Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Request Tracker: Users

LDAP integration

  

 
Request Tracker users RSS feed   Index | Next | Previous | View Threaded


bartosz.cisek at pwr

May 9, 2008, 7:38 AM

Post #1 of 3 (66 views)
Permalink
LDAP integration
Hello,

I try to integrate RT with LDAP. After reading several earlier topics I
didn't manage to solve my problem and it seems that my issue is different.

[Fri May 9 13:59:40 2008] [warning]: Transaction->Create couldn't, as
you didn't specify an object type and id
(/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1481)
[Fri May 9 13:59:40 2008] [debug]: RT::User::IsExternalPassword Trying
External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
[Fri May 9 13:59:40 2008] [debug]: Attempting to use external auth
service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
[Fri May 9 13:59:40 2008] [debug]: LDAP Search === Base: o=pracownicy
== Filter: (&(uid=bartosz.cisek)(objectClass=inetmailuser)) == Attrs: dn
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:187)
[Fri May 9 13:59:40 2008] [debug]: Found LDAP DN:
uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:219)
[Fri May 9 13:59:40 2008] [info]: RT::User::IsExternalPassword External
Auth OK ( My_LDAP ): bartosz.cisek
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:283)
[Fri May 9 13:59:40 2008] [debug]: RT::User::IsPassword External auth
SUCCEEDED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:362)
[Fri May 9 13:59:40 2008] [debug]: RT::User::CanonicalizeUserInfo
called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm
192 with: Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:402)
[Fri May 9 13:59:40 2008] [debug]: Attempting to get user info using
this external service: My_LDAP
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:410)
[Fri May 9 13:59:40 2008] [debug]: Attempting to use this
canonicalization key: uid (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:419)
[Fri May 9 13:59:40 2008] [info]: RT::User::CanonicalizeUserInfo
returning Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:446)
[Fri May 9 13:59:40 2008] [warning]: Use of uninitialized value in join
or string at /usr/lib/perl5/vendor_perl/5.8.8/Log/Dispatch.pm line 22.
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
[Fri May 9 13:59:40 2008] [info]: Autocreated authenticated user
bartosz.cisek ( )
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)

It authenticates properly, but user receives invalid login/pass web
page. Strange is that 'gecos' and 'name' are fetched from LDAP
correctly, but 'EmailAddress' is not. 'Gecos' mapping is commented out
in config file, strange.

I also don't know how 'Disabled' and 'Privileged' fileds are set.

Here is my LDAP entry:

# base <o=pracownicy> with scope subtree
# filter: uid=bartosz.cisek
# requesting: ALL

# bartosz.cisek, People, pwr.wroc.pl, pracownicy
dn: uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: inetUser
objectClass: inetSubscriber
objectClass: ipUser
objectClass: nsManagedPerson
objectClass: inetmailuser
objectClass: inetlocalmailrecipient
objectClass: userpresenceprofile
objectClass: icsCalendarUser
objectClass: smsGwPerson
cn:: QmFydG9zeiBDaXNlayA=
uid: bartosz.cisek
givenName: Bartosz
sn: Cisek
mail: bartosz.cisek [at] pwr.wroc.pl
userPassword:: {hidden}
departmentNumber: SKP

RT_SiteConfig.pm

Set( $rtname, 'cerber.pwr.wroc.pl');
Set( $Organization , "Politechnika Wroc³awska");
Set( $Timezone , 'Europe/Warsaw');
Set( $WebBaseURL , "http://cerber.pwr.wroc.pl");
Set( $WebPath , "/rt3");

Set($DatabaseType , 'Pg');
Set($DatabaseHost , '172.17.x.x');
Set($DatabaseRTHost , '172.17.x.x');
Set($DatabaseUser , 'rt3_user');
Set($DatabasePassword , '{hidden}');
Set($DatabaseName , 'rt3');

Set($OwnerEmail , 'bartosz.cisek [at] pwr.wroc.pl');

Set($RTAddressRegexp , '^rt\@pwr.wroc.pl$');
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of
service (db/ldap/cookie)
'type'
=> 'ldap',
# Should the
service be used for authentication?
'auth'
=> 1,
# Should the
service be used for information?
'info'
=> 1,
# The server
hosting the service
'server'
=> 'student.pwr.wroc.pl',
##
SERVICE-SPECIFIC SECTION
# If you can
bind to your LDAP server anonymously you should
'user'
=> 'uid=mudl-skp,ou=People,o=pracownicy',
'pass'
=> '.mudl.',
'base'
=> 'o=pracownicy',
'filter'
=> '(objectClass=inetmailuser)',
'tls'
=> 0,
'net_ldap_args'
=> [ version => 3 ],

'attr_match_list' => [ 'uid'

],
'attr_map'
=> { 'Name' => 'uid',

'EmailAddress' => 'mail',

'Organization' => 'departmentNumber',

'RealName' => 'cn',

'ExternalAuthId' => 'uid'
#
'Gecos' => 'cn',
#
'WorkPhone' => 'telephoneNumber',
#
'Address1' => 'streetAddress',
#
'City' => 'l',
#
'State' => 'st',
#
'Zip' => 'postalCode',
#
'Country' => 'co'

}
}
}
);

Thanks in advance for any help.

best regards,

Bartosz Cisek

--
Bartosz Cisek <bartosz.cisek [at] pwr.wroc.pl>
tel.: +48 71 320 45 60

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales[at]bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


chenga at ias

May 9, 2008, 8:45 AM

Post #2 of 3 (62 views)
Permalink
Re: LDAP integration [In reply to]
I would like to add the information back to the mailing list. Earlier
this week I communicated with Mike Peachey directly because I wasn't on
RT-User mailing list yet. I ran into the very same problem against Sun
Directory Server 5.2 Q4.

Bartosz - out of my curiosity, what LDAP backend are you using?

>>Alan Cheng wrote:
>> Hi Mike,
>>
>> [Mon May 5 17:54:28 2008] [info]: Autocreated authenticated user acheng
>> ( ) (/usr/local/rt3/share/html/Callbacks/ExternalAuth/autohandler/Auth:50)

>This is the problem, but I'm not sure why. It is something I will work
>on when I get the time to do it. The parenthesis should contain a new
>Principle ID, but for some reason it doesn't.
>--
>Kind Regards,


Thanks,

Alan

Bartosz Cisek wrote:
> Hello,
>
> I try to integrate RT with LDAP. After reading several earlier topics I
> didn't manage to solve my problem and it seems that my issue is different.
>
> [Fri May 9 13:59:40 2008] [warning]: Transaction->Create couldn't, as
> you didn't specify an object type and id
> (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1481)
> [Fri May 9 13:59:40 2008] [debug]: RT::User::IsExternalPassword Trying
> External authentication (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:52)
> [Fri May 9 13:59:40 2008] [debug]: Attempting to use external auth
> service: My_LDAP (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:63)
> [Fri May 9 13:59:40 2008] [debug]: LDAP Search === Base: o=pracownicy
> == Filter: (&(uid=bartosz.cisek)(objectClass=inetmailuser)) == Attrs: dn
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:187)
> [Fri May 9 13:59:40 2008] [debug]: Found LDAP DN:
> uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:219)
> [Fri May 9 13:59:40 2008] [info]: RT::User::IsExternalPassword External
> Auth OK ( My_LDAP ): bartosz.cisek
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:283)
> [Fri May 9 13:59:40 2008] [debug]: RT::User::IsPassword External auth
> SUCCEEDED (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:362)
> [Fri May 9 13:59:40 2008] [debug]: RT::User::CanonicalizeUserInfo
> called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm
> 192 with: Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
> bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:402)
> [Fri May 9 13:59:40 2008] [debug]: Attempting to get user info using
> this external service: My_LDAP
> (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:410)
> [Fri May 9 13:59:40 2008] [debug]: Attempting to use this
> canonicalization key: uid (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:419)
> [Fri May 9 13:59:40 2008] [info]: RT::User::CanonicalizeUserInfo
> returning Disabled: 0, EmailAddress: , Gecos: bartosz.cisek, Name:
> bartosz.cisek, Privileged: 0 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:446)
> [Fri May 9 13:59:40 2008] [warning]: Use of uninitialized value in join
> or string at /usr/lib/perl5/vendor_perl/5.8.8/Log/Dispatch.pm line 22.
> (/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
> [Fri May 9 13:59:40 2008] [info]: Autocreated authenticated user
> bartosz.cisek ( )
> (/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)
>
> It authenticates properly, but user receives invalid login/pass web
> page. Strange is that 'gecos' and 'name' are fetched from LDAP
> correctly, but 'EmailAddress' is not. 'Gecos' mapping is commented out
> in config file, strange.
>
> I also don't know how 'Disabled' and 'Privileged' fileds are set.
>
> Here is my LDAP entry:
>
> # base <o=pracownicy> with scope subtree
> # filter: uid=bartosz.cisek
> # requesting: ALL
>
> # bartosz.cisek, People, pwr.wroc.pl, pracownicy
> dn: uid=bartosz.cisek,ou=People, o=pwr.wroc.pl, o=pracownicy
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetorgperson
> objectClass: inetUser
> objectClass: inetSubscriber
> objectClass: ipUser
> objectClass: nsManagedPerson
> objectClass: inetmailuser
> objectClass: inetlocalmailrecipient
> objectClass: userpresenceprofile
> objectClass: icsCalendarUser
> objectClass: smsGwPerson
> cn:: QmFydG9zeiBDaXNlayA=
> uid: bartosz.cisek
> givenName: Bartosz
> sn: Cisek
> mail: bartosz.cisek [at] pwr.wroc.pl
> userPassword:: {hidden}
> departmentNumber: SKP
>
> RT_SiteConfig.pm
>
> Set( $rtname, 'cerber.pwr.wroc.pl');
> Set( $Organization , "Politechnika Wroc³awska");
> Set( $Timezone , 'Europe/Warsaw');
> Set( $WebBaseURL , "http://cerber.pwr.wroc.pl");
> Set( $WebPath , "/rt3");
>
> Set($DatabaseType , 'Pg');
> Set($DatabaseHost , '172.17.x.x');
> Set($DatabaseRTHost , '172.17.x.x');
> Set($DatabaseUser , 'rt3_user');
> Set($DatabasePassword , '{hidden}');
> Set($DatabaseName , 'rt3');
>
> Set($OwnerEmail , 'bartosz.cisek [at] pwr.wroc.pl');
>
> Set($RTAddressRegexp , '^rt\@pwr.wroc.pl$');
> Set($ExternalAuthPriority, [ 'My_LDAP' ]);
> Set($ExternalInfoPriority, [ 'My_LDAP' ]);
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
> 'My_LDAP' => { ## GENERIC SECTION
> # The type of
> service (db/ldap/cookie)
> 'type'
> => 'ldap',
> # Should the
> service be used for authentication?
> 'auth'
> => 1,
> # Should the
> service be used for information?
> 'info'
> => 1,
> # The server
> hosting the service
> 'server'
> => 'student.pwr.wroc.pl',
> ##
> SERVICE-SPECIFIC SECTION
> # If you can
> bind to your LDAP server anonymously you should
> 'user'
> => 'uid=mudl-skp,ou=People,o=pracownicy',
> 'pass'
> => '.mudl.',
> 'base'
> => 'o=pracownicy',
> 'filter'
> => '(objectClass=inetmailuser)',
> 'tls'
> => 0,
> 'net_ldap_args'
> => [ version => 3 ],
>
> 'attr_match_list' => [ 'uid'
>
> ],
> 'attr_map'
> => { 'Name' => 'uid',
>
> 'EmailAddress' => 'mail',
>
> 'Organization' => 'departmentNumber',
>
> 'RealName' => 'cn',
>
> 'ExternalAuthId' => 'uid'
> #
> 'Gecos' => 'cn',
> #
> 'WorkPhone' => 'telephoneNumber',
> #
> 'Address1' => 'streetAddress',
> #
> 'City' => 'l',
> #
> 'State' => 'st',
> #
> 'Zip' => 'postalCode',
> #
> 'Country' => 'co'
>
> }
> }
> }
> );
>
> Thanks in advance for any help.
>
> best regards,
>
> Bartosz Cisek
>
>

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales[at]bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


bartosz.cisek at pwr

May 10, 2008, 6:38 AM

Post #3 of 3 (46 views)
Permalink
Re: LDAP integration [In reply to]
Alan Cheng napisa³(a):
> I would like to add the information back to the mailing list. Earlier
> this week I communicated with Mike Peachey directly because I wasn't on
> RT-User mailing list yet. I ran into the very same problem against Sun
> Directory Server 5.2 Q4.
>
> Bartosz - out of my curiosity, what LDAP backend are you using?

Sun One Directory Server 5.x. I can't remember exact version, I only use it.

Bartek
--
Bartosz Cisek <bartosz.cisek [at] pwr.wroc.pl>
tel.: +48 71 320 45 60

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales[at]bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Request Tracker users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.