Re: [rt-users] [Rt-announce] RT for Mobile Devices 0.9
Thanks Jesse - love it, just bumped to v0.93 from your v9 release and works a treat on our iPhone 4's & BB STORM2's. Julian. -- Julian Grunnell This email is subject to: www.corporate.webfusion.co.uk/disclaimer >-Original Message- >From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- >boun...@lists.bestpractical.com] On Behalf Of Howard Jones >Sent: 06 August 2010 19:30 >To: rt-users@lists.bestpractical.com >Subject: Re: [rt-users] [Rt-announce] RT for Mobile Devices 0.9 > > On 06/08/2010 17:45, Jesse Vincent wrote: >> 0.92 should fix that issue. I've pushed it to cpan already. >0.93 from PAUSE resolved the Page Not Found for me. > >This will be a very valuable plugin for our on-call guys, who already >have an iPhone. Thanks, Jesse. > >Discover RT's hidden secrets with RT Essentials from O'Reilly Media. >Buy a copy at http://rtbook.bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT & mysql / LDAP Auth
>-Original Message- >From: Mike Peachey [mailto:mike.peac...@jennic.com] >Sent: 14 May 2010 10:33 >To: Julian Grunnell; rt-users@lists.bestpractical.com >Subject: Re: [rt-users] RT & mysql / LDAP Auth > >Julian Grunnell wrote: > >> Right, thanks - that makes sense now. I misunderstood the use of this >> and thought you had to define ALL the authentication methods you >wanted >> to use. So I have removed the MySQL section completely from the config >> and tried again with different results. Using my LDAP credentials I >> still get "Your username or password is incorrect" BUT RT has created >me >> as a user, the "Let this user be granted rights" box is unchecked and >> I'm NOT a member of any Groups. The logs created when this was done >are: > >1. It found you and loaded your information from LDAP just as it should. >2. ExternalAuth cannot currently add you to any internal RT groups based >on LDAP information, this must be done in the RT administration panels. >3. If you want LDAP users to be automatically assigned "Let this user be >granted rights" then you may do so with this config setting: > Set($AutoCreate, {Privileged => 1}); >Otherwise it will need setting manually along with group membership. > > >The only thing that is now failing for you is authentication and the >reason is now obvious: > >Your config >### ># Does authentication depend on group membership? What group name? >'group' => 'GROUP_NAME', ># What is the attribute for the group object that determines membership? >'group_attr' => 'GROUP_ATTR', >####### > >Your log >### >[Fri May 14 08:22:42 2010] > >[critical]: > >Search for (GROUP_ATTR=CN=Julian >Grunnell,OU=Technical,OU=Users,OU=Leeds,OU=Webfusion,OU=Hosting,OU=Corp , >DC=internal,DC=hosteurope,DC=com) > > >failed: LDAP_INVALID_DN_SYNTAX 34 > >### > >You have told ExternalAuth that all ldap users must be in an ldap group >named GROUP_NAME and that in order to confirm that the users are a >member of that group, the members should be in the GROUP_ATTR attribute >of that group. > >If you simply comment out group and group_attr it should work fine. If >in future you wish to restrict access by group, ensure the group name is >specified in full ldap dn form. >-- [>] Thanks Mike - appreciate your help with this, made the changes you suggest and it works a treat now. Now to look at the script that can convert to ldap style logins. Julian. Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT & mysql / LDAP Auth
-- Julian Grunnell This email is subject to: www.corporate.webfusion.co.uk/disclaimer >-Original Message- >From: Mike Peachey [mailto:mike.peac...@jennic.com] >Sent: 13 May 2010 13:56 >To: Julian Grunnell >Cc: rt-users@lists.bestpractical.com >Subject: Re: [rt-users] RT & mysql / LDAP Auth > >Julian Grunnell wrote: >>> -Original Message- >>> From: Mike Peachey [mailto:mike.peac...@jennic.com] >>> Sent: 10 May 2010 12:54 >>> To: Julian Grunnell >>> Cc: rt-users@lists.bestpractical.com >>> Subject: Re: [rt-users] RT & mysql / LDAP Auth >>> >> >> So at present users are just authenticating against RT's own DB for >user >> access. What I'd like to do is keep this but also have LDAP. The >reason >> being users now have multiple usernames / passwords for different >> services we run and I want to use LDAP as a way to simplify this - BUT >> in order for this to be done I also need to be able to keep the MySQL >> access for now and not break RT for all the users. >> >> The RT DB is on a different physical server and the fact that after I >> restarted httpd with the config above and could still login with my >> usual (mysql) credentials assumed that atleast part of it was working >- >> is this not the case? > >No, you've misunderstood and it has massively complicated your debugging >of the situation. > >ExternalAuth *only* adds to the available authentication mechanisms. It >does not replace RT's own. The use of ExternalAuth MySQL authentication >is if you want to be able to authenticate against some other MySQL >source such as a custom website database or the database of another >web-application. This is /in addition/ to checking against RT's own >internal database (whether this is hosted locally or not). > >So, authentication happens in this order: > >1. ExternalAuth >2. RT-Internal > >And you can have as many ExternalAuth sources as you wish. > > >For your setup, what you want is to only specify the LDAP source which >is then checked for a valid user. If there's no user in LDAP, RT's >internal DB will be checked. >-- >Kind Regards, > [>] Right, thanks - that makes sense now. I misunderstood the use of this and thought you had to define ALL the authentication methods you wanted to use. So I have removed the MySQL section completely from the config and tried again with different results. Using my LDAP credentials I still get "Your username or password is incorrect" BUT RT has created me as a user, the "Let this user be granted rights" box is unchecked and I'm NOT a member of any Groups. The logs created when this was done are: [Fri May 14 08:22:41 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:64) [Fri May 14 08:22:41 2010] [debug]: Calling UserExists with $username (jgrunnell) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:105) [Fri May 14 08:22:41 2010] [debug]: UserExists params: username: jgrunnell , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:274) [Fri May 14 08:22:41 2010] [debug]: LDAP Search === Base: ou=hosting,ou=corp,dc=internal,dc=hosteurope,dc=com == Filter: (&(objectClass=User)(sAMAccountName=jgrunnell)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber, sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:304) [Fri May 14 08:22:41 2010] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 with: Disabled: 0, EmailAddress: , Gecos: jgrunnell, Name: jgrunnell, Privileged: 0 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:450) [Fri May 14 08:22:41 2010] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:458) [Fri May 14 08:22:41 2010] [debug]: Attempting to use this canonicalization key: Name (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:472) [Fri May 14 08:22:41 2010] [debug]: LDAP Search === Base: ou=hosting,ou=corp,dc=internal,dc=hosteurope,dc=com == Filter: (&(objectClass=User)(sAMAccountName=jgrunnell)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber, sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:195) [Fri May 14 08:22:41 2010] [info]: RT::Authen::ExternalAu
Re: [rt-users] RT & mysql / LDAP Auth
>-Original Message- >From: Mike Peachey [mailto:mike.peac...@jennic.com] >Sent: 10 May 2010 12:54 >To: Julian Grunnell >Cc: rt-users@lists.bestpractical.com >Subject: Re: [rt-users] RT & mysql / LDAP Auth > >Julian Grunnell wrote: >> Hi - hoping someone can help me, I'm trying to get the >> RT::Authen::ExternalAuth plugin to work so I can use LDAP for >> authentication. Just using mysql at the moment, so want to keep this >as >> well. Running RT 3.8.5 on Centos, I'd like mysql auth first and then >> LDAP next. I've managed to configure this without any errors and my >> mysql authentication still works after a httpd restart. However LDAP >> auth never works, I'm not that familiar with LDAP so am hoping if I >> provide my config and rt.log below someone might be able to point me >in >> the right direction: > >Looks like the whole thing is dying during the MySQL check. > >1. Provide the whole config >2. Are you sure you're supposed to be using ExternalAuth for MySQL auth? >Are you actually using it to check against an external MySQL source, or >are you trying to use MySQL to check RT's own database? > [>] The whole config is: ## ## Local settings - overrides RT_Config.pm ## Set($WebBaseURL, "https://xxx.xxx.xxx";); Set($rtname, 'xxx'); Set($Organization , "xxx"); Set($MinimumPasswordLength , "8"); Set($OwnerEmail , 'jul...@xxx.xxx'); Set($SMTPFrom, 'supp...@xxx.xxx'); Set($Timezone , 'GB/London'); Set($UsernameFormat, 'concise'); Set($OldestTransactionsFirst, '0'); Set($SenderMustExistInExternalDatabase); Set($LogToSyslog, 'debug'); Set($UseFriendlyFromLine, 0); Set($WebDomain, 'xxx.xxx.xxx'); Set($WebDefaultStylesheet, '3.5-default'); Set($WebPort, 443); Set($MaxInlineBody, 148000); ## Display Webfusion logo / link ## Set($WebImagesURL , $WebPath . "/NoAuth/images/"); # need this for below Set($LogoURL, $WebImagesURL . "xxx-logo.png"); Set($LogoLinkURL, 'http://xxx.xxx.xxx'); Set($LogoImageURL, $WebImagesURL . "xxx.xxx.png"); Set($LogoAltText, "xxx"); # {{{ Logging Set($LogToSyslog,'critical'); Set($LogToScreen, 'error'); Set($LogToFile , 'debug'); Set($LogDir, '/opt/rt3/var/log/rt3'); Set($LogToFileNamed , "rt.log");#log to rt.log #Set(@Plugins,(qw(RT::Extension::SLA))); #Set( %ServiceAgreements, #Default => '4h', #QueueDefault => { #'General' => '4h', #}, #Levels => { #'2h' => { # StartImmediately => 1, # Resolve => { RealMinutes => 60*2 } }, #'4h' => { # StartImmediately => 1, # Resolve => { RealMinutes => 60*4 } }, #}, #); #Set(@Plugins,(qw(Extension::QuickDelete RT::FM))); ## MySQL / LDAP Configuration # # The order in which the services defined in ExternalSettings # should be used to authenticate users. User is authenticated # if successfully confirmed by any service - no more services # are checked. Set($ExternalAuthPriority, [ 'My_MySQL', 'My_LDAP' ] ); # The order in which the services defined in ExternalSettings # should be used to get information about users. This includes # RealName, Tel numbers etc, but also whether or not the user # should be considered disabled. # # Once user info is found, no more services are checked. # # You CANNOT use a SSO cookie for authentication. Set($ExternalInfoPriority, [ 'My_MySQL', 'My_LDAP' ] ); # If this is set to true, then the relevant packages will # be loaded to use SSL/TLS connections. At the moment, # this just means "use Net::SSLeay;" Set($ExternalServiceUsesSSLorTLS,0); # If this is set to 1, then users should be autocreated by RT # as internal users if they fail to authenticate from an # external service. Set($AutoCreateNonExternalUsers,0); # These are the full settings for each external service as a HashOfHashes # Note that you may have as many external services as you wish. They will # be checked in the order specified in the Priority directives above. # e.g. # Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDA P','Other-DB']); # Set($ExternalSettings, { # AN EXAMPLE DB SERVICE 'My_MySQL' => { ## GENERIC SECTION
[rt-users] RT & mysql / LDAP Auth
'EmailAddress', 'RealName', 'WorkPhone', 'Address2' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' And this is a complete log entry if I try to use my LDAP credentials: [Sun May 9 10:10:24 2010] [debug]: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP support has been disabled (/opt/rt3/bin/../lib/RT/Config.pm:380) [Sun May 9 10:10:24 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu th/autohandler/Auth:14) [Sun May 9 10:10:24 2010] [debug]: Attempting to use external auth service: My_MySQL (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:64) [Sun May 9 10:10:24 2010] [debug]: Calling UserExists with $username (jgrunnell) and $service (My_MySQL) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:105) [Sun May 9 10:10:24 2010] [debug]: Disable Check Failed :: ( My_MySQL ) jgrunnell User not found (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/DBI.pm:234) [Sun May 9 10:10:24 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:64) [Sun May 9 10:10:24 2010] [debug]: Calling UserExists with $username (jgrunnell) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:105) [Sun May 9 10:10:24 2010] [debug]: UserExists params: username: jgrunnell , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:274) [Sun May 9 10:10:25 2010] [debug]: LDAP Search === Base: ou=hosting,ou=corp,dc=internal,dc=hosteurope,dc=com == Filter: (&(objectClass=User)(sAMAccountName=jgrunnell)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber, sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/LDAP.pm:304) [Sun May 9 10:10:25 2010] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 with: Disabled: 0, EmailAddress: , Gecos: jgrunnell, Name: jgrunnell, Privileged: 0 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:450) [Sun May 9 10:10:25 2010] [debug]: Attempting to get user info using this external service: My_MySQL (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:458) [Sun May 9 10:10:25 2010] [debug]: Attempting to use this canonicalization key: Gecos (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h.pm:472) [Sun May 9 10:10:25 2010] [warning]: DBD::mysql::db selectall_hashref failed: Unknown column 'email' in 'field list' at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth /DBI.pm line 163, line 273. (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/DBI.pm:163) [Sun May 9 10:10:25 2010] [warning]: Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth /DBI.pm line 163, line 273. (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut h/DBI.pm:163) [Sun May 9 10:10:25 2010] [error]: FAILED LOGIN for jgrunnell from 212.103.233.1 (/opt/rt3/share/html/autohandler:268) Thanks in advance. Julian Grunnell Unix Sys Admin Webfusion Limited. Phone:0208 587 7212 Mobile:07803649593 Email:julian.grunn...@webfusion.com <http://www.webfusion.com/> Bringing the world's ideas online Webfusion <http://www.webfusion.com> , 123-reg <http://www.123-reg.co.uk> , Donhost <http://www.donhost.co.uk> , Supanames <http://www.supanames.co.uk> Follow us on Twitter: Webfusion <http://twitter.com/webfusion> , 123-reg <http://twitter.com/123reg> This e-mail is subject to: Webfusion disclaimer <http://www.corporate.webfusion.co.uk/disclaimer> Please consider the environment before printing this email <> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com