<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>I read many posts
about LDAP, but i'm still confused on how to implement that
:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>here is what a
understood :</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>I put in the
/opt/rt3/lib/RT/ directory a User_Local.pm file containing :</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=883210315-24092004>********</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=883210315-24092004>********</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004>no warnings
qw(redefine);</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004># {{{ sub
IsPassword</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=883210315-24092004># Modification
Originally by Marcelo Bartsch <<A
href="mailto:bartschm_cl@hotmail.com">bartschm_cl@hotmail.com</A>><BR>#
Update by Stewart James <<A
href="mailto:stewart.james@vu.edu.au">stewart.james@vu.edu.au</A> for rt3.<BR>#
Drop this file in /opt/rt3/lib/RT/User_Local.pm<BR># Drop something like below
in yout RT_SiteConfig.pm<BR># $LDAPExternalAuth = 1;<BR>#
$LdapServer="adress";<BR># $LdapUser="";<BR># $LdapPass="";<BR>#
$LdapBase="dc=domain,dc=com";<BR># $LdapUidAttr="uid";<BR>#
$LdapFilter="(objectclass=*)";</SPAN></FONT></DIV>
<DIV> </DIV><FONT><SPAN class=883210315-24092004>
<DIV><BR><FONT face=Arial size=2>sub IsPassword
{<BR> my $self =
shift;<BR> my $value =
shift;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> #TODO
there isn't any apparent way to legitimately ACL this</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> # RT
does not allow null passwords<BR> if (
( !defined($value) ) or ( $value eq '' ) )
{<BR>
return (undef);<BR> }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> if (
$self->PrincipalObj->Disabled )
{<BR>
$RT::Logger->info(<BR>
"Disabled user " . $self->Name . " tried to log in"
);<BR>
return (undef);<BR> }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> if (
($self->__Value('Password') eq '')
||<BR>
($self->__Value('Password') eq undef) )
{<BR>
return(undef);<BR> }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> #
generate an md5 password<BR> if
($self->_GeneratePassword($value) eq $self->__Value('Password'))
{<BR>
return(1);<BR> }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># if it's a historical password we say
ok.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> if (!
$RT::LDAPExternalAuth)<BR>
{<BR>
if ($self->__Value('Password') eq crypt($value,
$self->__Value('Password')))
{<BR>
return
(1);<BR>
}<BR>
else
{<BR>
return
(undef);<BR>
}<BR>
}<BR>
else<BR>
{<BR>
if ($self->__Value('Password') eq crypt($value,
$self->__Value('Password')))
{<BR>
return
(1);<BR>
}<BR>
$RT::Logger->info("Using External
Authentication\n");<BR>
use Net::LDAP;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>
my
$mesg;<BR>
my $ldap = Net::LDAP->new($RT::LdapServer, version=>3) or
$RT::Logger->critical("GetExternalUserWithLDAP: " . "Cannot connect to
LDAP'\n"), return 0;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>
# Iseem to have problems is I try and bind with a NULL username by
hand<BR>
# So this now checks to see if we are really going to bind with
a<BR>
#
username.<BR>
if (defined($RT::LdapUser) && $RT::LdapUser != '')
{<BR>
$mesg = $ldap->bind($RT::LdapUser, password =>$RT::LdapPass
);<BR>
} else
{<BR>
$mesg =
$ldap->bind;<BR>
}<BR>
if ($mesg->code != LDAP_SUCCESS)
{<BR>
$RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to
LDAP:",<BR>
$mesg->code,
"\n");<BR>
return
0;<BR>
}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>
my $filter = "(&(&(objectclass=person)(" . $RT::LdapUidAttr . "=" .
$self->Name
."))$RT::LdapFilter)";<BR>
$RT::Logger->debug("GetExternalUserWithLDAP: First search filter
'$filter'\n");<BR>
$mesg = $ldap->search(base =>
$RT::LdapBase,<BR>
filter =>
$filter,<BR>
attrs => ['dn']);<BR><SPAN
class=883210315-24092004> </SPAN></FONT><FONT face=Arial
size=2><SPAN
class=883210315-24092004><BR>
if (($mesg->code != LDAP_SUCCESS) or ($mesg->code !=
LDAP_PARTIAL_RESULTS))<BR>
{<BR>
$RT::Logger->debug("GetExternalUserWithLDAP: Could not search for $filter:
",<BR>
$mesg->code, "" , ldap_error_name($mesg->code)
,"\n");<BR>
return
0;<BR>
}<BR>
$RT::Logger->debug("GetExternalUserWithLDAP: First search produced
",<BR>
$mesg->count, "
results\n");<BR>
if (!
$mesg->count)<BR>
{<BR>
$RT::Logger->info("AUTH FAILED: " . $self->Name .
"\n");<BR>
return
0;<BR>
}<BR>
$RT::Logger->debug("LDAP DN: " . $mesg->first_entry->dn . " " . $value
.
"\n");<BR>
my $mesg2 = $ldap->bind($mesg->first_entry->dn, password =>$value
);<BR>
if ($mesg2->code != LDAP_SUCCESS)
{<BR>
$RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to
LDAP:",<BR>
$mesg2->code,
"\n");<BR>
return
0;<BR>
}<BR>
else<BR>
{<BR>
$RT::Logger->info("AUTH OK: " . $self->Name . " ("
.$mesg->first_entry->dn .
")\n");<BR>
return
1;<BR>
}<BR> }</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT> </DIV>
<DIV> </DIV><FONT><SPAN class=883210315-24092004>
<DIV><BR><FONT face=Arial size=2> # no
password check has succeeded. get out</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> return
(undef);<BR>}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># }}}</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=883210315-24092004></SPAN><FONT face=Arial size=2>*<SPAN
class=883210315-24092004>*********</SPAN></FONT></DIV>
<DIV><FONT><SPAN class=883210315-24092004></SPAN><SPAN
class=883210315-24092004></SPAN><FONT face=Arial size=2>*<SPAN
class=883210315-24092004>*********</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>Next I put in
httpd.conf :</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004># LDAP
integration<BR><Directory
/opt/rt3/share/html><BR>
AuthType Basic<BR> AuthName
"Request Tracker Login"<BR>
AuthLDAPURL <A
href="ldap://ipadress">ldap://ipadress</A><BR>
require valid-user<BR></Directory></SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>and in
Rt_SiteConfig :</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>Set
($WebExternalAuth , 1);</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004>Set($WebFallbackToInternalAuth ,
1);</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004>Set($WebExternalAuto , 1);</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>I know i
missed other things but do i have to add to meet with the needs
?</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>i'm running a
RH7.3 - apache 1 - mod_perl 1 - RT 3.0.10</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004>thanks a lot
!!</SPAN></FONT></FONT></DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN
class=883210315-24092004></SPAN></FONT></FONT> </DIV>
<DIV><FONT><FONT face=Arial size=2><SPAN class=883210315-24092004> </DIV>
<DIV><BR></DIV>
<DIV><BR></DIV></SPAN>
<DIV><BR></DIV></FONT></FONT></SPAN>
<DIV><FONT face=Arial><BR><FONT
size=2></FONT></FONT></DIV></FONT></SPAN></FONT></BODY></HTML>