[rt-users] RT4.4 ExternalAuth & LDAPImport Issues (Solved)
Nathan
dundir at gmail.com
Mon Aug 1 21:42:26 EDT 2016
The problem ended up being with the field ExternalAuthID which I didn't
realize was removed in 4.4.1.
Removing it from the script corrected the issue and allowed both LDAP
Import and Authentication to work beyond where I was getting stuck.
I've included my SiteConfig with the working changes below in case anyone
runs into the same issue. I've now moved onto an issue where internal users
aren't created when ExternalAuth LDAP fails, and LDAP users aren't created
with Privileged. I have some legwork to do before requesting help with
these new issues though.
# Configuration
Set($rtname, 'test.com');
Set($Organization, 'rt.test.com');
Set($Timezone, 'US/Pacific');
Set($WebDomain, 'rt.test.com');
Set($WebPort, 443);
Set($WebPath, '');
# Set Ticket Database User
Set($DatabaseHost, '');
Set($DatabaseUser, "rt_user");
#Set($DatabaseUser, "root");
Set($DatabasePassword, 'password');
#Set($DatabasePassword, 'password');
Set($DatabaseName, 'rt4');
Set($OwnerEmail, 'rt at test.com');
Set($DatabaseAdmin, "root");
# Logging
Set($LogToSTDERR, 'debug');
Set($LogToFile, 'debug');
Set($LogDir, '/opt/rt4/var/log/');
Set($LogToFileNamed, 'rt.log');
Set($LogToSyslog, 'debug');
Set($LogToScreen, "error");
# You must install Plugins on your own, this is only an example
# of the correct syntax to use when activating them:
# Plugin( "RT::Authen::ExternalAuth" );
#Set( $WebRemoteUserAutocreate, 1);
#Set( $UserAutocreateDefaultsOnLogin, {Privileged => 0}); No way to
differentiate between use for external users and LDAP users, or i'm not
seeing it (Documentation indicates same core config var for both packages
LDAPImport & RemoteWebUser )
#Set( $AutoCreateNonExternalUsers, 1); Isn't working for Non-LDAP users.
# Depreciated:
# Set($ExternalAuth, 1); No Longer Needed as ExternalAuth is now set when
External Settings defined.
Set($ExternalAuthPriority, ['LDAP']);
Set($ExternalInfoPriority, ['LDAP']);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($ExternalSettings, {
'LDAP' => {
'type' => 'ldap',
'server' => '10.0.2.6',
'user' => 'ldapreader',
'pass' => 'password',
'base' => 'ou=branch,dc=test,dc=local',
'filter' => '(objectClass=*)',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [
'Name', 'EmailAddress',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co',
#'ExternalAuthID' => 'sAMAccountName' - Deprecated 4.4.1
},
#'group' => 'cn=RTUsers',
'group_scope' => 'sub',
#'group_attr' => 'memberOf',
#'group_attr_value' => 'cn=RTUsers,ou=Security
Groups,ou=branch,dc=test,dc=local'
},
} );
##LDAP Configurations
#LDAP Authentication
##LDAP USER IMPORT
Set($LDAPHost, 'ldap://10.0.2.6');
Set($LDAPUser, 'ldapreader');
Set($LDAPPassword, 'password');
Set($LDAPFilter, '(&(cn = users))');
Set($LDAPUpdateUsers, 1);
Set($LDAPCreatePrivileged, 1);
#
Set($LDAPMapping, {Name => 'sAMAccountName', # required
EmailAddress => 'mail',
RealName => 'cn',
WorkPhone => 'telephoneNumber',
Organization => 'physicalDeliveryOfficeName',
});
Set($LDAPBase, "ou=branch,dc=test,dc=local");
Set($LDAPSizeLimit, 1000);
1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160801/115168e2/attachment.htm>
More information about the rt-users
mailing list