Request Tracker installation and Windows AD integration.. any help?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Request Tracker installation and Windows AD integration.. any help?
Greetings all,
Got Request Tracker (RT4) installed on Cent OS 5.6 successfully using the online documentation.
Now I want to integrate it with our existing windows 2003 Active Directory domain.
Searched online and got ExternalAuth module. Got it installed and configured. But still somehow no authentication using AD credentials.
Have looked around google and duckduckgo but did not find anything relevant.
Whatever I could find, I tried to use the information but nothing helped.
Any help would be appreciated.
That plugin will presumably be using ldap, so verify that the LDAP queries are happening. For this *I* would use wireshark / tcpdump to grab the network traffic and look at the ldap bind requests etc. Obviously I'd also first look at the log files etc for useful info.
I am unable to find anything in log files. That is something strange to me. Let me use your other advice of using packet graber to see if I can find anything. I would have liked to configure log file though.
Okay I enabled file logging and found this in the logs
Code:
[Wed Mar 7 10:03:39 2012] [debug]: Autohandler called ExternalAuth. Response: (0, ExternalAuthPriority not defined, please check your configuration file.) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
Dont get much of it. I have checked the file but it is a read only file and possibly not meant for manually editing.
If anyone can understand what this means.
I am pasting the contents of the said file here for helping others help me
Code:
<%once>
my $loaded_user = 0;
</%once>
<%init>
use RT::Authen::ExternalAuth;
my ($val,$msg);
unless($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {
($val,$msg) = RT::Authen::ExternalAuth::DoAuth(\%session,$user,$pass);
$RT::Logger->debug("Autohandler called ExternalAuth. Response: ($val, $msg)");
}
return;
</%init>
<%ARGS>
$user => undef
$pass => undef
$menu => undef
</%ARGS>
Now this is what I find in the logs after doing some more configuration
Code:
[Wed Mar 7 11:15:07 2012] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:492)
[Wed Mar 7 11:15:07 2012] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Wed Mar 7 11:15:07 2012] [error]: FAILED LOGIN for cambaselkar from 10.10.8.94 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:665)
While this says "INVALID CREDENTIALS", I am sure none of the credentials are wrong. The credentials that I am using to bind to the LDAP are correct are working with Bugzilla on other server while the credentials I am using to login are the one I have used to login to the system I am writing this from.
Interesting... I think ldapsearch should give me some information on this. Only if I knew how to use "ldapsearch" tool.
Both the binds are similar. And the credentials too are same. But I got to know from some googling that RT needs complete CN in user name as well while binding. Did the changes. But still the same issue.
This the error that I am facing now:
Code:
User Check Failed :: ( My_LDAP ) <username> User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:343)
[Wed Mar 7 11:35:39 2012] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Wed Mar 7 11:35:39 2012] [error]: FAILED LOGIN for <username> from 10.10.8.94 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:665)
looks like it's searching and not finding the user, as opposed to not being able to bind as that user. just a guess... You may well find more RT specific routes, but generically, you want to see that search actually happen.
Using ldapsearch command really did the trick. Eliminated the issues related to the LDAP search. Now a very different issue. After giving user name and password for LDAP user, a blank page with only one on it:
Code:
Can't call method "as_string" on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 329, line 29.
well in that case I'd look at that code, find the value and see if that inspires anything, hopefully on the configuration file side, as it would sound like it's hopefully expecting a config variable to exist but doesn't. Esp as it's calling "as_string" which would often be used to coerce data you don't possibly totally trust into a known format, e.g a numerical value in the config file might be able to not be put in quote marks to make it a string, making it an integer value instead, which would need messing with.
Last edited by acid_kewpie; 03-07-2012 at 06:44 AM.
I have searched google and duckduckgo but have not found anything substantial as yet and the error continues to bug me down. For anyone with Perl knowledge, I am pasting the code here for review.
PS: I have not written a single line of it. It is a pert of External Auth Package.
Code:
# Check that the user exists in the LDAP service
$RT::Logger->debug( "LDAP Search === ", <====== This is line 329 where which is shown in error
"Base:",
$base,
"== Filter:",
$filter->as_string,
"== Attrs:",
join(',',@attrs));
my $user_found = $ldap->search( base => $base,
filter => $filter,
attrs => \@attrs);
if($user_found->count < 1) {
# If 0 or negative integer, no user found or major failure
$RT::Logger->debug( "User Check Failed :: (",
$service,
")",
$username,
"User not found");
return 0;
} elsif ($user_found->count > 1) {
# If more than one result returned, die because we the username field should be unique!
$RT::Logger->debug( "User Check Failed :: (",
$service,
")",
$username,
"More than one user with that username!");
return 0;
}
Well I hope you appreciate it is pretty obvious that the "$filter" variable is what's causing the error. Presumably that means there is no search filter provided, although it doesn't seem like it should be essential, and a lack of one should be handled.
10 seconds on google gives me this page: http://requesttracker.wikia.com/wiki...ConfigSettings which gives examples of RT ldap filters to set. Does that $LdapFilter value end up being used in that $filter value? Sounds reasonable. I really hope this is not new to you. I've never touched RT in my life and it all looks pretty self explanatory to me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.