[rt-users] LDAP with AD RT:3.8.4 ExternalAuth

Beryl N. Snyder BSnyder at tmcdesign.com
Mon Sep 21 14:48:32 EDT 2009


Thanks Robert, That's what I was missing. Secondly it had to be User at domain.tdl for the LDAP to work 

Beryl Snyder

IT Specialist
TMC Design Corporation
4325 Del Rey BLVD
Las Cruces, NM 88012
Phone: 575-382-4600
Fax: 575-523-8588


-----Original Message-----
From: Robert Nesius [mailto:nesius at gmail.com] 
Sent: Monday, September 21, 2009 10:16 AM
To: Beryl N. Snyder; rt-users at lists.bestpractical.com
Subject: Re: [rt-users] LDAP with AD RT:3.8.4 ExternalAuth

 >>  Set(@Plugins,qw(RT::FM));

You need to turn on the extension by adding the
RT::Authen::ExternalAuth module to that quoted array.

Also, I saw this below:

>> # The username RT should use to connect to the LDAP server
>> 'user'                      =>  'AD_Info\\LDAP',
>> 'pass'                    =>  'pass',

That may or may not work.  If your user is LDAP, you may actually need
to use: LDAP at domain.yourcompany.com, and you may need to add the
@domain.yourcompany.com as an auto-appended suffix so your users can
log on with their basic username.

-Rob

On Mon, Sep 21, 2009 at 10:48 AM, Beryl N. Snyder <BSnyder at tmcdesign.com> wrote:
>
> I am running RT 3.8.4 with the RT::Authen::ExternalAuth plugin.  My Request tracker server  does not appear to be accessing the AD server for login.   If I run  tcpdump I  do not see a connection to the AD server being attempted and the local logins still work. Is there another config file I need to change?  I would be grateful for any help.
>
>
>
> The RT_SiteConfig.pm
>
>
>
> Set($LogToSyslog,'debug');
>
> # THE BASICS:
>
>
>
> Set($rtname, 'support.example.org');
>
> Set($Organization, 'example.org');
>
> Set($CorrespondAddress , 'bsnyder at domain.com');
>
> Set($CommentAddress , 'comment-test at domain.com');
>
> Set($Timezone , 'US/Mountan'); # obviously choose what suits you
>
>
>
> #LDAP
>
> Set(@Plugins,qw(RT::Authen::ExternalAuth));
>
>
>
>
>
> Set($ExternalAuthPriority,  ['My_LDAP']);
>
> Set($ExternalInfoPriority, ['My_LDAP']);
>
>
>
> Set($ExternalSettings,      {'My_LDAP'       =>  {
>
> ## GENERIC SECTION
>
> # The type of service (db/ldap/cookie)
>
>    'type'                      =>  'ldap',
>
> # The server hosting the service
>
>         'server'                    =>  '10.x.x.x', #Ip  Addy is correct
>
> ## SERVICE-SPECIFIC SECTION
>
> # If you can bind to your LDAP server anonymously you should
>
> # remove the user and pass config lines, otherwise specify them here:
>
> #
>
> # The username RT should use to connect to the LDAP server
>
> 'user'                      =>  'AD_Info\\LDAP',
>
> 'pass'                    =>  'pass',
>
>                                                         #
>
> # The LDAP search base
>
> 'base'                      =>  'ou=*,dc=DCinfo,dc=local',
>
> #
>
> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
>
> # YOU **MUST** SPECIFY A filter AND A d_filter!!
>
> #
>
> # The filter to use to match RT-Users
>
> 'filter'                    =>  '(objectClass=*)',
>
> # A catch-all example filter: '(objectClass=*)'
>
> #
>
> # The filter that will only match disabled users
>
> 'd_filter'                  =>  '(objectClass=FooBarBaz))',
>
> # A catch-none example d_filter: '(objectClass=FooBarBaz)'
>
> #
>
> # Should we try to use TLS to encrypt connections?
>
> 'tls'                       =>  0,
>
> # SSL Version to provide to Net::SSLeay *if* using SSL
>
> 'ssl_version'               =>  3,
>
> # What other args should I pass to Net::LDAP->new($host, at args)?
>
> 'net_ldap_args'             => [    version =>  3   ],
>
> 'attr_match_list'           => [    'Name','EmailAddress'],
>
> # The mapping of RT attributes on to LDAP attributes
>
> 'attr_map'                  =>  {   'Name' => 'sAMAccountName',
>
>                                    'EmailAddress' => 'mail',
>
> }
>
>                                                     }
>
>                                 }
>
> );
>
>
>
> Set($DatabaseType, 'mysql'); # e.g. Pg or mysql
>
> Set($DatabaseUser , 'rtuser');
>
> Set($DatabasePassword , 'password');
>
> Set($DatabaseName , 'rt3'); # Ensure this is set to rt3!
>
> Set($WebPath , "/rt");
>
> Set($WebBaseURL , "http://support.example.org");
>
> Set(@Plugins,qw(RT::FM));
>
> 1;
>
>
>
>
>
> Syslog
>
> Sep 18 16:03:49 RequstTracker RT: FAILED LOGIN for testuser from 10.50.1.192 (/opt/rt3/share/html/autohandler:268)
>
> Sep 18 16:04:17 RequstTracker RT: You've enabled GD, but we couldn't load the module: Can't locate GD.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 365.
>
> Sep 18 16:04:17 RequstTracker RT: You've enabled GraphViz, but we couldn't load the module: Can't locate GraphViz.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 352.
>
> Sep 18 16:04:17 RequstTracker RT: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP support has been disabled
>
>
>
>
>
> Beryl Snyder
>
>
>
> IT Specialist
>
> TMC Design Corporation
>
> 4325 Del Rey BLVD
>
> Las Cruces, NM 88012
>
> Phone: 575-382-4600
>
> Fax: 575-523-8588
>
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com



More information about the rt-users mailing list