<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18928"></HEAD>
<BODY>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>I am trying to
accomplish two things:</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>First, to integrate
RT with Active Directory such that an RT user account will automatically be
created in either of the following cases.</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010> a) when
a user first submits a ticket request via email, and</SPAN></FONT></DIV>
<DIV><FONT size=2><SPAN class=569541602-05082010></SPAN></FONT><FONT size=2
face=Arial><SPAN class=569541602-05082010> b) when a user first logs
in via the RT web interface</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>Secondly, Single
sign-on, such that once an RT account has been created an MS-Windows user
will not need to enter their password on subsequent visits to the RT web
interface.</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>I've started by
attempting to implement the Auth::ExternalAuth extension but have been unable to
get it working. I cannot log into the RT web interface using any account
except the root account that has already been created within RT. Once in
RT as root, I am unable to create a new user. I get the error "<EM>User
could not be created: Could not set user info</EM>."</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Verdana><SPAN class=569541602-05082010><FONT
face=Arial>I've tried the solution mentioned in this thread -->
</FONT><A
href="http://www.gossamer-threads.com/lists/rt/users/94218">http://www.gossamer-threads.com/lists/rt/users/94218</A><FONT
face=Arial> to get RT to auto-create users, but to no
avail.</FONT></SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>Note that when I
uncomment the statement "Set($WebExternalAuto,1);" and restart apache the
RT login screen provides no login box in which to enter a username or a
password. </SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>Any advice would be
greatly appreciated.</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face=Arial><SPAN class=569541602-05082010>Below is my RT
configuration.</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Arial><SPAN
class=569541602-05082010></SPAN></FONT> </DIV>
<DIV><FONT size=2 face="Courier New"><SPAN
class=569541602-05082010></SPAN></FONT> </DIV><SPAN
class=569541602-05082010>
<DIV><SPAN class=569541602-05082010></SPAN><FONT size=2 face="Courier New"><SPAN
class=569541602-05082010>#Begin /opt/rt3/etc/RT_SiteConfig.pm
tail</SPAN></FONT></DIV>
<DIV><FONT size=2><FONT face="Courier New">.<SPAN
class=569541602-05082010>..</SPAN></FONT></FONT></DIV>
<DIV><FONT size=2 face="Courier New"># The following two <SPAN
class=569541602-05082010>statements</SPAN> support single sign-on.</FONT></DIV>
<DIV><FONT size=2 face="Courier New"># <SPAN class=569541602-05082010>but
</SPAN><SPAN class=569541602-05082010>I have</SPAN> commented <SPAN
class=569541602-05082010>them </SPAN>out <SPAN class=569541602-05082010>for
now </SPAN>since they are </FONT></DIV>
<DIV><FONT face="Courier New"><FONT size=2><SPAN class=569541602-05082010>#
</SPAN>said to conflict with the ExternalAuth extension.</FONT></FONT></DIV>
<DIV><FONT size=2 face="Courier New"># See </FONT><A
href="http://wiki.bestpractical.com/view/ExternalAuth"><FONT size=2
face="Courier New">http://wiki.bestpractical.com/view/ExternalAuth</FONT></A><FONT
size=2 face="Courier New">.<BR></FONT><FONT face="Courier New"><FONT
size=2><BR># Tell RT to trust the webserver to
handle authentication.</FONT></FONT><FONT size=2
face="Courier New"></DIV></FONT>
<DIV><FONT size=2 face="Courier New"># Set($WebExternalAuth,
3);<BR></DIV></FONT>
<DIV><FONT size=2 face="Courier New"># If the webserver hands RT a user RT is
not<BR># familiar with, RT should just go ahead and<BR># create an
account.</FONT></DIV>
<DIV><FONT size=2 face="Courier New"><SPAN class=569541602-05082010>#
</SPAN>Set($WebExternalAuto, 1);</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2 face="Courier New"><SPAN
class=569541602-05082010>...</SPAN></FONT></DIV>
<DIV><FONT size=2 face="Courier New"># Include the configuration for the
ExternalAuth extension.<BR>require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";<BR>Set($AutoCreate,{Privileged
=> 0});</FONT></DIV>
<DIV><FONT size=2 face=Verdana></FONT> </DIV>
<DIV><FONT size=2 face=Verdana>1;</FONT></DIV>
<DIV><FONT size=2 face="Courier New"><SPAN class=569541602-05082010>#End
/opt/rt3/etc/RT_SiteConfig.pm</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Verdana><FONT face=Arial></FONT></FONT> </DIV>
<DIV><FONT size=2 face=Verdana><FONT face=Arial></FONT></FONT> </DIV><FONT
face=Verdana><FONT face=Arial>
<DIV><SPAN class=569541602-05082010><FONT size=2
face="Courier New"></FONT></SPAN> </DIV>
<DIV><SPAN class=569541602-05082010><FONT size=2
face="Courier New"></FONT></SPAN> </DIV>
<DIV><SPAN class=569541602-05082010><FONT size=2 face="Courier New">#Begin
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm in its
entirety.</FONT></SPAN></DIV>
<DIV><SPAN class=569541602-05082010><FONT size=2
face="Courier New"></FONT></SPAN><BR><FONT size=2
face="Courier New">Set($ExternalAuthPriority,
[ 'Heapy_AD_LDAP' ]
);<BR>Set($ExternalInfoPriority,
[ 'Heapy_AD_LDAP' ] );<BR>Set($ExternalServiceUsesSSLorTLS,
0);<BR>Set($AutoCreateNonExternalUsers, 0);</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2
face="Courier New">Set($ExternalSettings,
{<BR>
'<SPAN
class=569541602-05082010>Heapy</SPAN>_AD_LDAP'
=> {</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2
face="Courier New">
'type'
=>
'ldap',<BR>
'server'
=> <SPAN
class=569541602-05082010>'serverxyz.domain.domainSuffix</SPAN>',<BR>
'user'
=> 'cn=ldap,ou=Services,dc=<SPAN
class=569541602-05082010>domain</SPAN>,dc=<SPAN
class=569541602-05082010>domainSuffix</SPAN>',<BR>
'pass'
=> '<SPAN
class=569541602-05082010>the_ldap_password</SPAN>',<BR>
'base'
=> 'dc=<SPAN class=569541602-05082010>domain</SPAN>,dc=<SPAN
class=569541602-05082010>domainSuffix</SPAN>',</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2
face="Courier New">
'filter'
=>
'(&(ObjectCategory=User)(ObjectClass=Person))',<BR>
'd_filter'
=> '(userAccountControl:1.2.840.113556.1.4.803:=2)',</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2
face="Courier New">#
'tls'
=>
0,<BR>#
'ssl_version'
=> 3,</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2
face="Courier New">
'net_ldap_args' =>
[ version =>
3
],<BR>
'group'
=> 'cn=<SPAN class=569541602-05082010>group</SPAN>,ou=Services,dc=<SPAN
class=569541602-05082010>domain</SPAN>,dc=<SPAN
class=569541602-05082010>domainSuffix</SPAN>',<BR>
'group_attr'
=> 'member',</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2
face="Courier New">
'attr_match_list' => [
'Name', 'EmailAddress'
],<BR>
'attr_map'
=> { 'Name' =>
'sAMAccountName',<BR>
'EmailAddress' =>
'mail',<BR>
'Organization' =>
'physicalDeliveryOfficeName',<BR>
'RealName' =>
'cn',<BR>
'ExternalAuthId' =>
'sAMAccountName',<BR>
'Gecos' =>
'sAMAccountName',<BR>
'WorkPhone' =>
'telephoneNumber',<BR>
'Address1' =>
'streetAddress',<BR>
'City' =>
'l',<BR>
'State' =>
'st',<BR>
'Zip' =>
'postalCode',<BR>
'Country' =>
'co'<BR>
}<BR>
}<BR>
}<BR>);</FONT></DIV>
<DIV><FONT size=2 face="Courier New"></FONT> </DIV>
<DIV><FONT size=2><FONT face="Courier New">Set(@Plugins,
qw(RT::Authen::ExternalAuth));<BR>1;</FONT></FONT></DIV>
<DIV><FONT size=2><SPAN class=569541602-05082010><FONT size=2
face="Courier New">#End
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm</FONT></SPAN><BR></DIV></FONT></FONT>
<DIV><FONT size=2><BR></FONT></DIV></FONT>
<DIV><FONT size=2 face=Verdana></FONT> </DIV>
<DIV><FONT size=2 face=Verdana><FONT face=Arial></FONT></FONT> </DIV>
<DIV><FONT size=2 face=Verdana><FONT
face=Arial></FONT> </DIV></FONT></SPAN></BODY></HTML>