[rt-users] RT::Authen::ExternalAuth

Kevin Falcone falcone at bestpractical.com
Wed Sep 1 15:25:12 EDT 2010


On Wed, Sep 01, 2010 at 02:28:32PM -0400, Jason Ledford wrote:
> I think this is what you need
> http://search.cpan.org/dist/RT-Extension-LDAPImport/
> RT-Extension-LDAPImport (in case the url gets stripped).
> 
> It's what I use along with the externalauth, that way I import all
> the users.  I then run the script nightly to import changes.  The
> external auth plugin will also update the details when the login.  

LDAPImport is what I often recommend for folks, there is current work
in the git repo that should be looked at if you're missing features.

> But you can't assign permissions to a user that's never logged in.

If you run LDAPImport, that user should be there to find and make
privileged so you can grant them rights

-kevin

> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dan Stilts
> Sent: Wednesday, September 01, 2010 2:16 PM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] RT::Authen::ExternalAuth
> 
> As far as I know, this only gets updated when the user goes to login. 
> However, I'm sure it's also very easily scriptable to pull rt3.Users and 
> then pull the users from LDAP (AD) and update the user via sql in 
> rt3.Users. Whether this would end up breaking anything, I'm not sure as 
> this is just off the top of my head thinking, but I wouldn't think so.
> 
> Just a thought.
> 
> -Dan
> 
> 
> On 9/1/10 8:21 AM, Peter Barton wrote:
> > Thanks a bunch Dan!!  That did the trick perfectly!  I am now able to
> > authenticate successfully from AD and from the local system.
> >
> > Since it was so easy for you to spot my problem maybe you can help me
> > with one more request.  Like I said at the end of my last email I have
> > run the "rt_logins_email2ldap" script and everyone has appropriate
> > usernames to match AD.  Is there a way to have RT go through and
> > populate all the user information for each of the users that already
> > exist in my system?  Or is this supposed to be a dynamic step?  When I
> > open a ticket that existed prior to the installation of
> > RT::Authen::ExternalAuth the user information is not populated with
> > anything.
> >
> > Any direction you can give would be greatly appreciated.
> >
> > Thanks in advance,
> >
> > ----------
> > Peter Barton
> >
> > -----Original Message-----
> > From: rt-users-bounces at lists.bestpractical.com
> > [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dan
> > Stilts
> > Sent: Tuesday, August 31, 2010 5:38 PM
> > To: rt-users at lists.bestpractical.com
> > Subject: Re: [rt-users] RT::Authen::ExternalAuth
> >
> > Peter,
> >
> > Looks like you have two plugin lines:
> >
> > Set(@Plugins, qw(RT::Authen::ExternalAuth));
> > Set(@Plugins, qw(RTx::Calendar));
> >
> > Try:
> > Set(@Plugins,(qw(RT::Authen::ExternalAuth RTx::Calendar)));
> >
> > Your second plugin line is overwriting the first one.
> >
> > -Dan
> >
> > On 8/31/10 3:05 PM, Peter Barton wrote:
> >> I have been searching all day long and I am having some issues getting
> >> this running. Here is a quick copy of my RT_SiteConfig.pm:
> >>
> >> Set(@Plugins, qw(RT::Authen::ExternalAuth));
> >>
> >> Set(@Plugins, qw(RTx::Calendar));
> >>
> >> Set($LogToFile,'debug');
> >>
> >> Set($TrustHTMLAttachments, 1);
> >>
> >> Set($ExternalAuthPriority, [ 'My_LDAP'
> >>
> >> ]
> >>
> >> );
> >>
> >> Set($ExternalInfoPriority, [ 'My_LDAP'
> >>
> >> ]
> >>
> >> );
> >>
> >> Set($ExternalServiceUsesSSLorTLS, 0);
> >>
> >> Set($AutoCreateNonExternalUsers, 0);
> >>
> >> Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
> >>
> >> 'My_MySQL' =>  { ## GENERIC SECTION
> >>
> >> 'type' =>  'mysql',
> >>
> >> 'server' =>  'localhost',
> >>
> >> 'database' =>  'rt3',
> >>
> >> 'table' =>  'USERS_TABLE',
> >>
> >> 'user' =>  'rt_user',
> >>
> >> 'pass' =>  'blahblah',
> >>
> >> 'port' =>  '3306',
> >>
> >> 'dbi_driver' =>  'mysql',
> >>
> >> 'u_field' =>  'username',
> >>
> >> 'p_field' =>  'password',
> >>
> >> 'p_enc_pkg' =>  'Crypt::MySQL',
> >>
> >> 'p_enc_sub' =>  'password',
> >>
> >> 'd_field' =>  'disabled',
> >>
> >> 'd_values' =>  ['0'],
> >>
> >> 'attr_match_list' =>  [ 'Gecos',
> >>
> >> 'Name'
> >>
> >> ],
> >>
> >> 'attr_map' =>  { 'Name' =>  'username',
> >>
> >> 'EmailAddress' =>  'email',
> >>
> >> 'ExternalAuthId' =>  'username',
> >>
> >> 'Gecos' =>  'userID'
> >>
> >> }
> >>
> >> },
> >>
> >> # AN EXAMPLE LDAP SERVICE
> >>
> >> 'My_LDAP' =>  { ## GENERIC SECTION
> >>
> >> 'type' =>  'ldap',
> >>
> >> 'server' =>  'iesicorp.tf.prv',
> >>
> >> 'user' =>  'cn=user,dc=tf,dc=prv',
> >>
> >> 'pass' =>  'blahblah',
> >>
> >> 'base' =>  'dc=tf,dc=prv',
> >>
> >> 'filter' =>  '(objectClass=user)',
> >>
> >> 'd_filter' =>  '(objectClass=FooBarBaz)',
> >>
> >> 'tls' =>  0,
> >>
> >> 'ssl_version' =>  3,
> >>
> >> 'net_ldap_args' =>  [ version =>  3 ],
> >>
> >> # 'group' =>  'Domain Users',
> >>
> >> # 'group_attr' =>  'memberof',
> >>
> >> 'attr_match_list' =>  [ 'Name',
> >>
> >> 'EmailAddress',
> >>
> >> 'RealName',
> >>
> >> 'WorkPhone',
> >>
> >> 'Address2'
> >>
> >> ],
> >>
> >> # The mapping of RT attributes on to LDAP attributes
> >>
> >> 'attr_map' =>  { 'Name' =>  'sAMAccountName',
> >>
> >> 'EmailAddress' =>  'mail',
> >>
> >> 'Organization' =>  'physicalDeliveryOfficeName',
> >>
> >> 'RealName' =>  'cn',
> >>
> >> 'ExternalAuthId' =>  'sAMAccountName',
> >>
> >> 'Gecos' =>  'sAMAccountName',
> >>
> >> 'WorkPhone' =>  'telephoneNumber',
> >>
> >> 'Address1' =>  'streetAddress',
> >>
> >> 'City' =>  'l',
> >>
> >> 'State' =>  'st',
> >>
> >> 'Zip' =>  'postalCode',
> >>
> >> 'Country' =>  'co'
> >>
> >> }
> >>
> >> },
> >>
> >> When I restart apache2 everything works fine. I see no errors. Yet
> > when
> >> I log into the web page I get this:
> >>
> >> [Tue Aug 31 21:44:27 2010] [info]: Successful login for pbarton from
> >> 192.168.10.60 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:430)
> >>
> >> I check the "System Configuration" and I see no reference to
> >> RT::Authen::ExternalAuth anywhere in there. From all the logs it does
> >> not even appear that I am loading this plugin.
> >>
> >> BTW, I am running Ubuntu 8.0.4 LTS and RT version 3.8.6 and I
> > installed
> >> RT::Authen::ExternalAuth from cpan version 0.08.
> >>
> >> I have successfully run the "rt_logins_email2ldap" script and was able
> >> to make all the necessary changes to accomoodate the change from local
> >> user auth to LDAP auth. Any help anyone
> >>
> >> Can provide I would be greatly appreciative.
> >>
> >> Thanks,
> >>
> >> ----------
> >>
> >> Peter Barton
> >>
> >>
> >>
> >>
> >> RT Training in Washington DC, USA on Oct 25&   26 2010
> >> Last one this year -- Learn how to get the most out of RT!
> >
> > RT Training in Washington DC, USA on Oct 25&  26 2010
> > Last one this year -- Learn how to get the most out of RT!
> >
> > RT Training in Washington DC, USA on Oct 25&  26 2010
> > Last one this year -- Learn how to get the most out of RT!
> 
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
> 
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100901/3f5c7a21/attachment.sig>


More information about the rt-users mailing list