<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>I read many posts 
about LDAP, but i'm still confused on how to implement that 
:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>here is what a 
understood :</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>I put in the 
/opt/rt3/lib/RT/ directory a User_Local.pm file containing :</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=883210315-24092004>********</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=883210315-24092004>********</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>no warnings 
qw(redefine);</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004># {{{ sub 
IsPassword</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004># Modification 
Originally by Marcelo Bartsch <<A 
href="mailto:bartschm_cl@hotmail.com">bartschm_cl@hotmail.com</A>><BR># 
Update by Stewart James <<A 
href="mailto:stewart.james@vu.edu.au">stewart.james@vu.edu.au</A> for rt3.<BR># 
Drop this file in /opt/rt3/lib/RT/User_Local.pm<BR># Drop something like below 
in yout RT_SiteConfig.pm<BR># $LDAPExternalAuth = 1;<BR># 
$LdapServer="adress";<BR># $LdapUser="";<BR># $LdapPass="";<BR># 
$LdapBase="dc=domain,dc=com";<BR># $LdapUidAttr="uid";<BR># 
$LdapFilter="(objectclass=*)";</SPAN></FONT></DIV>
<DIV> </DIV><FONT><SPAN class=883210315-24092004>
<DIV><BR><FONT face=Arial size=2>sub IsPassword 
{<BR>        my $self  = 
shift;<BR>        my $value = 
shift;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        #TODO 
there isn't any apparent way to legitimately ACL this</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        # RT 
does not allow null passwords<BR>        if ( 
( !defined($value) ) or ( $value eq '' ) ) 
{<BR>                
return (undef);<BR>        }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        if ( 
$self->PrincipalObj->Disabled ) 
{<BR>                
$RT::Logger->info(<BR>                        
"Disabled user " . $self->Name . " tried to log in" 
);<BR>                
return (undef);<BR>        }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        if ( 
($self->__Value('Password') eq '') 
||<BR>                
($self->__Value('Password') eq undef) )  
{<BR>                
return(undef);<BR>        }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        # 
generate an md5 password<BR>        if 
($self->_GeneratePassword($value) eq $self->__Value('Password')) 
{<BR>                
return(1);<BR>        }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#  if it's a historical password we say 
ok.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        if (! 
$RT::LDAPExternalAuth)<BR>        
{<BR>                
if ($self->__Value('Password') eq crypt($value, 
$self->__Value('Password'))) 
{<BR>                        
return 
(1);<BR>                
}<BR>                
else 
{<BR>                        
return 
(undef);<BR>                
}<BR>        
}<BR>        
else<BR>        
{<BR>                
if ($self->__Value('Password') eq crypt($value, 
$self->__Value('Password'))) 
{<BR>                        
return 
(1);<BR>                
}<BR>                
$RT::Logger->info("Using External 
Authentication\n");<BR>                
use Net::LDAP;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial 
size=2>                
my 
$mesg;<BR>                
my $ldap = Net::LDAP->new($RT::LdapServer, version=>3) or 
$RT::Logger->critical("GetExternalUserWithLDAP: " . "Cannot connect to 
LDAP'\n"), return 0;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial 
size=2>                
# Iseem to have problems is I try and bind with a NULL username by 
hand<BR>                
# So this now checks to see if we are really going to bind with 
a<BR>                

username.<BR>                
if (defined($RT::LdapUser) && $RT::LdapUser != '') 
{<BR>                        
$mesg = $ldap->bind($RT::LdapUser, password =>$RT::LdapPass 
);<BR>                
} else 
{<BR>                        
$mesg = 
$ldap->bind;<BR>                
}<BR>                
if ($mesg->code != LDAP_SUCCESS) 
{<BR>                        
$RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to 
LDAP:",<BR>                                
$mesg->code, 
"\n");<BR>                        
return 
0;<BR>                
}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial 
size=2>                
my $filter = "(&(&(objectclass=person)(" . $RT::LdapUidAttr . "=" . 
$self->Name 
."))$RT::LdapFilter)";<BR>                
$RT::Logger->debug("GetExternalUserWithLDAP: First search filter 
'$filter'\n");<BR>                
$mesg = $ldap->search(base   => 
$RT::LdapBase,<BR>                        
filter => 
$filter,<BR>                        
attrs  => ['dn']);<BR><SPAN 
class=883210315-24092004>    </SPAN></FONT><FONT face=Arial 
size=2><SPAN 
class=883210315-24092004><BR>                
if (($mesg->code != LDAP_SUCCESS) or ($mesg->code != 
LDAP_PARTIAL_RESULTS))<BR>                
{<BR>                        
$RT::Logger->debug("GetExternalUserWithLDAP: Could not search for $filter: 
",<BR>                                
$mesg->code, "" , ldap_error_name($mesg->code) 
,"\n");<BR>                        
return 
0;<BR>                
}<BR>                
$RT::Logger->debug("GetExternalUserWithLDAP: First search produced 
",<BR>                        
$mesg->count, " 
results\n");<BR>                
if (! 
$mesg->count)<BR>                
{<BR>                        
$RT::Logger->info("AUTH FAILED: " . $self->Name . 
"\n");<BR>                        
return 
0;<BR>                
}<BR>                
$RT::Logger->debug("LDAP DN: " . $mesg->first_entry->dn . " " . $value 

"\n");<BR>                
my $mesg2 = $ldap->bind($mesg->first_entry->dn, password =>$value 
);<BR>                
if ($mesg2->code != LDAP_SUCCESS) 
{<BR>                        
$RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to 
LDAP:",<BR>                                
$mesg2->code, 
"\n");<BR>                        
return 
0;<BR>                
}<BR>                
else<BR>                
{<BR>                        
$RT::Logger->info("AUTH OK: " . $self->Name . " (" 
.$mesg->first_entry->dn . 
")\n");<BR>                        
return 
1;<BR>                
}<BR>        }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV> </DIV><FONT><SPAN class=883210315-24092004>
<DIV><BR><FONT face=Arial size=2>        # no 
password check has succeeded. get out</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>        return 
(undef);<BR>}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># }}}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=883210315-24092004></SPAN><FONT face=Arial size=2>*<SPAN 
class=883210315-24092004>*********</SPAN></FONT></DIV>
<DIV><FONT><SPAN class=883210315-24092004></SPAN><SPAN 
class=883210315-24092004></SPAN><FONT face=Arial size=2>*<SPAN 
class=883210315-24092004>*********</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>Next I put in 
httpd.conf :</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004># LDAP 
integration<BR><Directory 
/opt/rt3/share/html><BR>         
AuthType Basic<BR>         AuthName 
"Request Tracker Login"<BR>         
AuthLDAPURL <A 
href="ldap://ipadress">ldap://ipadress</A><BR>         
require valid-user<BR></Directory></SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>and in 
Rt_SiteConfig :</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>Set 
($WebExternalAuth , 1);</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004>Set($WebFallbackToInternalAuth , 
1);</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004>Set($WebExternalAuto , 1);</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>I know i 
missed other things but do i have to add to meet with the needs 
?</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>i'm running a 
RH7.3 - apache 1 - mod_perl 1 - RT 3.0.10</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>thanks a lot 
!!</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN 
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004> </DIV>
<DIV><BR></DIV>
<DIV><BR></DIV></SPAN>
<DIV><BR></DIV></FONT></FONT></SPAN>
<DIV><FONT face=Arial><BR><FONT 
size=2></FONT></FONT></DIV></FONT></SPAN></FONT></BODY></HTML>