Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
Hi John, you talk about SSO but it's not clear from what you say if you either want authentication based on - SSO - LDAP - SSO using LDAP Can you please clarify? On 23/02/11 08:55, john s. wrote: Good Morning all I've installed the External Auth Plugin for our RT System. But now i have no clue how to tackle it. My Knowledge about SSO is really really limited So can sb give me a hint to start the Challenge to get a good funcitonal connection to my LDAP Server ( Windows 2008) ? it would be really nice best regards john -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
Hello Guiseppe I don't exactly what I'm talking about .. so I'LL describe in which way should it work The Authentification Server is an ActiveDirectory on an Windows2008 Server so if you Logged in in the Main network system with username and Password you have automallically access to the rt interface without double authentification in fact the AD server should handle the Authentification to the RT -Server maybe if it's fail an fallback to RT Authentifiaction would be nice but at the moment it isn't necessary. An other option is to make the authentification from AD to Apache ... so this would be fit too. like i said my background knowledge at this sector is very small best regards john Giuseppe Sollazzo-2 wrote: Hi John, you talk about SSO but it's not clear from what you say if you either want authentication based on - SSO - LDAP - SSO using LDAP Can you please clarify? On 23/02/11 08:55, john s. wrote: Good Morning all I've installed the External Auth Plugin for our RT System. But now i have no clue how to tackle it. My Knowledge about SSO is really really limited So can sb give me a hint to start the Challenge to get a good funcitonal connection to my LDAP Server ( Windows 2008) ? it would be really nice best regards john -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993406.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
i think this is sso per ldap to rt or ldap to apache -- View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993957.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
Hi John, what you can do is either to plug AD authentication into RT, or to use a SSO solution (such as CAS). Give this a look: http://blank.org/memory/output/rt-ad-sso.html Regards, Giuseppe On 23/02/11 10:59, john s. wrote: i think this is sso per ldap to rt or ldap to apache -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
Hm... this article sounds like a little bit outdated is this the proper to get an solid sso via ad solution? Another thing : Is it normal that the apache2 server doesnt 't start anymore after i 've installed the perl module RT::Authen::ExternalAuth ? ... Remember nothing is configured yet Here is the error : [Wed Feb 23 12:05:05 2011] [error] Can't locate Net/LDAP.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 3.\nBEGIN failed--compilation aborted at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 3.\nCompilation failed in require at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 26.\nBEGIN failed--compilation aborted at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 26.\nCompilation failed in require at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line 3.\nBEGIN failed--compilation aborted at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line 3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation failed in require at (eval 113) line 3.\n\t...propagated at /usr/share/perl/5.10/base.pm line 93.\nBEGIN failed--compilation aborted at /opt/rt3/bin/../lib/RT/CurrentUser.pm line 96.\nCompilation failed in require at /opt/rt3/bin/../lib/RT.pm line 505.\nCompilation failed in require at (eval 2) line 1.\n [Wed Feb 23 12:05:05 2011] [error] Can't load Perl file: /opt/rt3/bin/webmux.pl for server localhost:80, exiting... Giuseppe Sollazzo-2 wrote: Hi John, what you can do is either to plug AD authentication into RT, or to use a SSO solution (such as CAS). Give this a look: http://blank.org/memory/output/rt-ad-sso.html Regards, Giuseppe On 23/02/11 10:59, john s. wrote: i think this is sso per ldap to rt or ldap to apache -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 - best regards john -- View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994494.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
I have fixed my problem the perl module Net::LDAP was missing godsake now RT is still running but i think i'm tying to use these module i must reading some background knowledge if i finished ... i come back to this thread and ask some questions one more john s. wrote: Hm... this article sounds like a little bit outdated is this the proper way to get an solid solution based on sso via ad? Another thing : Is it normal that the apache2 server doesnt 't start anymore after i 've installed the perl module RT::Authen::ExternalAuth ? ... Remember nothing is configured yet Here is the error : [Wed Feb 23 12:05:05 2011] [error] Can't locate Net/LDAP.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 3.\nBEGIN failed--compilation aborted at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 3.\nCompilation failed in require at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 26.\nBEGIN failed--compilation aborted at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 26.\nCompilation failed in require at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line 3.\nBEGIN failed--compilation aborted at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line 3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation failed in require at (eval 113) line 3.\n\t...propagated at /usr/share/perl/5.10/base.pm line 93.\nBEGIN failed--compilation aborted at /opt/rt3/bin/../lib/RT/CurrentUser.pm line 96.\nCompilation failed in require at /opt/rt3/bin/../lib/RT.pm line 505.\nCompilation failed in require at (eval 2) line 1.\n [Wed Feb 23 12:05:05 2011] [error] Can't load Perl file: /opt/rt3/bin/webmux.pl for server localhost:80, exiting... Giuseppe Sollazzo-2 wrote: Hi John, what you can do is either to plug AD authentication into RT, or to use a SSO solution (such as CAS). Give this a look: http://blank.org/memory/output/rt-ad-sso.html Regards, Giuseppe On 23/02/11 10:59, john s. wrote: i think this is sso per ldap to rt or ldap to apache -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 - best regards john -- View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994952.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
On Wed, Feb 23, 2011 at 2:27 AM, john s. firesk...@gmx.de wrote: An other option is to make the authentification from AD to Apache ... so this would be fit too. You could also authenticate directly to the AD server using Kerberos and/or LDAP. * mod_auth_kerb - http://modauthkerb.sourceforge.net/ * mod_auth_ldap - http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html To make the Kerberos setup a snap, Likewise Open is nice--Open is their free product. http://www.likewise.com/ This _should_ also allow for pass-through authentication using any modern browser, provided the clients' computer logon name and password matches that of their AD credentials.
Re: [rt-users] RT::Authen::ExternalAuth Installed need Help
On Wed, Feb 23, 2011 at 01:27:08AM -0800, john s. wrote: I don't exactly what I'm talking about .. so I'LL describe in which way should it work The Authentification Server is an ActiveDirectory on an Windows2008 Server so if you Logged in in the Main network system with username and Password you have automallically access to the rt interface without double authentification in fact the AD server should handle the Authentification to the RT -Server maybe if it's fail an fallback to RT Authentifiaction would be nice but at the moment it isn't necessary. An other option is to make the authentification from AD to Apache ... so this would be fit too. like i said my background knowledge at this sector is very small You sound like you're describing SPNEGO, which isn't what RT-Authen-ExternalAuth provides. Folks normally use mod_auth_kerb or one of the commercial versions of that module to accomplish it. -kevin Giuseppe Sollazzo-2 wrote: Hi John, you talk about SSO but it's not clear from what you say if you either want authentication based on - SSO - LDAP - SSO using LDAP Can you please clarify? On 23/02/11 08:55, john s. wrote: Good Morning all I've installed the External Auth Plugin for our RT System. But now i have no clue how to tackle it. My Knowledge about SSO is really really limited So can sb give me a hint to start the Challenge to get a good funcitonal connection to my LDAP Server ( Windows 2008) ? it would be really nice best regards john -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- View this message in context: http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993406.html Sent from the Request Tracker - User mailing list archive at Nabble.com. pgpccfoJvkOVo.pgp Description: PGP signature