[rt-users] External Users are not authenticated

Ashrock mdashraf.ash at gmail.com
Thu Sep 23 12:06:40 EDT 2010 

  Hi,

If anyone can look at my RT_SiteConfig and suggest if I am doing 
something wrong. I installed Authen::ExternalAuth and modified UserLocal.pm

I am unable to log in into RT with LDAP Credentials.

Error Log says. _GetBoundObj: Invalid Credentials.

# Any configuration directives you include here will override

# RT's default configuration file, RT_Config.pm

#

# To include a directive here, just copy the equivalent statement

# from RT_Config.pm and change the value. We've included a single

# sample value below.

#

# This file is actually a perl module, so you can include valid

# perl code, as well.

#

# The converse is also true, if this file isn't valid perl, you're

# going to run into trouble. To check your SiteConfig file, use

# this comamnd:

# perl -c /path/to/your/etc/RT_SiteConfig.pm

Set($WebBaseURL,'http://10.10.10.10:443'); Set($WebPath,'');

Set($DatabaseName, 'rt3'); Set($DatabaseType, 'mysql');

Set($DatbaseUser, 'rt_user'); Set($DatabasePassword, 'pass');

Set($rtname,'Ticket'); Set($Organization,"http://www.midcontinent.com");

#Set(@Plugins,(qw(Extension::QuickDelete)));

#Set(@Plguins,(qw(RT::FM)));

Set(@Plugins,(qw(RT::Authen::ExternalAuth)));

#Set($LogToFileNamedl, "rt.log");

#Set($LogToFile, 'debug');

Set($CorrespondAddress, 'rt-its at midcontinent.com');

Set($CommentAddress, 'rt-comment at midcontinent.com');

@MailCommand , 'sendmailpipe';

$SendMailArguments = "-oi -t";

$SendmailPath = "/usr/sbin/sendmail";

$SenderMustExistInExternaDatabase = undef;

#Set($MailCommand, 'sendmail');

#Set($SendMailArguments, "-bm --rt-its at midcontinent.com");

#Set($SendmailPath, "/usr/sbin/exim4");

Set($NotifyActor, 0);

Set($RecordOutgoingEmail, 1);

Set($Timezone, 'US/Central');

$WebURL = $WebBaseURL . $WebPath . "/";

#Set($WebExternalAuth, 1);

#Set($WebFallbackToInternalAuth, true);

# should be used to get information about users. This includes

# RealName, Tel numbers etc, but also whether or not the user

# Should be considered disabled.

# Once user info is found, no more services are checked.

Set ($ExternalAuthPriority, ['My_LDAP']);

Set ($ExternalInfoPriority, ['My_LDAP']);

#Set ($ExternalServiceUsesSSLorTLS, 1);

#If this is set true, then the relevant packages will

#be loaded to use SSL/TLS connections. At the moment,

# this just means "use Net::SSLeay;"

Set ($AutoCreateNonExternalUsers, 1);

#These are full settings for each external service as a HashOfHashes

# Note that you may have as many external services as you wish. They will

#be checked in the order specified in the Priority directives above.

# e.g .

#

Set($ExternalAuthPriority, ['My_LDAP']);

Set($ExternalSettings, {

'My_LDAP' =>

{

## GENERIC SECTION

# The type of service (db/ldap/cookie)

'type' => 'ldap',

'server' => '10.10.10.10',

'port' => '389',

# Should the service be used for authentication?

'auth' => 1,

# Should the service be used for information?

'info' => 1,

# The server hosting the service

#'server' => 'server.midcontinent.local',

## SERVICE-SPECIFIC SECTION

# If you can bind to your LDAP server anonymously you should

#remove the user and pass config lines, otherwise specify them here:

# The username RT should be used to connect to the LDAP server

'user' => 'CN=rmc, ou=users, ou=midcontinent, ou=local',

# The password RT should use to connect to the LDAP server

'pass' => 'temporarypassword',

# The LDAP search base

'base' => 'dc=server dc=midcontinent, dc=local',

# The filter to use to match RT-Users

#'filter' => '(uid=*)',

'filter' => '(objectclass = Person)',

# The filter that will only match disable users

#'d_filter' => '(objectClass=pwdPolicy)',

'd_filter' => '(userAccountControl : 1.2.840.113556.1.4.803:=2)',

#'d_filter' => '(&(objectCategory=person) 
(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))',

# Should we try to use TLS to encrypt connections?

'tls' => 1,

'ssl_version' => 3,

# What other args should I pass to Net::LDAP->new($host, @args)?

'net_ldap_args' => [version => 3],

# Does authentication depend on group membership? What group name?

#'group' =>'',

#what is the attribute for the group object that determines membership?

#'group_attr' => '',

## RT ATTRIBUTE MATCHING SECTION

#The list of RT attributes that uniquely identify a user

'attr_match_list' => ['Name','Email Address'],

# The mapping of RT attributes on to LDAP attributes

#'attr_map' => {'Name' => 'uid', 'EmailAddress' => 'mail'}

'attr_map' => {'Name' => 'sAMAaccountName','EmailAddress' => 
'mail','Organization' => 'physicalDeliveryOfficeName','RealName' => 
'cn','EternalAuthId'=> 'sAMAccountname',

'Gecos' => 'sAMAccountName','WorkPhone' => 'telephoneNumber','Address1' 
=> 'streetAddress','City' => '1','State' => 'st','Zip' => 
'postalCode','Country' => 'co'

}

  }

}

  );

  1;


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100923/2b606a8a/attachment.htm>

More information about the rt-users mailing list