functioning fine and I can use local authentication, but no LDAP! Any help/advise is greatly appreciated. Hossein -- _ _ _ _ _ _ _ Hossein Rafighi |_ _|| _ \ |_ _|| | | || \_/ || __|TRIUMF, 4004 Wesbrook Mall | | | |_| ) | | | | | || || |__ Vancouver BC, Canada, V6T 2A3 | | | _ / | | | \_/ || \_/ || __|Voice: (604) 222-1047 | | | | \ \ _| |_ | || | | || | Fax: (604) 222-1074 |_| |_| \_\|_| \___/ |_| |_||_| Website: http://www.triumf.ca ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
