Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hi, messing with the filter => '(objectClass=*)', gave me FAILED LOGIN as did =person. Then tested the LDAP Import plugin and it worked. Now I need to see about AD user permissions (create tickets etc). Thank you for the suggestions and thank you Trev for making it more understandable. Your configuration helped me understand other needed values as well. Regards, --Indrek On Mon, Apr 20, 2015 at 4:19 PM Jeff Blaine wrote: > https://metacpan.org/pod/RT::Authen::ExternalAuth::LDAP > > says: > > filter > > The filter to use to match RT users. You must specify > it and it must be a valid LDAP filter encased in parentheses. > > For example: > > filter => '(objectClass=*)', > > On 4/20/2015 5:16 AM, Indrek Paas wrote: > > Hi, > > > > I'm setting up an RT server on: > > CentOS 7.1 x64 > > Apache 2.4 > > PostgreSQL > > Perl v5.16.3 > > > > Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings > > in RT_SiteConfig.pm: > > > > Plugin( "RT::Authen::ExternalAuth" ); > > > > Set( $ExternalAuthPriority, ["My_LDAP"] ); > > Set( $ExternalInfoPriority, ["My_LDAP"] ); > > > > Set($ExternalSettings, { > > 'My_LDAP' => { > > 'type' => 'ldap', > > 'server'=> '1.1.1.1', > > 'user' => 'rtbinduser@domain.server > ', > > 'pass' => 'rtbinduserpw', > > 'base' => 'ou=Dom Users,ou=Company > > AD,dc=domain,dc=server', > > > > 'attr_match_list' => [ > > 'Name', > > 'EmailAddress', > > ], > > 'attr_map' => { > > 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > 'Organization' => 'physicalDeliveryOfficeName', > > 'RealName' => 'cn', > > 'ExternalAuthId' => 'sAMAccountName', > > 'Gecos' => 'sAMAccountName', > > 'WorkPhone' => 'telephoneNumber', > > 'Address1' => 'streetAddress', > > 'City' => 'l', > > 'State' => 'st', > > 'Zip' => 'postalCode', > > 'Country' => 'co' > > }, > > }, > > } ); > > > > I start the RT using it's own server : /opt/rt4/sbin/rt-server --port > 8080 > > Page loads in the browser and I can log in as root but when I try to log > > in using AD account I see in the logs: > > > > [warning]: Use of uninitialized value $filter in concatenation (.) or > > string at > > > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > > line 453. > > > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) > > > > I have been digging through google and the LDAP.pm without success. When > > I messed with the 'base' value error changed: > > > > [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value > > $filter in concatenation (.) or string at > > > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > > line 453. > > > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) > > [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method > > "as_string" on an undefined value at > > > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > > line 357. > > > > Stack: > > > > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357] > > > > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843] > > > > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885] > > [/opt/rt4/sbin/../lib/RT/User.pm:141] > > > > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10] > > > > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1] > > [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310] > > [/opt/rt4/share/html/autohandler:53] > > (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) > > > > > > Any suggestions to a right direction are welcome. > > > > PS! Went with LDAP because other services on the server use it > > successfully. I have installed RT using Kerberos auth before but decided > > to use something "simpler". :D > > > > -- > > Indrek > > -- > Jeff Blaine > kickflop.net > PGP/GnuPG Key ID: 0x0C8EDD02 >
Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
https://metacpan.org/pod/RT::Authen::ExternalAuth::LDAP says: filter The filter to use to match RT users. You must specify it and it must be a valid LDAP filter encased in parentheses. For example: filter => '(objectClass=*)', On 4/20/2015 5:16 AM, Indrek Paas wrote: > Hi, > > I'm setting up an RT server on: > CentOS 7.1 x64 > Apache 2.4 > PostgreSQL > Perl v5.16.3 > > Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings > in RT_SiteConfig.pm: > > Plugin( "RT::Authen::ExternalAuth" ); > > Set( $ExternalAuthPriority, ["My_LDAP"] ); > Set( $ExternalInfoPriority, ["My_LDAP"] ); > > Set($ExternalSettings, { > 'My_LDAP' => { > 'type' => 'ldap', > 'server'=> '1.1.1.1', > 'user' => 'rtbinduser@domain.server', > 'pass' => 'rtbinduserpw', > 'base' => 'ou=Dom Users,ou=Company > AD,dc=domain,dc=server', > > 'attr_match_list' => [ > 'Name', > 'EmailAddress', > ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'cn', > 'ExternalAuthId' => 'sAMAccountName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co' > }, > }, > } ); > > I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080 > Page loads in the browser and I can log in as root but when I try to log > in using AD account I see in the logs: > > [warning]: Use of uninitialized value $filter in concatenation (.) or > string at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > line 453. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) > > I have been digging through google and the LDAP.pm without success. When > I messed with the 'base' value error changed: > > [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value > $filter in concatenation (.) or string at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > line 453. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) > [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method > "as_string" on an undefined value at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > line 357. > > Stack: > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885] > [/opt/rt4/sbin/../lib/RT/User.pm:141] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486] > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1] > [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310] > [/opt/rt4/share/html/autohandler:53] > (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) > > > Any suggestions to a right direction are welcome. > > PS! Went with LDAP because other services on the server use it > successfully. I have installed RT using Kerberos auth before but decided > to use something "simpler". :D > > -- > Indrek -- Jeff Blaine kickflop.net PGP/GnuPG Key ID: 0x0C8EDD02
Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hello Indrek, I had some problems with External Auth as well. I ended up going with LDAP Import, authentication works based on LDAP credentials being imported. You have a bit more control as you can filter on groups or user names if you choose that route. I threw together a how to: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html Hope this offers some help. Thanks, Trev On Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas wrote: > Hi, > > I'm setting up an RT server on: > CentOS 7.1 x64 > Apache 2.4 > PostgreSQL > Perl v5.16.3 > > Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in > RT_SiteConfig.pm: > > Plugin( "RT::Authen::ExternalAuth" ); > > Set( $ExternalAuthPriority, ["My_LDAP"] ); > Set( $ExternalInfoPriority, ["My_LDAP"] ); > > Set($ExternalSettings, { > 'My_LDAP' => { > 'type' => 'ldap', > 'server'=> '1.1.1.1', > 'user' => 'rtbinduser@domain.server > ', > 'pass' => 'rtbinduserpw', > 'base' => 'ou=Dom Users,ou=Company > AD,dc=domain,dc=server', > > 'attr_match_list' => [ > 'Name', > 'EmailAddress', > ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'Organization' => 'physicalDeliveryOfficeName', > 'RealName' => 'cn', > 'ExternalAuthId' => 'sAMAccountName', > 'Gecos' => 'sAMAccountName', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co' > }, > }, > } ); > > I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080 > Page loads in the browser and I can log in as root but when I try to log > in using AD account I see in the logs: > > [warning]: Use of uninitialized value $filter in concatenation (.) or > string at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > line 453. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) > > I have been digging through google and the LDAP.pm without success. When I > messed with the 'base' value error changed: > > [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value > $filter in concatenation (.) or string at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > line 453. > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) > [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method "as_string" > on an undefined value at > /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm > line 357. > > Stack: > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885] > [/opt/rt4/sbin/../lib/RT/User.pm:141] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486] > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10] > > [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1] > [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310] > [/opt/rt4/share/html/autohandler:53] > (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) > > > Any suggestions to a right direction are welcome. > > PS! Went with LDAP because other services on the server use it > successfully. I have installed RT using Kerberos auth before but decided to > use something "simpler". :D > > -- > Indrek >
Re: [rt-users] Suggestion regarding the extension RT-Extension-LDAPImport
I got contacted by Max Kosmach with a one line patch and it seems to be working, i paste his patch below, don't know if it breaks something else: --- RT/Extension/LDAPImport.pm.orig2014-09-23 00:17:19.0 +0400 +++ RT/Extension/LDAPImport.pm 2015-03-11 13:21:30.161168864 +0300 @@ -386,7 +386,7 @@ sub connect_ldap { my $self = shift; -my $ldap = Net::LDAP->new($RT::LDAPHost); +my $ldap = Net::LDAP->new($RT::LDAPHost, raw => qr/(?i:^jpegPhoto|;binary)/); $self->_debug("connecting to $RT::LDAPHost"); unless ($ldap) { $self->_error("Can't connect to $RT::LDAPHost"); -- View this message in context: http://requesttracker.8502.n7.nabble.com/Suggestion-regarding-the-extension-RT-Extension-LDAPImport-tp59883p59901.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
[rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hi, I'm setting up an RT server on: CentOS 7.1 x64 Apache 2.4 PostgreSQL Perl v5.16.3 Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in RT_SiteConfig.pm: Plugin( "RT::Authen::ExternalAuth" ); Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server'=> '1.1.1.1', 'user' => 'rtbinduser@domain.server', 'pass' => 'rtbinduserpw', 'base' => 'ou=Dom Users,ou=Company AD,dc=domain,dc=server', 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }, }, } ); I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080 Page loads in the browser and I can log in as root but when I try to log in using AD account I see in the logs: [warning]: Use of uninitialized value $filter in concatenation (.) or string at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 453. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) I have been digging through google and the LDAP.pm without success. When I messed with the 'base' value error changed: [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value $filter in concatenation (.) or string at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 453. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method "as_string" on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 357. Stack: [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885] [/opt/rt4/sbin/../lib/RT/User.pm:141] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1] [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310] [/opt/rt4/share/html/autohandler:53] (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) Any suggestions to a right direction are welcome. PS! Went with LDAP because other services on the server use it successfully. I have installed RT using Kerberos auth before but decided to use something "simpler". :D -- Indrek