Re: RT 4.4.0rc1 - ExternalAuth

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: RT 4.4.0rc1 - ExternalAuth

Parish, Brent-2
Ok - part-way there.

I threw in some debug lines and if I separate my config into multiple files within RT_SiteConfig.d  it correctly sets the values on first iteration of reading those files.
Subsequent calls to the loader found the same values then UNset.  
Plowing all the separate files from RT_SiteConfig.d back into a single RT_SiteConfig.pm file (and deleting the separate ones) went back to keeping the ExternalAuth setting set.

The spurious notice about " ExternalInfoPriority not defined" seems to be coming from line 1087 in Config.pm.
I haven't looked deeper yet but first glance made me think perhaps it was used in debugging and maybe should be (re)moved now?
I'll look closer once I have ExternalAuth back up.

I had ExternalAuthId being set in my RT_SiteConfig.pm (for both $ExternalSettings attr_map and also for $LDAPMapping) and had to remove those (trips the "Unimplemented in RT::Record error")

ExternalAuth is now working for me, I just need to get the SSO piece (Apache Kerberos) back and I'll be all set!

Thanks again, BPS, for all your hard work and the great new release!

- Brent



-----Original Message-----
From: rt-devel [mailto:[hidden email]] On Behalf Of Parish, Brent
Sent: Wednesday, November 04, 2015 4:37 PM
To: [hidden email]
Subject: Re: [rt-devel] RT 4.4.0rc1 released

This is awesome guys, thanks!!!!!

I ran the upgrade today from 4.2.11 to 4.4.0rc1
The upgrade itself was pleasantly uneventful, save for some confusion on my part as to whether or not to remove the obsoleted plugins from RT_SiteConfig.pm before or after running upgrade.
  e.g.
    Leave them in: get the warnings.  
    Leave them out: does it skip anything if it thinks I was not using them?

I am struggling a bit with shifting ExternalAuth (LDAP --> Active Dir) to a core function though.
I'll keep playing with it, but if anyone has a moment (yeah, right, like anyone has such a thing as Free Time!) I'd love some thoughts on it.


For example, I removed the old plugins, because I see they are installed under lib/RT now.  
    local/plugins/RT-Authen-ExternalAuth
    local/plugins/RT-Extension-LDAPImport
I assume this was correct, though I don't recall seeing it in the upgrade doc?


I noticed in /opt/rt4/lib/RT/Authen/ExternalAuth.pm that it still refers to the Set($ExternalInfoPriority config, but the RT logs tell me different:
     ExternalInfoPriority not defined. User information (including user enabled/disabled) cannot be externally-sourced
(I see this whether I have it defined or not)


I kept all my old config settings for LDAP/ExternalAuth in RT_SiteConfig.pm
I did remove the plugins line for them, and added the   Set($ExternalAuth, 1);  
I just wasn't sure if that was the right way to do it?


In short, I'm looking for anything else that people have had to tweak for ExternalAuth (esp. LDAP) to make it work post-upgrade?

Thanks!
Brent







-----Original Message-----
From: rt-devel [mailto:[hidden email]] On Behalf Of Shawn Moore
Sent: Tuesday, November 03, 2015 3:36 PM
To: [hidden email]
Subject: [rt-devel] RT 4.4.0rc1 released


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256,SHA1

RT 4.4.0rc1 -- 2015-11-03
=========================
Reply | Threaded
Open this post in threaded view
|

Re: RT 4.4.0rc1 - ExternalAuth

Todd Wade

Hi Brent,

Thank you so much for reviewing this for us.

Just to confirm, the issue was that the config variables were located in
the new RT_SiteConfig.d structure, and when you moved everything back to
RT_SiteConfig.pm it worked as expected? If so, it should work for you
the way you originally did it so we'll have to fix that.

I also agree that the single line in the UPGRADING-4.4 file mentioning
how to migrate to built in external auth probably isn't enough. I think
we'll make an upgrading document just for external auth.

Thanks again,

On 11/5/15 10:50 AM, Parish, Brent wrote:

> Ok - part-way there.
>
> I threw in some debug lines and if I separate my config into multiple files within RT_SiteConfig.d  it correctly sets the values on first iteration of reading those files.
> Subsequent calls to the loader found the same values then UNset.
> Plowing all the separate files from RT_SiteConfig.d back into a single RT_SiteConfig.pm file (and deleting the separate ones) went back to keeping the ExternalAuth setting set.
>
> The spurious notice about " ExternalInfoPriority not defined" seems to be coming from line 1087 in Config.pm.
> I haven't looked deeper yet but first glance made me think perhaps it was used in debugging and maybe should be (re)moved now?
> I'll look closer once I have ExternalAuth back up.
>
> I had ExternalAuthId being set in my RT_SiteConfig.pm (for both $ExternalSettings attr_map and also for $LDAPMapping) and had to remove those (trips the "Unimplemented in RT::Record error")
>
> ExternalAuth is now working for me, I just need to get the SSO piece (Apache Kerberos) back and I'll be all set!
>
> Thanks again, BPS, for all your hard work and the great new release!
>
> - Brent
>
>
>
> -----Original Message-----
> From: rt-devel [mailto:[hidden email]] On Behalf Of Parish, Brent
> Sent: Wednesday, November 04, 2015 4:37 PM
> To: [hidden email]
> Subject: Re: [rt-devel] RT 4.4.0rc1 released
>
> This is awesome guys, thanks!!!!!
>
> I ran the upgrade today from 4.2.11 to 4.4.0rc1
> The upgrade itself was pleasantly uneventful, save for some confusion on my part as to whether or not to remove the obsoleted plugins from RT_SiteConfig.pm before or after running upgrade.
>    e.g.
>      Leave them in: get the warnings.
>      Leave them out: does it skip anything if it thinks I was not using them?
>
> I am struggling a bit with shifting ExternalAuth (LDAP --> Active Dir) to a core function though.
> I'll keep playing with it, but if anyone has a moment (yeah, right, like anyone has such a thing as Free Time!) I'd love some thoughts on it.
>
>
> For example, I removed the old plugins, because I see they are installed under lib/RT now.
>      local/plugins/RT-Authen-ExternalAuth
>      local/plugins/RT-Extension-LDAPImport
> I assume this was correct, though I don't recall seeing it in the upgrade doc?
>
>
> I noticed in /opt/rt4/lib/RT/Authen/ExternalAuth.pm that it still refers to the Set($ExternalInfoPriority config, but the RT logs tell me different:
>       ExternalInfoPriority not defined. User information (including user enabled/disabled) cannot be externally-sourced
> (I see this whether I have it defined or not)
>
>
> I kept all my old config settings for LDAP/ExternalAuth in RT_SiteConfig.pm
> I did remove the plugins line for them, and added the   Set($ExternalAuth, 1);
> I just wasn't sure if that was the right way to do it?
>
>
> In short, I'm looking for anything else that people have had to tweak for ExternalAuth (esp. LDAP) to make it work post-upgrade?
>
> Thanks!
> Brent