<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="address"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="City"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:sans-serif;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Do you define an LdapBase variable in your
config? <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks again.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-Matt<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
eric.valor@daimlerchrysler.com [mailto:eric.valor@daimlerchrysler.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, April 20, 2006
2:47 PM<br>
<b><span style='font-weight:bold'>To:</span></b> Matt Nichols<br>
<b><span style='font-weight:bold'>Cc:</span></b>
rt-users@lists.bestpractical.com<br>
<b><span style='font-weight:bold'>Subject:</span></b> RE: [rt-users] LDAP
Summary and supported implementations</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
</span></font><font size=2 face=sans-serif><span style='font-size:10.0pt;
font-family:sans-serif'>Matt:</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>I've
gotten this working with AD. The trick for AD is making sure you search
for "sAMAccountName" instead of "uid".</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Here
are the bare essentials you'll need:</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Set($LdapUser,
'cn=<binduser>,CN=Users,dc=<domain>,dc=com');
# LDAP bind user</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Set($LdapPass,
'<password>');
# LDAP bind user pass</span></font>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Set($LdapUidAttr,
'sAMAccountName');
# attribute for RT account name</span></font>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Set($LdapFilter,
'objectclass=user');
# filter LDAP entries (e.g., only people)</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Set($LdapNameAttr,
'cn');
# attribute for RT user
name</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Set($LdapMailAttr,
'mail');
# attribute for RT email addy</span></font>
<br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Note
that "Users" requires the capital U...</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Bear
in mind this won't auto-populate the RT database from the LDAP database. Your
users will fail unless they already have an RT account.</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>The
</span></font><a href="http://www.mosemann.com/software/LDAPSMB1.2_RT3.tar.gz"><font
size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Moseman
contribution</span></font></a><font size=2 face=sans-serif><span
style='font-size:10.0pt;font-family:sans-serif'> allows for setting up accounts
on-the-fly, but I've had some difficulty in getting it to pull in all the LDAP
(AD) records (SQL errors are reported in the logging). I haven't been
able to put in much time in debugging..</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>The
</span></font><a href="http://blank.org/memory/output/rt-ad-sso.html"><font
size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Mehl
contribution</span></font></a><font size=2 face=sans-serif><span
style='font-size:10.0pt;font-family:sans-serif'> does a better job and has good
instructions, but has the drawback of requiring mod_ntlm and the NT LanMan hash
vulnerability.</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Hope
this helps.</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
--<br>
Eric N. Valor<br>
Sr. Systems Administrator<br>
DaimlerChrysler Research & Technology North America, Inc.<br>
eric.valor@daimlerchrysler.com<br>
<st1:address w:st="on"><st1:Street w:st="on">1510 Page Mill Road</st1:Street>, <st1:City
w:st="on">Palo Alto</st1:City>, <st1:State w:st="on">CA</st1:State> <st1:PostalCode
w:st="on">94304</st1:PostalCode></st1:address><br>
CIMS 931-00-00<br>
650-845-2536<br>
<br>
: This Space Intentionally Left Blank :</span></font><o:p></o:p></p>
</div>
</body>
</html>