<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div>I have RT 4.0.1 newly installed and functioning on Fedora 15. </div><div>Additionally, I've installed RT::Authen::ExternalAuth and (I think) added all the corresponding config directives, pointing to an AD server. </div><div>So far I've seen no indication that any LDAP connection has been attempted, I can only authenticate as an internal RT user, and I see no log messages of any sort involving ExternalAuth or LDAP or any related thing. Logging is on debug. What am I missing? </div><div><br></div><div><div>Wasn't sure about the d_filter, which I assume can be anything. If this was invalid would it totally disable the LDAP connection/functionality? </div><div><br></div><div>Also, what is the syntax for putting DOMAIN\ in front of the AD admin user? 'DOMAIN\\Administrator'?</div><div>And what if your admin password happens to have an apostrophe in it, does escaping with backslash have the desired result or are there multiple escape levels to worry about? </div><div><br></div><div>Here is my RT_SiteConfig.pm:</div><div><br></div><div>Set($WebPath, "");</div><div>Set($Timezone, "US/Pacific");</div><div>Set(@Plugins, (qw(RT::Authen::ExternalAuth)));</div><div>Set($DatabaseRTHost, "localhost");</div><div>Set($LogToSyslog, "debug");</div><div>Set($LogToScreen, "error");</div><div>Set($LogStackTraces, "debug");</div><div>Set($LogToFile, 1);</div><div>Set($LogDir, q{var/log});</div><div>Set($LogToFileNamed, "rt.log"); #log to rt.log</div><div>Set($LogoLinkURL, "http://helpdesk.here.org");</div><div>Set($LogoAltText, "Your Help Desk from Information Technology");</div><div>Set($HomePageRefreshInterval, 1200);</div><div>Set($PlainTextPre, 0);</div><div>Set($SuppressInlineTextFiles, 1);</div><div>Set(@Active_MakeClicky, qw('httpurl'));</div><div>Set( $rtname, 'here.org' );</div><div>Set( $DatabaseUser, 'rt_user' );</div><div>Set( $CorrespondAddress, 'helpdesk@here.org' );</div><div>Set( $DatabaseRequireSSL, '' );</div><div>Set( $WebPort, '80' );</div><div>Set( $Organization, 'here.org' );</div><div>Set( $DatabaseType, 'mysql' );</div><div>Set( $DatabasePassword, 'secret' );</div><div>Set( $DatabaseAdmin, 'root' );</div><div>Set( $SendmailPath, '/usr/sbin/sendmail' );</div><div>Set( $WebDomain, 'helpdesk.here.org' );</div><div>Set( $DatabaseAdminPassword, 'secret' );</div><div>Set( $CommentAddress, 'helpdesk@here.org' );</div><div>Set( $DatabaseHost, 'localhost' );</div><div>Set( $DatabaseName, 'rt4' );</div><div>Set( $OwnerEmail, 'elyons@here.org' );</div><div><br></div><div>Set($ExternalAuthPriority, [ 'My_LDAP',</div><div> 'My_MySQL',</div><div> 'My_SSO_Cookie'</div><div> ]</div><div>);</div><div><br></div><div># The order in which the services defined in ExternalSettings</div><div># should be used to get information about users. This includes</div><div># RealName, Tel numbers etc, but also whether or not the user</div><div># should be considered disabled. </div><div>#</div><div># Once user info is found, no more services are checked.</div><div>#</div><div># You CANNOT use a SSO cookie for authentication.</div><div>Set($ExternalInfoPriority, [ 'My_MySQL',</div><div> 'My_LDAP'</div><div> ]</div><div>);</div><div><br></div><div># If this is set to true, then the relevant packages will</div><div># be loaded to use SSL/TLS connections. At the moment,</div><div># this just means "use Net::SSLeay;"</div><div>Set($ExternalServiceUsesSSLorTLS, 0);</div><div><br></div><div># If this is set to 1, then users should be autocreated by RT</div><div># as internal users if they fail to authenticate from an</div><div># external service.</div><div>Set($AutoCreateNonExternalUsers, 0);</div><div><br></div><div># These are the full settings for each external service as a HashOfHashes</div><div># Note that you may have as many external services as you wish. They will</div><div># be checked in the order specified in the Priority directives above.</div><div># e.g. </div><div># Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);</div><div>#</div><div>Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE</div><div> 'My_LDAP' => { ## GENERIC SECTION</div><div> # The type of service (db/ldap/cookie) </div><div> 'type' => 'ldap',</div><div> # The server hosting the service</div><div> 'server' => 'blacksun.here.org',</div><div> ## SERVICE-SPECIFIC SECTION</div><div> # If you can bind to your LDAP server anonymously you should </div><div> # remove the user and pass config lines, otherwise specify them here:</div><div> # </div><div> # The username RT should use to connect to the LDAP server </div><div> 'user' => 'Administrator',</div><div> # The password RT should use to connect to the LDAP server</div><div> 'pass' => 'secret',</div><div> #</div><div> # The LDAP search base</div><div> 'base' => 'ou=Organisational Unit,dc=here,dc=org',</div><div> #</div><div> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!</div><div> # YOU **MUST** SPECIFY A filter AND A d_filter!!</div><div> #</div><div> # The filter to use to match RT-Users</div><div> 'filter' => '(objectClass=organizationalPerson)',</div><div> # A catch-all example filter: '(objectClass=*)'</div><div> #</div><div> # The filter that will only match disabled users</div><div> 'd_filter' => '(objectClass=THINGY)',</div><div> # A catch-none example d_filter: '(objectClass=FooBarBaz)'</div><div> #</div><div> # Should we try to use TLS to encrypt connections?</div><div> 'tls' => 0,</div><div> # SSL Version to provide to Net::SSLeay *if* using SSL</div><div> 'ssl_version' => 3,</div><div> # What other args should I pass to Net::LDAP->new($host,@args)?</div><div> 'net_ldap_args' => [ version => 3 ],</div><div> # Does authentication depend on group membership? What group name?</div><div> 'group' => 'member',</div><div> # What is the attribute for the group object that determines membership?</div><div># 'group_attr' => 'GROUP_ATTR',</div><div> 'group_attr' => 'cn',</div><div> ## RT ATTRIBUTE MATCHING SECTION</div><div> # The list of RT attributes that uniquely identify a user</div><div> # This example shows what you *can* specify.. I recommend reducing this</div><div> # to just the Name and EmailAddress to save encountering problems later.</div><div> 'attr_match_list' => [ 'Name',</div><div> 'EmailAddress'</div><div> # 'EmailAddress', </div><div> # 'RealName',</div><div> # 'WorkPhone', </div><div> # 'Address2'</div><div> ],</div><div> # The mapping of RT attributes on to LDAP attributes</div><div> 'attr_map' => { 'Name' => 'sAMAccountName',</div><div> 'EmailAddress' => 'mail',</div><div> 'Organization' => 'physicalDeliveryOfficeName',</div><div> 'RealName' => 'cn',</div><div> 'ExternalAuthId' => 'sAMAccountName',</div><div> 'Gecos' => 'sAMAccountName',</div><div> 'WorkPhone' => 'telephoneNumber',</div><div> 'Address1' => 'streetAddress',</div><div> 'City' => 'l',</div><div> 'State' => 'st',</div><div> 'Zip' => 'postalCode',</div><div> 'Country' => 'co'</div><div> }</div><div> },</div><div> # An example SSO cookie service</div><div> 'My_SSO_Cookie' => { # # The type of service (db/ldap/cookie)</div><div> 'type' => 'cookie',</div><div> # The name of the cookie to be used</div><div> 'name' => 'loginCookieValue',</div><div> # The users table</div><div> 'u_table' => 'users',</div><div> # The username field in the users table</div><div> 'u_field' => 'username',</div><div> # The field in the users table that uniquely identifies a user</div><div> # and also exists in the cookies table</div><div> 'u_match_key' => 'userID',</div><div> # The cookies table</div><div> 'c_table' => 'login_cookie',</div><div> # The field that stores cookie values</div><div> 'c_field' => 'loginCookieValue',</div><div> # The field in the cookies table that uniquely identifies a user</div><div> # and also exists in the users table</div><div> 'c_match_key' => 'loginCookieUserID',</div><div> # The DB service in this configuration to use to lookup the cookie information</div><div> 'db_service_name' => 'My_MySQL'</div><div> }</div><div> }</div><div>);</div></div></body></html>