[rt-users] Regular Authentication and ExternalAuth RT 3.8.1
Klaus Engelmann
klausengelmann at gmail.com
Tue May 19 18:49:02 EDT 2009
Hello Eric:
I've got the same problem. After compiling and installing
RT::Authen::ExternalAuth I was able to authenticate using my OpenLDAP but
any other user that is missing from LDAP will not work.
Even new users that send an email in order to request a ticket isn't
working.
I am using rt3-3.6.5-3.el5.rpm on a CentOS Machine and
RT-Authen-ExternalAuth-0.05.
The logs are:
[Thu May 7 21:32:44 2009] [error]: RT could not load a valid user, and RT's
configuration does not allow
[Thu May 7 21:32:44 2009] [error]: RT could not load a valid user, and RT's
configuration does not allow
[Thu May 7 21:32:44 2009] [error]: Could not record email: Could not load a
valid user (/usr/share/rt3/html/REST/1.0/NoAuth/mail-gateway:75)
And my configuration is:
# Set ldap settings
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
# Once user info is found, no more services are checked.
Set($ExternalInfoPriority, ['My_LDAP' ]);
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 1);
# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
#
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
# The type of
service (db/ldap/cookie)
'type' => 'ldap',
# Should the service
be used for authentication?
'auth' => 1,
# Should the service
be used for information?
'info' => 1,
# The server hosting
the service
'server' => 'neptuno.ufcspa.edu.br',
## SERVICE-SPECIFIC
SECTION
# If you can bind to
your LDAP server anonymously you should
# remove the user
and pass config lines, otherwise specify them here:
#
# The username RT
should use to connect to the LDAP server
'user' => 'cn=admin,dc=ufcspa,dc=edu,dc=br',
# The password RT
should use to connect to the LDAP server
'pass' => 'xxxx',
# The LDAP search
base
'base' => 'ou=Users,dc=ufcspa,dc=edu,dc=br',
# The filter to use
to match RT-Users
'filter' => '(objectClass=posixAccount)',
# The filter that
will only match disabled users
'd_filter' => '(accountStatus=disabled)',
# Should we try to
use TLS to encrypt connections?
'tls' => 0,
# What other args
should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args' => [ version => 3 ],
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName'
],
# The mapping of RT
attributes on to LDAP attributes
'attr_map' => { 'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'displayName'
}
}
}
);
Klaus Engelmann
CCNA CCDA - CSCO10971632
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090519/a703d37a/attachment.htm>
More information about the rt-users
mailing list