Re: [rt-users] Issue With ExternalAuth
Hi Claude, Yes, your problem seems to be a little odd. I believe that this is the code that is rejecting your authentication from /opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm # If we got here and don't have a user loaded we must have failed to # get a full, valid user from an authoritative external source. unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "No User"); } Do you have multiple external auth mechanisms configured?? Would you be able to post your full RT configuration, with sensitive information obfuscated obviously? Best Regards Martin On 2016-12-06 11:37, Claude EDUMA wrote: Martin, It request only the "dn" attribute because the user is not internal. once user is created, it will request the others attributes. I have seen our ldap administrator and for him all is OK. Accounts are well binded with LDAP. It seem like after binding account it request another validation wich failed. My question is why RT retreive all attributes on LDAP but still fail to grant acces to users ? I'm sorry to take your presious time and thank you once more. --- [4109] [Tue Dec 6 10:22:50 2016] [debug]: UserExists params: username: 20005528 , service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488) [4109] [Tue Dec 6 10:22:50 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(objectClass=privperson)(uid=20005528)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518) [4109] [Tue Dec 6 10:22:50 2016] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt4/sbin/../lib/RT/User.pm 699 with : Disabled: , EmailAddress: , Gecos: 20005528, Name: 20005528, Privileged: 1 (/opt/rt4/sbin/../lib/RT/User.pm:735) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752) [4109] [Tue Dec 6 10:22:50 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(objectClass=privperson)(uid=20005528)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406) [4109] [Tue Dec 6 10:22:50 2016] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: , Disabled: , EmailAddress: jonathan.lai...@ext.mycorpservices.com, Gecos: 20005528, Name: 20005528, Privileged: 1, RealName: JONATHAN LAIGLE (/opt/rt4/sbin/../lib/RT/User.pm:812) [4109] [Tue Dec 6 10:22:50 2016] [error]: Couldn't create user 20005528: Email address in use (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58) [4109] [Tue Dec 6 10:22:50 2016] [error]: FAILED LOGIN for 20005528 from 10.1.52.222 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) - Regards 2016-12-06 12:04 GMT+01:00 Martin Wheldon : Hi Claude, OK from your logs you can see successful lookup from LDAP of the user and a successful validation. So we can rule out issues with communication with the LDAP server and user credentials. The following line however is an issue as you seem to be only getting/requesting the dn attribute returned. I'm not quite certain which :) "... == Attrs: dn" [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn This is what I get on my test system: "... == Attrs: mail,cn,street,telephoneNumber,mobile,st,mail,ukFirmGhITAccOrg,postalCode,l" The configuration you sent earlier is expecting uid,mail,cn and co: 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'Gecos'=> 'uid', 'Country' => 'co', } Is your ldap search account able to get this information from the ldapserver? Best Regards Martin On 2016-12-06 10:25, Claude EDUMA wrote: Yes, But even if it'is a new user, user is create but I still have LOGIN FAILED. below log with a new user --- [4110] [Tue Dec 6 10:22:44 2016] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201) [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Found LDAP DN: uid=20005528,ou=people,ou=GO-LM,o=corp.mycorp.com [1] [1] (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:268) [4110] [Tue Dec 6 10:22:44 2016] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): 20005528 (/opt/rt4
Re: [rt-users] Issue With ExternalAuth
Hi Claude, OK from your logs you can see successful lookup from LDAP of the user and a successful validation. So we can rule out issues with communication with the LDAP server and user credentials. The following line however is an issue as you seem to be only getting/requesting the dn attribute returned. I'm not quite certain which :) "... == Attrs: dn" [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn This is what I get on my test system: "... == Attrs: mail,cn,street,telephoneNumber,mobile,st,mail,ukFirmGhITAccOrg,postalCode,l" The configuration you sent earlier is expecting uid,mail,cn and co: 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'Gecos'=> 'uid', 'Country' => 'co', } Is your ldap search account able to get this information from the ldapserver? Best Regards Martin On 2016-12-06 10:25, Claude EDUMA wrote: Yes, But even if it'is a new user, user is create but I still have LOGIN FAILED. below log with a new user --- [4110] [Tue Dec 6 10:22:44 2016] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201) [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Found LDAP DN: uid=20005528,ou=people,ou=GO-LM,o=corp.mycorp.com [1] (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:268) [4110] [Tue Dec 6 10:22:44 2016] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): 20005528 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:350) [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP password validation result: 1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:558) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Password Validation Check Result: 1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:383) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58) [4110] [Tue Dec 6 10:22:44 2016] [error]: FAILED LOGIN for 20005528 from 10.1.52.222 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Calling UserExists with $username (20005528) and $service (My_LDAP) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327) 2016-12-06 11:12 GMT+01:00 Martin Wheldon : Hi Claude, Seems you already have a user in the RT database with the same email address, but different user name. [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in use Best Regards Martin On 2016-12-06 08:05, Claude EDUMA wrote: Hi Martin, Thank you for your response. File permissions for my CA.cert are "rw-r--r-". below rt.log --- [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Calling UserExists with $username (20006583) and $service (My_LDAP) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327) [3605] [Tue Dec 6 07:58:02 2016] [debug]: UserExists params: username: 20006583 , service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518) [3605] [Tue Dec 6 07:58:02 2016] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos: 20006583, Name: 20006583, Privileged: 1 (/opt/rt4/sbin/../lib/RT/User.pm:735) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406) [3605] [Tue Dec 6 07:58:02 2016] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: , Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos: 20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA (/opt/rt4/sbin/../lib/RT/User.pm:812) [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in u
Re: [rt-users] Issue With ExternalAuth
Hi Claude, Seems you already have a user in the RT database with the same email address, but different user name. [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in use Best Regards Martin On 2016-12-06 08:05, Claude EDUMA wrote: Hi Martin, Thank you for your response. File permissions for my CA.cert are "rw-r--r-". below rt.log --- [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Calling UserExists with $username (20006583) and $service (My_LDAP) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327) [3605] [Tue Dec 6 07:58:02 2016] [debug]: UserExists params: username: 20006583 , service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518) [3605] [Tue Dec 6 07:58:02 2016] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos: 20006583, Name: 20006583, Privileged: 1 (/opt/rt4/sbin/../lib/RT/User.pm:735) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406) [3605] [Tue Dec 6 07:58:02 2016] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: , Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos: 20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA (/opt/rt4/sbin/../lib/RT/User.pm:812) [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in use (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58) [3605] [Tue Dec 6 07:58:02 2016] [error]: FAILED LOGIN for 20006583 from 10.1.179.71 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) Thank you one more time. Regards. 2016-12-05 23:35 GMT+01:00 Martin Wheldon : Hi Claude, Your english is much better than my french :) I've cc'd the RT users list as they may have additional suggestions. The short answer is no I don't believe your problem is caused by TLS bugs. You seem to be mixing up the new RT 4.4 LDAP configuration syntax with the older RT::Authen::ExternalAuth syntax. If you are using RT 4.4.x then you don't need the following, because it is the old style syntax: Set($LDAPBase,'MYLDAPSERVER'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name=> 'uid', EmailAddress=> 'mail', RealName=> 'cn' }); The following option should also be removed when using RT4.4.x 'ssl_version' => 3, Is RT able to read your CAcert file? Please could you check the file permissions. Do you see any errors in the logs? Best Regards Martin On 2016-12-05 13:22, clauded...@gmail.com wrote: Hi Martin, I try to configure LDAP authentication but it don't work. I'm sure all my config is correct (see below). I tried with ladapsearch and all it's OK. I look my ldap's server logs and i bind users correctly. Do you thinks it's TLS bugs ? (sorry for my english I'm french) Thank you. -- Set($LDAPBase,'MYLDAPSERVER'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name=> 'uid', EmailAddress=> 'mail', RealName=> 'cn' }); # Use the below LDAP source for both authentication, as well as user # information Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalServiceUsesSSLorTLS, 1); # Make users created from LDAP Privileged Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); # Users should still be autocreated by RT as internal users if they # fail to exist in an external service; this is so requestors (who # are not in LDAP) can still be created when they email in. Set($AutoCreateNonExternalUsers, 0); # Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for # further details and examples Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldaps://MYLDAPSERVER', 'user' => 'MYUSER', 'pass' => 'MYPASS', 'base' => 'MYBASE', 'filter' => '(objectClass=privperson)', 'tls' => { verify => "requi
Re: [rt-users] Issue With ExternalAuth
Hi Claude, Your english is much better than my french :) I've cc'd the RT users list as they may have additional suggestions. The short answer is no I don't believe your problem is caused by TLS bugs. You seem to be mixing up the new RT 4.4 LDAP configuration syntax with the older RT::Authen::ExternalAuth syntax. If you are using RT 4.4.x then you don't need the following, because it is the old style syntax: Set($LDAPBase,'MYLDAPSERVER'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name=> 'uid', EmailAddress=> 'mail', RealName=> 'cn' }); The following option should also be removed when using RT4.4.x 'ssl_version' => 3, Is RT able to read your CAcert file? Please could you check the file permissions. Do you see any errors in the logs? Best Regards Martin On 2016-12-05 13:22, clauded...@gmail.com wrote: Hi Martin, I try to configure LDAP authentication but it don't work. I'm sure all my config is correct (see below). I tried with ladapsearch and all it's OK. I look my ldap's server logs and i bind users correctly. Do you thinks it's TLS bugs ? (sorry for my english I'm french) Thank you. -- Set($LDAPBase,'MYLDAPSERVER'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name=> 'uid', EmailAddress=> 'mail', RealName=> 'cn' }); # Use the below LDAP source for both authentication, as well as user # information Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalServiceUsesSSLorTLS, 1); # Make users created from LDAP Privileged Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); # Users should still be autocreated by RT as internal users if they # fail to exist in an external service; this is so requestors (who # are not in LDAP) can still be created when they email in. Set($AutoCreateNonExternalUsers, 0); # Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for # further details and examples Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldaps://MYLDAPSERVER', 'user' => 'MYUSER', 'pass' => 'MYPASS', 'base' => 'MYBASE', 'filter' => '(objectClass=privperson)', 'tls' => { verify => "require", cafile => "/etc/CA.crt" }, 'ssl_version' => 3, 'net_ldap_args'=> [version => 3, debug => 8 ], 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'Gecos'=> 'uid', 'Country' => 'co', } }, } ); 1; _ Sent from http://requesttracker.8502.n7.nabble.com - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
Re: [rt-users] Issue with ExternalAuth and RT 3.8.2
New version of the module as well as other updated plugins live in local/plugins dir. List of files you can get from MANIFEST of an extension and delete them from local/html, local/lib/, local/etc/EXT/... On Fri, May 15, 2009 at 5:45 PM, Tony A wrote: > Ah, so, if I had read the README file properly... I would have seen: > "UPGRADING > If you are upgrading from 0.05 you may have some leftover > parts of the module in > $RTHOME/local/lib/RT/User_Vendor.pm > $RTHOME/local/lib/RT/Authen/External_Auth.pm > that will conflict with the new install and these should be removed" > Now, the thing is... what are these parts and what needs removing? > Sorry about all the posts, I'm investigating as I go along. > Cheers > Tony > ___ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: sa...@bestpractical.com > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com > -- Best regards, Ruslan. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issue with ExternalAuth and RT 3.8.2
Ah, so, if I had read the README file properly... I would have seen: "UPGRADING If you are upgrading from 0.05 you may have some leftover parts of the module in $RTHOME/local/lib/RT/User_Vendor.pm $RTHOME/local/lib/RT/Authen/External_Auth.pm that will conflict with the new install and these should be removed" Now, the thing is... what are these parts and what needs removing? Sorry about all the posts, I'm investigating as I go along. Cheers Tony ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issue with ExternalAuth and RT 3.8.2
Hi again, Update, realising that RT::Authen::ExternalAuth likely installs a version of the autohandler file into that location, I have installed it from the tar file. ie. downloaded RT-Authen-ExternalAuth-0.08.tar.gz and taken the file from there. However, this does not solve it. I now get: Undefined subroutine &RT::Authen::ExternalAuth::DoAuth called at /opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth line 25. Am I right in thinking I seem to have 2 versions of ExternalAuth, part of one and part of another still existing? Would I also be right in thinking that removing it and reinstalling the plugin entirely would likely fix things? If so, how do I do that? Cheers Tony ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issue with ExternalAuth and RT 3.8.2
On May 15, 2009, at 8:43 AM, Tony A wrote: > Hi everyone, > > I have just updated to RT 3.8.2 and ExternalAuth 0.08, and haven't > changed my config files in any way. Now, when I log in, I receive > the following line, and nothing else, unless I refresh, then > everything works as it is supposed to. > > RT::User::UpdateFromExternal Unimplemented in HTML::Mason::Commands. > (/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth line 73) This sounds like you have an old version of a callback installed in local that is conflicting RT-Authen-ExternalAuth lives in /opt/rt3/local/plugins/RT-Authen- ExternalAuth Also, version 0.08 of ExternalAuth has a callback that is less than 73 lines long and doesn't call UpdateFromExternal. Did you try installing one of the manual overlays from the wiki, or an older version of ExternalAuth previously? You probably want to remove the local/html/Callbacks/ExternalAuth/ autohandler file, but there may be other things in local/ that need to be removed also -kevinHi Kevin, Thanks for the response. I went through various problems previously with getting LDAP authentication working, but haven't touched any of that for a good 6 months or more - so knowing exactly what I installed and didn't install is a little difficult now. But yes, older versions of ExternalAuth have been installed, and then updated. I have moved the autohandler file you mention (not deleted it, just in case), and now receive this error: Undefined subroutine &RT::Authen::ExternalAuth::DoAuth called at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth line 25. So, I am guessing that the file listed is calling that file I moved? I'm not much good when it comes to perl, but any tips on what else needs altering would be helpful. Thanks Tony ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issue with ExternalAuth and RT 3.8.2
On May 15, 2009, at 8:43 AM, Tony A wrote: > Hi everyone, > > I have just updated to RT 3.8.2 and ExternalAuth 0.08, and haven't > changed my config files in any way. Now, when I log in, I receive > the following line, and nothing else, unless I refresh, then > everything works as it is supposed to. > > RT::User::UpdateFromExternal Unimplemented in HTML::Mason::Commands. > (/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth line 73) This sounds like you have an old version of a callback installed in local that is conflicting RT-Authen-ExternalAuth lives in /opt/rt3/local/plugins/RT-Authen- ExternalAuth Also, version 0.08 of ExternalAuth has a callback that is less than 73 lines long and doesn't call UpdateFromExternal. Did you try installing one of the manual overlays from the wiki, or an older version of ExternalAuth previously? You probably want to remove the local/html/Callbacks/ExternalAuth/ autohandler file, but there may be other things in local/ that need to be removed also -kevin > > I've had a search arround and there are a few discussions regarding > this line, and nothing jumps out as a solution. > > Any ideas? > > My RT_SiteConfig is as below: > > Cheers > Tony Ayre > Network Manager > Minehead Middle School > > > > $DatabasePassword = '[PASSWORD]'; > > $MailCommand = 'sendmailpipe'; > $SemdmailArguments = '-oi'; > > $CorrespondAddress = '[EMAIL]'; > $CommentAddress = '[EMAIL]'; > > $Timezone = 'Europe/London'; > > Set( $rtname, 'supportdesk2/rt'); > Set( $Organization, "MMS"); > Set ($WebBaseURL , 'http://supportdesk2/'); > Set ($WebPath , '/rt'); > > Set($WebImageURL, $WebPath . "/NoAuth/images/"); > Set($LogoURL, $WebImagesURL . "logo.gif"); > Set($LogoLinkURL, "http://supportdesk2/rt";); > Set($LogoImageURL, $WebImagesURL . "logo.gif"); > Set($LogoAltText, "MMS ICT Helpdesk"); > > > #Set(@Plugins,(qw(Extension::QuickDelete))); > Set(@Plugins,'RT::FM','RT::IR','RTx::Statistics', > 'RTx::Calendar','RTx::Tags', > (qw(RTx::EmailCompletion)),qw(RT::Authen::ExternalAuth)); > > Set($HomepageComponents, [qw(QuickCreate Quicksearch MyCalendar > MyAdminQueues MySupportQueues MyReminders RefreshHomepage)]); > # THE EXTERNAL AUTH > > Set($ExternalAuthPriority, ['My_LDAP']); > Set($ExternalInfoPriority, [ 'My_LDAP']); > > Set($ExternalServiceUsesSSLorTLS, 0); > > Set($AutoCreateNonExternalUsers, 0); > > Set($ExternalSettings, { > 'My_LDAP' => { > 'type' => 'ldap', > 'auth' => 1, > 'info' => 1, > 'server' => '10.5.143.10', > 'user' => > 'CN=Administrator,CN=Users,DC=[DC],DC=[DC],DC=[DC],DC=[DC]', > 'pass' => '[PASSWORD]', > 'base' => 'ou=Staff,ou=Managed Users,dc=[DC],dc=[DC],dc=[DC],dc=[DC]', > 'filter' => '(objectClass=*)', > 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)', > 'tls' => 0, > 'net_ldap_args' => [ version => 3 ], > 'attr_match_list' => [ 'Name', > 'EmailAddress', > 'RealName', > 'WorkPhone', > 'Address2' > ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'cn', > 'ExternalAuthId' => 'sAMAccountName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co' > }}} > ); > 1; > > ___ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: sa...@bestpractical.com > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Issue with ExternalAuth and RT 3.8.2
Hi everyone, I have just updated to RT 3.8.2 and ExternalAuth 0.08, and haven't changed my config files in any way. Now, when I log in, I receive the following line, and nothing else, unless I refresh, then everything works as it is supposed to. RT::User::UpdateFromExternal Unimplemented in HTML::Mason::Commands. (/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth line 73) I've had a search arround and there are a few discussions regarding this line, and nothing jumps out as a solution. Any ideas? My RT_SiteConfig is as below: Cheers Tony Ayre Network Manager Minehead Middle School $DatabasePassword = '[PASSWORD]'; $MailCommand = 'sendmailpipe'; $SemdmailArguments = '-oi'; $CorrespondAddress = '[EMAIL]'; $CommentAddress = '[EMAIL]'; $Timezone = 'Europe/London'; Set( $rtname, 'supportdesk2/rt'); Set( $Organization, "MMS"); Set ($WebBaseURL , 'http://supportdesk2/'); Set ($WebPath , '/rt'); Set($WebImageURL, $WebPath . "/NoAuth/images/"); Set($LogoURL, $WebImagesURL . "logo.gif"); Set($LogoLinkURL, "http://supportdesk2/rt";); Set($LogoImageURL, $WebImagesURL . "logo.gif"); Set($LogoAltText, "MMS ICT Helpdesk"); #Set(@Plugins,(qw(Extension::QuickDelete))); Set(@Plugins,'RT::FM','RT::IR','RTx::Statistics', 'RTx::Calendar','RTx::Tags',(qw(RTx::EmailCompletion)),qw(RT::Authen::ExternalAuth)); Set($HomepageComponents, [qw(QuickCreate Quicksearch MyCalendar MyAdminQueues MySupportQueues MyReminders RefreshHomepage)]); # THE EXTERNAL AUTH Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, [ 'My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'auth' => 1, 'info' => 1, 'server' => '10.5.143.10', 'user' => 'CN=Administrator,CN=Users,DC=[DC],DC=[DC],DC=[DC],DC=[DC]', 'pass' => '[PASSWORD]', 'base' => 'ou=Staff,ou=Managed Users,dc=[DC],dc=[DC],dc=[DC],dc=[DC]', 'filter' => '(objectClass=*)', 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }}} ); 1; ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com