Hello, I've been trying to setup LDAP integration in RT 3.6.1, however I am unable to get authentication to work properly. Authentication against the LDAP directory succeeds (the code is able to bind with the supplied credentials), however the $UserObj->Id variable remains undefined, and the rest of the code fails. I spent the weekend poking around in the code, I've attached some logs below to help explain what I have found. Note, I've removed some details from the logs for privacy/security: $MyUID is my ldap UID $MyDN is my ldap DN $MyEMAIL is my Email $MyINFO is all of the LDAP info The first key line in the logs seems to be: [Sat Nov 11 19:34:19 2006] [warning]: Transaction->Create couldn't, as you didn't specify an object type and id (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1466) Which occurs at this line of code in the LDAP Auth callback: my ($val, $msg) = $UserObj->SetName($user); What this means, I do not know. I'm not familiar enough with RT's structure to debug that line. The next key log is: [Sat Nov 11 19:34:19 2006] [debug]: RT::User::IsPassword auth method IsLDAPPassword SUCCEEDED (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:291) So the code is able to bind with the credentials I supplied. Our ldap server logs also indicate successful binding as my user The next key log: [Sat Nov 11 19:34:19 2006] [info]: Autocreated authenticated user $MyUID () (/usr/share/rt3/html/Callbacks/LDAP/autohandler/Auth:23) Which occurs at this line in the LDAP Auth callback: $RT::Logger->info("Autocreated authenticated user " . $UserObj->Name . " (" . $UserObj->Id . ")\n"); What's interesting about this is that the $UserObj->Id is blank. This means that no data is loaded into the $session{'CurrentUser'} variable, and remainder of the code fails to execute because it is dependent on $session{'CurrentUser'}->Id to be set Is this a bug, or is something wrong with my LDAP mapping that cause the $UserObj->Id value to not be set? Below are the relevant LDAP settings from my RT_SiteConfig.pm (I've left out server settings since I know those are working): Set($AuthMethods, ['LDAP', 'Internal']); Set($LdapExternalAuth, 1); Set($LdapExternalInfo, 1); Set($LdapAutoCreateNonLdapUsers, 1); Set($LdapAttrMap, {'Name' => 'uid', 'EmailAddress' => 'mail', 'Organization' => 'o', 'RealName' => 'cn', 'ExternalContactInfoId' => 'dn', 'ExternalAuthId' => 'uid', 'Gecos' => 'uid', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'street', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co'} ); Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName'] ); Set($LdapEmailAttrMatchList, ['mail']); Set($LdapEmailAttrMatchPrefix, ['']); -Garret P.S. Logs [Sat Nov 11 19:34:19 2006] [warning]: Transaction->Create couldn't, as you didn't specify an object type and id (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1466) [Sat Nov 11 19:34:19 2006] [debug]: Trying LDAP authentication (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:153) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::IsLDAPPassword Found LDAP DN: $MyDN (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:187) [Sat Nov 11 19:34:19 2006] [info]: RT::User::IsLDAPPassword AUTH OK: $MyUID ($MyDN) (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:222) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::IsPassword auth method IsLDAPPassword SUCCEEDED (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:291) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 190 with: Disabled: 0, EmailAddress: , Gecos: $MyUID, Name: $MyUID, Privileged: 0 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:378) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "MyDN" and filter "uid=$MyUID" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 393 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508) [Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeEmailAddress : called with "$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 402 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:326) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "$MyDN" and filter "mail=$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 332 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508) [Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563) [Sat Nov 11 19:34:19 2006] [debug]: FOUND OK (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:335) [Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeEmailAddress $MyEMAIL => $MyEMAIL (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:345) [Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeUserInfo returning $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:411) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeEmailAddress : called with "$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 194 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:326) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "$MyDN" and filter "mail=$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 332 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508) [Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563) [Sat Nov 11 19:34:19 2006] [debug]: FOUND OK (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:335) [Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeEmailAddress $MyEMAIL => $MyEMAIL (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:345) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeEmailAddress : called with "$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 561 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:326) [Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "$MyDN" and filter "mail=$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 332 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508) [Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563) [Sat Nov 11 19:34:19 2006] [debug]: FOUND OK (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:335) [Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeEmailAddress $MyEMAIL => $MyEMAIL (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:345) [Sat Nov 11 19:34:19 2006] [info]: Autocreated authenticated user $MyUID () (/usr/share/rt3/html/Callbacks/LDAP/autohandler/Auth:23) [Sat Nov 11 19:34:19 2006] [error]: FAILED LOGIN for $MyUID from 10.1.1.254 (/usr/share/rt3/html/autohandler:238) -- Garret W. Huntress System Administrator / System Developer Geophysical Laboratory Carnegie Institution of Washington 5251 Broad Branch Road, NW Washington, DC 20015 |
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com