I have just finished splunking about 4 months of back articles/e-mails 
on LDAP Authentication within RT and have run up against some sort of 
error that I might just be mis-interpretting.

DEBUG Logging is enabled.

I am using the ExternAuth using LDAP to Windows 2003 SP2 based Active 
Directory controllers.

(also - note - I put rt3 within the /var volume not the /opt volume)

Running on CentOS 5.1 32 bit - fully patched.

Here is a part of my log:

[Thu May 29 19:37:57 2008] [warning]: Transaction->Create couldn't, as 
you didn't specify an object type and id (/var/rt3/lib/RT/Record.pm:1486)
[Thu May 29 19:37:57 2008] [debug]: RT::User::IsExternalPassword Trying 
External authentication (/var/rt3/local/lib/RT/User_Vendor.pm:52)
[Thu May 29 19:37:57 2008] [debug]: Attempting to use external auth 
service: My_LDAP (/var/rt3/local/lib/RT/User_Vendor.pm:63)
[Thu May 29 19:37:57 2008] [debug]: LDAP Search ===  Base: 
ou=Corporate,dc=3leafnetworks,dc=corp == Filter: 
(&(sAMAccountName=ldapsearch)(objectclass=Person)) == Attrs: dn 
[Thu May 29 19:37:57 2008] [debug]: Found LDAP DN: CN=LDAP 
[Thu May 29 19:37:57 2008] [info]: RT::User::IsExternalPassword External 
Auth OK ( My_LDAP ): ldapsearch (/var/rt3/local/lib/RT/User_Vendor.pm:281)
[Thu May 29 19:37:57 2008] [debug]: RT::User::IsPassword External auth 
SUCCEEDED (/var/rt3/local/lib/RT/User_Vendor.pm:360)
[Thu May 29 19:37:57 2008] [debug]: RT::User::CanonicalizeUserInfo 
called by RT::User /var/rt3/lib/RT/User_Overlay.pm 192 with: Disabled: 
0, EmailAddress: , Gecos: ldapsearch, Name: ldapsearch, Privileged: 0 
[Thu May 29 19:37:57 2008] [warning]: Use of uninitialized value in join 
or string at /usr/lib/perl5/site_perl/5.8.8/Log/Dispatch.pm line 22. 
[Thu May 29 19:37:57 2008] [debug]: Attempting to get user info using 
this external service:  (/var/rt3/local/lib/RT/User_Vendor.pm:408)
[Thu May 29 19:37:57 2008] [info]: RT::User::CanonicalizeUserInfo 
returning Disabled: 0, EmailAddress: , Gecos: ldapsearch, Name: 
ldapsearch, Privileged: 0 (/var/rt3/local/lib/RT/User_Vendor.pm:444)
[Thu May 29 19:37:57 2008] [warning]: Use of uninitialized value in join 
or string at /usr/lib/perl5/site_perl/5.8.8/Log/Dispatch.pm line 22. 
[Thu May 29 19:37:57 2008] [info]: Autocreated authenticated user 
ldapsearch (  ) 

Here is my RT_SiteConfig.pm:

# Any configuration directives you include  here will override
# RT's default configuration file, RT_Config.pm
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
# This file is actually a perl module, so you can include valid
# perl code, as well.
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#   perl -c /path/to/your/etc/RT_SiteConfig.pm

Set( $rtname, '3leafnetworks.com');
Set($SendmailPath , "/usr/sbin/sendmail");
Set($SendmailArguments , "-oi -t");
Set($AuthMethods, ['LDAP','internal']);
Set($LogToFileNamed, "/var/log/rt3/rt.log");
Set($LogToFile, 'debug');

# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
#Set($AutoCreateNonExternalUsers,    1);

# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
Set($ExternalSettings,  {
                   'My_LDAP' =>  {
                      'type'  =>  'ldap',
                      'auth'  =>  1,
                      'info'  =>  1,
                      'server' =>  'zeus.3leafnetworks.com',
                      'user'  =>  '3LEAF\\ldapsearch',
                      'pass'  =>  'ldapsearch',
                      'base'  => 'ou=Corporate,dc=3leafnetworks,dc=corp',
                      'filter' =>  '(objectclass=Person)',
                      'd_filter' => 
                      'tls' =>  0,
                      'net_ldap_args' => [    version =>  3   ],
                      #'group' =>  'GROUP_NAME',
                      #'group_attr' =>  'GROUP_ATTR',

'attr_match_list'           => [    'Name',
'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                     'EmailAddress' => 'mail',
                                     'Organization' => 
                                     'RealName' => 'cn',
                                     'ExternalAuthId' => 'sAMAccountName',
                                     'Gecos' => 'sAMAccountName',
                                     'WorkPhone' => 'telephoneNumber',
                                     'Address1' => 'streetAddress',
                                     'City' => 'l',
                                     'State' => 'st',
                                     'Zip' => 'postalCode',
                                     'Country' => 'co'


When I uncomment the:

#Set($AutoCreateNonExternalUsers,    1);

line, my attempted user gets AUTO-CREATED in the system, but no 
attributes are pulled over.

As you can see by the log file above, when a user (in log above, example 
user is called ldapsearch) who is not within RT attempts to log on, 
settings are pulled just fine - it even says it has authenticated 
properly, but then the last line:

[Thu May 29 19:37:57 2008] [info]: Autocreated authenticated user 
ldapsearch (  ) 

Shows me that the account is attempting to be created, but the "( )" is 
missing an ID of some?

This coupled with the error further UP the log:

[Thu May 29 19:37:57 2008] [warning]: Transaction->Create couldn't, as 
you didn't specify an object type and id (/var/rt3/lib/RT/Record.pm:1486)

leads me to believe that I might be missing like ONE setting that would 
allow this to all JIVE the way it should.


*  Bill Teeple                      *                                 *
*  Manager of I.T. Department       *               3255-1 Scott Blvd *
*  3Leaf Systems                    *                       Suite 200 *
*                                   *           Santa Clara, CA 95054 *
*  http://www.3leafsystems.com      *             main (408) 572-5900 *
*                                   *              fax (408) 727-2008 *
*  AIM: t33ps                       *                                 *
*  Yahoo: t33ps                     *           direct (408) 572-5128 *


*  Bill Teeple                      *                                 *
*  Manager of I.T. Department       *               3255-1 Scott Blvd *
*  3Leaf Systems                    *                       Suite 200 *
*                                   *           Santa Clara, CA 95054 *
*  http://www.3leafsystems.com      *             main (408) 572-5900 *
*                                   *              fax (408) 727-2008 *
*  AIM: t33ps                       *                                 *
*  Yahoo: t33ps                     *           direct (408) 572-5128 *

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]

Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Reply via email to