Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via, OpenLDAP
On Mon, Oct 06, 2014 at 02:34:40PM -0400, William Clarke wrote: RT 4.2.7 and RT-Authen-ExternalAuth-0.23 0.23 or 0.23_01 the dev release? Your log points to line 491 [29370] [Mon Oct 6 18:20:02 2014] [error]: Couldn't create user wclarke: Could not set user info (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ ExternalAuth.pm:491) But line 491 of 0.23 is blank https://github.com/bestpractical/rt-authen-externalauth/blob/5a3a85c36f2e0abc43a0b0483b6e01e4d390ec54/lib/RT/Authen/ExternalAuth.pm#L491 Line 491 of 0.23_01 has an error message there https://github.com/bestpractical/rt-authen-externalauth/blob/master/lib/RT/Authen/ExternalAuth.pm#L491 So, let's nail down what you're actually running, since you may just have tripped a bug in 0.23_01 if that's what you have installed. BTW - is there a reason you've only configured Auth and not Info? That's probably making it very hard for RT to create the user, since it can't go fetch any info. -kevin pgpbmkhIaOMkT.pgp Description: PGP signature -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via, OpenLDAP
Ouch, I apologize I missed that. I was initially using .23 release but then later installed the latest dev .23_01 in hopes all my problems would vanish. Well just reinstalled .23 just now and the logs I'm seeing might be a little more interesting to us all. Oh and it really helps when I add the following as you suggested, I didn't leave that out intentionally Set( $ExternalInfoPriority, [My_LDAP] ); External Auth is working like a charm now so THANK YOU KEVIN! [3298] [Tue Oct 7 15:40:07 2014] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:371) [3298] [Tue Oct 7 15:40:07 2014] [debug]: Calling UserExists with $username (wclarke) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:412) [3298] [Tue Oct 7 15:40:07 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [3298] [Tue Oct 7 15:40:07 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: mail,uid (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) [3298] [Tue Oct 7 15:40:08 2014] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::Authen::ExternalAuth /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 860 with: Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:757) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:765) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:779) [3298] [Tue Oct 7 15:40:08 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: mail,uid (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:355) [3298] [Tue Oct 7 15:40:08 2014] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: wcla...@simons-rock.edu, Gecos: wclarke, Name: wclarke, Privileged: , RealName: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843) [3298] [Tue Oct 7 15:40:08 2014] [info]: Autocreated external user wclarke ( 22 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:439) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Loading new user ( wclarke ) into current session (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:445) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Password validation required for service - Executing... (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:462) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Trying external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:151) [3298] [Tue Oct 7 15:40:08 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((uid=wclarke)(objectClass=*)) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:184) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Found LDAP DN: uid=wclarke,ou=People,dc=simons-rock,dc=edu (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:218) [3298] [Tue Oct 7 15:40:08 2014] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): wclarke (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:299) [3298] [Tue Oct 7 15:40:08 2014] [debug]: LDAP password validation result: 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:641) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Password Validation Check Result: 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:466) [3298] [Tue Oct 7 15:40:08 2014] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486) [3298] [Tue Oct 7 15:40:08 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [3298] [Tue Oct 7 15:40:08 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: mail,uid (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) [3298] [Tue Oct 7 15:40:08 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via, OpenLDAP
On Tue, Oct 07, 2014 at 11:46:57AM -0400, William Clarke wrote: Ouch, I apologize I missed that. I was initially using .23 release but then later installed the latest dev .23_01 in hopes all my problems would vanish. Well just reinstalled .23 just now and the logs I'm seeing might be a little more interesting to us all. Oh and it really helps when I add the following as you suggested, I didn't leave that out intentionally Set( $ExternalInfoPriority, [My_LDAP] ); External Auth is working like a charm now so THANK YOU KEVIN! If you have cycles, would you confirm that 0.23_01 works too now that you've added in the InfoPriority line? It'll help us be more confident eventually releasing that as 0.24. Thanks -kevin pgphTzmraRHSr.pgp Description: PGP signature -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via, OpenLDAP
Kevin, I just reinstalled .23_01 - Double-checked that it was infact ExternalAuth.pm .23_01 and yes, it is still working. Here are logs from a successful login and thanks again: [3696] [Tue Oct 7 16:33:47 2014] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Calling UserExists with $username (wclarke) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [3696] [Tue Oct 7 16:33:47 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [3696] [Tue Oct 7 16:33:47 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: uid,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Password validation required for service - Executing... (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:517) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Trying external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:153) [3696] [Tue Oct 7 16:33:47 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((uid=wclarke)(objectClass=*)) == Attrs: dn (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:186) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Found LDAP DN: uid=wclarke,ou=People,dc=simons-rock,dc=edu (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:220) [3696] [Tue Oct 7 16:33:47 2014] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): wclarke (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:301) [3696] [Tue Oct 7 16:33:47 2014] [debug]: LDAP password validation result: 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:696) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Password Validation Check Result: 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:521) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Authentication successful. Now updating user information and attempting login. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:541) [3696] [Tue Oct 7 16:33:47 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [3696] [Tue Oct 7 16:33:47 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: uid,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [3696] [Tue Oct 7 16:33:47 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [3696] [Tue Oct 7 16:33:47 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: uid,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [3696] [Tue Oct 7 16:33:47 2014] [debug]: No d_filter specified for this LDAP service ( My_LDAP ), so considering all users enabled (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:529) [3696] [Tue Oct 7 16:33:47 2014] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::Authen::ExternalAuth /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 885 with: Name: wclarke (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:792) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:800) [3696] [Tue Oct 7 16:33:47 2014] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:809) [3696] [Tue Oct 7 16:33:47 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: uid,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357) [3696] [Tue Oct 7 16:33:47 2014] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning EmailAddress: wcla...@simons-rock.edu, Name: wclarke, RealName: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:868) [3696] [Tue Oct 7 16:33:47 2014] [debug]: UPDATED user ( wclarke ) from External Service (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:669) [3696] [Tue Oct 7 16:33:47 2014] [info]: Successful login for wclarke from
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP
On Fri, Oct 03, 2014 at 01:50:54PM -0400, William Clarke wrote: A little more info after checking rt4 logs: Oct 3 10:20:16 rtracker6 RT: [16022] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: Oct 3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke: Could not set user info Oct 3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from 10.30.2.210 These are the more useful logs. You should ensure you have your logs set to debug and show the preceding lines which are important. I find it suspicious that it didn't return an email address, but did return a Gecos. Implies your configuration is not what you sent to the list. You should also say your RT and RT-Authen-ExternalAuth versions explicitly. -kevin pgpSif1OvcnEK.pgp Description: PGP signature -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via, OpenLDAP
Thank you very much for the response Kevin. RT 4.2.7 and RT-Authen-ExternalAuth-0.23 I triple-checked and this is surely my RT_SiteConfig.pm file and as you saw yes, the logs to definitely show it's populating the Gecos field when not requested and not populating the EmailAddress field. Please see RT debug logs below: Set( $ExternalAuthPriority, [My_LDAP] ); Set( $ExternalAuthInfo, [My_LDAP] ); Set( $ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'ldap2.simons-rock.edu', 'base' = 'dc=simons-rock,dc=edu', 'filter'= '(objectClass=*)', 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', }, }, } ); # You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them: # Plugin( RT::Extension::SLA ); # Plugin( RT::Authen::ExternalAuth ); Plugin( RT::Authen::ExternalAuth ); # Plugin( RT::Extension::Assets ); # plugin( RT::Extension::Assets::Import::CSV ); 1; [29370] [Mon Oct 6 18:20:02 2014] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [29370] [Mon Oct 6 18:20:02 2014] [debug]: Calling UserExists with $username (wclarke) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [29370] [Mon Oct 6 18:20:02 2014] [debug]: UserExists params: username: wclarke , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [29370] [Mon Oct 6 18:20:02 2014] [debug]: LDAP Search === Base: dc=simons-rock,dc=edu == Filter: ((objectClass=*)(uid=wclarke)) == Attrs: uid,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [29370] [Mon Oct 6 18:20:02 2014] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::Authen::ExternalAuth /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 885 with: Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:792) [29370] [Mon Oct 6 18:20:02 2014] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:868) [29370] [Mon Oct 6 18:20:02 2014] [error]: Couldn't create user wclarke: Could not set user info (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:491) [29370] [Mon Oct 6 18:20:02 2014] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:16) [29370] [Mon Oct 6 18:20:02 2014] [error]: FAILED LOGIN for wclarke from 10.30.2.210 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) Message: 4 Date: Mon, 6 Oct 2014 11:51:42 -0400 From: Kevin Falconefalc...@bestpractical.com To:rt-users@lists.bestpractical.com Subject: Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP Message-ID:20141006155142.gj2...@jibsheet.com Content-Type: text/plain; charset=iso-8859-1 On Fri, Oct 03, 2014 at 01:50:54PM -0400, William Clarke wrote: A little more info after checking rt4 logs: Oct? 3 10:20:16 rtracker6 RT: [16022] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: Oct? 3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke: Could not set user info Oct? 3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from 10.30.2.210 These are the more useful logs. You should ensure you have your logs set to debug and show the preceding lines which are important. I find it suspicious that it didn't return an email address, but did return a Gecos. Implies your configuration is not what you sent to the list. You should also say your RT and RT-Authen-ExternalAuth versions explicitly. -kevin -- William Clarke ITS System Administrator Bard College at Simon's Rock 84 Alford Road Great Barrington, MA 01230 (413) 528-7428 (voice) (413) 528-7405 (fax) wcla...@simons-rock.edu -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP
Sorry, I sent that a little prematurely. RT shows your username or password is incorrect : ( On 10/3/2014 10:58 AM, William Clarke wrote: Hi all, CentOS6.5 \ Apache 2.2.15 \ Perl 5.18.2 \ MariaDB 5.5.39 I followed these instructions for my RT build: http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html I'm very new to RT. I've read up what I could find on CPAN, wiki and Google and I'm not quite sure which way to go here. RT is connecting to our ldap and a search result is found but the logs in ldap show closed (connection lost) so I suspect RT isn't seeing\getting the response back from LDAP. I have some examples below showing RT's LDAP requests with logs as well as the same search run via command line. The main differences I can see in logs so far is command line test sends scope=2 deref=0 vs RT test scope=2 deref=2 and also that the RT test doesn't unbind and the connection is lost. Command line: ldapsearch -x -p 389 -h ldap.simons-rock.edu -b ou=People,dc=simons-rock,dc=edu (((uid=*))(uid=wclarke)) mail uid # extended LDIF # # LDAPv3 # base ou=People,dc=simons-rock,dc=edu with scope subtree # filter: (((uid=*))(uid=wclarke)) # requesting: mail uid # # wclarke, People, simons-rock.edu dn: uid=wclarke,ou=People,dc=simons-rock,dc=edu uid: wclarke mail: wcla...@simons-rock.edu # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 --- Logs from ldap via command line - loglevel 256 --- Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 ACCEPT from IP=10.30.2.36:51249 (IP=0.0.0.0:389) Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 BIND dn= method=128 Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 RESULT tag=97 err=0 text= Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH base=ou=People,dc=simons-rock,dc=edu scope=2 deref=0 filter=(((uid=*))(uid=wclarke)) Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH attr=mail uid Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=2 UNBIND Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 closed --- Logs from ldap when logging into RT - loglevel 256 --- Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 ACCEPT from IP=10.30.2.36:51262 (IP=0.0.0.0:389) Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 BIND dn= method=128 Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 RESULT tag=97 err=0 text= Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH base=ou=People,dc=simons-rock,dc=edu scope=2 deref=2 filter=(((uid=*))(uid=wclarke)) Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH attr=uid mail Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 closed (connection lost) --- External Settings from: RT_SiteConfig.pm --- Set( $ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'ldap2.simons-rock.edu', 'base' = 'ou=People,dc=simons-rock,dc=edu', 'filter'= '(objectClass=*)', 'net_ldap_args' = [version = 3 ], 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', }, }, } ); # You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them: # Plugin( RT::Extension::SLA ); # Plugin( RT::Authen::ExternalAuth ); Plugin( RT::Authen::ExternalAuth ); # Plugin( RT::Extension::Assets ); # plugin( RT::Extension::Assets::Import::CSV ); 1; -- William Clarke ITS System Administrator Bard College at Simon's Rock 84 Alford Road Great Barrington, MA 01230 (413) 528-7428 (voice) (413) 528-7405 (fax) wcla...@simons-rock.edu -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP
Hi all, CentOS6.5 \ Apache 2.2.15 \ Perl 5.18.2 \ MariaDB 5.5.39 I followed these instructions for my RT build: http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html I'm very new to RT. I've read up what I could find on CPAN, wiki and Google and I'm not quite sure which way to go here. RT is connecting to our ldap and a search result is found but the logs in ldap show closed (connection lost) so I suspect RT isn't seeing\getting the response back from LDAP. I have some examples below showing RT's LDAP requests with logs as well as the same search run via command line. The main differences I can see in logs so far is command line test sends scope=2 deref=0 vs RT test scope=2 deref=2 and also that the RT test doesn't unbind and the connection is lost. Command line: ldapsearch -x -p 389 -h ldap.simons-rock.edu -b ou=People,dc=simons-rock,dc=edu (((uid=*))(uid=wclarke)) mail uid # extended LDIF # # LDAPv3 # base ou=People,dc=simons-rock,dc=edu with scope subtree # filter: (((uid=*))(uid=wclarke)) # requesting: mail uid # # wclarke, People, simons-rock.edu dn: uid=wclarke,ou=People,dc=simons-rock,dc=edu uid: wclarke mail: wcla...@simons-rock.edu # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 --- Logs from ldap via command line - loglevel 256 --- Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 ACCEPT from IP=10.30.2.36:51249 (IP=0.0.0.0:389) Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 BIND dn= method=128 Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 RESULT tag=97 err=0 text= Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH base=ou=People,dc=simons-rock,dc=edu scope=2 deref=0 filter=(((uid=*))(uid=wclarke)) Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH attr=mail uid Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=2 UNBIND Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 closed --- Logs from ldap when logging into RT - loglevel 256 --- Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 ACCEPT from IP=10.30.2.36:51262 (IP=0.0.0.0:389) Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 BIND dn= method=128 Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 RESULT tag=97 err=0 text= Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH base=ou=People,dc=simons-rock,dc=edu scope=2 deref=2 filter=(((uid=*))(uid=wclarke)) Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH attr=uid mail Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 closed (connection lost) --- External Settings from: RT_SiteConfig.pm --- Set( $ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'ldap2.simons-rock.edu', 'base' = 'ou=People,dc=simons-rock,dc=edu', 'filter'= '(objectClass=*)', 'net_ldap_args' = [version = 3 ], 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', }, }, } ); # You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them: # Plugin( RT::Extension::SLA ); # Plugin( RT::Authen::ExternalAuth ); Plugin( RT::Authen::ExternalAuth ); # Plugin( RT::Extension::Assets ); # plugin( RT::Extension::Assets::Import::CSV ); 1; -- William Clarke ITS System Administrator Bard College at Simon's Rock 84 Alford Road Great Barrington, MA 01230 (413) 528-7428 (voice) (413) 528-7405 (fax) wcla...@simons-rock.edu -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Help - RT4.2.7 Authen::ExternalAuth via OpenLDAP
A little more info after checking rt4 logs: Oct 3 10:20:16 rtracker6 RT: [16022] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: , EmailAddress: , Gecos: wclarke, Name: wclarke, Privileged: Oct 3 10:20:16 rtracker6 RT: [16022] Couldn't create user wclarke: Could not set user info Oct 3 10:20:16 rtracker6 RT: [16022] FAILED LOGIN for wclarke from 10.30.2.210 On 10/3/2014 11:06 AM, William Clarke wrote: Sorry, I sent that a little prematurely. RT shows your username or password is incorrect : ( On 10/3/2014 10:58 AM, William Clarke wrote: Hi all, CentOS6.5 \ Apache 2.2.15 \ Perl 5.18.2 \ MariaDB 5.5.39 I followed these instructions for my RT build: http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html I'm very new to RT. I've read up what I could find on CPAN, wiki and Google and I'm not quite sure which way to go here. RT is connecting to our ldap and a search result is found but the logs in ldap show closed (connection lost) so I suspect RT isn't seeing\getting the response back from LDAP. I have some examples below showing RT's LDAP requests with logs as well as the same search run via command line. The main differences I can see in logs so far is command line test sends scope=2 deref=0 vs RT test scope=2 deref=2 and also that the RT test doesn't unbind and the connection is lost. Command line: ldapsearch -x -p 389 -h ldap.simons-rock.edu -b ou=People,dc=simons-rock,dc=edu (((uid=*))(uid=wclarke)) mail uid # extended LDIF # # LDAPv3 # base ou=People,dc=simons-rock,dc=edu with scope subtree # filter: (((uid=*))(uid=wclarke)) # requesting: mail uid # # wclarke, People, simons-rock.edu dn: uid=wclarke,ou=People,dc=simons-rock,dc=edu uid: wclarke mail: wcla...@simons-rock.edu # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 --- Logs from ldap via command line - loglevel 256 --- Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 ACCEPT from IP=10.30.2.36:51249 (IP=0.0.0.0:389) Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 BIND dn= method=128 Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=0 RESULT tag=97 err=0 text= Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH base=ou=People,dc=simons-rock,dc=edu scope=2 deref=0 filter=(((uid=*))(uid=wclarke)) Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SRCH attr=mail uid Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 op=2 UNBIND Oct 3 09:59:05 ldap2 slapd[1466]: conn=355216 fd=19 closed --- Logs from ldap when logging into RT - loglevel 256 --- Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 ACCEPT from IP=10.30.2.36:51262 (IP=0.0.0.0:389) Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 BIND dn= method=128 Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=0 RESULT tag=97 err=0 text= Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH base=ou=People,dc=simons-rock,dc=edu scope=2 deref=2 filter=(((uid=*))(uid=wclarke)) Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SRCH attr=uid mail Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 3 10:00:43 ldap2 slapd[1466]: conn=355234 fd=19 closed (connection lost) --- External Settings from: RT_SiteConfig.pm --- Set( $ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'ldap2.simons-rock.edu', 'base' = 'ou=People,dc=simons-rock,dc=edu', 'filter'= '(objectClass=*)', 'net_ldap_args' = [version = 3 ], 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', }, }, } ); # You must install Plugins on your own, this is only an example # of the correct syntax to use when activating them: # Plugin( RT::Extension::SLA ); # Plugin( RT::Authen::ExternalAuth ); Plugin( RT::Authen::ExternalAuth ); # Plugin( RT::Extension::Assets ); # plugin( RT::Extension::Assets::Import::CSV ); 1; -- William Clarke ITS System