[rt-users] LDAP Summary and supported implementations

eric.valor at daimlerchrysler.com eric.valor at daimlerchrysler.com
Thu Apr 20 16:03:05 EDT 2006


Oh crap.. how'd that miss the cut-n-paste?

Set($LdapBase, 'cn=Users,dc=<domain>,dc=com');                    # search 
base

:-)

(again, note the Capital U in "Users")

--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
eric.valor at daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank :




"Matt Nichols" <mnichols at wayport.net> 
04/20/2006 12:59 PM

To
<eric.valor at daimlerchrysler.com>
cc
<rt-users at lists.bestpractical.com>
Subject
RE: [rt-users] LDAP Summary and supported implementations






Do you define an LdapBase variable in your config? 
 
Thanks again.
 
-Matt
 

From: eric.valor at daimlerchrysler.com 
[mailto:eric.valor at daimlerchrysler.com] 
Sent: Thursday, April 20, 2006 2:47 PM
To: Matt Nichols
Cc: rt-users at lists.bestpractical.com
Subject: RE: [rt-users] LDAP Summary and supported implementations
 

Matt: 

I've gotten this working with AD.  The trick for AD is making sure you 
search for "sAMAccountName" instead of "uid". 

Here are the bare essentials you'll need: 

Set($LdapUser, 'cn=<binduser>,CN=Users,dc=<domain>,dc=com');       # LDAP 
bind user 
Set($LdapPass, '<password>');                                   # LDAP 
bind user pass 
Set($LdapUidAttr, 'sAMAccountName');                            # 
attribute for RT account name 
Set($LdapFilter, 'objectclass=user');                       # filter LDAP 
entries (e.g., only people) 
Set($LdapNameAttr, 'cn');                                       # 
attribute for RT user name 
Set($LdapMailAttr, 'mail');                                     # 
attribute for RT email addy 

Note that "Users" requires the capital U... 

Bear in mind this won't auto-populate the RT database from the LDAP 
database.  Your users will fail unless they already have an RT account. 

The Moseman contribution allows for setting up accounts on-the-fly, but 
I've had some difficulty in getting it to pull in all the LDAP (AD) 
records (SQL errors are reported in the logging).  I haven't been able to 
put in much time in debugging.. 

The Mehl contribution does a better job and has good instructions, but has 
the drawback of requiring mod_ntlm and the NT LanMan hash vulnerability. 

Hope this helps. 

--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
eric.valor at daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank :
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060420/3656ccd3/attachment.htm>


More information about the rt-users mailing list