Hi - hoping someone can help me, I'm trying to get the RT::Authen::ExternalAuth plugin to work so I can use LDAP for authentication. Just using mysql at the moment, so want to keep this as well. Running RT 3.8.5 on Centos, I'd like mysql auth first and then LDAP next. I've managed to configure this without any errors and my mysql authentication still works after a httpd restart. However LDAP auth never works, I'm not that familiar with LDAP so am hoping if I provide my config and rt.log below someone might be able to point me in the right direction:
<snip> # AN EXAMPLE LDAP SERVICE 'My_LDAP' => { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' => 'ldap', # The server hosting the service 'server' => '172.17.2.1', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' => 'ldap-rt', # The password RT should use to connect to the LDAP server 'pass' => 'xxxxxxxxx', # # The LDAP search base 'base' => 'ou=hosting,ou=corp,dc=internal,dc=hosteurope,dc=com', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter' => '(objectClass=User)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' => '(objectClass=FooBarBaz)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' => 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' => 3, # What other args should I pass to Net::LDAP->new($host,@args)? 'net_ldap_args' => [ version => 3 ], # Does authentication depend on group membership? What group name? 'group' => 'GROUP_NAME', # What is the attribute for the group object that determines membership? 'group_attr' => 'GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user # This example shows what you *can* specify.. I recommend reducing this # to just the Name and EmailAddress to save encountering problems later. 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' And this is a complete log entry if I try to use my LDAP credentials: [Sun May 9 10:10:24 2010] [debug]: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP support has been disabled (/opt/rt3/bin/../lib/RT/Config.pm:380) [Sun May 9 10:10:24 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu th/autohandler/Auth:14) [Sun May 9 10:10:24 2010] [debug]: Attempting to use external auth service: My_MySQL (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:64) [Sun May 9 10:10:24 2010] [debug]: Calling UserExists with $username (jgrunnell) and $service (My_MySQL) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:105) [Sun May 9 10:10:24 2010] [debug]: Disable Check Failed :: ( My_MySQL ) jgrunnell User not found (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/DBI.pm:234) [Sun May 9 10:10:24 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:64) [Sun May 9 10:10:24 2010] [debug]: Calling UserExists with $username (jgrunnell) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:105) [Sun May 9 10:10:24 2010] [debug]: UserExists params: username: jgrunnell , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:274) [Sun May 9 10:10:25 2010] [debug]: LDAP Search === Base: ou=hosting,ou=corp,dc=internal,dc=hosteurope,dc=com == Filter: (&(objectClass=User)(sAMAccountName=jgrunnell)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber, sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:304) [Sun May 9 10:10:25 2010] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 with: Disabled: 0, EmailAddress: , Gecos: jgrunnell, Name: jgrunnell, Privileged: 0 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:450) [Sun May 9 10:10:25 2010] [debug]: Attempting to get user info using this external service: My_MySQL (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:458) [Sun May 9 10:10:25 2010] [debug]: Attempting to use this canonicalization key: Gecos (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:472) [Sun May 9 10:10:25 2010] [warning]: DBD::mysql::db selectall_hashref failed: Unknown column 'email' in 'field list' at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth /DBI.pm line 163, <DATA> line 273. (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/DBI.pm:163) [Sun May 9 10:10:25 2010] [warning]: Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth /DBI.pm line 163, <DATA> line 273. (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/DBI.pm:163) [Sun May 9 10:10:25 2010] [error]: FAILED LOGIN for jgrunnell from 212.103.233.1 (/opt/rt3/share/html/autohandler:268) Thanks in advance. Julian Grunnell Unix Sys Admin Webfusion Limited. Phone:0208 587 7212 Mobile:07803649593 Email:julian.grunn...@webfusion.com <http://www.webfusion.com/> Bringing the world's ideas online Webfusion <http://www.webfusion.com> , 123-reg <http://www.123-reg.co.uk> , Donhost <http://www.donhost.co.uk> , Supanames <http://www.supanames.co.uk> Follow us on Twitter: Webfusion <http://twitter.com/webfusion> , 123-reg <http://twitter.com/123reg> This e-mail is subject to: Webfusion disclaimer <http://www.corporate.webfusion.co.uk/disclaimer> Please consider the environment before printing this email
<<image001.gif>>
Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com