Looks like external Auth can create users again.
Turns out I changed attr_match_list and put in the name of the AD attribute not
the RT attribute.
Changed them back to
'attr_match_list' => [ 'Name',
'Gecos',
'EmailAddress'
],
And not it works!
- Shawn
On Aug 2, 2011, at 9:56 AM, Shawn Plummer wrote:
> Got more log information by turning on logging to rt. log
>
> ==> var/log/rt.log <==
> [Fri Jul 29 12:57:14 2011] [debug]: Attempting to use external auth service:
> Geneseo_AD
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
> [Fri Jul 29 12:57:14 2011] [debug]: Calling UserExists with $username
> (rttestuser) and $service (Geneseo_AD)
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
> [Fri Jul 29 12:57:14 2011] [debug]: UserExists params:
> username: rttestuser , service: Geneseo_AD
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
> [Fri Jul 29 12:57:14 2011] [debug]: LDAP Search === Base:
> cn=Users,DC=w2k,DC=geneseo,DC=edu == Filter:
> (&(objectClass=*)(sAMAccountName=rttestuser)) == Attrs:
> l,displayName,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,department,sAMAccountName
>
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
> [Fri Jul 29 12:57:14 2011] [debug]:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
> RT::Authen::ExternalAuth
> /opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
> 553 with: Disabled: 0, EmailAddress: , Gecos: rttestuser, Name: rttestuser,
> Privileged: 0
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
> [Fri Jul 29 12:57:14 2011] [debug]: Attempting to get user info using this
> external service: Geneseo_AD
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
> [Fri Jul 29 12:57:14 2011] [debug]: Attempting to use this canonicalization
> key: sAMAccountName
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
> [Fri Jul 29 12:57:14 2011] [debug]: This attribute ( sAMAccountName ) is null
> or incorrectly defined in the attr_map for this service ( Geneseo_AD )
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:474)
> [Fri Jul 29 12:57:14 2011] [debug]: Attempting to use this canonicalization
> key: mail
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
> [Fri Jul 29 12:57:14 2011] [debug]: This attribute ( mail ) is null or
> incorrectly defined in the attr_map for this service ( Geneseo_AD )
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:474)
> [Fri Jul 29 12:57:14 2011] [info]:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: 0,
> EmailAddress: , Gecos: rttestuser, Name: rttestuser, Privileged: 0
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
> [Fri Jul 29 12:57:14 2011] [error]: Couldn't create user rttestuser: Could
> not set user info
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:129)
> [Fri Jul 29 12:57:14 2011] [debug]: Autohandler called ExternalAuth.
> Response: (0, No User)
> (/opt/rt4devel/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
> [Fri Jul 29 12:57:14 2011] [error]: FAILED LOGIN for rttestuser from
> 137.238.60.9 (/opt/rt4devel/sbin/../lib/RT/Interface/Web.pm:655)
>
> I see it says that This attribute ( sAMAccountName ) is null or incorrectly
> defined in the attr_map for this service ( Geneseo_AD )
>
> But looking at the attribute editor on my AD server I see that user has an
> sAMAccountName of rttestuser so I am not sure why it thinks the it is
> incorrectly defined in the attar_map for the service. Is my config file wrong
> some how?
>
> It also appears that I can authenticate existing users in RT and I don't see
> any errors logged for them. it is only new users that are not in RT that are
> failing to be created.
>
>
> - Shawn
>
>
> On Jul 28, 2011, at 5:43 PM, Shawn Plummer wrote:
>
>> RT 4.0.1 and External Auth 0.9
>>
>> No luck on the log messages. Do I need to change to log to a file rather
>> than syslog?
>>
>>
>> On Jul 28, 2011, at 5:36 PM, Kevin Falcone wrote:
>>
>>> On Thu, Jul 28, 2011 at 01:32:40PM -0400, Shawn Plummer wrote:
>>>> Here is the RT_Siteconfig entries for ldapimport and external auth
>>>
>>> Versions?
>>>
>>> Also, any luck finding the expected log messages I note below?
>>>
>>> -kevin
>>>
>>>>> I'd expect to see the output of
>>>>> $RT::Logger->debug( (caller(0))[3],
>>>>> "called by",
>>>>> caller,
>>>>> "with:",
>>>>> join(", ", map {sprintf("%s: %s", $_, $args->{$_})}
>>>>> sort(keys(%$args))));
>>>>>
>>>>> and a reference to every Info service queried
>>>>>
>>>>> You may want to post your RT-Authen-ExternalAuth config and version
>>>
>>> --------
>>> 2011 Training: http://bestpractical.com/services/training.html
>>
>>
>> --------
>> 2011 Training: http://bestpractical.com/services/training.html
>
>
> --------
> 2011 Training: http://bestpractical.com/services/training.html
--------
2011 Training: http://bestpractical.com/services/training.html
