[rt-users] CALLING EXTERNALAUTH TESTERS - v0.07_01 nowavailable

Franzini, Gabriele [Nervianoms] Gabriele.Franzini at nervianoms.com
Mon Nov 10 06:06:47 EST 2008 

Hello,

V0.07_01 is working for us for authentication with MSFT AD, after
installing it on top of 0.06. New users can log in and get "autocreated"
properly.

Thanks a lot to all developers for the quick solution.

This is what we added to RT_SiteConfig.pm, in case it may help someone
else:
-------------------------------------------------

# Config per LDAP Authentication
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

### LDAP Settings
#
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($ExternalAuthPriority,  [   'AD_LDAP'
                            ]
);
Set($ExternalInfoPriority,  [   'AD_LDAP'
                            ]
);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    1);
Set($ExternalSettings,      {  # AN EXAMPLE LDAP SERVICE
'AD_LDAP'       =>  {   ## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type'                      =>  'ldap',
# Should the service be used for authentication?
'auth'                      =>  1,
# Should the service be used for information?
'info'                      =>  0,
# The server hosting the service
'server'                    =>  '<MyServerFullyQualifiedNameGoesHere>',
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
#
# The username RT should use to connect to the LDAP server
'user'                      =>  '<MyDomain\username>',
# The password RT should use to connect to the LDAP server
'pass'                    =>  '<MyPassword>',
#
# The LDAP search base
'base'                      =>  'ou=<Myouname>,dc=nervianoms,dc=com',
# The filter to use to match RT-Users
'filter'                    =>
'(&(objectCategory=person)(objectClass=user))',
# The filter that will only match disabled users
'd_filter'                  =>
'(&(objectCategory=person)(objectClass=user)
(userAccountControl:1.2.840.113556.1.4.803:=2))',
# Should we try to use TLS to encrypt connections?
'tls'                       =>  0,
# What other args should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args'             => [    version =>  3   ],
# Does authentication depend on group membership? What group name?
#GV#'group'                     =>  'GROUP_NAME',
# What is the attribute for the group object that determines membership?
#GV#'group_attr'                =>  'GROUP_ATTR',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
'attr_match_list'           => [    'Name',
                                    'EmailAddress',
                                    'RealName'
                                ],
# The mapping of RT attributes on to LDAP attributes
'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                    'EmailAddress' => 'mail',
                                    'ExternalAuthId' =>
'sAMAccountName',
                                }
                                                    }
                                }
);

### Fine config per LDAP authentication...
--------------------------------------------------
Gabriele Franzini
ICT Applications Manager
Nerviano Medical Sciences SRL
PO Box 11 - Viale Pasteur 10
20014 Nerviano Italy

More information about the rt-users mailing list