subject:"Re\: \[rt\-users\] RT\:\:Authen\:\:ExternalAuth"

Re: [rt-users] "RT::Authen::ExternalAuth".

2016-01-15 Thread Vahid Khorasani via rt-users

--- Begin Message ---
Hi
That's the concern that I had about one month ago , but I totally solved it and 
I 'll be glad to help you solve it sooner that I could :)
Yes you can have both of them at the same time by adding the following line in 
your RT_SiteConfig.pm:
set ($AuthMethods, ['LDAP' , Internal']);

I,ll be happy if you let me know the result 
Good Luck

-Original Message-
From: "ggamache" 
Sent: ‎15/‎01/‎2016 17:28
To: "rt-users@lists.bestpractical.com" 
Subject: [rt-users] "RT::Authen::ExternalAuth".

Question on "RT::Authen::ExternalAuth".
I've set the ExternalAuth and it worked
Is there a way to have both auth External and still be able to log with the
internal DB ? 

regards,
Ghis





--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/RT-Authen-ExternalAuth-tp61193.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
--- End Message ---

Re: [rt-users] "RT::Authen::ExternalAuth".

2016-01-15 Thread ggamache

thank you for your help 
I tried set ($AuthMethods, ['LDAP' , 'My_MySQL']); but It seem I had to add a 
new part in the ExternalSettingsSet($ExternalSettings, {  'My_LDAP' 
 'My_MySQL...'
If I add Internal I still have to do this part or it somehow find it 
automatically? 
 
regards,
Ghislain
Date: Fri, 15 Jan 2016 08:38:47 -0700
From: ml-node+s8502n6119...@n7.nabble.com
To: ghislaingama...@hotmail.com
Subject: Re: "RT::Authen::ExternalAuth".



Hi
That's the concern that I had about one month ago , but I totally solved it and 
I 'll be glad to help you solve it sooner that I could :)
Yes you can have both of them at the same time by adding the following line in 
your RT_SiteConfig.pm:
set ($AuthMethods, ['LDAP' , Internal']);

I,ll be happy if you let me know the result 
Good LuckFrom: [hidden email]
Sent: ‎15/‎01/‎2016 17:28
To: [hidden email]
Subject: [rt-users] "RT::Authen::ExternalAuth".

Question on "RT::Authen::ExternalAuth".
I've set the ExternalAuth and it worked
Is there a way to have both auth External and still be able to log with the
internal DB ? 

regards,
Ghis





--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/RT-Authen-ExternalAuth-tp61193.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.











If you reply to this email, your message will be added to the 
discussion below:

http://requesttracker.8502.n7.nabble.com/RT-Authen-ExternalAuth-tp61193p61196.html



To unsubscribe from "RT::Authen::ExternalAuth"., click here.

NAML
  



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/RT-Authen-ExternalAuth-tp61193p61197.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump

2014-03-27 Thread Alex Vandiver

On Thu, 2014-03-27 at 16:01 -0500, Dewhirst, Rob wrote:
 I can get RT up and running just fine using LDAP with
 RT::Authen::ExternalAuth.  But as soon as I shut down the server and
 install mod_ssl, apache won't restart, segfaults.

What version of RT and Apache?  I presume you're running with a mod_perl
deployment?
 - Alex


-- 
RT Training - Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump

2014-03-27 Thread Dewhirst, Rob

RT 4.0.19 (because of RTIR)
mod_perl
RHEL 6.5 x64
Server version: Apache/2.2.15 (Unix)
Server built:   Aug  2 2013 08:02:15
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM: Prefork
  threaded: no
forked: yes (variable process count)
Server compiled with
 -D APACHE_MPM_DIR=server/mpm/prefork
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT=/etc/httpd
 -D SUEXEC_BIN=/usr/sbin/suexec
 -D DEFAULT_PIDLOG=run/httpd.pid
 -D DEFAULT_SCOREBOARD=logs/apache_runtime_status
 -D DEFAULT_LOCKFILE=logs/accept.lock
 -D DEFAULT_ERRORLOG=logs/error_log
 -D AP_TYPES_CONFIG_FILE=conf/mime.types
 -D SERVER_CONFIG_FILE=conf/httpd.conf

On Thu, Mar 27, 2014 at 4:30 PM, Alex Vandiver ale...@bestpractical.com wrote:
 On Thu, 2014-03-27 at 16:01 -0500, Dewhirst, Rob wrote:
 I can get RT up and running just fine using LDAP with
 RT::Authen::ExternalAuth.  But as soon as I shut down the server and
 install mod_ssl, apache won't restart, segfaults.

 What version of RT and Apache?  I presume you're running with a mod_perl
 deployment?
  - Alex


 --
 RT Training - Dallas May 20-21
 http://bestpractical.com/training
-- 
RT Training - Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump

2014-03-27 Thread Alex Vandiver

On Thu, 2014-03-27 at 16:42 -0500, Dewhirst, Rob wrote:
 RT 4.0.19 (because of RTIR)
 mod_perl

Interesting; we've seen another report of this previously, but I've been
unable to replicate it.  It's presumably caused by a disagreement of
mod_ssl with the SSL libraries that perl uses for LDAPS support -- and
since mod_perl is in use, those two exist in the same process, and their
disagreements lead to coredumps.  We addressed a similar problem with
mod_ssl and TLS connections to Postgres early in the 4.0 series.

The simple work-around is to switch from mod_perl to one of the fastcgi
deployment strategies, which separates the mod_ssl OpenSSL stack from
perl's LDAPS OpenSSL stack, allowing them to play well together.

However, I'd love to have a simple replication strategy to help track
this down and fix it.  How stock an RT install is this?  I presume
you're running with the standard Apache and mod_perl installs from RPMs?
Can you provide your RT::Authen::ExternalAuth configuration?
 - Alex

-- 
RT Training - Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth + mod_ssl = core dump

2014-03-27 Thread Dewhirst, Rob

This is just about as basic an RT install as you can get.  everything
was installed by CPAN and RPMs.

I can give you instructions or if you have a place I can put a 1-2GB
file I could probably just build a CentOS VM that exhibits the
problem.

On Thu, Mar 27, 2014 at 4:53 PM, Alex Vandiver ale...@bestpractical.com wrote:
 On Thu, 2014-03-27 at 16:42 -0500, Dewhirst, Rob wrote:
 RT 4.0.19 (because of RTIR)
 mod_perl

 Interesting; we've seen another report of this previously, but I've been
 unable to replicate it.  It's presumably caused by a disagreement of
 mod_ssl with the SSL libraries that perl uses for LDAPS support -- and
 since mod_perl is in use, those two exist in the same process, and their
 disagreements lead to coredumps.  We addressed a similar problem with
 mod_ssl and TLS connections to Postgres early in the 4.0 series.

 The simple work-around is to switch from mod_perl to one of the fastcgi
 deployment strategies, which separates the mod_ssl OpenSSL stack from
 perl's LDAPS OpenSSL stack, allowing them to play well together.

 However, I'd love to have a simple replication strategy to help track
 this down and fix it.  How stock an RT install is this?  I presume
 you're running with the standard Apache and mod_perl installs from RPMs?
 Can you provide your RT::Authen::ExternalAuth configuration?
  - Alex

 --
 RT Training - Dallas May 20-21
 http://bestpractical.com/training
-- 
RT Training - Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth LDAPS

2014-03-05 Thread Dewhirst, Rob

thanks, I should have clarified that LDAP over TLS on 389 is not an
option for us.  We can only do LDAPS over 636.

On Tue, Mar 4, 2014 at 11:32 AM, k...@rice.edu k...@rice.edu wrote:
 TLS would still be over port 389 if it was being used.

 Regards,
 Ken

 On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
 I am successfully authenticating via LDAP (cleartext) over TCP 389
 using RT::Authen::ExternalAuth

 However, once I change:

 Set($ExternalServiceUsesSSLorTLS,1);

 and in the ExternalSettings for My_LDAP:

 'tls'   =  1,
 'ssl_version'   =  3,

 It still authenticates (successfully) over TCP 389.

 I noticed someone else had a similar problem but was lacking
 Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
 without Net:SSLeay)

 [root@rtir-test ~]# cpan -i Net::SSLeay
 CPAN: Storable loaded ok (v2.20)
 Reading '/root/.cpan/Metadata'
   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
 CPAN: Module::CoreList loaded ok (v2.18)
 Net::SSLeay is up to date (1.58).
 [root@rtir-test ~]#

 I have debug logging enabled in RT, but it doesn't seem to tell me
 anything useful since nothing is failing.

 RT-Authen-ExternalAuth-0.17
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth LDAPS

2014-03-05 Thread Kevin Falcone

On Wed, Mar 05, 2014 at 10:08:53AM -0600, Dewhirst, Rob wrote:
 thanks, I should have clarified that LDAP over TLS on 389 is not an
 option for us.  We can only do LDAPS over 636.

If you want to do LDAPS to the LDAPS port and not STARTTLS on the
standard port, you probably want
server = 'ldaps://my.server'
Net::LDAP's default LDAPS port is 636 so you don't need to specify it.

It's possibly you'll need to turn off tls if Net::LDAP::start_tls
breaks you.  It's also possible you might need some extra things in
net_ldap_args, refer to the Net::LDAP documentation for that.

-kevin

  On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
  I am successfully authenticating via LDAP (cleartext) over TCP 389
  using RT::Authen::ExternalAuth
 
  However, once I change:
 
  Set($ExternalServiceUsesSSLorTLS,1);
 
  and in the ExternalSettings for My_LDAP:
 
  'tls'   =  1,
  'ssl_version'   =  3,
 
  It still authenticates (successfully) over TCP 389.



pgpaJDyLyoSFV.pgp
Description: PGP signature
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth LDAPS

2014-03-05 Thread Dewhirst, Rob

It' always a judgement call what to post and what to leave out.  I
can't post the full settings, strictly speaking.


'server'=  'ldaps://server',


seems to have fixed it.  Thanks all.

On Wed, Mar 5, 2014 at 10:22 AM, Gerald Vogt v...@spamcop.net wrote:
 It's always much easier to help if you post the full settings instead of
 some parts.

 Did you use ldaps in the server definition or did you add ldaps or the
 different port number in net_ldap_args?

 -Gerald

 On 05.03.2014 17:08, Dewhirst, Rob wrote:
 thanks, I should have clarified that LDAP over TLS on 389 is not an
 option for us.  We can only do LDAPS over 636.

 On Tue, Mar 4, 2014 at 11:32 AM, k...@rice.edu k...@rice.edu wrote:
 TLS would still be over port 389 if it was being used.

 Regards,
 Ken

 On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
 I am successfully authenticating via LDAP (cleartext) over TCP 389
 using RT::Authen::ExternalAuth

 However, once I change:

 Set($ExternalServiceUsesSSLorTLS,1);

 and in the ExternalSettings for My_LDAP:

 'tls'   =  1,
 'ssl_version'   =  3,

 It still authenticates (successfully) over TCP 389.

 I noticed someone else had a similar problem but was lacking
 Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
 without Net:SSLeay)

 [root@rtir-test ~]# cpan -i Net::SSLeay
 CPAN: Storable loaded ok (v2.20)
 Reading '/root/.cpan/Metadata'
   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
 CPAN: Module::CoreList loaded ok (v2.18)
 Net::SSLeay is up to date (1.58).
 [root@rtir-test ~]#

 I have debug logging enabled in RT, but it doesn't seem to tell me
 anything useful since nothing is failing.

 RT-Authen-ExternalAuth-0.17

 --
 RT Training London, March 19-20 and Dallas May 20-21
 http://bestpractical.com/training
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth LDAPS

2014-03-04 Thread k...@rice.edu

TLS would still be over port 389 if it was being used.

Regards,
Ken

On Tue, Mar 04, 2014 at 11:29:48AM -0600, Dewhirst, Rob wrote:
 I am successfully authenticating via LDAP (cleartext) over TCP 389
 using RT::Authen::ExternalAuth
 
 However, once I change:
 
 Set($ExternalServiceUsesSSLorTLS,1);
 
 and in the ExternalSettings for My_LDAP:
 
 'tls'   =  1,
 'ssl_version'   =  3,
 
 It still authenticates (successfully) over TCP 389.
 
 I noticed someone else had a similar problem but was lacking
 Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
 without Net:SSLeay)
 
 [root@rtir-test ~]# cpan -i Net::SSLeay
 CPAN: Storable loaded ok (v2.20)
 Reading '/root/.cpan/Metadata'
   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
 CPAN: Module::CoreList loaded ok (v2.18)
 Net::SSLeay is up to date (1.58).
 [root@rtir-test ~]#
 
 I have debug logging enabled in RT, but it doesn't seem to tell me
 anything useful since nothing is failing.
 
 RT-Authen-ExternalAuth-0.17
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth LDAPS

2014-03-04 Thread Darin Perusich

Is the CA certificate which signed your LDAP servers certs on your RT
host? It would need to be installed in /etc/ssl/certs or
/etc/pki/trust/anchors and hashed to be trusted.
--
Later,
Darin


On Tue, Mar 4, 2014 at 12:29 PM, Dewhirst, Rob robdewhi...@gmail.com wrote:
 I am successfully authenticating via LDAP (cleartext) over TCP 389
 using RT::Authen::ExternalAuth

 However, once I change:

 Set($ExternalServiceUsesSSLorTLS,1);

 and in the ExternalSettings for My_LDAP:

 'tls'   =  1,
 'ssl_version'   =  3,

 It still authenticates (successfully) over TCP 389.

 I noticed someone else had a similar problem but was lacking
 Net::SSLeay.  Not my case here (I don't see how you can use Net::LDAP
 without Net:SSLeay)

 [root@rtir-test ~]# cpan -i Net::SSLeay
 CPAN: Storable loaded ok (v2.20)
 Reading '/root/.cpan/Metadata'
   Database was generated on Mon, 03 Mar 2014 20:17:02 GMT
 CPAN: Module::CoreList loaded ok (v2.18)
 Net::SSLeay is up to date (1.58).
 [root@rtir-test ~]#

 I have debug logging enabled in RT, but it doesn't seem to tell me
 anything useful since nothing is failing.

 RT-Authen-ExternalAuth-0.17
 --
 RT Training London, March 19-20 and Dallas May 20-21
 http://bestpractical.com/training
-- 
RT Training London, March 19-20 and Dallas May 20-21
http://bestpractical.com/training

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-09-02 Thread Maximilien Drouet

Hi,


After many searches, it works for some of my users and don't work for some
others.
Is it possible that parameter $RTAddressRegexp interfers with
RT::Authen::ExternalAuth
?

On Active directory side no error, only successes logs.

Do you no about any other debug options I could use ?




Thanks


On Wed, Aug 21, 2013 at 12:33 PM, Maximilien Drouet mdro...@randco.frwrote:

 Hi Nathan,

 After many searchs with your help and our AD Administrator we found that
 the account was not authorized.

 I was given another one and now, command line binds and authenticate well
 but no chance with RT. Here is the command line

 ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D
 'mydomain\ldapuser' -W -b ou=FR,dc=mydomain,dc=local uid=mysuer

 and the output.


 dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users 
 Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
  v
 objectClass: top
 objectClass: person
 objectClass: organizationalPerson
 objectClass: user
 cn: Firstname Lastname
 sn: Lastname
 c: FR
 l: city
 title: myTitle
 postalCode: Zipcode
 physicalDeliveryOfficeName: z - y - x
 telephoneNumber: myTelephonenumber
 givenName: FirstName
 distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users 
 Clients,OU=mydomain,OU=FR,
  DC=mydomain,DC=local
 instanceType: 4
 whenCreated: 20100701014148.0Z
 whenChanged: 20130821001737.0Z
 displayName: Firstname Lastname
 uSNCreated: 73679
 memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
 memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
 memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
 memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
 memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
 memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
 memberOf:
 CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
 uSNChanged: 10019507
 co: FRANCE
 department: z - y - x
 streetAddress: myaddress
 name: Firstname Lastname
 objectGUID:: l8cI/GO3KEOyA0E8neccKA==
 userAccountControl: 544
 badPwdCount: 0
 codePage: 0
 countryCode: 250
 badPasswordTime: 130215493735596806
 lastLogoff: 0
 lastLogon: 130214762950697235
 pwdLastSet: 130214610102266437
 primaryGroupID: 513
 objectSid:: AQUAAAUVEQz3vwuoUpdtKTGZJPEAAA==
 accountExpires: 1302513840
 logonCount: 197
 sAMAccountName: mysuer
 sAMAccountType: 805306368
 userPrincipalName: mymail
 lockoutTime: 0
 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
 dSCorePropagationData: 20130524093118.0Z
 dSCorePropagationData: 20130523093743.0Z
 dSCorePropagationData: 1601010101.0Z
 lastLogonTimestamp: 130214610103032919
 uid: mysuer
 mail: mymail



 I'm quite confused with the RT configuration file and it's option, even
 looking at the documentation I'm a litte bit lost, maybe the problem is
 there.

 Here is the RT_Config extract

 # External Authentication Configuration
 Set($ExternalAuthPriority,  [ 'My_LDAP']);
 Set($ExternalInfoPriority,  [ 'My_LDAP']);
 Set($ExternalSettings, {

   # AN EXAMPLE LDAP SERVICE
 'My_LDAP'   =  {
 'type'  =  'ldap',
 'server'=  'myserver.mydomain.local',
 'user'  =  'ldapaccount',
 'pass'  =  'ldapaccountpassword',
 'base'  =  'ou=FR,dc=mydomain,dc=local',
 'filter'=
  '((ObjectCategory=User)(ObjectClass=Person))',

 'd_filter'  =
  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
 'group' =  'OU=Users 
 Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
 'group_attr'=  'member',
 'tls'   =  0,
 'ssl_version'   =  3,

 'net_ldap_args' = [version =  3   ],
 'group_scope'   =  'base',
 'group_attr_value'  =  '*',
 'attr_match_list'   = ['Name'],
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'Organization' = 'physicalDeliveryOfficeName',
 'RealName' = 'cn',
 'ExternalAuthId' = 'sAMAccountName',
 'Gecos' = 'sAMAccountName',
 'WorkPhone' = 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State' = 'st',
 'Zip' = 'postalCode',
 'Country' = 'co'
 },
 },
 } );


 Any other Idea ?


 --
 Regards

 Maximilien







-- 
Regards


Maximilien

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-09-02 Thread Nathan Cutler

Hi

 Is it possible that parameter $RTAddressRegexp interfers with
 RT::Authen::ExternalAuth ?

I doubt it.

 On Active directory side no error, only successes logs.

Are you saying that a user attempts to log in, you see successful LDAP
bind on the LDAP server, and RT login fails? If so, please send us the
relevant debug-level RT log excerpt. Also the LDAP server log excerpt
if possible.

 Do you no about any other debug options I could use ?

I did notice that, after upgrading to RT 4.0.17 and ExternalAuth 0.12,
I get much more detailed debug-level log messages for ExternalAuth.

Hope this helps.

Nathan

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-08-21 Thread Maximilien Drouet

Hi Nathan,

After many searchs with your help and our AD Administrator we found that
the account was not authorized.

I was given another one and now, command line binds and authenticate well
but no chance with RT. Here is the command line

ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D 'mydomain\ldapuser'
-W -b ou=FR,dc=mydomain,dc=local uid=mysuer

and the output.


dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users 
Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
 v
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Firstname Lastname
sn: Lastname
c: FR
l: city
title: myTitle
postalCode: Zipcode
physicalDeliveryOfficeName: z - y - x
telephoneNumber: myTelephonenumber
givenName: FirstName
distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users 
Clients,OU=mydomain,OU=FR,
 DC=mydomain,DC=local
instanceType: 4
whenCreated: 20100701014148.0Z
whenChanged: 20130821001737.0Z
displayName: Firstname Lastname
uSNCreated: 73679
memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
memberOf:
CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
uSNChanged: 10019507
co: FRANCE
department: z - y - x
streetAddress: myaddress
name: Firstname Lastname
objectGUID:: l8cI/GO3KEOyA0E8neccKA==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 250
badPasswordTime: 130215493735596806
lastLogoff: 0
lastLogon: 130214762950697235
pwdLastSet: 130214610102266437
primaryGroupID: 513
objectSid:: AQUAAAUVEQz3vwuoUpdtKTGZJPEAAA==
accountExpires: 1302513840
logonCount: 197
sAMAccountName: mysuer
sAMAccountType: 805306368
userPrincipalName: mymail
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dSCorePropagationData: 20130524093118.0Z
dSCorePropagationData: 20130523093743.0Z
dSCorePropagationData: 1601010101.0Z
lastLogonTimestamp: 130214610103032919
uid: mysuer
mail: mymail



I'm quite confused with the RT configuration file and it's option, even
looking at the documentation I'm a litte bit lost, maybe the problem is
there.

Here is the RT_Config extract

# External Authentication Configuration
Set($ExternalAuthPriority,  [ 'My_LDAP']);
Set($ExternalInfoPriority,  [ 'My_LDAP']);
Set($ExternalSettings, {
  # AN EXAMPLE LDAP SERVICE
'My_LDAP'   =  {
'type'  =  'ldap',
'server'=  'myserver.mydomain.local',
'user'  =  'ldapaccount',
'pass'  =  'ldapaccountpassword',
'base'  =  'ou=FR,dc=mydomain,dc=local',
'filter'=
 '((ObjectCategory=User)(ObjectClass=Person))',
'd_filter'  =
 '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'group' =  'OU=Users 
Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
'group_attr'=  'member',
'tls'   =  0,
'ssl_version'   =  3,
'net_ldap_args' = [version =  3   ],
'group_scope'   =  'base',
'group_attr_value'  =  '*',
'attr_match_list'   = ['Name'],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
} );


Any other Idea ?


-- 
Regards

Maximilien

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-08-02 Thread Maximilien Drouet

Hi

You are right, i'm using RT::Authen::ExternalAuth.

It binds because i receive all aditional fields and even creates the user
with those .

The problem is really focused on authentication step and i can't understand
why :(

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-08-02 Thread Nathan Cutler

 It binds because i receive all aditional fields and even creates the user
 with those .

Yes, it binds, but anonymously. All the information fields are first
retrieved that way. Only then does the authentication phase start,
when it attempts to bind as the user with the password that the user
enters in the login window.

 The problem is really focused on authentication step and i can't understand
 why :(

Yes, so the question is (once again): can you bind *as the user* and
*with the user's password* from the command line?

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-31 Thread Maximilien Drouet

Hello,


To be more specific, when i remove the user, at next login RT creates again
the user with the right values ( i.e. Name, ZIP code, etc. ) but fails at
authentication step.


Here are the debug logs for that specific scenario.

[Wed Jul 31 09:54:41 2013] [debug]: Loading new user ( myUser ) into
current session
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:287)

[Wed Jul 31 09:54:41 2013] [debug]: Password validation required for
service - Executing...
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:304)

[Wed Jul 31 09:54:41 2013] [debug]: Trying external auth service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:153)




Regards

On Tue, Jul 30, 2013 at 3:23 PM, Maximilien Drouet mdro...@randco.frwrote:

 Hi,

 Unfortunately same problem with this filter :(

 Regarding the address I tried many times, even fresh install :(

 Same problem.





 On Mon, Jul 29, 2013 at 3:37 PM, Nathan Cutler presnyprek...@gmail.comwrote:

  Any other idea ?

 Yes. As Kevin indicated, I would start with your 'attr_match_list'. On
 your testing/development RT instance, try running it with just:

 'attr_match_list' = [ 'Name' ],

 and see if the user can log in. Tell us what happens.

 Also, judging from the Couldn't create user myuser : Email address in
 use error I would guess some other user has that email address. Try
 searching for users with that email address in RT and tell us what you
 find.

 Good luck.

 Nathan




 --
 Cordialement,

 Maximilien




-- 
Maximilien

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-31 Thread Nathan Cutler

 To be more specific, when i remove the user, at next login RT creates again
 the user with the right values ( i.e. Name, ZIP code, etc. ) but fails at
 authentication step.

IIRC you are using RT::Authen::ExternalAuth, right? That extension
authenticates by attempting to bind to the LDAP server with the
credentials entered by the user. But before it tries to bind, it first
looks up the user in LDAP anonymously. This is consistent with what
you are seeing. Here's what I see in my log when a known user attempts
to login and fails:

Jul 30 11:09:56 myserv RT: My_LDAP AUTH FAILED myuser (can't bind:
LDAP_INVALID_CREDENTIALS 49 )
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth/LDAP.pm:90)
Jul 30 11:09:56 myserv RT: FAILED LOGIN for myuser from 10.120.5.61
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Web.pm:753)

And this is the log when an unknown (to RT) user attempts to login and fails:
Jul 29 13:06:44 myserv RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: , Gecos: myuser, Name: myuser, Privileged:
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth.pm:665)
Jul 29 13:06:45 myserv RT: Autocreated external user myuser ( 988 )
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth.pm:254)
Jul 29 13:06:48 myserv RT: My_LDAP AUTH FAILED myuser (can't bind:
LDAP_INVALID_CREDENTIALS 49 )
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth/LDAP.pm:90)
Jul 29 13:06:48 myserv RT: FAILED LOGIN for myuser from 10.120.4.148
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Web.pm:753)

Note that it first creates the user in RT. Only then does it attempt to bind.

Now, in my case the bind fails because the user's credentials are
wrong. But this is not the only possible failure modality. There are
any number of reasons why bind might be failing.

Can you bind to the LDAP server using the 'ldapsearch' command? If you
can get bind to work that way, first, that would be a start. In my
case, the successful ldapsearch command looked something like this:

ldapsearch -LLL -H ldaps://login.example.com -x \
  -D cn=myuser,ou=users,dc=example,dc=com -W \
  -b ou=users,dc=example,dc=com uid=myuser

(Note that you have to know myuser's password -- and enter it
correctly -- for this to work.)

Hope this helps.

Nathan

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-30 Thread Maximilien Drouet

Hi,

Unfortunately same problem with this filter :(

Regarding the address I tried many times, even fresh install :(

Same problem.





On Mon, Jul 29, 2013 at 3:37 PM, Nathan Cutler presnyprek...@gmail.comwrote:

  Any other idea ?

 Yes. As Kevin indicated, I would start with your 'attr_match_list'. On
 your testing/development RT instance, try running it with just:

 'attr_match_list' = [ 'Name' ],

 and see if the user can log in. Tell us what happens.

 Also, judging from the Couldn't create user myuser : Email address in
 use error I would guess some other user has that email address. Try
 searching for users with that email address in RT and tell us what you
 find.

 Good luck.

 Nathan




-- 
Cordialement,

Maximilien DROUET
Consultant Systèmes  Réseaux
RANDCO, Cabinet de conseil en Réseau, Sécurité  Systèmes
19 Rue Pierre LESCOT
75001 Paris
Mob. 06.30.91.70.09
Fax. 01.72.74.44.01
http://www.randco.fr

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-29 Thread Maximilien Drouet

Hi,


Yes the user is found and data retrieved correctly (i.e address, zip, etc.
) .


Any other idea ?




On Tue, Jul 23, 2013 at 11:19 AM, Maximilien Drouet mdro...@randco.frwrote:

 Hi,


 Let me try, i never used ldapsearch before so i need to check the syntax.


 On Tue, Jul 23, 2013 at 11:04 AM, Craig Ringer cr...@2ndquadrant.comwrote:

 On 07/04/2013 11:00 PM, Maximilien Drouet wrote:
  (((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser ))

 If you execute this LDAP search directly against your directory with the
 same base dn as given in the logs, does it find the user?

 --
  Craig Ringer   http://www.2ndQuadrant.com/
  PostgreSQL Development, 24x7 Support, Training  Services



-- 
Cordialement,

Maximilien DROUET

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-23 Thread Maximilien Drouet

Hello,


Anyone with an idea ?
I've tried many times without any success.



Thanks for your help.


On Fri, Jul 5, 2013 at 4:18 PM, Maximilien Drouet mdro...@randco.fr wrote:

 Hi,


 Both AD  RT have a user matching email  Username.

 Regarding RealName, yes I read about it but in my case, real names are
 NEVER the same they use Kevin FALCONE, KEVIN A FALCONE, KEVIN B FALCONE,
 and so on. But yes you're right about what's documented.


 On Fri, Jul 5, 2013 at 4:14 PM, Kevin Falcone 
 falc...@bestpractical.comwrote:

 On Thu, Jul 04, 2013 at 05:00:23PM +0200, Maximilien Drouet wrote:
 As you can see in the log output I successfully find the user BUT I
 have an error Couldn't
 create user myuser   which I don't understand because YES user
 exists but I just want to
 authenticate not recreate a user.

 Does the user exist with a matching Email Address AND username? Or is
 the username different.

 Also, as documented, you probably shouldn't be using RealName here:

 50  'attr_match_list' = [
 51  'Name',
 52  'EmailAddress',
 53  'RealName',
 54 ],

 It means you can't have two users named Kevin Falcone in your RT.

 -kevin




 --
 Max




-- 
Cordialement,

Maximilien DROUET
Consultant Systèmes  Réseaux
RANDCO, Cabinet de conseil en Réseau, Sécurité  Systèmes
19 Rue Pierre LESCOT
75001 Paris
Mob. 06.30.91.70.09
Fax. 01.72.74.44.01
http://www.randco.fr

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-23 Thread Maximilien Drouet

Hi,


Let me try, i never used ldapsearch before so i need to check the syntax.


On Tue, Jul 23, 2013 at 11:04 AM, Craig Ringer cr...@2ndquadrant.comwrote:

 On 07/04/2013 11:00 PM, Maximilien Drouet wrote:
  (((ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser ))

 If you execute this LDAP search directly against your directory with the
 same base dn as given in the logs, does it find the user?

 --
  Craig Ringer   http://www.2ndQuadrant.com/
  PostgreSQL Development, 24x7 Support, Training  Services




-- 
Cordialement,

Maximilien DROUET
Consultant Systèmes  Réseaux
RANDCO, Cabinet de conseil en Réseau, Sécurité  Systèmes
19 Rue Pierre LESCOT
75001 Paris
Mob. 06.30.91.70.09
Fax. 01.72.74.44.01
http://www.randco.fr

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-05 Thread Kevin Falcone

On Thu, Jul 04, 2013 at 05:00:23PM +0200, Maximilien Drouet wrote:
As you can see in the log output I successfully find the user BUT I have 
 an error Couldn't
create user myuser   which I don't understand because YES user exists but 
 I just want to
authenticate not recreate a user.

Does the user exist with a matching Email Address AND username? Or is
the username different.

Also, as documented, you probably shouldn't be using RealName here:

50  'attr_match_list' = [
51  'Name',
52  'EmailAddress',
53  'RealName',
54 ],

It means you can't have two users named Kevin Falcone in your RT.

-kevin


pgpHLwswIkEXa.pgp
Description: PGP signature

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

2013-07-05 Thread Maximilien Drouet

Hi,


Both AD  RT have a user matching email  Username.

Regarding RealName, yes I read about it but in my case, real names are
NEVER the same they use Kevin FALCONE, KEVIN A FALCONE, KEVIN B FALCONE,
and so on. But yes you're right about what's documented.


On Fri, Jul 5, 2013 at 4:14 PM, Kevin Falcone falc...@bestpractical.comwrote:

 On Thu, Jul 04, 2013 at 05:00:23PM +0200, Maximilien Drouet wrote:
 As you can see in the log output I successfully find the user BUT I
 have an error Couldn't
 create user myuser   which I don't understand because YES user
 exists but I just want to
 authenticate not recreate a user.

 Does the user exist with a matching Email Address AND username? Or is
 the username different.

 Also, as documented, you probably shouldn't be using RealName here:

 50  'attr_match_list' = [
 51  'Name',
 52  'EmailAddress',
 53  'RealName',
 54 ],

 It means you can't have two users named Kevin Falcone in your RT.

 -kevin




-- 
Max

Re: [rt-users] RT::Authen::ExternalAuth extension loading issue

2013-05-09 Thread Alex Vandiver

On Thu, 2013-05-09 at 11:51 +1200, Chris Foster wrote:
 Error while loading /opt/rt4/sbin/rt-server: Attempt to reload
 RT/Authen/ExternalAuth.pm aborted. \nCompilation failed in require
 at /opt/rt4/sbin…/lib/RT.pm line 730.

Please show the complete error.  There should be an error message above
that.

I suspect that you don't have all of the dependencies for
RT::Authen::ExternalAuth installed.
 - Alex




-- 
RT Training in Seattle, June 19-20: http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth extension loading issue

2013-05-09 Thread Chris Foster

Hi Alex,

Thanks for your response.  I have further looked and yes there does appear to 
be a couple more of lines of errors before this line, they are:

[warning]: Subroutine handle_startup_error redefined at /opt/rt4/sbin rt-server 
line 240. (/opt/rt4/sbin/rt-server:240)
[warning]: Subroutine handle_bind_error redefined at /opt/rt4/sbin/rt-server 
line 252. (/opt/rt4/sbin/rt-server:252)

Hope this helps.  Looking forward in being pointed in the right direction to 
resolve this issue.

Regards,
Chris.

-Original Message-
From: Alex Vandiver [mailto:ale...@bestpractical.com] 
Sent: Friday, 10 May 2013 7:27 a.m.
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT::Authen::ExternalAuth extension loading issue

On Thu, 2013-05-09 at 11:51 +1200, Chris Foster wrote:
 Error while loading /opt/rt4/sbin/rt-server: Attempt to reload 
 RT/Authen/ExternalAuth.pm aborted. \nCompilation failed in require at 
 /opt/rt4/sbin…/lib/RT.pm line 730.

Please show the complete error.  There should be an error message above that.

I suspect that you don't have all of the dependencies for 
RT::Authen::ExternalAuth installed.
 - Alex




Have you visited Bartercard Maps yet? www.bartercardmaps.co.nz
Find us on Facebook www.facebook.com/BartercardNewZealand

*
From time to time Bartercard may promote goods and services on behalf of 
members, however Bartercard acts as a third party record keeper and 
transactions are conducted between members. Bartercard is not a party to these 
transactions. Any advice or representations made should not be relied upon, and 
independent advice should be sought. Please refer to the full rules of the 
Trading Program which are available on request.
This e-mail, including attachments, may be confidential and/or privileged. Only 
the intended recipient may access or use it. Any dissemination, distribution or 
copying of this e-mail is strictly prohibited. If you are not the intended 
recipient please notify us immediately by return e-mail and then erase the 
e-mail. Any confidentiality or privilege is not waived or lost if you have 
received this e-mail in error.
*


-- 
RT Training in Seattle, June 19-20: http://bestpractical.com/training

Re: [rt-users] RT::Authen::ExternalAuth extension loading issue

2013-05-09 Thread Asif Iqbal

On Thu, May 9, 2013 at 10:44 PM, Chris Foster chris.fos...@bartercard.co.nz
 wrote:

 Hi Alex,

 Thanks for your response.  I have further looked and yes there does appear
 to be a couple more of lines of errors before this line, they are:

 [warning]: Subroutine handle_startup_error redefined at /opt/rt4/sbin
 rt-server line 240. (/opt/rt4/sbin/rt-server:240)
 [warning]: Subroutine handle_bind_error redefined at
 /opt/rt4/sbin/rt-server line 252. (/opt/rt4/sbin/rt-server:252)

 Hope this helps.  Looking forward in being pointed in the right direction
 to resolve this issue.



$ cd  /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib
$ perl -MRT::Authen::ExternalAuth -e 1
$ (should have no output if all dependency is working)

-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?


-- 
RT Training in Seattle, June 19-20: http://bestpractical.com/training

Re: [rt-users] RT-Authen-ExternalAuth - how to confirm that ssl ldap bind is used?

2012-10-16 Thread Darin Perusich

On Tue, Oct 16, 2012 at 6:46 AM, Marko Cupać marko.cu...@gmail.com wrote:
 I have been using rt4 for some time now in plain protocols (site is on
 http, fetchmail is plain pop3, external auth is done from ldap without
 ssl). Now, I am increasing security by switching to encrypted
 protocols.

 Switching apache to https was easy thing to do, and I spent a few hours
 with fetchmail and certificates but it also works now.

 RT::Extension::LDAPimport just worked when switching ldaphost to
 ldaps:

 Set($LDAPHost,'ldaps://ldap.company.tld');

 Also, after setting
 Set($ExternalAuthPriority,['My_LDAP']);
 Set($ExternalInfoPriority,['My_LDAP']);
 Set($ExternalServiceUsesSSLorTLS,1);
 Set($ExternalSettings,{
 'My_LDAP'   =  {
 ...
 'tls' =  1,
 'ssl_version' =  3,
 ...
  }
 }

 ... i can still authenticate.

 I can not believe this can be so simple :) Is there a way to check that
 ssl is really used?


Check your ldap servers logs or run wireshark/tcpdump from the RT
server and inspect the traffic.


Final RT training for 2012 in Atlanta, GA - October 23  24
  http://bestpractical.com/training

We're hiring! http://bestpractical.com/jobs

Re: [rt-users] RT-Authen-ExternalAuth - how to confirm that ssl ldap bind is used?

2012-10-16 Thread Jonathan Mills

You know, I looked into the same thing.  What I found was that it was 
*not* so easy to use RT-Authen-ExternlAuth -- that is, if your LDAP 
server is secure enough.  My LDAP server requires a certificate to build 
an SSL or STARTTLS connection, as part of our baseline security. 
RT-Authen-ExternalAuth, by default, does not support a method to pass 
the path to a certificate, and the reqcert setting, to the underlying 
perl-Net-LDAP library (even though this library supports all that stuff).


I had to apply this patch to RT-Authen-ExternalAuth

http://old.nabble.com/attachment/23889671/0/RT-Authen-ExternalAuth-19912-start_tls-options.patch

Patch applies perfectly.  Afterwards, I did something like this in my 
config (note the tls_args segment):


Set($ExternalSettings,  {
'LDAP'  = {
'type' = 'ldap',
'auth' = 1,
'info' = 1,
'server' = 'ldap.example.com',
'base' = 'dc=example,dc=com',
'filter' = '(objectClass=posixAccount)',
'tls' =  1,
# What other args should I pass to net::LDAP-new($host,@args)?
'net_ldap_args' = [
version = 3,
port = 389,
debug = 8,
],
# Special argument for start_tls (see perldoc com::LDAP for details)
'tls_args' = [
'verify' = 'require',
'cafile' = '/etc/openldap/cacerts/example_ca.pem',
],
# This MUST be a full DN
'group' =  'cn=admins,ou=PosixGroups,dc=example,dc=com',
'group_attr' =  'memberUid',
'group_attr_value' = 'uid',
'attr_match_list' = [
'Name',
'EmailAddress',
'RealName',
'Gecos',
],
'attr_map' =  {
'Name' = 'uid',
'EmailAddress' = 'mail',
'RealName' = 'cn',
'Gecos' = 'cn',
} # end NAME
}, # end LDAP
}, # end $ExternalSettings
); # end Set


(Server is OpenLDAP 2.4.x using rfc2307 style posixAccount and 
posixGroup objectclasses)


--
Jonathan Mills
Systems Administrator
Renaissance Computing Institute
UNC-Chapel Hill

On 10/16/2012 08:19 AM, Darin Perusich wrote:

On Tue, Oct 16, 2012 at 6:46 AM, Marko Cupać marko.cu...@gmail.com wrote:

I have been using rt4 for some time now in plain protocols (site is on
http, fetchmail is plain pop3, external auth is done from ldap without
ssl). Now, I am increasing security by switching to encrypted
protocols.

Switching apache to https was easy thing to do, and I spent a few hours
with fetchmail and certificates but it also works now.

RT::Extension::LDAPimport just worked when switching ldaphost to
ldaps:

Set($LDAPHost,'ldaps://ldap.company.tld');

Also, after setting
Set($ExternalAuthPriority,['My_LDAP']);
Set($ExternalInfoPriority,['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,1);
Set($ExternalSettings,{
 'My_LDAP'   =  {
 ...
 'tls' =  1,
 'ssl_version' =  3,
 ...
  }
}

... i can still authenticate.

I can not believe this can be so simple :) Is there a way to check that
ssl is really used?



Check your ldap servers logs or run wireshark/tcpdump from the RT
server and inspect the traffic.


Final RT training for 2012 in Atlanta, GA - October 23  24
   http://bestpractical.com/training

We're hiring! http://bestpractical.com/jobs




Final RT training for 2012 in Atlanta, GA - October 23  24
 http://bestpractical.com/training

We're hiring! http://bestpractical.com/jobs

Re: [rt-users] RT::Authen::ExternalAuth with AD...

2012-04-21 Thread Glenn Sieb

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 4/20/12 2:52 AM, Joop wrote:
 Glenn Sieb wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
 
 On 4/19/12 9:23 PM, Jeff Blaine wrote:
 
 Share the solution?
 
 
 In the LDAP definition of RT_SiteConfig, where you set up the
 user to query as, and such, the ldap user login wasn't working
 until we added the @domain.ou bit to the end of it.
 
 So if the AD domain is dc=intranet,dc=local, the user had to be 
 user@intranet.local then it started working.
 
 I'm also using AD and I don't have to add the @domain.local to my
 login. I had a look at your RT_SiteConfig but didn't see the
 obvious. Will check later to see what difference there is between
 my and yours.

Unsure--the one I posted to pastebin was the one that wasn't working.

I'm just happy it's working :) I'm also happy we were able to demo
this to the company on Friday afternoon, and it was a big hit.

Now to figure out Approvals.. :)

Best,
- --Glenn

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+S1vMACgkQf5MxTDXTimEI3wCeLaCWQ3b7fAtxyMIthvc0ATk+
ejYAn2TBnBhn6DVS4hibyhfRq1NEbdpI
=AMs6
-END PGP SIGNATURE-

Re: [rt-users] RT::Authen::ExternalAuth with AD...

2012-04-20 Thread Joop


Glenn Sieb wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 4/19/12 9:23 PM, Jeff Blaine wrote:
  

Share the solution?



In the LDAP definition of RT_SiteConfig, where you set up the user to
query as, and such, the ldap user login wasn't working until we added
the @domain.ou bit to the end of it.

So if the AD domain is dc=intranet,dc=local, the user had to be
user@intranet.local then it started working.
  
I'm also using AD and I don't have to add the @domain.local to my login. 
I had a look at your RT_SiteConfig but didn't see the obvious. Will 
check later to see what difference there is between my and yours.


Joop

Re: [rt-users] RT::Authen::ExternalAuth with AD...

2012-04-19 Thread Glenn Sieb

Thanks to jibsheet  Paul in the IRC channel for their help!

Best,
--Glenn

Re: [rt-users] RT::Authen::ExternalAuth with AD...

2012-04-19 Thread Jeff Blaine


Share the solution?

On 4/19/2012 6:46 PM, Glenn Sieb wrote:

Thanks to jibsheet  Paul in the IRC channel for their help!

Best,
--Glenn

Re: [rt-users] RT::Authen::ExternalAuth with AD...

2012-04-19 Thread Glenn Sieb

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 4/19/12 9:23 PM, Jeff Blaine wrote:
 Share the solution?

In the LDAP definition of RT_SiteConfig, where you set up the user to
query as, and such, the ldap user login wasn't working until we added
the @domain.ou bit to the end of it.

So if the AD domain is dc=intranet,dc=local, the user had to be
user@intranet.local then it started working.

And there was much rejoicing in the office when it did.. :-)

Best,
- --Glenn
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+Q0JgACgkQf5MxTDXTimGssQCfbvzngA/izrXfwr9JWO6Yo8Xz
Nv4An3umOoIb/OQ/hIzpvEECAx6j271q
=EEfV
-END PGP SIGNATURE-

Re: [rt-users] RT-Authen-ExternalAuth usage questions

2012-03-26 Thread Steve Huston

I hate to be that guy (top posting, reposting.. how many more taboos
can I break!)  However, I'm hoping a Monday-morning post will get better
attention than a Thursday evening one.

Anyone have ideas on the below?  Thanks!

On 3/22/12 4:10 PM, Steve Huston wrote:
 I'm in the process of setting up a new RT instance which is going to be
 used differently than the one I've been running for many years now.
 Previously I only cared about the web interface for administrators, but
 now it's desired to have web access for all users.
 
 We use a CAS-enabled virtualhost (so RT uses the REMOTE_USER varaible
 with external authentication).  This means a user logging in will have a
 username such as 'huston'.  However if they send an email, it would be
 'hus...@princeton.edu', so there's the possibility of having two users
 created. OK, I need something that populates fields from LDAP.  I found
 a few ways to do this, but it looks like the not outdated method is
 the aforementioned extension.  I've downloaded it and am looking through
 things, but I have some questions for people more intimately in tune
 with the code:
 
 1) Can I run this extension and continue to use the Apache-based
 authentication, relying on ExternalAuth just for the LDAP glue?
 
 2) Did I see right that any time a user logs in, this extension will
 poll LDAP to see if their information matches what's in the RT user
 database and updates accordingly?
 
 3) Will the extension care if a user doesn't exist?  We may have people
 sending in emails that do not have an account in the LDAP server, and
 this should be allowed - we will want an account autocreated just as it
 is currently.
 
 4) Will the extension poll LDAP on an incoming email, properly creating
 the user account if it doesn't exist with the right UID returned from
 the lookup?  Or does this only work when logging in through the web
 interface?
 
 5) If a user is created as a watcher - say someone in the web
 interface adds an email address as a CC to a ticket - will ExternalAuth
 be hooked to look up that user's information in LDAP and populate the
 uid  realname fields?
 
 Thanks!
 


-- 
Steve Huston - W2SRH - Unix Sysadmin, Astrophysical Sci  CSES/PICSciE
  Princeton University  |ICBM Address: 40.346525   -74.651285
206 Peyton Hall |On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852  | headlong into mystery.  -Rush, 'Cygnus X-1'

Re: [rt-users] RT-Authen-ExternalAuth plugin causes 'Can't locate Apache.pm in @INC' issue

2012-02-02 Thread Srikumar Nair

Thanks Bart.

User interface is not affected. Only Php/Perl code execution.


On Feb 1, 2012, at 11:32 PM, Bart b...@pleh.infomailto:b...@pleh.info 
wrote:

Are you only getting the errors when executing the custom PHP/Perl code? Or 
does this also affect RT's user interface/functionality?

-- Bart


Op 2 februari 2012 02:33 schreef Srikumar Nair 
srikum...@fb.commailto:srikum...@fb.com het volgende:


We have a RT 4.0.4 installation running on Apache.
We have some front end PHP code that calls Perl scripts which use Perl RT APIs 
for RT interactions.

Recently we installed the RT-Authen-ExternalAuth plugin (version 0.09) to RT.
This creates the the following error when ever the php tries to invoke the perl 
scripts.
But if I remove the plugin from the RT_SiteConfig.pm file everything works fine 
again.

Has anyone see this issue?


Can't locate Apache.pm in @INC (@INC contains: /opt/rt4/local/lib 
/opt/rt4/local/plugins/RT-Site-Facebook-TicketPageMenu/lib 
/opt/rt4/local/plugins/RT-Site-Facebook-SetQueue/lib 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib 
/opt/rt4/local/plugins/RT-Extension-ArticleTemplates/lib /opt/rt4/lib 
/opt/rt4/share/html/fb/perl 
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi 
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl 
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl 
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at 
/usr/lib/perl5/5.8.8/CGI/Cookie.pm line 38, DATA line 558.
Compilation failed in require at 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
 line 3, DATA line 558.
BEGIN failed--compilation aborted at 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
 line 3, DATA line 558.
Compilation failed in require at 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm 
line 4, DATA line 558.
BEGIN failed--compilation aborted at 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm 
line 4, DATA line 558.
Compilation failed in require at 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 
line 27, DATA line 558.
BEGIN failed--compilation aborted at 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 
line 27, DATA line 558.

Thanks a bunch.




RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] RT-Authen-ExternalAuth plugin causes 'Can't locate Apache.pm in @INC' issue

2012-02-01 Thread Bart

Are you only getting the errors when executing the custom PHP/Perl code? Or
does this also affect RT's user interface/functionality?

-- Bart


Op 2 februari 2012 02:33 schreef Srikumar Nair srikum...@fb.com het
volgende:



   We have a RT 4.0.4 installation running on Apache.
 We have some front end PHP code that calls Perl scripts which use Perl RT
 APIs for RT interactions.

  Recently we installed the RT-Authen-ExternalAuth plugin (version 0.09)
 to RT.
 This creates the the following error when ever the php tries to invoke the
 perl scripts.
 But if I remove the plugin from the RT_SiteConfig.pm file everything works
 fine again.

  Has anyone see this issue?


  Can't locate Apache.pm in @INC (@INC contains: /opt/rt4/local/lib
 /opt/rt4/local/plugins/RT-Site-Facebook-TicketPageMenu/lib
 /opt/rt4/local/plugins/RT-Site-Facebook-SetQueue/lib
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib
 /opt/rt4/local/plugins/RT-Extension-ArticleTemplates/lib /opt/rt4/lib
 /opt/rt4/share/html/fb/perl
 /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
 /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
 /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
 /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl
 /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at
 /usr/lib/perl5/5.8.8/CGI/Cookie.pm line 38, DATA line 558.
 Compilation failed in require at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
 line 3, DATA line 558.
 BEGIN failed--compilation aborted at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
 line 3, DATA line 558.
 Compilation failed in require at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
 line 4, DATA line 558.
 BEGIN failed--compilation aborted at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm
 line 4, DATA line 558.
 Compilation failed in require at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
 line 27, DATA line 558.
 BEGIN failed--compilation aborted at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
 line 27, DATA line 558.

  Thanks a bunch.



 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston — March 5  6, 2012


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] RT::Authen::ExternalAuth cannot find LDAP users if they haven't logged in at least once.

2012-01-30 Thread Bart

Hi,

Not sure if that's possible with ExternalAuth, it automatically creates a
user during login but doesn't sync the LDAP. (at least, like you I can't
find an option for it)

You'll probably need to run something separate from ExternalAuth to import
those users, this plugin might help with that:

   -
   
http://search.cpan.org/~falcone/RT-Extension-LDAPImport-0.31/lib/RT/Extension/LDAPImport.pm



-- Bart


Op 30 januari 2012 02:16 schreef Camron W. Fox cw...@us.fujitsu.com het
volgende:

 Alle,

So we've installed RT::Authen::ExternalAuth, but when we try to
 search
 for users to create groups and such, if the user hasn't logged in to RT
 at least once, they cannot be found. Here is the LDAP excerpt from
 RT_SiteConfig.PM:

 Set(@Plugins, (qw(RT::Authen::ExternalAuth)));
 Set($ExternalAuthPriority,  [   'My_LDAP'
]
 );
 Set($ExternalInfoPriority,  [   'My_LDAP'
]
 );
 Set($ExternalAuthPriority,['My_LDAP']);
 Set($ExternalSettings,  {
 Set($ExternalSettings,  {
'My_LDAP'   =  {
'type'  =  'ldap',
'server'=  'admin.subaru.nao.ac.jp',
'user'  =  'cn=Manager,dc=subaru,dc=nao,dc=ac,dc=jp',
'pass'  =  'X',
'base'  =  'ou=people,dc=subaru,dc=nao,dc=ac,dc=jp',
'filter'=  '(objectClass=person)',
'd_filter'  =  '(employeeType=locked)',
'tls'   =  0,
'ssl_version'   =  3,
'net_ldap_args' =  [version =  3   ],
# 'group'   =  'GROUP_NAME',
# 'group_attr'  =  'GROUP_ATTR',
'attr_match_list'   =  [   'Name',
'EmailAddress'
],
'attr_map'  =  {   'Name'  =  'uid',
'EmailAddress'  =  'mail',
# 'Organization' =
 'physicalDeliveryOfficeName',
'RealName'  =  'cn',
'ExternalAuthId'= 'uid',
'Gecos' = 'gecos'
# 'WorkPhone' = 'telephoneNumber',
# 'Address1' = 'streetAddress',
# 'City' = 'l',
# 'State' = 'st',
# 'Zip' = 'postalCode',

# 'Country' = 'co'
}
}
 );

We've obviously missed something here, but we've spent the last
 couple
 days searching the docs/wiki/web and playing with RT_SiteConfig.pm but
 with no luck.

 Best Regards,
 Camron

 --
 Camron W. Fox
 Hilo Office
 High Performance Computing Group
 Fujitsu Management Services of America, Inc.
 E-mail: cw...@us.fujitsu.com

 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston  March 5  6, 2012


RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] RT::Authen::ExternalAuth cannot find LDAP users if they haven't logged in at least once.

2012-01-30 Thread Jim Lesinski

I have the ldap import plugin running and it does import new users and update 
existing information based on the options you set in config. You must set up a 
cron job for this.

Thanks,
Jim Lesinski


On Jan 30, 2012, at 11:24 AM, Bart b...@pleh.info wrote:

 Hi,
 
 Not sure if that's possible with ExternalAuth, it automatically creates a 
 user during login but doesn't sync the LDAP. (at least, like you I can't find 
 an option for it)
 
 You'll probably need to run something separate from ExternalAuth to import 
 those users, this plugin might help with that:
 http://search.cpan.org/~falcone/RT-Extension-LDAPImport-0.31/lib/RT/Extension/LDAPImport.pm
 
 
 -- Bart
 
 
 Op 30 januari 2012 02:16 schreef Camron W. Fox cw...@us.fujitsu.com het 
 volgende:
 Alle,
 
So we've installed RT::Authen::ExternalAuth, but when we try to search
 for users to create groups and such, if the user hasn't logged in to RT
 at least once, they cannot be found. Here is the LDAP excerpt from
 RT_SiteConfig.PM:
 
 Set(@Plugins, (qw(RT::Authen::ExternalAuth)));
 Set($ExternalAuthPriority,  [   'My_LDAP'
]
 );
 Set($ExternalInfoPriority,  [   'My_LDAP'
]
 );
 Set($ExternalAuthPriority,['My_LDAP']);
 Set($ExternalSettings,  {
 Set($ExternalSettings,  {
'My_LDAP'   =  {
'type'  =  'ldap',
'server'=  'admin.subaru.nao.ac.jp',
'user'  =  'cn=Manager,dc=subaru,dc=nao,dc=ac,dc=jp',
'pass'  =  'X',
'base'  =  'ou=people,dc=subaru,dc=nao,dc=ac,dc=jp',
'filter'=  '(objectClass=person)',
'd_filter'  =  '(employeeType=locked)',
'tls'   =  0,
'ssl_version'   =  3,
'net_ldap_args' =  [version =  3   ],
# 'group'   =  'GROUP_NAME',
# 'group_attr'  =  'GROUP_ATTR',
'attr_match_list'   =  [   'Name',
'EmailAddress'
],
'attr_map'  =  {   'Name'  =  'uid',
'EmailAddress'  =  'mail',
# 'Organization' =
 'physicalDeliveryOfficeName',
'RealName'  =  'cn',
'ExternalAuthId'= 'uid',
'Gecos' = 'gecos'
# 'WorkPhone' = 'telephoneNumber',
# 'Address1' = 'streetAddress',
# 'City' = 'l',
# 'State' = 'st',
# 'Zip' = 'postalCode',
 
# 'Country' = 'co'
}
}
 );
 
We've obviously missed something here, but we've spent the last couple
 days searching the docs/wiki/web and playing with RT_SiteConfig.pm but
 with no luck.
 
 Best Regards,
 Camron
 
 --
 Camron W. Fox
 Hilo Office
 High Performance Computing Group
 Fujitsu Management Services of America, Inc.
 E-mail: cw...@us.fujitsu.com
 
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston  March 5  6, 2012
 
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 * Boston � March 5  6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] RT-Authen-ExternalAuth-0.09 a bit too eager?

2011-12-16 Thread Iulian Dragan

Thank you Kevin, I got rid of those parameters and everything is now fine.

Best regards,
Iulian 
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] RT-Authen-ExternalAuth-0.09 a bit too eager?

2011-12-15 Thread Kevin Falcone

On Thu, Dec 15, 2011 at 06:18:04AM -0800, Iulian Dragan wrote:
Hello,
I am upgrading from 3.8.7 (apache2 + mod_perl) to 4.0.4 (apache2 + 
 mod_fastcgi) and I notice a
strange behaviour of RT-Authen-ExternalAuth -0.09.
The authentication works fine, however, the login page gets redirected 
 straight away here:
http://rt.address.com/NoAuth/Login.html?next=xxresults=xxx
With the error message: You are not an authorized user.
That is, this is what I see instead of the normal login page.
This is what the log says:
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth 
 service: AD

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. 
 Nexting

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. 
 Response: (0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth 
 service: AD

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. 
 Nexting

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. 
 Response: (0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
Is this to be expected? Or am I missing something? Because in the old 
 version there was no
redirection and no error messages.

RT4 redirects on login attempt (to the login form) and those are the
debug messages you get with RT-Authen-ExternalAuth.

Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1');
Set($WebExternalAuto , '1');

I'm not sure why you have those set since you aren't doing any Apache
authentication.

The message you quote only comes about if you have 
WebExteralAuth turned on and either have WebExternalOnly set or have
WebExternalFallbackToInternalAuth set and have a session that's
invalid.


Try turning off the options you're not using

-kevin

Set($ExternalAuthPriority,  [   'AD'   ]);
Set($ExternalInfoPriority,  [   'AD'   ]);
Set($AutoCreateNonExternalUsers,1);
Set($ExternalSettings,  { 'AD'   =  {
'type'  =  'ldap',
...
}
});


pgpLzbtAoHGOk.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston  March 5  6, 2012

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-17 Thread Ruslan Zakirov

On Thu, Nov 17, 2011 at 1:49 PM, Adrian Stel adisa...@gmail.com wrote:
 Hi Ruslan,

 If I understand well:

 1) apply patch - easy to do (just add line to
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm)

 2) Here I have some question because I'm not sure how set 'p_enc_pkg'
 and 'p_enc_sub'

These are not required when p_check is set. p_check is a code inlined
right into config that does whole job of checking password user
entered against the hash.

 I need add this check to RT_SiteConfig.pm: ??

Yes.

 p_check = sub {
   my ($hash, $pass) = @_;
   use Authen::Passphrase;
   return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
 },


 then RT_SiteConfig.pm looks like:


 # The Perl package  subroutine used to encrypt passwords
 # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD
 # function, then you will need Crypt::MySQL::password, but for the
 # MySQL4+ password function you will need Crypt::MySQL::password41
 # Alternatively, you could use Digest::MD5::md5_hex or any other
 # encryption subroutine you can load in your perl installation
 'p_enc_pkg'                 =  'Authen::Passphrase',   (???)
 'p_enc_sub'                 =  '$P$',     ()
 p_check = sub {
  my ($hash, $pass) = @_;
  use Authen::Passphrase;
  return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
 },
 #'p_enc_pkg'                 =  'Crypt::MySQL',
 #'p_enc_sub'                 =  'password41',
 # If your p_enc_sub takes a salt as a second parameter,
 # uncomment this line to add your salt
 #'p_salt'                    =  'SALT',


 If i mix/miss something please correct me.

Leave p_check and options that control how to find user in the DB,
drop p_salt and p_enc_* options.

 Best Regards
 Adrian

-- 
Best regards, Ruslan.

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-17 Thread Adrian Stel

Hi Ruslan,


I comment in RT_SiteConfig.pm:

#p_enc_pkg =
#p_enc_sub =

and put:

p_check = sub {
  my ($hash, $pass) = @_;
  use Authen::Passphrase;
  return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
},



In log I can see:

p_check for My_MySQL failed: unrecognised crypt scheme $H$ at
/opt/rt4/etc/RT_SiteConfig.pm line 154


This is the line:

154   return Authen::Passphrase-from_crypt($hash || '*')-match($pass);


I'm not sure if I put this p_check i right place, or I miss some '' ?


Normal we have:
''p_enc_pkg' =  'Authen::Passphrase','

Should I live this p_check like this:

   151  p_check = sub {
   152   my
($hash, $pass) = @_;
   153   use
Authen::Passphrase;
   154
return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
   155  },
   156


I can send you whole  Set($ExternalSettings,) if it will  help find issues.

Best
Adrian

2011/11/17 Ruslan Zakirov r...@bestpractical.com:
 On Thu, Nov 17, 2011 at 1:49 PM, Adrian Stel adisa...@gmail.com wrote:
 Hi Ruslan,

 If I understand well:

 1) apply patch - easy to do (just add line to
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm)

 2) Here I have some question because I'm not sure how set 'p_enc_pkg'
 and 'p_enc_sub'

 These are not required when p_check is set. p_check is a code inlined
 right into config that does whole job of checking password user
 entered against the hash.

 I need add this check to RT_SiteConfig.pm: ??

 Yes.

 p_check = sub {
   my ($hash, $pass) = @_;
   use Authen::Passphrase;
   return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
 },


 then RT_SiteConfig.pm looks like:


 # The Perl package  subroutine used to encrypt passwords
 # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD
 # function, then you will need Crypt::MySQL::password, but for the
 # MySQL4+ password function you will need Crypt::MySQL::password41
 # Alternatively, you could use Digest::MD5::md5_hex or any other
 # encryption subroutine you can load in your perl installation
 'p_enc_pkg'                 =  'Authen::Passphrase',   (???)
 'p_enc_sub'                 =  '$P$',     ()
 p_check = sub {
  my ($hash, $pass) = @_;
  use Authen::Passphrase;
  return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
 },
 #'p_enc_pkg'                 =  'Crypt::MySQL',
 #'p_enc_sub'                 =  'password41',
 # If your p_enc_sub takes a salt as a second parameter,
 # uncomment this line to add your salt
 #'p_salt'                    =  'SALT',


 If i mix/miss something please correct me.

 Leave p_check and options that control how to find user in the DB,
 drop p_salt and p_enc_* options.

 Best Regards
 Adrian

 --
 Best regards, Ruslan.




-- 
Pozdrawiam
Adrian Stelmaszyk

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-17 Thread Ruslan Zakirov

On Thu, Nov 17, 2011 at 3:30 PM, Adrian Stel adisa...@gmail.com wrote:
 Hi Ruslan,


[snip]


 In log I can see:

 p_check for My_MySQL failed: unrecognised crypt scheme $H$ at
 /opt/rt4/etc/RT_SiteConfig.pm line 154

Looks like it works.

 This is the line:

 154   return Authen::Passphrase-from_crypt($hash || '*')-match($pass);


 I'm not sure if I put this p_check i right place, or I miss some '' ?

Everything in its right place. However, according to
http://www.openwall.com/phpass/ smart people in phpBB3 team changed
$P$ to $H$ without changing meaning, so you need to oversmart them.
Put the following line right before line 154 (return Authen...):

$hash =~ s/^\$H\$/$P$/;

That will replace $H$ in the beginning with $P$ and Authen::Passphrase
should find proper module.

-- 
Best regards, Ruslan.

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-16 Thread Adrian Stel

Hi,


DBI.pm
 this is the place with p_enc_sub:


sub GetAuth {

my ($service, $username, $password) = @_;

my $config = $RT::ExternalSettings-{$service};
$RT::Logger-debug( Trying external auth service:,$service);

my $db_table= $config-{'table'};
my $db_u_field  = $config-{'u_field'};
my $db_p_field  = $config-{'p_field'};
my $db_p_enc_pkg= $config-{'p_enc_pkg'};
my $db_p_enc_sub= $config-{'p_enc_sub'};
my $db_p_salt   = $config-{'p_salt'};



Place where the password is submitted to that method as a string parameter.

In my opinion could be here:

  # Get the user's password from the database query result
my $pass_from_db = $results_hashref-{$username}-{$db_p_field};

# This is the encryption package  subroutine passed in by the config file
$RT::Logger-debug( Encryption Package:,
$db_p_enc_pkg);
$RT::Logger-debug( Encryption Subroutine:,
$db_p_enc_sub);

# Use config info to auto-load the perl package needed for
password encryption
# I know it uses a string eval - but I don't think there's a
better way to do this
# Jump to next external authentication service on failure
eval require $db_p_enc_pkg or
$RT::Logger-error(AUTH FAILED, Couldn't Load Password
Encryption Package. Error: $@)  return 0;

my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub);
if (defined($encrypt)) {
# If the package given can perform the subroutine given, then
use it to compare the
# password given with the password pulled from the database.
# Jump to the next external authentication service if they don't match
if(defined($db_p_salt)) {
$RT::Logger-debug(Using salt:,$db_p_salt);
if(${encrypt}-($password,$db_p_salt) ne $pass_from_db){
$RT::Logger-info(  $service,
AUTH FAILED,
$username,
Password Incorrect);
return 0;
}
} else {
if(${encrypt}-($password) ne $pass_from_db){
$RT::Logger-info(  $service,
AUTH FAILED,
$username,
Password Incorrect);
return 0;
}
}
} else {
# If the encryption package can't perform the request subroutine,
# dump an error and jump to the next external authentication service.
$RT::Logger-error($service,
AUTH FAILED,
The encryption package you gave me (,
$db_p_enc_pkg,
) does not support the encryption method
you specified (,
$db_p_enc_sub,
));
return 0;
}


But i'm not shure where exactly. And how I can convert string to hash.

I'm not familiar with perl ;/



Best
Adrian

2011/11/15 Zordrak zord...@tpa.me.uk:
 Adrian Stel wrote:
 Hi,


 Can't use string (user password) as a HASH ref while strict refs
 in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm
 line 278.

 Problem is with type of user password.

 Still need to know where I should search.

 Search for the text p_enc_sub. There's only one place it should be
 defined and it will be very close to where the password is submitted to
 that method as a string parameter.
 --
 Zordrak
 zord...@tpa.me.uk





-- 
Pozdrawiam
Adrian Stelmaszyk

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-16 Thread Adrian Stel

Hi,


I get some info from PHPass but I don't know how use it ;/ any
sugestion from your site ?


'p_enc_pkg' =  'Authen::Passphrase::PHPass',
'p_enc_sub' =  'cost',

The comment above, the example below, and a bit of googling all show that
p_enc_pkg and p_enc_sub are together meant to name a hash function.
Your password string will be passed through the function, and the
resulting hash value is then managed by RT.  The clearest example:

#'p_enc_pkg' =  'Crypt::MySQL',
#'p_enc_sub' =  'password41',

Crypt::MySQL::password41() is a function to which you pass a password
string and it returns a hash.  For example, password41(hunter2) returns
*58815970BE77B3720276F63DB198B1FA42E5CC02.

Authen::Passphrase::PHPass::cost is not a hashing function.  It's
not meant to be called as a standalone function at all.  It's the
implementation of the -cost method on the Authen::Passphrase::PHPass
class, and so expects to be passed an A:P:PHPass object, not a string.
A:P:PHPass doesn't actually expose the hash function on its own, so you
can't use it this way.

In fact, the PHPass hash algorithm *can't* be properly used by RT,
because it takes a salt input, and apparently RT can't perform salting.
(There's a p_salt parameter, which appears to be a *fixed* salt, defeating
the purpose.)

You could write a wrapper function around A:P:PHPass that creates a
recogniser for a supplied password and then just extracts the hash.
The wrapper would have to fix the cost parameter and the salt.  It looks
like this:

   use Authen::Passphrase::PHPass ();
   sub phpass_10_($) {
   return Authen::Passphrase::PHPass-new(
   cost=10,
   passphrase=$_[0],
   salt=,
   )-hash_base64;
   }

phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/.  *This*
is a hash function and could be used by RT via p_enc_pkg and p_enc_sub.

It's a bit of an abstraction inversion to use A:P:PHPass just for
its hash function.  If A:P:PHPass were wrapping some other module
that just provides the hash then I'd point you at the other module.
Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL.
But A:P:PHPass implements the hash itself.  Also, if there were a module
exposing the PHPass algorithm on its own, you'd still have to write a
wrapper, because of the cost parameter that RT has no idea how to handle.



2011/11/16 Adrian Stel adisa...@gmail.com:
 Hi,


 DBI.pm
  this is the place with p_enc_sub:


 sub GetAuth {

    my ($service, $username, $password) = @_;

    my $config = $RT::ExternalSettings-{$service};
    $RT::Logger-debug( Trying external auth service:,$service);

    my $db_table        = $config-{'table'};
    my $db_u_field      = $config-{'u_field'};
    my $db_p_field          = $config-{'p_field'};
    my $db_p_enc_pkg    = $config-{'p_enc_pkg'};
    my $db_p_enc_sub    = $config-{'p_enc_sub'};
    my $db_p_salt       = $config-{'p_salt'};



 Place where the password is submitted to that method as a string parameter.

 In my opinion could be here:

  # Get the user's password from the database query result
    my $pass_from_db = $results_hashref-{$username}-{$db_p_field};

    # This is the encryption package  subroutine passed in by the config file
    $RT::Logger-debug( Encryption Package:,
                        $db_p_enc_pkg);
    $RT::Logger-debug( Encryption Subroutine:,
                        $db_p_enc_sub);

    # Use config info to auto-load the perl package needed for
 password encryption
    # I know it uses a string eval - but I don't think there's a
 better way to do this
    # Jump to next external authentication service on failure
    eval require $db_p_enc_pkg or
        $RT::Logger-error(AUTH FAILED, Couldn't Load Password
 Encryption Package. Error: $@)  return 0;

    my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub);
    if (defined($encrypt)) {
        # If the package given can perform the subroutine given, then
 use it to compare the
        # password given with the password pulled from the database.
        # Jump to the next external authentication service if they don't match
        if(defined($db_p_salt)) {
            $RT::Logger-debug(Using salt:,$db_p_salt);
            if(${encrypt}-($password,$db_p_salt) ne $pass_from_db){
                $RT::Logger-info(  $service,
                                    AUTH FAILED,
                                    $username,
                                    Password Incorrect);
                return 0;
            }
        } else {
            if(${encrypt}-($password) ne $pass_from_db){
                $RT::Logger-info(  $service,
                                    AUTH FAILED,
                                    $username,
                                    Password Incorrect);
                return 0;
            }
        }
    } else {
        # If the encryption

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-16 Thread Ruslan Zakirov

Hello,

I didn't read full thread, but long time ago I talked with zordrak
about how password checking is wrong and not flexible. The current set
of options is not suitable for many cases. I've cooked a patch [1].
The following config with patched extension can check any format
supported by Authen::Passphrase framework:

...
p_check = sub {
my ($hash, $pass) = @_;
use Authen::Passphrase;
return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
},
...

Above covers HASH schemes described in [2]. If stored hash doesn't
have $schema$ prefix then code needs a little bit of change.

However, I didn't test the patch.

[1] 
https://github.com/bestpractical/rt-authen-externalauth/commit/22ba2bfa8d59a00354712e63daaa5d622e39cf4d
[2] 
http://search.cpan.org/~zefram/Authen-Passphrase-0.007/lib/Authen/Passphrase.pm#CONSTRUCTORS

On Wed, Nov 16, 2011 at 4:27 PM, Adrian Stel adisa...@gmail.com wrote:
 Hi,


 I get some info from PHPass but I don't know how use it ;/ any
 sugestion from your site ?


'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
'p_enc_sub'                 =  'cost',

 The comment above, the example below, and a bit of googling all show that
 p_enc_pkg and p_enc_sub are together meant to name a hash function.
 Your password string will be passed through the function, and the
 resulting hash value is then managed by RT.  The clearest example:

#'p_enc_pkg'                 =  'Crypt::MySQL',
#'p_enc_sub'                 =  'password41',

 Crypt::MySQL::password41() is a function to which you pass a password
 string and it returns a hash.  For example, password41(hunter2) returns
 *58815970BE77B3720276F63DB198B1FA42E5CC02.

 Authen::Passphrase::PHPass::cost is not a hashing function.  It's
 not meant to be called as a standalone function at all.  It's the
 implementation of the -cost method on the Authen::Passphrase::PHPass
 class, and so expects to be passed an A:P:PHPass object, not a string.
 A:P:PHPass doesn't actually expose the hash function on its own, so you
 can't use it this way.

 In fact, the PHPass hash algorithm *can't* be properly used by RT,
 because it takes a salt input, and apparently RT can't perform salting.
 (There's a p_salt parameter, which appears to be a *fixed* salt, defeating
 the purpose.)

 You could write a wrapper function around A:P:PHPass that creates a
 recogniser for a supplied password and then just extracts the hash.
 The wrapper would have to fix the cost parameter and the salt.  It looks
 like this:

       use Authen::Passphrase::PHPass ();
       sub phpass_10_($) {
               return Authen::Passphrase::PHPass-new(
                       cost=10,
                       passphrase=$_[0],
                       salt=,
               )-hash_base64;
       }

 phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/.  *This*
 is a hash function and could be used by RT via p_enc_pkg and p_enc_sub.

 It's a bit of an abstraction inversion to use A:P:PHPass just for
 its hash function.  If A:P:PHPass were wrapping some other module
 that just provides the hash then I'd point you at the other module.
 Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL.
 But A:P:PHPass implements the hash itself.  Also, if there were a module
 exposing the PHPass algorithm on its own, you'd still have to write a
 wrapper, because of the cost parameter that RT has no idea how to handle.



 2011/11/16 Adrian Stel adisa...@gmail.com:
 Hi,


 DBI.pm
  this is the place with p_enc_sub:


 sub GetAuth {

    my ($service, $username, $password) = @_;

    my $config = $RT::ExternalSettings-{$service};
    $RT::Logger-debug( Trying external auth service:,$service);

    my $db_table        = $config-{'table'};
    my $db_u_field      = $config-{'u_field'};
    my $db_p_field          = $config-{'p_field'};
    my $db_p_enc_pkg    = $config-{'p_enc_pkg'};
    my $db_p_enc_sub    = $config-{'p_enc_sub'};
    my $db_p_salt       = $config-{'p_salt'};



 Place where the password is submitted to that method as a string parameter.

 In my opinion could be here:

  # Get the user's password from the database query result
    my $pass_from_db = $results_hashref-{$username}-{$db_p_field};

    # This is the encryption package  subroutine passed in by the config file
    $RT::Logger-debug( Encryption Package:,
                        $db_p_enc_pkg);
    $RT::Logger-debug( Encryption Subroutine:,
                        $db_p_enc_sub);

    # Use config info to auto-load the perl package needed for
 password encryption
    # I know it uses a string eval - but I don't think there's a
 better way to do this
    # Jump to next external authentication service on failure
    eval require $db_p_enc_pkg or
        $RT::Logger-error(AUTH FAILED, Couldn't Load Password
 Encryption Package. Error: $@)  return 0;

    my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub);
    if (defined($encrypt)) {
        # If the package given can perform the

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-15 Thread Adrian Stel

Hi,

any idea where I should look, file name ? function ?




Best
Adrian

2011/11/14 Zordrak zord...@tpa.me.uk:
 Adrian Stel wrote:
 Hi,


 thanks :)

 phpass has many method I use hash_base64, RTSiteConfig.pm:

 'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
 'p_enc_sub'                 =  'hash_base64',


 and when i put user/pass I get:

 RT Site:
 http://150.254.148.60/NoAuth/Login.html

 Can't use string (*) as a HASH ref while strict refs in use at
 /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278.

 But when I reload page I will be login to RT.

 Any idea why we get this error.


 My guess would be that PHPass.pm expects the password to be sent to it
 as a hashref instead of a string. IF this is the case then you will need
 to modify the code in ExternalAuth so that when the subroutine is
 called, the string is first converted into a hashref and then sent as a
 parameter.
 --
 Zordrak
 zord...@tpa.me.uk


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-15 Thread Adrian Stel

Hi,


Can't use string (user password) as a HASH ref while strict refs
in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm
line 278.

Problem is with type of user password.

Still need to know where I should search.




Best
Adrian


2011/11/15 Adrian Stel adisa...@gmail.com:
 Hi,

 any idea where I should look, file name ? function ?




 Best
 Adrian

 2011/11/14 Zordrak zord...@tpa.me.uk:
 Adrian Stel wrote:
 Hi,


 thanks :)

 phpass has many method I use hash_base64, RTSiteConfig.pm:

 'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
 'p_enc_sub'                 =  'hash_base64',


 and when i put user/pass I get:

 RT Site:
 http://150.254.148.60/NoAuth/Login.html

 Can't use string (*) as a HASH ref while strict refs in use at
 /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278.

 But when I reload page I will be login to RT.

 Any idea why we get this error.


 My guess would be that PHPass.pm expects the password to be sent to it
 as a hashref instead of a string. IF this is the case then you will need
 to modify the code in ExternalAuth so that when the subroutine is
 called, the string is first converted into a hashref and then sent as a
 parameter.
 --
 Zordrak
 zord...@tpa.me.uk





-- 
Pozdrawiam
Adrian Stelmaszyk

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-14 Thread Adrian Stel

Hi,


thanks :)

phpass has many method I use hash_base64, RTSiteConfig.pm:

'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
'p_enc_sub'                 =  'hash_base64',


and when i put user/pass I get:

RT Site:
http://150.254.148.60/NoAuth/Login.html

Can't use string (*) as a HASH ref while strict refs in use at
/usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278.

But when I reload page I will be login to RT.

Any idea why we get this error.

I test 2 more method hash and cost i both case we get the same error.

I'm not sure if I chose rigt method.

Or there is issues in RTSiteConfig.pm



Best
Adrian


2011/11/14 Zordrak zord...@tpa.me.uk:
 Adrian Stel wrote:
 Hi,
 When I use:

 'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
 'p_enc_sub'                 =  '',


 I get:

 My_MySQL AUTH FAILED The encryption package you gave me (
 Authen::Passphrase::PHPass ) does not support the encryption method
 you specified (  )
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99)

 Any idea why ?

 Very simple, you haven't specified a method (subroutine) for the
 encryption; only the package.

 Take MySQL's password function as an example. To use it you would
 specific the p_enc_pkg as Crypt::MySQL which will include that perl
 module, but that module provides many different methods. Normally you'd
 expect to use password41 as the p_enc_sub.

 If it were MD5:

 p_eng_pkg: Digest::MD5
 p_enc_sub: md5_hex
 --
 Zordrak
 zord...@tpa.me.uk




-- 
Pozdrawiam
Adrian Stelmaszyk

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);

2011-11-14 Thread Kevin Falcone

On Mon, Nov 14, 2011 at 03:10:46PM +0100, Adrian Stel wrote:
 Hi,
 
 
 thanks :)
 
 phpass has many method I use hash_base64, RTSiteConfig.pm:
 
 'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
 'p_enc_sub'                 =  'hash_base64',
 
 
 and when i put user/pass I get:
 
 RT Site:
 http://150.254.148.60/NoAuth/Login.html
 
 Can't use string (*) as a HASH ref while strict refs in use at
 /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278.

Sounds like the Authen::Passphrase::PHPass module doesn't like the way
that RT-Authen-ExternalAuth is invoking it.

Unfortunately, you'll need to add some debugging to figure out where
it goes wrong unless someone on the list has experience with the
configuration you want to use.

-kevin

 But when I reload page I will be login to RT.
 
 Any idea why we get this error.
 
 I test 2 more method hash and cost i both case we get the same error.
 
 I'm not sure if I chose rigt method.
 
 Or there is issues in RTSiteConfig.pm
 
 
 
 Best
 Adrian
 
 
 2011/11/14 Zordrak zord...@tpa.me.uk:
  Adrian Stel wrote:
  Hi,
  When I use:
 
  'p_enc_pkg'                 =  'Authen::Passphrase::PHPass',
  'p_enc_sub'                 =  '',
 
 
  I get:
 
  My_MySQL AUTH FAILED The encryption package you gave me (
  Authen::Passphrase::PHPass ) does not support the encryption method
  you specified (  )
  (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99)
 
  Any idea why ?
 
  Very simple, you haven't specified a method (subroutine) for the
  encryption; only the package.
 
  Take MySQL's password function as an example. To use it you would
  specific the p_enc_pkg as Crypt::MySQL which will include that perl
  module, but that module provides many different methods. Normally you'd
  expect to use password41 as the p_enc_sub.
 
  If it were MD5:
 
  p_eng_pkg: Digest::MD5
  p_enc_sub: md5_hex
  --
  Zordrak
  zord...@tpa.me.uk
 
 
 
 
 -- 
 Pozdrawiam
 Adrian Stelmaszyk
 
 RT Training Sessions (http://bestpractical.com/services/training.html)
 *  Barcelona, Spain  November 28  29, 2011


pgpjIMd8zotgN.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain  November 28  29, 2011

Re: [rt-users] RT::Authen::ExternalAuth and SSO via Apache authentication for RT4

2011-07-18 Thread Thomas Sibley

On 07/17/2011 07:27 PM, James Zuelow wrote:
 In testing I noticed that the debug log was complaining about there not
 being a user to authenticate.  Since I still had Apache performing NTLM
 authentication, I knew there was user information available via REMOTE_USER.  
   
 
 Modifying RT::Authen::ExternalAuth's ExternalAuth.pm to take that information
 from Apache turned out to be a three line edit. (1)

The reason RT::Authen::ExternalAuth doesn't do this is because RT itself
has the ability to authenticate using the information in REMOTE_USER.
Look at the WebExternal settings in etc/RT_Config.pm.  It'll be much
more maintainable to use RT's built-in support rather than a hacked up
extension you have to patch every time you upgrade.

Cheers,
Thomas


2011 Training: http://bestpractical.com/services/training.html

Re: [rt-users] RT::Authen::ExternalAuth and SSO via Apache authentication for RT4

2011-07-18 Thread Thomas Sibley

On 07/18/2011 12:27 PM, James Zuelow wrote:
 I did look at the WebExternal settings in RT.  Using them, RT does do 
 authentication and log the user in.  But at least in my experience over the 
 last week it does not synchronize data from from AD.  Admittedly, I am doing 
 this as a side project in addition to my regular job, so I may have missed 
 the sync data with AD tag for WebExternal.

With RT-Extension-LDAPImport, you can load users into RT from LDAP and
put it cron to keep it current.

ExternalAuth _should_ support info only mode which syncs the user
details on first user create, but that's currently TODO.

Thomas


2011 Training: http://bestpractical.com/services/training.html

Re: [rt-users] RT::Authen::ExternalAuth?

2011-06-20 Thread Joshua Knarr

So RT 3.8.10 is working swimmingly well except for one possible post
upgrade snag - two users (out of 100+) reported that after RT was
restarted they were logged in as someone else.

Any ideas?

On Tue, 2011-06-14 at 15:17 -0400, Kevin Falcone wrote:

 On Tue, Jun 14, 2011 at 02:50:24PM -0400, Joshua Knarr wrote:
 Kevin - We gave up on RT 4. RTFM is not the answer. The problem is 
  threefold:
 
 Oh, now that I reread your original thread I see.
 
 You didn't run any database upgrades between 3.4.5 and 4.0.0 other than
 those described in UPGRADING.mysql. 
 
 That's going to cause you problems on 3.8.10 also.
 
 -kevin


-- 
Joshua Knarr
Systems Engineer
GSI Commerce, Inc.  http://www.gsicommerce.com
E-Mail: kna...@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is
intended only for the use of the individual or entity named in this
transmission. If you are not the intended recipient of this
transmission, you are hereby notified that any disclosure, copying or
distribution of the contents of this transmission is strictly prohibited
and that you should delete the contents of this transmission from your
system immediately. Any comments or statements contained in this
transmission do not necessarily reflect the views or position of GSI
Commerce, Inc. or its subsidiaries and/or affiliates.


2011 Training: http://bestpractical.com/services/training.html

Re: [rt-users] RT::Authen::ExternalAuth?

2011-06-14 Thread Kevin Falcone

On Tue, Jun 14, 2011 at 02:50:24PM -0400, Joshua Knarr wrote:
1) DBI is too new to upgrade the old style DB. People running fedora or 
 rawhide are going to
start yelling at some point when they go to upgrade if they're upgrading 
 from an old enough
version.

I'm afraid I don't understand this statement.
You may need to provide an error or log snippet that demonstrates the
problem.

2) FCGI changed from being statically linked to a module that this 
 causes...

I'm afraid I don't understand this statement.
You may need to provide an error or log snippet that demonstrates the
problem.

3) ...the new mason's handling of UTF to break the old DB.

I'm afraid I don't understand this statement.
You may need to provide an error or log snippet that demonstrates the
problem.

That being said - I made it to 3.8.10 which tells me something goes very 
 wrong between 3.8.10
and 4.0.0. The docs for External Auth talk about .08 being current. For 
 3.8.10, the docs talk
about .08_02. CPAN says .09 is out but the docs on the wiki don't discuss 
 it. Which one do I
use for a 3.8.10 RT?

Use 0.09
I write the README for RT-Authen-ExternalAuth, I do not maintain the
wiki pages for it.  My opinion will always be in the README.

-kevin


pgpsanPHykkoc.pgp
Description: PGP signature

Re: [rt-users] RT::Authen::ExternalAuth?

2011-06-14 Thread Kevin Falcone

On Tue, Jun 14, 2011 at 02:50:24PM -0400, Joshua Knarr wrote:
Kevin - We gave up on RT 4. RTFM is not the answer. The problem is 
 threefold:

Oh, now that I reread your original thread I see.

You didn't run any database upgrades between 3.4.5 and 4.0.0 other than
those described in UPGRADING.mysql. 

That's going to cause you problems on 3.8.10 also.

-kevin


pgp30rX1RwTJE.pgp
Description: PGP signature

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for Authentification ?

2011-05-17 Thread john s.



Solved with a help from a colleague

Here's the solution:


Set($ExternalSettings,{'My_LDAP' ={   ## GENERIC SECTION
'type' = 'ldap',
'server' =  'xxx.xxx.local',
'user' =
'CN=User,OU=Benutzer,OU=xxx,DC=xxx,DC=xx', # THat was the crucial point
'pass' =  'pass',
'base' = 
'OU=xxx,OU=xxx,DC=xxx,DC=local',
'filter'  = 
'(memberOf=CN=RT,OU=Gruppen,OU=xxx,DC=xxx,DC=xxx)', #and the filter is
modified
'd_filter' = 
'(userAccountControl=514)',
'tls'=  1,
'ssl_version'  =  3,
'net_ldap_args' = [version = 
3   ],
   
 'attr_match_list'   = ['Name',
 'EmailAddress',
],
 'attr_map'  =  {  'Name' =
'sAMAccountName',
'RealName' = 'cn',
'EmailAddress' =
'mail',
'Organization' =
'physicalDeliveryOfficeName',
'ExternalAuthId' =
'sAMAccountName',
'WorkPhone' =
'telephoneNumber',
'Address1' =
'streetAddress',
'City' = 'l',
'Zip' =
'postalCode',

 }
}
} 



best regards john s. 
-- 
View this message in context: 
http://old.nabble.com/RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-Authentification---tp31342791p31635938.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-29 Thread john s.


@Mike Johnson20

My gut feeling is your Base DN is wrong.


Not really,  right direction but still wrong :)


But joking aside 


I have it done it with a help from a colleague   

It was a hard piece of work with many trial and error parts .

here is my solution: 

Set($ExternalSettings,{'My_LDAP' ={   ## GENERIC SECTION
'type' = 'ldap',
'server' =  'xxx.xxx.local',
'user' =
'CN=User,OU=Benutzer,OU=xxx,DC=xxx,DC=xx', # THat was the crucial point 
'pass' =  'pass',
'base' = 
'OU=xxx,OU=xxx,DC=xxx,DC=local',
'filter'  = 
'(memberOf=CN=RT,OU=Gruppen,OU=xxx,DC=xxx,DC=xxx)', #and the filter is
modified 
'd_filter' = 
'(userAccountControl=514)',
'tls'=  1,
'ssl_version'  =  3,
'net_ldap_args' = [version = 
3   ],

 'attr_match_list'   = ['Name',
 'EmailAddress',
],
 'attr_map'  =  {  'Name' =
'sAMAccountName',
'RealName' = 'cn',
'EmailAddress' =
'mail',
'Organization' =
'physicalDeliveryOfficeName',
'ExternalAuthId' =
'sAMAccountName',
'WorkPhone' =
'telephoneNumber',
'Address1' =
'streetAddress',
'City' = 'l',
'Zip' =
'postalCode',

 }
}
}

  


many thanks to all guys which are trying to help me 


ps: could anyone clean up this threadfrom double entries 



best regards john s. 





-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31503157.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-27 Thread Mike Johnson

I agree with Raphael on this one,

The error you are seeing is basically saying it cannot find the user based
on the searching parameters you used. A useful troubleshooting tool for this
would be an LDAP Browser(I used Softerra's). The browser allows you to test
your Base DN. My gut feeling is your Base DN is wrong.

Good luck!
Mike.

2011/4/26 Raphaël MOUNEYRES raphael.mouney...@sagemcom.com


 Hello, the LDAP answer is clear : User not found

 in your config you search in this Base: ou=User,dc=xxx,dc=xxx,dc=local
 are you sure the xxx.xxx.local domain exist in your AD configuration ? or
 did you change company values to hide from the list ?
 it looks like you don't have the good parameters between RT and your AD
 config so you can match and find the USER

 Raphaël




   *john s. firesk...@gmx.de*
 Envoyé par : rt-users-boun...@lists.bestpractical.com

 26/04/2011 10:44
A
  rt-users@lists.bestpractical.com
  cc
   Objet
 Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for





 Turn your RT debug logging on and check that log to see what it's doing.#

 Hello mike the rt.log says the following:

 username: USER , service: My_LDAP

 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)pr
 26 06:58:11 2011] [debug]: LDAP Search ===  Base:
 ou=User,dc=xxx,dc=xxx,dc=local == Filter:
 ((ObjectClass=*)(sAMAccountName=User)) == Attrs: cn,sAMAccountName

 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
 [Tue Apr 26 06:58:11 2011] [debug]: User Check Failed :: ( My_LDAP ) USER
 User not found

 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:318)


 So sth goes awry

 Any further  hints,clues or advices would be helpfully


 best regards john s.


 --
 View this message in context:
 http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31476578.html
 Sent from the Request Tracker - User mailing list archive at Nabble.com.


 http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31476578.html

 #
  Ce courriel et les documents qui lui sont joints peuvent contenir des
 informations confidentielles ou ayant un caractère privé. S'ils ne vous sont
 pas destinés, nous vous signalons qu'il est strictement interdit de les
 divulguer, de les reproduire ou d'en utiliser de quelque manière que ce
 soit le contenu. Si ce message vous a été transmis par erreur, merci d'en
 informer l'expéditeur et de supprimer immédiatement de votre système
 informatique ce courriel ainsi que tous les documents qui y sont attachés.


**

  This e-mail and any attached documents may contain confidential or
 proprietary information. If you are not the intended recipient, you are
 notified that any dissemination, copying of this e-mail and any attachments
 thereto or use of their contents by any means whatsoever is strictly
 prohibited. If you have received this e-mail in error, please advise the
 sender immediately and delete this e-mail and all attached documents
 from your computer system.
 #




-- 
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON   P7B 5E1
Phone: (807) 766-7331
Email: mike.john...@nosm.ca

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-26 Thread john s.


Turn your RT debug logging on and check that log to see what it's doing.#

Hello mike the rt.log says the following:

username: USER , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)pr
26 06:58:11 2011] [debug]: LDAP Search ===  Base:
ou=User,dc=xxx,dc=xxx,dc=local == Filter:
((ObjectClass=*)(sAMAccountName=User)) == Attrs: cn,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Tue Apr 26 06:58:11 2011] [debug]: User Check Failed :: ( My_LDAP ) USER
User not found
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:318)


So sth goes awry 

Any further  hints,clues or advices would be helpfully 


best regards john s. 


-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31476578.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread john s.



Is it clear what i want? No? okay i try to describe a litte bit more exaclty
as far as possible from myself


okay my ldapseach command which runs perfectly is:

sudo ldapsearch -h xxx.xxx.local  -D xxx\User -w password -b 'dc=xxx,
dc=local -s sub sAMAccountName=USER



So here are my RT Config Parameter again:

Set($ExternalSettings,{'My_LDAP' ={   ## GENERIC SECTION
  'type' = 'ldap',
'server' =  '192.168.123.45',
  'user' = 'USER',
  'pass' =  'password',
  'base' = 
'ou=companyou,ou=User,dc=xxx,dc=xxx,dc=local',
   'filter'  =  '(ObjectClass=*)',
  'd_filter' = 
'(userAccountControl=514)'
 #  'tls'=  0,
# 'ssl_version'  =  3,
 'net_ldap_args' = [version =  3   ],
  # 'group'  =  'Benutzer',
  # 'group_attr' =  'GROUP_ATTR',
 'attr_match_list'   = ['Name',
 #'EmailAddress',
],
 'attr_map'  =  {  'Name' =
'sAMAccountName',
'RealName' = 'cn',
'EmailAddress' =
'mail',
'Organization' =
'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' =
'sAMAccountName',
'Gecos' =
'sAMAccountName',
'WorkPhone' =
'telephoneNumber',
'Address1' =
'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' =
'postalCode',
'Country' = 'co'


 
}
}


I'll try to find out, which parameter doesn't match with the ldap one  ...
cause if i try to authorize on rt with an ad user my AD gives the following
message out:

xxx.xxx.xxx.xxx:2799 NTDS NoneTCP4 32   NonDSE  Can't find
object  0.0 0 


best regards john s. 










-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31448102.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread Raphaël MOUNEYRES

hello,

i would say that as you have commented ou the EmailAdress in the attribute 
match list, you need to remove the , (comma) after the Name attribute
I think i remember having some error similar ; the last parameter must NOT 
have the comma, at the end of the line
so your config would look like :

'attr_match_list'   = ['Name'
 #'EmailAddress',
],

Raphaël



Raphaël MOUNEYRES
Ingénieur Moyens Tests
Avenue Paul Gellos 64990 Mouguerre
Phone: +33 (0)5 59 58 41 51
Email: raphael.mouney...@sagemcom.com




john s. firesk...@gmx.de 
Envoyé par : rt-users-boun...@lists.bestpractical.com
21/04/2011 11:31

A
rt-users@lists.bestpractical.com
cc

Objet
Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for








Is it clear what i want? No? okay i try to describe a litte bit more 
exaclty
as far as possible from myself


okay my ldapseach command which runs perfectly is:

sudo ldapsearch -h xxx.xxx.local  -D xxx\User -w password -b 'dc=xxx,
dc=local -s sub sAMAccountName=USER



So here are my RT Config Parameter again:

Set($ExternalSettings,{'My_LDAP' ={   ## GENERIC SECTION
  'type' = 'ldap',
'server' =  '192.168.123.45',
  'user' = 'USER',
  'pass' =  'password',
  'base' = 
'ou=companyou,ou=User,dc=xxx,dc=xxx,dc=local',
   'filter'  =  '(ObjectClass=*)',
  'd_filter' = 
'(userAccountControl=514)'
 #  'tls'=  0,
# 'ssl_version'  =  3,
 'net_ldap_args' = [version =  3 ],
  # 'group'  =  'Benutzer',
  # 'group_attr' =  'GROUP_ATTR',
 'attr_match_list'   = ['Name',
 #'EmailAddress',
],
 'attr_map'  =  {  'Name' =
'sAMAccountName',
'RealName' = 
'cn',
'EmailAddress' =
'mail',
'Organization' =
'physicalDeliveryOfficeName',
'RealName' = 
'cn',
'ExternalAuthId' 
=
'sAMAccountName',
'Gecos' =
'sAMAccountName',
'WorkPhone' =
'telephoneNumber',
'Address1' =
'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' =
'postalCode',
'Country' = 'co'

  
}
}


I'll try to find out, which parameter doesn't match with the ldap one  ...
cause if i try to authorize on rt with an ad user my AD gives the 
following
message out:

xxx.xxx.xxx.xxx:2799 NTDS NoneTCP4 32   NonDSE  Can't find
object  0.0 0 


best regards john s. 










-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31448102.html

Sent from the Request Tracker - User mailing list archive at Nabble.com.



#
 Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caractère privé. S'ils ne vous sont
pas destinés, nous vous signalons qu'il est strictement interdit de les
divulguer, de les reproduire ou d'en utiliser de quelque manière que ce
soit le contenu. Si ce message vous a été transmis par erreur, merci d'en
informer l'expéditeur et de supprimer immédiatement de votre système
informatique ce courriel ainsi que tous les documents qui y sont attachés.


   **

 This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system.
#

image/gifimage/gif

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread john s.


Hello Raphael 

No nothing has changed at all... still the same error 


sth.  goes really wrong ... i have to track the issue in order to determine
the issue  but i don't know how ..

any idea or a clue ? 

Her is the tcpdumpo log:

13:27:25.872995 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [.], ack 1,
win 5840, length 0
13:27:25.875403 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [P.], seq
1:33, ack 1, win 5840, length 32
13:27:25.875739 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [.], ack 33,
win 64240, length 0
13:27:25.877367 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [P.], seq
1:23, ack 33, win 64240, length 22
13:27:25.877460 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [.], ack 23,
win 5840, length 0
13:27:25.889275 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [P.], seq
33:282, ack 23, win 5840, length 249
13:27:25.889595 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [.], ack 282,
win 64240, length 0
13:27:25.890369 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [P.], seq
23:165, ack 282, win 64240, length 142
13:27:25.895897 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [F.], seq
282, ack 165, win 6432, length 0
13:27:25.897013 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [.], ack 283,
win 64239, length 0
13:27:25.897328 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [R.], seq
165, ack 283, win 64239, length 0



may it could help 


best regards john s. 









-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31448783.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread Raphaël MOUNEYRES

reading your previous messages :

your RT log shows :...:: ( My_LDAP ) RT-USER User not found 
that mean your LDAP server is sending a response that the RT-USER is not 
existing in his database


then you mention successfully : sudo ldapsearch -h xxx.xxx.local  -D 
xxx\User -w password -b 'dc=xxx, dc=local -s sub sAMAccountName=
USER 
that mean USER is existing in the database

so are you using the good login on RT screen ?





john s. firesk...@gmx.de 
Envoyé par : rt-users-boun...@lists.bestpractical.com
21/04/2011 13:43

A
rt-users@lists.bestpractical.com
cc

Objet
Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for







Hello Raphael 

No nothing has changed at all... still the same error 


sth.  goes really wrong ... i have to track the issue in order to 
determine
the issue  but i don't know how ..

any idea or a clue ? 

Her is the tcpdumpo log:

13:27:25.872995 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [.], ack 1,
win 5840, length 0
13:27:25.875403 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [P.], seq
1:33, ack 1, win 5840, length 32
13:27:25.875739 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [.], ack 
33,
win 64240, length 0
13:27:25.877367 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [P.], seq
1:23, ack 33, win 64240, length 22
13:27:25.877460 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [.], ack 
23,
win 5840, length 0
13:27:25.889275 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [P.], seq
33:282, ack 23, win 5840, length 249
13:27:25.889595 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [.], ack 
282,
win 64240, length 0
13:27:25.890369 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [P.], seq
23:165, ack 282, win 64240, length 142
13:27:25.895897 IP ubunturt3.52185  xxx.xxx.local.ldap: Flags [F.], seq
282, ack 165, win 6432, length 0
13:27:25.897013 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [.], ack 
283,
win 64239, length 0
13:27:25.897328 IP xxx.xxx.local.ldap  ubunturt3.52185: Flags [R.], seq
165, ack 283, win 64239, length 0



may it could help 


best regards john s. 









-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31448783.html

Sent from the Request Tracker - User mailing list archive at Nabble.com.



#
 Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caractère privé. S'ils ne vous sont
pas destinés, nous vous signalons qu'il est strictement interdit de les
divulguer, de les reproduire ou d'en utiliser de quelque manière que ce
soit le contenu. Si ce message vous a été transmis par erreur, merci d'en
informer l'expéditeur et de supprimer immédiatement de votre système
informatique ce courriel ainsi que tous les documents qui y sont attachés.


   **

 This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system.
#

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread Mike Johnson

One thing that stands out in your config is your d_filter.  I read on the RT
wiki somewhere that d_filter for an AD you needed to put what I have below:

'd_filter'  =  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
Read these 2 microsoft support KB to learn more on why

http://support.microsoft.com/kb/305144

http://support.microsoft.com/kb/269181

Also, you have tls, ssl_version, group and group_attr commented out. Someone
else can correct me, but I believe you need to define those in your
settings.

Best I can do with my limited knowledge.

Good luck!
Mike.

On Thu, Apr 21, 2011 at 5:31 AM, john s. firesk...@gmx.de wrote:



 Is it clear what i want? No? okay i try to describe a litte bit more
 exaclty
 as far as possible from myself


 okay my ldapseach command which runs perfectly is:

 sudo ldapsearch -h xxx.xxx.local  -D xxx\User -w password -b 'dc=xxx,
 dc=local -s sub sAMAccountName=USER



 So here are my RT Config Parameter again:

 Set($ExternalSettings,{'My_LDAP' ={   ## GENERIC SECTION
  'type' = 'ldap',
'server' =  '192.168.123.45',
  'user' = 'USER',
  'pass' =  'password',
  'base' =
 'ou=companyou,ou=User,dc=xxx,dc=xxx,dc=local',
   'filter'  =  '(ObjectClass=*)',
  'd_filter' =
 '(userAccountControl=514)'
 #  'tls'=  0,
# 'ssl_version'  =  3,
 'net_ldap_args' = [version =  3   ],
  # 'group'  =  'Benutzer',
  # 'group_attr' =  'GROUP_ATTR',
 'attr_match_list'   = ['Name',
 #'EmailAddress',
],
 'attr_map'  =  {  'Name' =
 'sAMAccountName',
'RealName' = 'cn',
'EmailAddress' =
 'mail',
'Organization' =
 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' =
 'sAMAccountName',
'Gecos' =
 'sAMAccountName',
'WorkPhone' =
 'telephoneNumber',
'Address1' =
 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' =
 'postalCode',
'Country' = 'co'


 }
}


 I'll try to find out, which parameter doesn't match with the ldap one  ...
 cause if i try to authorize on rt with an ad user my AD gives the following
 message out:

 xxx.xxx.xxx.xxx:2799 NTDS NoneTCP4 32   NonDSE  Can't find
 object  0.0 0


 best regards john s.










 --
 View this message in context:
 http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31448102.html
  Sent from the Request Tracker - User mailing list archive at Nabble.com.




-- 
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON   P7B 5E1
Phone: (807) 766-7331
Email: mike.john...@nosm.ca

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread john s.



@Raphael 


 so are you using the good login on RT screen ?

Waht do you mean with an good login?


@Mike

Hello Mike 

I have readed the 2 Articles and modified my config in such way ...

but the same error occurs ...


but i have found sth...  on my AD, i 'll try to copy the infos which should
be necessary ...

xxx.xxx.xxx.xxx:2206 NTDS None TCP 4 32 NonDSE Can't find Objekt  0.0 0 0.0 
xxx.xxx.xxx.xxx:2200 NTDS None TCP 4 32 NonDSE Can't find Objekt 0.0 0 0.0 

thats one of it ... 

xxx.xxx.xxx.xxx:2200 NTDS None TCP 1 0 NonDSE Sucess  0.0 1 0.0 
xxx.xxx.xxx.xxx.2206 NTDS None TCP 1 0 NonDSE Sucess 0.0 1 0.0 


This is the same log but i comes a litte bit later i wonder   why success 


And now it comes really strange:

Thats the search log 

Client Instanz  Objektname Filtername  
Reply/s Response  Time (ms) CPU% 
Internal  NTDS   [](displayName=RT-USER)   
0  0  0  0 
Internal  NTDS   []   (displayName=RT-USER)0

0 00 


I don't understand it looks like , that he can't  resolve the objectname.

best regards john.













-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31450244.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-21 Thread Mike Johnson

Turn your RT debug logging on and check that log to see what it's doing.

I believe the debug log shows you the actual LDAP call it's doing... then
you can verify what is failing based on that.

Good luck!
Mike.

On Thu, Apr 21, 2011 at 10:55 AM, john s. firesk...@gmx.de wrote:

@Raphael

so are you using the good login on RT screen ?

Waht do you mean with an good login?

@Mike

Hello Mike

I have readed the 2 Articles and modified my config in such way ...

but the same error occurs ...

but i have found sth... on my AD, i 'll try to copy the infos which should
be necessary ...

xxx.xxx.xxx.xxx:2206 NTDS None TCP 4 32 NonDSE Can't find Objekt 0.0 0 0.0
xxx.xxx.xxx.xxx:2200 NTDS None TCP 4 32 NonDSE Can't find Objekt 0.0 0 0.0

thats one of it ...

xxx.xxx.xxx.xxx:2200 NTDS None TCP 1 0 NonDSE Sucess 0.0 1 0.0
xxx.xxx.xxx.xxx.2206 NTDS None TCP 1 0 NonDSE Sucess 0.0 1 0.0

This is the same log but i comes a litte bit later i wonder why success

And now it comes really strange:

Thats the search log

Client Instanz Objektname Filtername
Reply/s Response Time (ms) CPU%
Internal NTDS [](displayName=RT-USER)
0 0 0 0
Internal NTDS [] (displayName=RT-USER)
0
0 00

I don't understand it looks like , that he can't resolve the objectname.

best regards john.

--
View this message in context:
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31450244.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

--
Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.john...@nosm.ca

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-18 Thread john s.


Greetings  Luis 

okay i have trimmed my config a little bit and now it look like this:


Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
#Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
  'type' = 'ldap',
'server' = 
'ipserver',
'user' = 'USER',
'pass' =  'pass',
'base' =  'ou=OU 
Unit,dc=sb,dc=local',
'filter'  = 
'(ObjectClass=*)',
'd_filter' = 
'(userAccountControl=514)'
# 'tls'=  0,
'ssl_version'  = 
3,
'net_ldap_args' = [   
version =  3   ],
'group'  = 
'Benutzer',
'group_attr' = 
'GROUP_ATTR',
'attr_match_list'   
   
= ['Name',

   
'EmailAddress',

   
],
'attr_map'  
   
=  {   'Name' = 'sAMAccountName',

   

 
}
}

}
);


And now i have also posted the apache logfile, cause this comments the steps
from which lines i had to comment out that apache will start... so thats the
basic without any outlines... and this one doesn't work...
http://pastebin.com/PHpDsi7S http://pastebin.com/PHpDsi7S 

and now the config which let apache  started:

#RT Authenth#

Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
#Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
  'type' = 'ldap',
'server' = 
'192.168.10.40',
'user' = 'RT-USER',
'pass' = 
'sl-pg33011',
'base' =  'ou=SBAOU 
Unit,dc=sbah,dc=local',
'filter'  = 
'(ObjectClass=*)',
'd_filter' = 
'(userAccountControl=514)'
# 'tls'=  0,
   # 'ssl_version'  = 
3,
   # 'net_ldap_args' =
[version =  3   ],
   # 'group'  = 
'Benutzer',
   # 'group_attr' = 
'GROUP_ATTR',
   # 'attr_match_list'  

= ['Name',

  
# 'EmailAddress',

   
# ],
   # 'attr_map' 

=  {   'Name' = 'sAMAccountName',

  
#'EmailAddress' = 'mail',

  
# 'Organization' = 'physicalDeliveryOfficeName',

  
# 'RealName' = 'cn',

  
# 'ExternalAuthId' = 'sAMAccountName',

  
# 'Gecos' = 'sAMAccountName',

  
# 'WorkPhone' = 'telephoneNumber',

  
# 'Address1' = 'streetAddress',

  
# 'City' = 'l',

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-18 Thread john s.


Addition:

So i have make an tracelog over port 389 with tcpdump

The Result:

No request is going out if I try to authorize on RT 

so i think the plugin doesn't work anymore ...


best regards john s.




-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31423760.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-18 Thread Luis Avendaño

Hi John,

It looks that you missed a comma after 'd_filter' =
'(userAccountControl=514)'

In addition, please check you settings here

'attr_map' =  {   'Name' = 'sAMAccountName',...
 

Nothing else to match? If so, just to be sure, please delete the comma after
'sAMAccountName'.

Finally, I would recommend you to comment 'ssl_version'  = 3,

After you get this configuration to work, then you can play with the SSL
configuration.

Good luck,

Best,


-


   4. Re: RT-Authen-ExternalAuth-0.08 which packages i need for
  (john s.)

Message: 4
Date: Mon, 18 Apr 2011 04:07:28 -0700 (PDT)
From: john s. firesk...@gmx.de
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i
need for
Message-ID: 31422830.p...@talk.nabble.com
Content-Type: text/plain; charset=us-ascii


Greetings  Luis 

okay i have trimmed my config a little bit and now it look like this:


Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
#Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
  'type' = 'ldap',
'server' = 
'ipserver',
'user' = 'USER',
'pass' =  'pass',
'base' =  'ou=OU 
Unit,dc=sb,dc=local',
'filter'  = 
'(ObjectClass=*)',
'd_filter' = 
'(userAccountControl=514)'
# 'tls'=  0,
'ssl_version'  = 
3,
'net_ldap_args' = [

version =  3   ],
'group'  = 
'Benutzer',
'group_attr' = 
'GROUP_ATTR',
'attr_match_list'

= ['Name',
 

'EmailAddress',
 

],
'attr_map'

=  {   'Name' = 'sAMAccountName',
 

 

}
}

}
);


And now i have also posted the apache logfile, cause this comments the steps
from which lines i had to comment out that apache will start... so thats the
basic without any outlines... and this one doesn't work...
http://pastebin.com/PHpDsi7S http://pastebin.com/PHpDsi7S 

and now the config which let apache  started:

#RT Authenth#

Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
#Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
  'type' = 'ldap',
'server' = 
'192.168.10.40',
'user' = 'RT-USER',
'pass' = 
'sl-pg33011',
'base' =  'ou=SBAOU

Unit,dc=sbah,dc=local',
'filter'  = 
'(ObjectClass=*)',
'd_filter' = 
'(userAccountControl=514)'
# 'tls'=  0,
   # 'ssl_version'  = 
3,
   # 'net_ldap_args' =
[version =  3   ],
   # 'group'  = 
'Benutzer',
   # 'group_attr' = 
'GROUP_ATTR',
   # 'attr_match_list'

= ['Name',
 

# 'EmailAddress',
 

# ],
   # 'attr_map'

=  {   'Name' = 'sAMAccountName',
 

#'EmailAddress' = 'mail',
 

# 'Organization' = 'physicalDeliveryOfficeName',
 

# 'RealName' = 'cn',
 

# 'ExternalAuthId' = 'sAMAccountName',
 

# 'Gecos' = 'sAMAccountName',
 

# 'WorkPhone' = 'telephoneNumber',
 

# 'Address1' = 'streetAddress',
 

# 'City' = 'l',
 

# 'State' = 'st',
 

# 'Zip' = 'postalCode',
 

# 'Country' = 'co'

 

}
}

#}
);


So as far as you can see, the other version with clean comments and # signs
doesn't work.

But i don't know why

or if i walking completely   off the track at the moment :-(


Best regards john s.


 



-- 
View this message in context:
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-nee
d-for-tp31388437p31422830

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-18 Thread Raphaël MOUNEYRES

you also have a space befor My_LDAP here, wich does not match the later 
defined service
Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
...
Set($ExternalSettings, {'My_LDAP' = {




Luis Avendaño lavend...@acmgrp.com 
Envoyé par : rt-users-boun...@lists.bestpractical.com
18/04/2011 15:32

A
rt-users@lists.bestpractical.com
cc

Objet
Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for






Hi John,

It looks that you missed a comma after 'd_filter' =
'(userAccountControl=514)'

In addition, please check you settings here

 'attr_map' =  {   'Name' = 'sAMAccountName',...
 

Nothing else to match? If so, just to be sure, please delete the comma 
after
'sAMAccountName'.

Finally, I would recommend you to comment 'ssl_version'  = 3,

After you get this configuration to work, then you can play with the SSL
configuration.

Good luck,

Best,


-


   4. Re: RT-Authen-ExternalAuth-0.08 which packages i need for
  (john s.)

Message: 4
Date: Mon, 18 Apr 2011 04:07:28 -0700 (PDT)
From: john s. firesk...@gmx.de
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i
 need for
Message-ID: 31422830.p...@talk.nabble.com
Content-Type: text/plain; charset=us-ascii


Greetings  Luis 

okay i have trimmed my config a little bit and now it look like this:


Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
#Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
  'type' = 'ldap',
'server' = 
'ipserver',
'user' = 'USER',
'pass' =  'pass',
'base' =  'ou=OU 
Unit,dc=sb,dc=local',
'filter'  = 
'(ObjectClass=*)',
'd_filter' = 
'(userAccountControl=514)'
# 'tls'=  0,
'ssl_version'  = 
3,
'net_ldap_args' = 
[

version =  3   ],
'group'  = 
'Benutzer',
'group_attr' = 
'GROUP_ATTR',
'attr_match_list'

= ['Name',
 

'EmailAddress',
 

],
'attr_map'

=  {   'Name' = 'sAMAccountName',
 

 

}
}

}
);


And now i have also posted the apache logfile, cause this comments the 
steps
from which lines i had to comment out that apache will start... so thats 
the
basic without any outlines... and this one doesn't work...
http://pastebin.com/PHpDsi7S http://pastebin.com/PHpDsi7S 

and now the config which let apache  started:

#RT Authenth#

Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
#Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
  'type' = 'ldap',
'server' = 
'192.168.10.40',
'user' = 
'RT-USER',
'pass' = 
'sl-pg33011',
'base' = 
'ou=SBAOU

Unit,dc=sbah,dc=local',
'filter'  = 
'(ObjectClass=*)',
'd_filter' = 
'(userAccountControl=514)'
# 'tls'=  0,
   # 'ssl_version'  = 

3,
   # 'net_ldap_args' 
=
[version =  3   ],
   # 'group'  = 
'Benutzer',
   # 'group_attr' = 
'GROUP_ATTR',
   # 'attr_match_list'

= ['Name',
 

# 'EmailAddress',
 

# ],
   # 'attr_map'

=  {   'Name' = 'sAMAccountName',
 

#'EmailAddress' = 'mail',
 

# 'Organization' = 'physicalDeliveryOfficeName',
 

# 'RealName' = 'cn',
 

# 'ExternalAuthId' = 'sAMAccountName',
 

# 'Gecos' = 'sAMAccountName',
 

# 'WorkPhone' = 'telephoneNumber',
 

# 'Address1' = 'streetAddress',
 

# 'City' = 'l',
 

# 'State' = 'st',
 

# 'Zip' = 'postalCode

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-18 Thread john s.



Greetign Raphael i have changed this ... and nothing happens ...


here is an outline from my apachelogfile: 

[Mon Apr 18 15:33:33 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 18 15:33:33 2011] [debug]: Calling UserExists with $username
(RT-USER) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Apr 18 15:33:33 2011] [debug]: UserExists params:
username: RT-USER , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Apr 18 15:33:33 2011] [debug]: LDAP Search ===  Base: ou=SBAOU 
Unit,dc=srv41,dc=sbah,dc=local == Filter:
((ObjectClass=*)(sAMAccountName=RT-USER)) == Attrs: cn,sAMAccountName
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Mon Apr 18 15:33:33 2011] [debug]: User Check Failed :: ( My_LDAP ) RT-USER
User not found
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:318)
[Mon Apr 18 15:33:33 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Mon Apr 18 15:33:33 2011] [error]: FAILED LOGIN for RT-USER from
192.168.112.1 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Mon Apr 18 15:33:33 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 18 15:33:33 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Apr 18 15:33:33 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Mon Apr 18 15:33:34 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 18 15:33:34 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Apr 18 15:33:34 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User) (/opt/rt3/local/



so as far as i can see he find the user ... but the user check fails but
i don't know what does it mean  exactly 

ps: i thought perl doesn't pay much attention on spaces 


best regards john s. 


-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31425121.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-15 Thread john s.



Greetings Louis 



Despite your piece of good advice my Syntax is correct also,

Cause i only used the # Sign to comment out the Lines which will apache2 get
into trouble.If try to run normally the same issue appears.


And in refer to the Readme .. you can also  write:

  'attr_match_list'   = ['Name',

   
'EmailAddress', 

   
'RealName',

   
'WorkPhone', 

   
'Address2'


],

the only important thing is to set the brackets correctly and this will
benoticed  if you try to restart apache 

So.. thats not the problem 


any other clue or idea?


best regards john s.




 







-- 
View this message in context: 
http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31404102.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-15 Thread Luis Avendaño

 

Hi John, 

you have a syxtax error somewhere, and it's pretty close when you set
EmailAddress. Your error is: 

Couldn't load RT config file RT_SiteConfig.pm:nnsyntax error at
 /opt/rt3/etc/RT_SiteConfig.pm line 146, near 'EmailAddress'nCompilation
 failed in require at /opt/rt3/bin/../lib/RT/Config.pm line
562.nCompilation
 failed in require at (eval 2) line 1.n 

Try to make a configuration file without all the comments you have within
the Authen:External008.. conf (delete all the #). You might be missing
something. 

Best Regards,

- 

Greetings Louis 

 Despite your piece of good advice my Syntax is correct also,

 Cause i only used the # Sign to comment out the Lines which will apache2
get
 into trouble.If try to run normally the same issue appears.

 And in refer to the Readme .. you can also write:

 'attr_match_list' = [ 'Name',

 'EmailAddress', 

 'RealName',

 'WorkPhone', 

 'Address2'

 ],

 the only important thing is to set the brackets correctly and this will
 benoticed if you try to restart apache 

 So.. thats not the problem 

 any other clue or idea?

 best regards john s.

  

  

 Message: 3
 Date: Fri, 15 Apr 2011 02:26:11 -0700 (PDT)
 From: john s. 
 To: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i
 need for
 Message-ID: 
 Content-Type: text/plain; charset=us-ascii

 Greetings Louis 

 Despite your piece of good advice my Syntax is correct also,

 Cause i only used the # Sign to comment out the Lines which will apache2
get
 into trouble.If try to run normally the same issue appears.

 And in refer to the Readme .. you can also write:

 'attr_match_list' = [ 'Name',

 'EmailAddress', 

 'RealName',

 'WorkPhone', 

 'Address2'

 ],

 the only important thing is to set the brackets correctly and this will
 benoticed if you try to restart apache 

 So.. thats not the problem 

 any other clue or idea?

 best regards john s.

 -- 
 View this message in context: 
 Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-14 Thread john s.


Hello Luis

First of all many thanks for you help 

I have set my ldap configuration in this way which you have described,
but there are still coming some error messages in relation to the apache2
log file:

cutout apache.log:
Couldn't load RT config file RT_SiteConfig.pm:\n\nsyntax error at
/opt/rt3/etc/RT_SiteConfig.pm line 146, near 'EmailAddress'\nCompilation
failed in require at /opt/rt3/bin/../lib/RT/Config.pm line 562.\nCompilation
failed in require at (eval 2) line 1.\n


Similar errors comes if try to activate the following command lines:

'tls'=  0,
ssl_version'  =  3,
'net_ldap_args' = [version =  3   ],
'group'  =  'User',
'group'  =  'GROUP_NAME',
'attr_match_list'   = ['Name',
  #   'EmailAddress',   ],
# 'attr_map'   
=  {   'Name' = 'sAMAccountName',

  
#'EmailAddress' = 'mail',
  # 'Organization' = #
'Organization' = 'physicalDeliveryOfficeName',

  
# 'RealName' = 'cn',


# 'ExternalAuthId' = 'sAMAccountName',

  
# 'Gecos' = 'sAMAccountName',

  
# 'WorkPhone' = 'telephoneNumber',

  
# 'Address1' = 'streetAddress',

  
# 'City' = 'l',

  
# 'State' = 'st',

  
# 'Zip' = 'postalCode',

  
# 'Country' = 'co'

   
}
}


);







So i had to comment out some  command lines   in order to determine whats
going wrong and the the apache server will runing fine  :

Her is my new config:


#RT Authenth#

Set($ExternalAuthPriority,  [ ' My_LDAP' ]);
Set($ExternalInfoPriority,  ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS,   0 );
Set($AutoCreateNonExternalUsers,0);


Set($ExternalSettings, {'My_LDAP' = {   ## GENERIC SECTION
# The type of service 
(db/ldap/cookie) 
  'type' = 'ldap',
# The server hosting
the service
'server' = 
'192.168.23.40',
## SERVICE-SPECIFIC
SECTION
# If you can bind to
your LDAP server anonymously you should 
# remove the user
and pass config lines, otherwise specify them here:
# 
# The username RT
should use to connect to the LDAP server 
'user' = 'USER',
# The password RT
should use to connect to the LDAP server
'pass' = 
'password',
#
# The LDAP search
base
'base' =  'ou= 
Unit,dc=s***,dc=local',
#
# ALL FILTERS MUST
BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST**
SPECIFY A filter AND A d_filter!!
#
# The filter to use
to match RT-Users
'filter'  = 
'(ObjectClass=*)',
# A catch-all
example filter: '(objectClass=*)'
#
# The filter that
will only match disabled users
'd_filter' = 
'(userAccountControl=514)'

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-14 Thread Luis Avendaño

 

 Hi John, 

apparently your problem is this: 

'attr_match_list' = [ 'Name',
 # 'EmailAddress', ],
 # 'attr_map' 
 = { 'Name' = 'sAMAccountName',
 ... 

You have to ensure formatting correctly the list. For example: 
'attr_match_list' = [ 'Name' ]... you are doing this: 'attr_match_list' =
[ 'Name', 

In addition, check also attr_map. For example: 

   
'attr_map'  =  {   'Name' =
'sAMAccountName', 

   
'EmailAddress' = 'mail', 

   
'RealName' = 'cn', 

 
  'WorkPhone'
= 'telephoneNumber' 

   
} 

The error you are getting is that the SiteConfig is not correctly formed. 

Hope this helps, 

Best,
 



 Luis Avendaño 
 Grupo Latinoamericano ACM 
 Av. Venezuela Torre America, 
 Piso 1 Ofic 116, Bello Monte. 
 Caracas, Venezuela 
 Phone: (+58) 212-763.4104 
 Fax: (+58) 212-763.1847 
 http://www.acmgrp.com 

  USO DE CORREO ELECTRÓNICO DE
ACM ** 

 Este mensaje puede contener información únicamente de interés para ACM
GROUP o sus negocios y es enviado solamente al destinatario designado, y
puede contener información privilegiada, patentada o privada. La copia,
distribución, revelación o cualquier uso de la información contenida en
este mensaje es permitida solo a personas autorizadas. Si ha recibido este
correo electrónico por error, por favor destruyalo y notifique
inmediatamente a webmas...@acmgrp.com o al remitente 

 ** ACM GROUP INTERNET E-MAIL USE
*** 

 This message may contain information solely of the interest of ACM or its
businesses and is delivered for the designated recipient only and may
containprivileged, proprietary, or otherwise privatetion. Copying,
distribution, disclosure or any use of the information contained in this
transmission is permitted only to authorized parties. If you have received
this e-mail by error, please destroy it and notify webmas...@acmgrp.com or
the sender immediately 

 
**

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for Authentification ?

2011-04-13 Thread john s.



Someone out there ?


best regards john s.
-- 
View this message in context: 
http://old.nabble.com/RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-Authentification---tp31342791p31385180.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-13 Thread Kevin Falcone

On Mon, Apr 11, 2011 at 11:22:19AM -0600, Eli Guzman wrote:
 
 I think I see where you are going, maybe the permissions under the:
 
  _/autohandler,
 _/Elements/Header 
 
 directories could be incorrect?

This is unlikely to be a problem, or nothing would run, but you should
check it anyway.

On Mon, Apr 11, 2011 at 09:59:54AM -0400, Kevin Falcone wrote:
  [Fri Apr  8 23:34:13 2011] [debug]: Attempting to use external auth
  service: 
  My_LDAP
  (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
  h.pm:64)
  [Fri Apr  8 23:34:13 2011] [debug]: SSO Failed and no user to test with.
  Nexting 

You are basically at the point where you need to start enhancing this
debugging line to include more about what was captured from the form
so you can figure out why the username isn't available.

-kevin


pgpqBJgtVjhWx.pgp
Description: PGP signature

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for

2011-04-13 Thread Luis Avendaño

Hi Jhon,

 

Based on the Rt_SiteConfig piece you sent, there is a missing variable
setting in your configuration.

 

You put this:

 

   Set($AutoCreateNonExternalUsers, 0);

   'My_LDAP'   =  {   ## GENERIC

.

 

It should be like this:

 

Set($ExternalSettings,  {   # AN EXAMPLE DB SERVICE

'My_LDAP'   = 

 

 

In addition, based on the log you sent, you are also configuring My_SSO and
My_MySQL. If you are not using these services to authenticate, please delete
them from the RT_SiteConfig file. If you are using them I would recommend
you going step by step. First configure the LDAP, then go for the next
source

 

This is an example of a working conf, using RT 3.8.9 and LDAP = Active
Directory:

 

#Set($WebExternalAuth, 1);

#Set($WebExternalAuthContinuous, 1);

#Set($WebExternalGecos , undef);

#Set($WebExternalAuto , true);

#Set($WebFallbackToInternalAuth , undef);

Set($ExternalAuthPriority,  [   'My_LDAP'   ]);

Set($ExternalInfoPriority,  ['My_LDAP']);

Set($ExternalServiceUsesSSLorTLS,0);

Set($AutoCreateNonExternalUsers,0);

Set($ExternalSettings,  {

'My_LDAP'   =  {   ## GENERIC SECTION

   'type'
=  'ldap',

'server'
=  '***.***.***.***',

'user'
=  '*\*',

'pass'
=  '',

'base'
=  'DC=*,DC=com,DC=ve',

'filter'
=  '(objectClass=*)',

'd_filter'
=  '(userAccountControl=514)',

'tls'
=  0,

'net_ldap_args'
= [version =  3   ],

#'group'
=  'GROUP_NAME',

#'group_attr'
=  'GROUP_ATTR',

'attr_match_list'
= ['Name',

 
'EmailAddress'

 
#  'RealName',

 
#  'WorkPhone'

 
],

'attr_map'
=  {   'Name' = 'sAMAccountName',

 
'EmailAddress' = 'mail',

 
'RealName' = 'cn',

 
'WorkPhone' = 'telephoneNumber'

 
}

}

}

);

 

o   Set( @Plugins, qw( RT::Authen::ExternalAuth ) );

Give a shot with this, and then get back with the resulted log file and
final configuration.

 

Hope this helps,

 

Best,

 




Luis Avendaño

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-13 Thread Eli Guzman

Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 13, 2011 7:50 AM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users]
RT::Authen::ExternalAuth, Possible Configuration Issue? 

 On Mon, Apr 11, 2011 at 11:22:19AM -0600, Eli Guzman wrote:
 
 I think I see where you are going, maybe the permissions under the:
 
  _/autohandler,
 _/Elements/Header
 
 directories could be incorrect?
 
 This is unlikely to be a problem, or nothing would run, but you
 should check it anyway. 
 
 On Mon, Apr 11, 2011 at 09:59:54AM -0400, Kevin Falcone wrote:
 [Fri Apr  8 23:34:13 2011] [debug]: Attempting to use external auth
 service: My_LDAP
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/Externa
 lAut h.pm:64)
 [Fri Apr  8 23:34:13 2011] [debug]: SSO Failed and no user to test
 with. NextingHey Thomas (and Kevin)


 
 You are basically at the point where you need to start enhancing this
 debugging line to include more about what was captured from the form
 so you can figure out why the username isn't available.  
 
 -kevin

Thanks Kevin, adjusting the permissions to the file may have worked as
we are now able to authenticate via LDAP (there is no automatic log-on,
the users just need to enter their credentials, however it is pulling
user information via the module properly). 

Oddly enough even though the Auth piece is working, when a user within
the RTUsers group (via AD) accesses the RT main login page, on the
'rt.log' I still get the same error:

[Tue Apr 12 23:37:15 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)

But as I stated, at least now I can actually authenticate, so my
question is could this then just be related to a misconfigured
RT_SiteConfig.pm file? I did make some changes to the file as well, and
this change could have had an effect as well, since previous to the
change, authentication was not taking place (besides just adjusting the
permissions of the files). 

Here is my RT_SiteConfig (for the Auth plug-in) as well, perhaps
something listed in this file is incorrect:

http://pastebin.com/zEF44vHr

I'll go ahead and enhance the debug line a bit more, and once I have
that information I will post it.

Thanks,
Eli

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for Authentification ?

2011-04-11 Thread john s.



You don't say your RT version, or what fails, it is possible you need .08_01
if you're running RT 3.8.9

Hello Kevin 

Sorry i forgot i currently  useig the Version  3.8.9 

So i had followed your advice and now the  RT-Authen-ExternalAuth-0.08_01 is
still running.


At first it looks better than before, now i get response from the rt.log..
but there still some  problems ...


here is the relevant piece of information from  my log file:


 Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:14)
[Mon Apr 11 12:13:55 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 11 12:13:55 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Apr 11 12:13:55 2011] [debug]: Attempting to use external auth service:
My_MySQL
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 11 12:13:55 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Apr 11 12:13:55 2011] [debug]: Attempting to use external auth service:
My_SSO_Cookie
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 11 12:13:55 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Apr 11 12:13:55 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Mon Apr 11 12:14:06 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 11 12:14:06 2011] [debug]: Calling UserExists with $username
(RT-USER) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Apr 11 12:14:06 2011] [debug]: Invalid service type for UserExists:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:361)
[Mon Apr 11 12:14:06 2011] [debug]: Attempting to use external auth service:
My_MySQL
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 11 12:14:06 2011] [debug]: Calling UserExists with $username
(RT-USER) and $service (My_MySQL)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Apr 11 12:14:06 2011] [debug]: Invalid service type for UserExists:
My_MySQL
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:361)
[Mon Apr 11 12:14:06 2011] [debug]: Attempting to use external auth service:
My_SSO_Cookie
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Apr 11 12:14:06 2011] [debug]: Calling UserExists with $username
(RT-USER) and $service (My_SSO_Cookie)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Apr 11 12:14:06 2011] [debug]: Invalid service type for UserExists:
My_SSO_Cookie
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:361)
[Mon Apr 11 12:14:06 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Mon Apr 11 12:14:06 2011] [error]: FAILED LOGIN for RT-USER from
192.168.112.1 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)



Thanks in advance 

best regrads john s.










-- 
View this message in context: 
http://old.nabble.com/RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-Authentification---tp31342791p31369863.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-11 Thread Kevin Falcone

 [Fri Apr  8 23:34:13 2011] [debug]: Attempting to use external auth
 service: 
 My_LDAP
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
 h.pm:64)
 [Fri Apr  8 23:34:13 2011] [debug]: SSO Failed and no user to test with.
 Nexting 

This implies that the username you typed into the login box isn't
getting to the plugin.

You did clear the mason cache when you updated the module, right?

-kevin


pgpJKgg6zOEHb.pgp
Description: PGP signature

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-11 Thread Eli Guzman

Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Monday, April 11, 2011 8:00 AM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users]
RT::Authen::ExternalAuth, Possible Configuration Issue? 

 [Fri Apr  8 23:34:13 2011] [debug]: Attempting to use external auth
 service: My_LDAP

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalA
 ut h.pm:64)
 [Fri Apr  8 23:34:13 2011] [debug]: SSO Failed and no user to test
 with. Nexting
 
 This implies that the username you typed into the login box isn't
 getting to the plugin. 
 
 You did clear the mason cache when you updated the module, right?
 
 -kevin

Hey Kevin,

No I did not clear the cache at that time, so I made sure to do so now:

[root@xx ~]# rm -fr /opt/rt3/var/mason_data/obj
[root@xx ~]# rm -rf /opt/rt3/var/mason_data/*

And then restarted httpd services, this goes ok, and once again I get
the 
same message:

http://pastebin.com/raw.php?i=kme8CUdk

All of the ExternalAuth messages listed on the pastebin came up as I
opened the browser,
with our designated test domain user named jjdoe.

On the pastebin you may also notice that there is a message when httpd
services are initializing
stating that RT's GnuPG libraries couldn't successfully read your
configured GnuPG home directory 
and thereupon Disables PGP support for RT. Could this have something to
do with the 
RT::Authen::ExternalAuth error? 

[Mon Apr 11 16:30:02 2011] [debug]: RT's GnuPG libraries couldn't
successfully read your 
configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP support has
been disabled /opt/rt3/bin/../lib/RT/Config.pm:449)

If there is anything else I can try please let me know.

Thanks,
Eli

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-11 Thread Thomas Sibley

On 04/11/2011 12:43 PM, Eli Guzman wrote:
 On the pastebin you may also notice that there is a message when httpd
 services are initializing
 stating that RT's GnuPG libraries couldn't successfully read your
 configured GnuPG home directory 
 and thereupon Disables PGP support for RT. Could this have something to
 do with the 
 RT::Authen::ExternalAuth error? 

Nope, this is completely unrelated to ExternalAuth.

 If there is anything else I can try please let me know.

Please send the output of: ls -lR
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/

Thomas

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-11 Thread Eli Guzman

Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas
Sibley Sent: Monday, April 11, 2011 11:06 AM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users]
RT::Authen::ExternalAuth,Possible Configuration Issue? 

 On 04/11/2011 12:43 PM, Eli Guzman wrote:
 On the pastebin you may also notice that there is a message when
 httpd services are initializing stating that RT's GnuPG libraries
 couldn't successfully read your configured GnuPG home directory
 and thereupon Disables PGP support for RT. Could this have something
 to do with the RT::Authen::ExternalAuth error?
 
 Nope, this is completely unrelated to ExternalAuth.
 
 If there is anything else I can try please let me know.
 
 Please send the output of: ls -lR
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/
 
 Thomas

Hey Thomas,

Here it is:

http://pastebin.com/raw.php?i=U3a8gde4

I think I see where you are going, maybe the permissions under the:

 _/autohandler,
_/Elements/Header 

directories could be incorrect?

Thanks,
Eli

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-08 Thread Eli Guzman

Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas
Sibley Sent: Thursday, April 07, 2011 6:33 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users]
RT::Authen::ExternalAuth,Possible Configuration Issue? 

 On 04/07/2011 08:04 PM, Eli Guzman wrote:
 == TL/DR ==
 
 Installed RT 3.8.9 on a test RHEL server, and cannot seem to get
 RT::Authen::ExternalAuth to properly work, please help!
 
 Sorry for the bump to this topic, just needed to see if anyone can
 still assist with this issue. If this is a problem with the module
 itself, what would be another possible workaround for getting LDAP
 connected?
 
 You didn't actually include the log or configuration files that you
 said you did.  However I suspect you're running version 0.08 of
 ExternalAuth which is known not to work with RT 3.8.9.  You should
 download and install ExternalAuth 0.08_01 from CPAN at the link
 below.  0.08_01 is a developer release containing a known fix for the
 problem. 
 

http://search.cpan.org/CPAN/authors/id/F/FA/FALCONE/RT-Authen-ExternalAu
th-0.08_01.tar.gz
 
 Thomas

Hey Thomas,

Thanks a lot for the information, I went ahead and queried the cpan
packages and you are 
correct I am running: 

   RT::Authen::ExternalAuth  0.08

I will give try at downloading 0.08_01 and see how it goes. I did
include the logs
in another email, not sure if that one made the list. I am including the
logs on this 
email (just in case anyone wants a quick glance at them), please do let
me know if they 
do not go through (sometimes our AV server strips off attachments). If
they don't I'll 
just do a pastebin from the logs I do have. I'll make sure to update the
list with the
results.

Thanks,
Eli


config-and-logs.tar.gz
Description: config-and-logs.tar.gz

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-08 Thread Eli Guzman

Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Eli
Guzman Sent: Friday, April 08, 2011 10:36 AM To: Thomas Sibley;
rt-users@lists.bestpractical.com Subject: Re: [rt-users]
RT::Authen::ExternalAuth,Possible Configuration Issue? 

 Original Message
 From: rt-users-boun...@lists.bestpractical.com
 [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Thomas
 Sibley Sent: Thursday, April 07, 2011 6:33 PM To: 
 rt-users@lists.bestpractical.com Subject: Re: [rt-users]
 RT::Authen::ExternalAuth,Possible Configuration Issue? 

 On 04/07/2011 08:04 PM, Eli Guzman wrote:
 == TL/DR ==

 Installed RT 3.8.9 on a test RHEL server, and cannot seem to get
 RT::Authen::ExternalAuth to properly work, please help!

 Sorry for the bump to this topic, just needed to see if anyone can
 still assist with this issue. If this is a problem with the module
 itself, what would be another possible workaround for getting LDAP
 connected?

 You didn't actually include the log or configuration files that you
 said you did.  However I suspect you're running version 0.08 of
 ExternalAuth which is known not to work with RT 3.8.9.  You should
 download and install ExternalAuth 0.08_01 from CPAN at the link
 below. 
 0.08_01 is a developer release containing a known fix for the
 problem. 

http://search.cpan.org/CPAN/authors/id/F/FA/FALCONE/RT-Authen-ExternalAu
 th-0.08_01.tar.gz

 Thomas

 Hey Thomas,

 Thanks a lot for the information, I went ahead and queried the cpan
 packages and you are correct I am running: 

RT::Authen::ExternalAuth  0.08

 I will give try at downloading 0.08_01 and see how it goes. I did
 include the logs in another email, not sure if that one made the
 list. I am including the logs on this email (just in case anyone
 wants a quick glance at them), please do let me know if they do not
 go through (sometimes our AV server strips off attachments). If they
 don't I'll just do a pastebin from the logs I do have. I'll make sure
 to update the list with the results.  

 Thanks,
 Eli

I went ahead and updated RT::Authen::ExternalAuth to version 0.8_01, 
but for some reason I am still getting the same error as before:

[Fri Apr  8 23:34:13 2011] [debug]: Attempting to use external auth
service: 
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:64)
[Fri Apr  8 23:34:13 2011] [debug]: SSO Failed and no user to test with.
Nexting 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)
[Fri Apr  8 23:34:13 2011] [debug]: Autohandler called ExternalAuth.
Response: 
(0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)

So I am not sure what else could be causing the issue, I am guessing
that
this is a configuration issue at this point (as to where exactly the
issue
may be, that is the 64,000 dollar question). 

I'll continue to have a look and see if I can fix the issue, but I think

I may have to use an alternate method of connecting to AD (i.e. OpenLDAP

Synchronization from our AD server, or a manual overlay). If there is
any additional 
insight on the problem please feel free to reply, as I'd be willing to
try other solutions 
as needed.

Thanks,
Eli

Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for Authentification ?

2011-04-07 Thread Kevin Falcone

On Thu, Apr 07, 2011 at 06:58:04AM -0700, john s. wrote:
 
 I try to integrate  ExternalAuth-0.08 Modul in RT.

You don't say your RT version, or what fails, it is possible you need
.08_01 if you're running RT 3.8.9

 But i don't know exactly which system packages i need for it..   for only an
 Authentifiaction with RT no
 Samba or other stuff  
 
 My System is : Ubuntu 10.04
 
 here is my Ldap Config:
 
 # AN EXAMPLE LDAP SERVICE

 Set($ExternalAuthPriority,   [ 'My_LDAP' ] );
Set($ExternalInfoPriority,   [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS,0);
Set($AutoCreateNonExternalUsers, 0);
 
 
 
 
 
 'My_LDAP'   =  {   ## GENERIC
 SECTION
 # The type of
 service (db/ldap/cookie)
 'type'
  
 =  'ldap',
 # The server hosting
 the service
 'server'  
  
 =  '192.168.123.41',
 ## SERVICE-SPECIFIC
 SECTION
 # If you can bind to
 your LDAP server anonymously you should
 # remove the user
 and pass config lines, otherwise specify them here:
 #
 # The username RT
 should use to connect to the LDAP server
 'user'
  
 =  'USER',
 # The password RT
 should use to connect to the LDAP server
 'pass'

 =  'password',
 #
 # The LDAP search
 base
 'base'
  
 =  'ou=Benutzer,ou=SBAOU,dc=sbah,dc=local',
 #
 # ALL FILTERS MUST
 BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
 # YOU **MUST**
 SPECIFY A filter AND A d_filter!!
 #
 # The filter to use
 to match RT-Users
 'filter'  
  
 =  '(objectClass=User)',
 # A catch-all
 example filter: '(objectClass=*)'
 #
 # The filter that
 will only match disabled users
 'd_filter'
  
 =  '(objectClass=FooBarBaz)',
 # A catch-none
 example d_filter: '(objectClass=FooBarBaz)'
 #
 # Should we try to
 use TLS to encrypt connections?
 'tls' 
  
 =  0,
 # SSL Version to
 provide to Net::SSLeay *if* using SSL
 'ssl_version' 
  
 =  3,
 # What other args
 should I pass to Net::LDAP-new($host,@args)?
 'net_ldap_args'   
  
 = [version =  3   ],
 # Does
 authentication depend on group membership? What group name?
 'group'   
  
 =  'GROUP_NAME',
 # What is the
 attribute for the group object that determines membership?
 'group_attr'  
  
 =  'GROUP_ATTR',
 ## RT ATTRIBUTE
 MATCHING SECTION
 # The list of RT
 attributes that uniquely identify a user
 # This example shows
 what you *can* specify.. I recommend reducing this
 # to just the Name
 and EmailAddress to save encountering problems later.

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-07 Thread Eli Guzman

Eli Guzman wrote:
 Greetings all,
 
 == A Little Background ==
 
 Sorry for the length of this post, TL/DR is at the bottom of this
 message. We currently run RT 3.6.6 in a production environment
 (running on RHEL 5.3, Tikanga, 2.6.18-128.2.1.el5xen #1 SMP, x86,
 running on a Dell PowerEdge R410). We are in the midst of upgrading
 to 3.8.9 (as we really liked the new look). The test environment is
 running on RHEL 5.6 Tikanga, 2.6.18-229.el5 #1 SMP, x86_64, within an
 ESX virtual environment (Dell PowerEdge R710 acting as the VM host). 
 
 We have already compiled the new RT instance successfully (web GUI
 runs really well), ported our current production DB to the new
 environment (after some issues related to MyISAM incompatibilities
 during initial deployment; we have been running RT since release
 v2.8), ran any necessary schema updates, and ensured that there
 weren't any CPAN related inconsistencies. 
 
 == The Problem ==
 
 Everything as far as the interface seems to be working as it should.
 We are currently attempting to integrate the LDAP piece into the
 install (LDAP via RT is a bit new to us). I believe that I may be
 missing a configuration piece somewhere, as we cannot seem to get
 authentication to occur properly between RT::Authen::ExternalAuth,
 and our Active Directory (AD) server. 
 
 I've enabled logging in RT (debug mode), and have attached the actual
 rt.log file to see if anyone can take a look and see if anything
 sticks out. I've also included my main RT_SiteConfig.pm, as well as
 the RT::Authen::External LDAP configuration file
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm),
 as the issue could also be a configuration issue with this file. As
 far as LDAP authentication, we currently use Active Directory on
 Windows 2003 R2. Within AD we have setup an initial OU named
 'services', with an authentication user named 'ldap', and a security
 group named 'RTUsers'. 
 
 The actual error is as follows:
 
 [Tue Apr  5 16:03:18 2011] [debug]: SSO Failed and no user to test
 with. 
 Nexting

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
 h.pm:92)
 
 I've searched for this error, but I have only found some threads
 addressing a similar issue, but with no actual listed solutions. From
 what I can tell from these threads the issue seems to stem from
 either an Apache, or a FastCGI configuration issue. The thing is
 Apache on this server starts without any errors at all, so it seems
 to be parsing the configuration files without a problem. I am
 attaching any related Apache configuration files as well (two files
 actually, /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/rt3.conf).
 
 At the moment I am a bit stumped, so if anyone here has any
 suggestions/information as to the issues mentioned above I'd
 certainly appreciate any and all input.  
 
 == TL/DR ==
 
 Installed RT 3.8.9 on a test RHEL server, and cannot seem to get
 RT::Authen::ExternalAuth to properly work, please help! 
 
 Best Regards,
 Eli


Sorry for the bump to this topic, just needed to see if anyone can still
assist with 
this issue. If this is a problem with the module itself, what would be
another possible 
workaround for getting LDAP connected? 

I've seen quite a few different solutions, so I am just wondering what
solutions are more 
successful in implementing than others (would a manual overlay or
perhaps Apache authentication 
Over OpenLDAP be a better choice?). 

If anyone has had any success with any of these other methods any input
you may have would be very 
useful specially since we seem to be having an issue getting
RT:Authen:ExternalAuth configured 
correctly.

Best Regards,
Eli

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-07 Thread Thomas Sibley

On 04/07/2011 08:04 PM, Eli Guzman wrote:
 == TL/DR ==

 Installed RT 3.8.9 on a test RHEL server, and cannot seem to get
 RT::Authen::ExternalAuth to properly work, please help! 
 
 Sorry for the bump to this topic, just needed to see if anyone can still
 assist with 
 this issue. If this is a problem with the module itself, what would be
 another possible 
 workaround for getting LDAP connected? 

You didn't actually include the log or configuration files that you said
you did.  However I suspect you're running version 0.08 of ExternalAuth
which is known not to work with RT 3.8.9.  You should download and
install ExternalAuth 0.08_01 from CPAN at the link below.  0.08_01 is a
developer release containing a known fix for the problem.

http://search.cpan.org/CPAN/authors/id/F/FA/FALCONE/RT-Authen-ExternalAuth-0.08_01.tar.gz

Thomas

Re: [rt-users] RT::Authen::ExternalAuth, Possible Configuration Issue?

2011-04-05 Thread Eli Guzman

Apologies, forgot to include configuration and log file attachment.

Thanks,
Eli

-Original Message-
From: Eli Guzman 
Sent: Tuesday, April 05, 2011 11:50 AM
To: 'rt-users@lists.bestpractical.com'
Subject: RT::Authen::ExternalAuth, Possible Configuration Issue?

Greetings all,

== A Little Background ==

Sorry for the length of this post, TL/DR is at the bottom of this
message. We currently run RT 3.6.6 in a production environment (running
on RHEL 5.3, Tikanga, 2.6.18-128.2.1.el5xen #1 SMP, x86, running on a
Dell PowerEdge R410). We are in the midst of upgrading to 3.8.9 (as we
really liked the new look). The test environment is running on RHEL 5.6
Tikanga, 2.6.18-229.el5 #1 SMP, x86_64, within an ESX virtual
environment (Dell PowerEdge R710 acting as the VM host). 

We have already compiled the new RT instance successfully (web GUI runs
really well), ported our current production DB to the new environment
(after some issues related to MyISAM incompatibilities during initial
deployment; we have been running RT since release v2.8), ran any
necessary schema updates, and ensured that there weren't any CPAN
related inconsistencies.

== The Problem ==

Everything as far as the interface seems to be working as it should. We
are currently attempting to integrate the LDAP piece into the install
(LDAP via RT is a bit new to us). I believe that I may be missing a
configuration piece somewhere, as we cannot seem to get authentication
to occur properly between RT::Authen::ExternalAuth, and our Active
Directory (AD) server. 

I've enabled logging in RT (debug mode), and have attached the actual
rt.log file to see if anyone can take a look and see if anything
sticks out. I've also included my main RT_SiteConfig.pm, as well as
the RT::Authen::External LDAP configuration file
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm), as
the issue could also be a configuration issue with this file. As far as
LDAP authentication, we currently use Active Directory on Windows 2003
R2. Within AD we have setup an initial OU named 'services', with an
authentication user named 'ldap', and a security group named 'RTUsers'. 

The actual error is as follows:

[Tue Apr  5 16:03:18 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAut
h.pm:92)

I've searched for this error, but I have only found some threads
addressing a similar issue, but with no actual listed solutions. From
what I can tell from these threads the issue seems to stem from either
an Apache, or a FastCGI configuration issue. The thing is Apache on this
server starts without any errors at all, so it seems to be parsing the
configuration files without a problem. I am attaching any related Apache
configuration files as well (two files actually,
/etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/rt3.conf).

At the moment I am a bit stumped, so if anyone here has any
suggestions/information as to the issues mentioned above I'd certainly
appreciate any and all input.

== TL/DR ==

Installed RT 3.8.9 on a test RHEL server, and cannot seem to get
RT::Authen::ExternalAuth to properly work, please help!

Best Regards,
Eli 

config-and-logs.tar.gz
Description: config-and-logs.tar.gz

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread Giuseppe Sollazzo


Hi John,
you talk about SSO but it's not clear from what you say if you either 
want authentication based on

- SSO
- LDAP
- SSO using LDAP

Can you please clarify?

On 23/02/11 08:55, john s. wrote:


Good Morning all

I've installed the External Auth Plugin for our RT System.


But now i have no clue how to tackle it.

My Knowledge about SSO is really really  limited


So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?

it would be really nice

best regards john




   



--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread john s.

Hello Guiseppe

I don't exactly what I'm talking about .. so I'LL describe in which way
should it work

The Authentification Server is an ActiveDirectory on an Windows2008 Server

so if you Logged in in the Main network system with username and Password
you have automallically

access to the rt interface without double authentification

in fact the AD server should handle the Authentification to the RT
-Server

maybe if it's fail an fallback to RT Authentifiaction would be nice but at
the moment it isn't necessary.

An other option is to make the authentification from AD to Apache ... so
this would be fit too.

like i said my background knowledge at this sector is very small

best regards john

Giuseppe Sollazzo-2 wrote:

Hi John,
you talk about SSO but it's not clear from what you say if you either
want authentication based on
- SSO
- LDAP
- SSO using LDAP

Can you please clarify?

On 23/02/11 08:55, john s. wrote:

Good Morning all

I've installed the External Auth Plugin for our RT System.

But now i have no clue how to tackle it.

My Knowledge about SSO is really really limited

So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?

it would be really nice

best regards john

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

--
View this message in context:
http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993406.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread john s.



i think this is sso per ldap to rt 
or ldap to apache 


-- 
View this message in context: 
http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30993957.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread Giuseppe Sollazzo


Hi John,
what you can do is either to plug AD authentication into RT, or to use a 
SSO solution (such as CAS).


Give this a look: http://blank.org/memory/output/rt-ad-sso.html

Regards,
Giuseppe

On 23/02/11 10:59, john s. wrote:


i think this is sso per ldap to rt
or ldap to apache


   



--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread john s.


Hm... this article sounds like a little bit outdated  is this the proper
to get an solid sso via ad  solution?

Another thing : 

Is it normal that the apache2 server doesnt 't start anymore after i 've
installed the perl module RT::Authen::ExternalAuth  ? ... Remember nothing
is configured yet 


Here is the error : 

[Wed Feb 23 12:05:05 2011] [error] Can't locate Net/LDAP.pm in @INC (@INC
contains: /opt/rt3/bin/../local/lib
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/../lib
/etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
/usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
/usr/local/lib/site_perl . /etc/apache2) at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nBEGIN failed--compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 3.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nBEGIN failed--compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
line 26.\nCompilation failed in require at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nBEGIN failed--compilation aborted at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation failed
in require at (eval 113) line 3.\n\t...propagated at
/usr/share/perl/5.10/base.pm line 93.\nBEGIN failed--compilation aborted at
/opt/rt3/bin/../lib/RT/CurrentUser.pm line 96.\nCompilation failed in
require at /opt/rt3/bin/../lib/RT.pm line 505.\nCompilation failed in
require at (eval 2) line 1.\n
[Wed Feb 23 12:05:05 2011] [error] Can't load Perl file:
/opt/rt3/bin/webmux.pl for server localhost:80, exiting...




Giuseppe Sollazzo-2 wrote:
 
 Hi John,
 what you can do is either to plug AD authentication into RT, or to use a 
 SSO solution (such as CAS).
 
 Give this a look: http://blank.org/memory/output/rt-ad-sso.html
 
 Regards,
 Giuseppe
 
 On 23/02/11 10:59, john s. wrote:

 i think this is sso per ldap to rt
 or ldap to apache



 
 
 -- 
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583
 
 
 
 


-
best regards john 
-- 
View this message in context: 
http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994494.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread john s.


I have fixed my problem the perl module  Net::LDAP was missing  godsake now 
RT is still running

but i think i'm tying to use these module 

i must reading some background knowledge if i finished ... i come back to
this thread 
and ask some questions one more 






john s. wrote:
 
 Hm... this article sounds like a little bit outdated  is this the
 proper way to get an solid solution based on sso via ad?
 
 Another thing : 
 
 Is it normal that the apache2 server doesnt 't start anymore after i 've
 installed the perl module RT::Authen::ExternalAuth  ? ... Remember nothing
 is configured yet 
 
 
 Here is the error : 
 
 [Wed Feb 23 12:05:05 2011] [error] Can't locate Net/LDAP.pm in @INC (@INC
 contains: /opt/rt3/bin/../local/lib
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt3/bin/../lib
 /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
 /usr/local/lib/site_perl . /etc/apache2) at
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
 line 3.\nBEGIN failed--compilation aborted at
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
 line 3.\nCompilation failed in require at
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
 line 26.\nBEGIN failed--compilation aborted at
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
 line 26.\nCompilation failed in require at
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
 3.\nBEGIN failed--compilation aborted at
 /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm line
 3.\nCompilation failed in require at (eval 1115) line 3.\nCompilation
 failed in require at (eval 113) line 3.\n\t...propagated at
 /usr/share/perl/5.10/base.pm line 93.\nBEGIN failed--compilation aborted
 at /opt/rt3/bin/../lib/RT/CurrentUser.pm line 96.\nCompilation failed in
 require at /opt/rt3/bin/../lib/RT.pm line 505.\nCompilation failed in
 require at (eval 2) line 1.\n
 [Wed Feb 23 12:05:05 2011] [error] Can't load Perl file:
 /opt/rt3/bin/webmux.pl for server localhost:80, exiting...
 
 
 
 
 Giuseppe Sollazzo-2 wrote:
 
 Hi John,
 what you can do is either to plug AD authentication into RT, or to use a 
 SSO solution (such as CAS).
 
 Give this a look: http://blank.org/memory/output/rt-ad-sso.html
 
 Regards,
 Giuseppe
 
 On 23/02/11 10:59, john s. wrote:

 i think this is sso per ldap to rt
 or ldap to apache



 
 
 -- 
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583
 
 
 
 
 
 


-
best regards john 
-- 
View this message in context: 
http://old.nabble.com/RT%3A%3AAuthen%3A%3AExternalAuth-Installed-need-Help-tp30993192p30994952.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread Thomas Smith

On Wed, Feb 23, 2011 at 2:27 AM, john s. firesk...@gmx.de wrote:


 An other   option is to make the authentification  from AD to Apache ... so
 this would be fit too.


You could also authenticate directly to the AD server using Kerberos and/or
LDAP.

* mod_auth_kerb - http://modauthkerb.sourceforge.net/
* mod_auth_ldap -
http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html

To make the Kerberos setup a snap, Likewise Open is nice--Open is their
free product. http://www.likewise.com/

This _should_ also allow for pass-through authentication using any modern
browser, provided the clients' computer logon name and password matches that
of their AD credentials.

Re: [rt-users] RT::Authen::ExternalAuth Installed need Help

2011-02-23 Thread Kevin Falcone

On Wed, Feb 23, 2011 at 01:27:08AM -0800, john s. wrote:

I don't exactly what I'm talking about .. so I'LL describe in which way
should it work

The Authentification Server is an ActiveDirectory on an Windows2008 Server

so if you Logged in in the Main network system with username and Password
you have automallically

access to the rt interface without double authentification

in fact the AD server should handle the Authentification to the RT
-Server

maybe if it's fail an fallback to RT Authentifiaction would be nice but at
the moment it isn't necessary.

An other option is to make the authentification from AD to Apache ... so
this would be fit too.

like i said my background knowledge at this sector is very small

You sound like you're describing SPNEGO, which isn't what
RT-Authen-ExternalAuth provides. Folks normally use mod_auth_kerb or
one of the commercial versions of that module to accomplish it.

-kevin

Giuseppe Sollazzo-2 wrote:

Hi John,
you talk about SSO but it's not clear from what you say if you either
want authentication based on
- SSO
- LDAP
- SSO using LDAP

Can you please clarify?

On 23/02/11 08:55, john s. wrote:

Good Morning all

I've installed the External Auth Plugin for our RT System.

But now i have no clue how to tackle it.

My Knowledge about SSO is really really limited

So can sb give me a hint to start the Challenge to get a good funcitonal
connection to my LDAP Server ( Windows 2008) ?

it would be really nice

best regards john

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

pgpccfoJvkOVo.pgp
Description: PGP signature

Re: [rt-users] RT::Authen::ExternalAuth to use LDAP for different groups

2011-02-17 Thread Kevin Falcone

On Thu, Feb 17, 2011 at 04:19:28PM -0500, marthter wrote:
I have successfully set up the LDAP authentication against my Active 
 Directory server, and
testing it with my own Windows user and password, and that is working and 
 letting me log in
that way.  However I get only a very restricted menu and navigation 
 structure.  Presumably
this is the non-privileged user's view of things (I'm new to this so I'm 
 somewhat guessing
here).

You can change this with the $AutoCreate config, read more about it in
RT_Config.pm.  For now you probably want to log in as root and make
your user privileged.

My question is, how do I use RT::Authen::ExternalAuth with LDAP to my 
 Active Directory, such
that some users (who are in group Blah in the Active Directory) are in the 
 privileged group,
and the rest of the users are in the non-privileged group.

There isn't a way to configure who is privileged and who isn't at a
group level in the RT-Authen-ExternalAuth level

I suspect you want to use RT-Extension-LDAPImporter to bulk import
users, set up your privileged users and then let
RT-Authen-ExternalAuth manage passwords and future info updates.

You'd need to handle any new users who should be privileged manually,
but I'm not sure how often that would happen for you

-kevin


pgpPzTPgm60pQ.pgp
Description: PGP signature

1 2 >

1 - 100 of 190 matches

Mail list logo