[rt-users] LDAP with AD RT:3.8.4 ExternalAuth

Robert Nesius nesius at gmail.com
Mon Sep 21 12:15:49 EDT 2009 

 >>  Set(@Plugins,qw(RT::FM));

You need to turn on the extension by adding the
RT::Authen::ExternalAuth module to that quoted array.

Also, I saw this below:

>> # The username RT should use to connect to the LDAP server
>> 'user'                      =>  'AD_Info\\LDAP',
>> 'pass'                    =>  'pass',

That may or may not work.  If your user is LDAP, you may actually need
to use: LDAP at domain.yourcompany.com, and you may need to add the
@domain.yourcompany.com as an auto-appended suffix so your users can
log on with their basic username.

-Rob

On Mon, Sep 21, 2009 at 10:48 AM, Beryl N. Snyder <BSnyder at tmcdesign.com> wrote:
>
> I am running RT 3.8.4 with the RT::Authen::ExternalAuth plugin.  My Request tracker server  does not appear to be accessing the AD server for login.   If I run  tcpdump I  do not see a connection to the AD server being attempted and the local logins still work. Is there another config file I need to change?  I would be grateful for any help.
>
>
>
> The RT_SiteConfig.pm
>
>
>
> Set($LogToSyslog,'debug');
>
> # THE BASICS:
>
>
>
> Set($rtname, 'support.example.org');
>
> Set($Organization, 'example.org');
>
> Set($CorrespondAddress , 'bsnyder at domain.com');
>
> Set($CommentAddress , 'comment-test at domain.com');
>
> Set($Timezone , 'US/Mountan'); # obviously choose what suits you
>
>
>
> #LDAP
>
> Set(@Plugins,qw(RT::Authen::ExternalAuth));
>
>
>
>
>
> Set($ExternalAuthPriority,  ['My_LDAP']);
>
> Set($ExternalInfoPriority, ['My_LDAP']);
>
>
>
> Set($ExternalSettings,      {'My_LDAP'       =>  {
>
> ## GENERIC SECTION
>
> # The type of service (db/ldap/cookie)
>
>    'type'                      =>  'ldap',
>
> # The server hosting the service
>
>         'server'                    =>  '10.x.x.x', #Ip  Addy is correct
>
> ## SERVICE-SPECIFIC SECTION
>
> # If you can bind to your LDAP server anonymously you should
>
> # remove the user and pass config lines, otherwise specify them here:
>
> #
>
> # The username RT should use to connect to the LDAP server
>
> 'user'                      =>  'AD_Info\\LDAP',
>
> 'pass'                    =>  'pass',
>
>                                                         #
>
> # The LDAP search base
>
> 'base'                      =>  'ou=*,dc=DCinfo,dc=local',
>
> #
>
> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
>
> # YOU **MUST** SPECIFY A filter AND A d_filter!!
>
> #
>
> # The filter to use to match RT-Users
>
> 'filter'                    =>  '(objectClass=*)',
>
> # A catch-all example filter: '(objectClass=*)'
>
> #
>
> # The filter that will only match disabled users
>
> 'd_filter'                  =>  '(objectClass=FooBarBaz))',
>
> # A catch-none example d_filter: '(objectClass=FooBarBaz)'
>
> #
>
> # Should we try to use TLS to encrypt connections?
>
> 'tls'                       =>  0,
>
> # SSL Version to provide to Net::SSLeay *if* using SSL
>
> 'ssl_version'               =>  3,
>
> # What other args should I pass to Net::LDAP->new($host, at args)?
>
> 'net_ldap_args'             => [    version =>  3   ],
>
> 'attr_match_list'           => [    'Name','EmailAddress'],
>
> # The mapping of RT attributes on to LDAP attributes
>
> 'attr_map'                  =>  {   'Name' => 'sAMAccountName',
>
>                                    'EmailAddress' => 'mail',
>
> }
>
>                                                     }
>
>                                 }
>
> );
>
>
>
> Set($DatabaseType, 'mysql'); # e.g. Pg or mysql
>
> Set($DatabaseUser , 'rtuser');
>
> Set($DatabasePassword , 'password');
>
> Set($DatabaseName , 'rt3'); # Ensure this is set to rt3!
>
> Set($WebPath , "/rt");
>
> Set($WebBaseURL , "http://support.example.org");
>
> Set(@Plugins,qw(RT::FM));
>
> 1;
>
>
>
>
>
> Syslog
>
> Sep 18 16:03:49 RequstTracker RT: FAILED LOGIN for testuser from 10.50.1.192 (/opt/rt3/share/html/autohandler:268)
>
> Sep 18 16:04:17 RequstTracker RT: You've enabled GD, but we couldn't load the module: Can't locate GD.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 365.
>
> Sep 18 16:04:17 RequstTracker RT: You've enabled GraphViz, but we couldn't load the module: Can't locate GraphViz.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 352.
>
> Sep 18 16:04:17 RequstTracker RT: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP support has been disabled
>
>
>
>
>
> Beryl Snyder
>
>
>
> IT Specialist
>
> TMC Design Corporation
>
> 4325 Del Rey BLVD
>
> Las Cruces, NM 88012
>
> Phone: 575-382-4600
>
> Fax: 575-523-8588
>
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com

More information about the rt-users mailing list