<br><font size=2 face="sans-serif">Oh crap.. how'd that miss the cut-n-paste?</font>
<br>
<br><font size=2 face="sans-serif">Set($LdapBase, 'cn=Users,dc=<domain>,dc=com');
#
search base</font>
<br>
<br><font size=2 face="sans-serif">:-)</font>
<br>
<br><font size=2 face="sans-serif">(again, note the Capital U in "Users")</font>
<br><font size=2 face="sans-serif"><br>
--<br>
Eric N. Valor<br>
Sr. Systems Administrator<br>
DaimlerChrysler Research & Technology North America, Inc.<br>
eric.valor@daimlerchrysler.com<br>
1510 Page Mill Road, Palo Alto, CA 94304<br>
CIMS 931-00-00<br>
650-845-2536<br>
<br>
: This Space Intentionally Left Blank :</font>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Matt Nichols"
<mnichols@wayport.net></b> </font>
<p><font size=1 face="sans-serif">04/20/2006 12:59 PM</font>
<td width=59%>
<div align=right>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif"><eric.valor@daimlerchrysler.com></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif"><rt-users@lists.bestpractical.com></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">RE: [rt-users] LDAP Summary and supported
implementations</font></table></div>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2 color=#000080 face="Arial">Do you define an LdapBase variable
in your config? </font>
<br><font size=2 color=#000080 face="Arial"> </font>
<br><font size=2 color=#000080 face="Arial">Thanks again.</font>
<br><font size=2 color=#000080 face="Arial"> </font>
<br><font size=2 color=#000080 face="Arial">-Matt</font>
<br><font size=2 color=#000080 face="Arial"> </font>
<div align=center>
<br>
<hr></div>
<br><font size=2 face="Tahoma"><b>From:</b> eric.valor@daimlerchrysler.com
[mailto:eric.valor@daimlerchrysler.com] <b><br>
Sent:</b> Thursday, April 20, 2006 2:47 PM<b><br>
To:</b> Matt Nichols<b><br>
Cc:</b> rt-users@lists.bestpractical.com<b><br>
Subject:</b> RE: [rt-users] LDAP Summary and supported implementations</font>
<br><font size=3 face="Times New Roman"> </font>
<br><font size=2 face="sans-serif"><br>
Matt:</font><font size=3 face="Times New Roman"> <br>
</font><font size=2 face="sans-serif"><br>
I've gotten this working with AD. The trick for AD is making sure
you search for "sAMAccountName" instead of "uid".</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
Here are the bare essentials you'll need:</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
Set($LdapUser, 'cn=<binduser>,CN=Users,dc=<domain>,dc=com');
# LDAP bind user</font><font size=3 face="Times New Roman">
</font><font size=2 face="sans-serif"><br>
Set($LdapPass, '<password>');
# LDAP bind user pass</font><font size=3 face="Times New Roman">
</font><font size=2 face="sans-serif"><br>
Set($LdapUidAttr, 'sAMAccountName');
# attribute
for RT account name</font><font size=3 face="Times New Roman"> </font><font size=2 face="sans-serif"><br>
Set($LdapFilter, 'objectclass=user');
# filter LDAP entries (e.g.,
only people)</font><font size=3 face="Times New Roman"> </font><font size=2 face="sans-serif"><br>
Set($LdapNameAttr, 'cn');
# attribute for RT user name</font><font size=3 face="Times New Roman">
</font><font size=2 face="sans-serif"><br>
Set($LdapMailAttr, 'mail');
# attribute for RT email addy</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
Note that "Users" requires the capital U...</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
Bear in mind this won't auto-populate the RT database from the LDAP database.
Your users will fail unless they already have an RT account.</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
The </font><a href=http://www.mosemann.com/software/LDAPSMB1.2_RT3.tar.gz><font size=2 color=blue face="sans-serif"><u>Moseman
contribution</u></font></a><font size=2 face="sans-serif"> allows for setting
up accounts on-the-fly, but I've had some difficulty in getting it to pull
in all the LDAP (AD) records (SQL errors are reported in the logging).
I haven't been able to put in much time in debugging..</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
The </font><a href="http://blank.org/memory/output/rt-ad-sso.html"><font size=2 color=blue face="sans-serif"><u>Mehl
contribution</u></font></a><font size=2 face="sans-serif"> does a better
job and has good instructions, but has the drawback of requiring mod_ntlm
and the NT LanMan hash vulnerability.</font><font size=3 face="Times New Roman">
<br>
</font><font size=2 face="sans-serif"><br>
Hope this helps.</font><font size=3 face="Times New Roman"> </font><font size=2 face="sans-serif"><br>
<br>
--<br>
Eric N. Valor<br>
Sr. Systems Administrator<br>
DaimlerChrysler Research & Technology North America, Inc.<br>
eric.valor@daimlerchrysler.com<br>
1510 Page Mill Road, Palo Alto, CA 94304<br>
CIMS 931-00-00<br>
650-845-2536<br>
<br>
: This Space Intentionally Left Blank :</font>
<br>