Hello Eric:<br><br>I've got the same problem. After compiling and installing RT::Authen::ExternalAuth I was able to authenticate using my OpenLDAP but any other user that is missing from LDAP will not work.<br><br>Even new users that send an email in order to request a ticket isn't working.<br>
<br><br>I am using rt3-3.6.5-3.el5.rpm on a CentOS Machine and RT-Authen-ExternalAuth-0.05.<br><br>The logs are:<br><br>[Thu May 7 21:32:44 2009] [error]: RT could not load a valid user, and RT's configuration does not allow<br>
[Thu May 7 21:32:44 2009] [error]: RT could not load a valid user, and RT's configuration does not allow<br>[Thu May 7 21:32:44 2009] [error]: Could not record email: Could not load a valid user (/usr/share/rt3/html/REST/1.0/NoAuth/mail-gateway:75)<br>
<br>And my configuration is:<br><br># Set ldap settings<br><br>Set( @Plugins, qw(RT::Authen::ExternalAuth) );<br><br># The order in which the services defined in ExternalSettings<br># should be used to authenticate users. User is authenticated<br>
# if successfully confirmed by any service - no more services<br># are checked.<br>Set($ExternalAuthPriority, [ 'My_LDAP' ]);<br><br># The order in which the services defined in ExternalSettings<br># should be used to get information about users. This includes<br>
# RealName, Tel numbers etc, but also whether or not the user<br># should be considered disabled. <br># Once user info is found, no more services are checked.<br>Set($ExternalInfoPriority, ['My_LDAP' ]);<br><br># If this is set to true, then the relevant packages will<br>
# be loaded to use SSL/TLS connections. At the moment,<br># this just means "use Net::SSLeay;"<br>Set($ExternalServiceUsesSSLorTLS, 0);<br><br># If this is set to 1, then users should be autocreated by RT<br>
# as internal users if they fail to authenticate from an<br># external service.<br>Set($AutoCreateNonExternalUsers, 1);<br><br># These are the full settings for each external service as a HashOfHashes<br># Note that you may have as many external services as you wish. They will<br>
# be checked in the order specified in the Priority directives above.<br># e.g. <br># Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);<br>#<br>
Set($ExternalSettings, {<br> # AN EXAMPLE LDAP SERVICE<br> 'My_LDAP' => { ## GENERIC SECTION<br> # The type of service (db/ldap/cookie) <br>
'type' => 'ldap',<br> # Should the service be used for authentication?<br>
'auth' => 1,<br> # Should the service be used for information?<br> 'info' => 1,<br>
# The server hosting the service<br> 'server' => '<a href="http://neptuno.ufcspa.edu.br">neptuno.ufcspa.edu.br</a>',<br>
<br> ## SERVICE-SPECIFIC SECTION<br> # If you can bind to your LDAP server anonymously you should <br>
# remove the user and pass config lines, otherwise specify them here:<br> # <br> # The username RT should use to connect to the LDAP server <br>
'user' => 'cn=admin,dc=ufcspa,dc=edu,dc=br',<br> # The password RT should use to connect to the LDAP server<br>
'pass' => 'xxxx',<br> # The LDAP search base<br> 'base' => 'ou=Users,dc=ufcspa,dc=edu,dc=br',<br>
# The filter to use to match RT-Users<br> 'filter' => '(objectClass=posixAccount)',<br>
# The filter that will only match disabled users<br> 'd_filter' => '(accountStatus=disabled)',<br>
# Should we try to use TLS to encrypt connections?<br> 'tls' => 0,<br> # What other args should I pass to Net::LDAP->new($host,@args)?<br>
'net_ldap_args' => [ version => 3 ],<br> ## RT ATTRIBUTE MATCHING SECTION<br> # The list of RT attributes that uniquely identify a user<br>
'attr_match_list' => [ 'Name',<br> 'EmailAddress',<br>
'RealName'<br> ],<br> # The mapping of RT attributes on to LDAP attributes<br>
'attr_map' => { 'Name' => 'uid',<br> 'EmailAddress' => 'mail',<br>
'RealName' => 'displayName'<br> }<br>
}<br> }<br>);<br><br><br><br><br><br clear="all"><br>Klaus Engelmann<br>CCNA CCDA - CSCO10971632<br>
<br><br><br>