[Rt-devel] Re: [rt-users] How to make LDAP authentication in RT3
Francisco Javier Martínez Martinez
fjmartinez at csi.uned.es
Tue Feb 1 05:32:22 EST 2005
Hello.
First I wish to thank you to Steve and others for his quickly answer.
But my scenario is not that the RT delegates in the Apache the LDAP
authentication. My scenario is as follow:
RT (not apache) must self - authenticate users against a LDAP server, this
is due to that if is the Apache who makes the authentication the first
entrance page is missing, and in this first RT´s login page we want to
leave messages for users among others things.
I want to make this authentication with NO TLS.
I had tried many thing following recomendations founds in mailling list,
with no success. The last that I had tried is the following:
In RT_Siteconfig I had added/changed:
# If $WebExternalAuth is defined, RT will defer to the environment's
# REMOTE_USER variable.
Set($WebExternalAuth , undef);
$LDAPExternalAuth = 1; # will enable LDAP-Auth
# $LDAPInternalAuthRequired = 1; # will require internal
password
# $LDAPExternalAuto = 1; # will create accounts "on the fly"
$LdapServer="ldapxxx.domain.com"; # LDAP server for authentication
# $LdapCert= ""; # enables TLS, name is checked instead of
the server name
# $LdapCertDir= ""; # enables TLS, will check server name and
certificate vs. CA chain from dir
$LdapUser=""; # user name for binding
$LdapPass=""; # password for binding
$LdapBase="dc=domain,dc=com"; # search base
$LdapUidAttr="uid"; # attribute for RT user name
$LdapFilter="(objectclass=*)"; # additional filter
#$LdapMap = { # mapping LDAP attributes to RT3
# 'RT user paramater' => 'LDAP entry',
# 'Name' => $RT::LdapUidAttr,
# 'EmailAddress' => 'mail',
# 'RealName' => 'cn',
# };
# If $WebFallbackToInternalAuth is undefined, the user is allowed a chance
# of fallback to the login screen, even if REMOTE_USER failed.
Set($WebFallbackToInternalAuth , undef);
And I had created both cases with no success:
/usr/local/rt3/lib/RT/User_Local.pm
and
/usr/local/rt3/local/lib/RT/User_Local.pm
# MANIFEST: LDAP Overlay for RT3
#
# $Id: RT::User_Local.pm,v 1.0 2004/12/21 zardoz Exp $
no warnings qw(redefine);
# {{{ sub IsPassword
# Modification Originally by Marcelo Bartsch <bartschm_cl at hotmail.com>
# Update by Stewart James <stewart.james at vu.edu.au for rt3.
# Update by Ruediger Riediger <ruediger.riediger at sun.com> to support TLS
sub IsPassword {
my $self = shift;
my $value = shift;
#TODO there isn't any apparent way to legitimately ACL this
# RT does not allow null passwords
if ( ( !defined($value) ) or ( $value eq '' ) ) {
$RT::Logger->debug("AUTH FAILED: " . $self->Name . " - no
password submitted\n");
return (undef);
}
if ( $self->PrincipalObj->Disabled ) {
$RT::Logger->info(
"Disabled user " . $self->Name . " tried to log in" );
return (undef);
}
if ( ($self->__Value('Password') eq '') ||
($self->__Value('Password') eq undef) ) {
$RT::Logger->debug("AUTH FAILED: " . $self->Name . " - no
password in database\n");
return(undef);
}
# generate an md5 password
if ($self->_GeneratePassword($value) eq $self->__Value('Password')) {
$RT::Logger->debug("AUTH OK: " . $self->Name . " - MD5
password\n");
return(1);
}
# if it's a historical password we say ok.
### \/ LDAP Overlay for RT3 \/ ###
if (! $RT::LDAPExternalAuth)
{
if ($self->__Value('Password') eq crypt($value,
$self->__Value('Password'))) {
$RT::Logger->debug("AUTH OK: " . $self->Name . " -
crypt password\n");
return (1);
}
else {
$RT::Logger->debug("AUTH FAILED: " . $self->Name .
" - no password match\n");
return (undef);
}
}
else
{
if ($self->__Value('Password') eq crypt($value,
$self->__Value('Password'))) {
$RT::Logger->debug("AUTH OK: " . $self->Name . " -
crypt password\n");
return (1);
}
# do not allow LDAP if there is a local password and
# LDAPInternalAuthRequired is set
unless ( $RT::LDAPInternalAuthRequired &&
($self->__Value('Password') eq '*NO-PASSWORD*') )
{
$RT::Logger->debug("AUTH FAILED: " . $self->Name .
" - no password match\n");
return (undef);
}
$RT::Logger->info("Using External Authentication\n");
use Net::LDAP qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS);
use Net::LDAP::Util qw (ldap_error_name);
my $mesg;
my $ldap = Net::LDAP->new($RT::LdapServer, version=>3) or
$RT::Logger->critical("GetExternalUserWithLDAP: " . "Cannot connect
to LDAP'\n"), return 0;
# Switch on TLS or bail out
if ( (defined($RT::LdapCert) && $RT::LdapCert)
|| (defined($RT::LdapCertDir) && $RT::LdapCertDir) ) {
if(defined($RT::LdapCertDir) && $RT::LdapCertDir) {
my $cert_dir = $RT::LdapCertDir;
my $cert_vrfy = "require";
} else {
my $cert_dir = undef;
my $cert_vrfy = "none";
}
if($ldap->start_tls(verify => $cert_vrfy, capath
=> $cert_dir)
&& $ldap->certificate) {
if( ( defined($RT::LdapCert) && $RT::LdapCert
&& $ldap->certificate->subject_name
!~ /$RT::LdapCert/oi )
|| ( $ldap->certificate->subject_name
!~ /\bCN=$RT::LdapServer\b/oi ) ) {
$RT::Logger->critical("GetExternalUserWithLDAP:
Wrong Certificate: ",
$ldap->certificate->subject_name,
"\n");
return 0;
}
} else {
if($cert_dir) {
$RT::Logger->critical("GetExternalUserWithLDAP:
" . "Cannot verify TLS certificate\n");
} else {
$RT::Logger->critical("GetExternalUserWithLDAP:
" . "Cannot switch to TLS\n");
}
return 0;
}
}
# I seem to have problems is I try and bind with a NULL
username by hand
# So this now checks to see if we are really going to bind
with a
# username.
if (defined($RT::LdapUser) && $RT::LdapUser) {
$mesg = $ldap->bind($RT::LdapUser, password
=>$RT::LdapPass );
} else {
$mesg = $ldap->bind;
}
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("GetExternalUserWithLDAP:
Cannot bind to LDAP:",
$mesg->code, "\n");
return 0;
}
my $filter = "(&(&(objectclass=person)(" .
$RT::LdapUidAttr . "=" . $self->Name ."))$RT::LdapFilter)";
$RT::Logger->debug("GetExternalUserWithLDAP: First search
filter '$filter'\n");
$mesg = $ldap->search(base => $RT::LdapBase,
filter => $filter,
attrs => ['dn']);
if (!(($mesg->code == LDAP_SUCCESS) or ($mesg->code ==
LDAP_PARTIAL_RESULTS)))
{
$RT::Logger->debug("GetExternalUserWithLDAP: Could
not search for $filter: ",
$mesg->code, "" ,
ldap_error_name($mesg->code) ,"\n");
return 0;
}
$RT::Logger->debug("GetExternalUserWithLDAP: First search
produced ",
$mesg->count, " results\n");
if (! $mesg->count)
{
$RT::Logger->debug("AUTH FAILED: " . $self->Name .
" - LDAP failed\n");
return (undef);
}
# $RT::Logger->debug("LDAP DN: " . $mesg->first_entry->dn . "
" . $value . "\n");
$RT::Logger->debug("LDAP DN: " . $mesg->first_entry->dn .
"\n");
my $mesg2 = $ldap->bind($mesg->first_entry->dn, password
=>$value );
if ($mesg2->code != LDAP_SUCCESS) {
$RT::Logger->critical("GetExternalUserWithLDAP:
Cannot bind to LDAP:",
$mesg2->code, "\n");
return 0;
}
else
{
$RT::Logger->debug("AUTH OK: " . $self->Name . " -
LDAP (" .$mesg->first_entry->dn . ")\n");
return 1;
}
}
### /\ LDAP Overlay for RT3 /\ ###
# no password check has succeeded. get out
$RT::Logger->debug("AUTH FAILED: " . $self->Name . " - all auth
methods failed \n");
return (undef);
}
# }}}
# {{{ LoadOrCreateByEmail
sub LoadOrCreateByEmail {
my $self = shift;
my $email = shift;
my ($val, $message);
my ( $Address, $Name ) =
RT::EmailParser::ParseAddressFromHeader('', $email);
$email = $Address;
$self->LoadByEmail($email);
$message = $self->loc('User loaded');
### \/ LDAP Overlay for RT3 \/ ###
unless ($self->Id || ($email =~ /\@/)) {
# that's not an email!
$self->Load($email);
$message = $self->loc('User loaded from uid');
}
my %UserInfo;
my $UserFoundInExternalDatabase;
unless ($self->Id) {
# Now, we might need to correlate the email address used with an
# external stored identity - retrieve from LDAP
( $UserFoundInExternalDatabase, %UserInfo ) =
RT::EmailParser::LookupExternalUserInfo( $email, undef, undef );
if ( $UserFoundInExternalDatabase
&& exists($UserInfo{'Name'}) && $UserInfo{'Name'} ) {
$self->Load($UserInfo{'Name'});
$message = $self->loc('User loaded from LDAP');
$email = $UserInfo{'EmailAddress'}
if(exists($UserInfo{'EmailAddress'}) &&
$UserInfo{'EmailAddress'});
$UserInfo{'Comments'} = 'Autocreated with LDAP Data when
added as a watcher';
} else {
$UserInfo{'Name'} = $email;
$UserInfo{'EmailAddress'} = $email;
$UserInfo{'RealName'} = $email;
$UserInfo{'Comments'} = 'Autocreated when added as a
watcher'; }
$UserInfo{'Privileged'} = 0;
$UserInfo{'Password'} = undef;
}
### /\ LDAP Overlay for RT3 /\ ###
unless ($self->Id) {
### \/ use Create(%UserInfo) for LDAP Overlay for RT3 \/ ###
( $val, $message ) = $self->Create(%UserInfo);
unless ($val) {
# Deal with the race condition of two account creations at
once
$self->LoadByEmail($email);
unless ($self->Id) {
sleep 5;
$self->LoadByEmail($email);
}
if ($self->Id) {
$RT::Logger->error("Recovered from creation failure
due to race condition");
$message = $self->loc("User loaded");
}
else {
$RT::Logger->crit("Failed to create user ".$email .":
" .$message);
}
}
}
if ($self->Id) {
return($self->Id, $message);
}
else {
return(0, $message);
}
}
# }}}
1;
At 15:32 31/01/2005, steve wrote:
>Francisco Javier Martínez Martinez wrote:
>>Hello folks.
>>Could anyone post the procedure, file, ... to enable LDAP authentication
>>against an external LDAP^server, with RT3 in linux.
>>I know that is possible to authenticate users against an external LDAP
>>server, I had been googling and searching in mail-lists, and I had found
>>a lot of different references, too much references, but not very clear,
>>and most of them refering to RT2, I wonder that it could be the same for
>>RT3. This is the mainly reason of my request.
>>Thanks in advance.
>>_______________________________________________
>>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>RT Administrator and Developer training is coming to your town soon!
>>(Boston, San Francisco, Austin, Sydney) Contact
>>training at bestpractical.com for details.
>>Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>here is my RT_Siteconfig.pm and vbelow the lines from my httpd.conf which
>does the actual authentication
>
>
>#RNING: NEVER EDIT RT_Config.pm. Instead, copy any sections you want to
>change to RT_SiteConfig.pm
># and edit them there.
>#
>
>package RT;
>
>=head1 NAME
>
>RT::Config
>
>=for testing
>
>use RT::Config;
>
>=cut
>$LDAPExternalAuth = 1;
>$LdapServer="ldap......com";
>$LdapUser="cn=admin,o=....";
>$LdapPass="5equ0ia";
>$LdapBase="";
>$LdapUidAttr="uid";
>$LdapFilter="(objectclass=*)";
>$LdapTLS = 0;
>$LdapGroup ="cn=NY-Everyone,ou=Groups,ou=NY,ou=TBWA,ou=NAM";
>$LdapGroupAttribute = 'member';
>
># {{{ Base Configuration
>
># $rtname the string that RT will look for in mail messages to
># figure out what ticket a new piece of mail belongs to
>
># Your domain name is recommended, so as not to pollute the namespace.
># once you start using a given tag, you should probably never change it.
># (otherwise, mail for existing tickets won't get put in the right place
>
>Set($rtname , "helpdesk......com");
>
># You should set this to your organization's DNS domain. For example,
># fsck.com or asylum.arkham.ma.us. It's used by the linking interface to
># guarantee that ticket URIs are unique and easy to construct.
>
>Set($Organization , "....com");
>
># $user_passwd_min defines the minimum length for user passwords. Setting
>## it to 0 disables this check
>Set($MinimumPasswordLength , "5");
>
># $Timezone is used to convert times entered by users into GMT and back again
># It should be set to a timezone recognized by your local unix box.
>Set($Timezone , 'US/Eastern');
>
># }}}
>
># }}}
>
># {{{ Database Configuration
>
># Database driver beeing used. Case matters
># Valid types are "mysql", "Oracle" and "Pg"
>
>Set($DatabaseType , 'mysql');
>
># The domain name of your database server
># If you're running mysql and it's on localhost,
># leave it blank for enhanced performance
>Set($DatabaseHost , '');
>Set($DatabaseRTHost , '');
>
># The port that your database server is running on. Ignored unless it's
># a positive integer. It's usually safe to leave this blank
>Set($DatabasePort , '');
>
>#The name of the database user (inside the database)
>Set($DatabaseUser , 'root');
>
># Password the DatabaseUser should use to access the database
>Set($DatabasePassword , 'm4dne55');
>
># The name of the RT's database on your database server
>Set($DatabaseName , 'rtnew');
>
># If you're using Postgres and have compiled in SSL support,
># set DatabaseRequireSSL to 1 to turn on SSL communication
>Set($DatabaseRequireSSL , undef);
>
># }}}
>
># {{{ Incoming mail gateway configuration
>
># OwnerEmail is the address of a human who manages RT. RT will send
># errors generated by the mail gateway to this address. This address
># should _not_ be an address that's managed by your RT instance.
>
>Set($OwnerEmail , 'root');
>
># If $LoopsToRTOwner is defined, RT will send mail that it believes
># might be a loop to $RT::OwnerEmail
>
>Set($LoopsToRTOwner , 1);
>
># If $StoreLoopss is defined, RT will record messages that it believes
># to be part of mail loops.
># As it does this, it will try to be careful not to send mail to the
># sender of these messages
>
>Set($StoreLoops , undef);
>
># $MaxAttachmentSize sets the maximum size (in bytes) of attachments stored
># in the database.
>
># For mysql and oracle, we set this size at 10 megabytes.
># If you're running a postgres version earlier than 7.1, you will need
># to drop this to 8192. (8k)
>
>Set($MaxAttachmentSize , 10000000);
>
># $TruncateLongAttachments: if this is set to a non-undef value,
># RT will truncate attachments longer than MaxAttachmentLength.
>
>Set($TruncateLongAttachments , undef);
>
># $DropLongAttachments: if this is set to a non-undef value,
># RT will silently drop attachments longer than MaxAttachmentLength.
>
>Set($DropLongAttachments , undef);
>
># If $ParseNewMessageForTicketCcs is true, RT will attempt to divine
># Ticket 'Cc' watchers from the To and Cc lines of incoming messages
># Be forewarned that if you have _any_ addresses which forward mail to
># RT automatically and you enable this option without modifying
># "RTAddressRegexp" below, you will get yourself into a heap of trouble.
>
>Set($ParseNewMessageForTicketCcs , undef);
>
># RTAddressRegexp is used to make sure RT doesn't add itself as a ticket CC if
># the setting above is enabled.
>
>Set($RTAddressRegexp , '^steve.rieger\@.....com$');
>
># RT provides functionality which allows the system to rewrite
># incoming email addresses. In its simplest form,
># you can substitute the value in CanonicalizeEmailAddressReplace
># for the value in CanonicalizeEmailAddressMatch
># (These values are passed to the CanonicalizeEmailAddress subroutine in
>RT/User.pm)
># By default, that routine performs a s/$Match/$Replace/gi on any address
>passed to it
>
>Set($CanonicalizeEmailAddressMatch , 'subdomain.....com$');
>Set($CanonicalizeEmailAddressReplace , '.....com');
>
># If $SenderMustExistInExternalDatabase is true, RT will refuse to
># create non-privileged accounts for unknown users if you are using
># the "LookupSenderInExternalDatabase" option.
># Instead, an error message will be mailed and RT will forward the
># message to $RTOwner.
>#
># If you are not using $LookupSenderInExternalDatabase, this option
># has no effect.
>#
># If you define an AutoRejectRequest template, RT will use this
># template for the rejection message.
>
>Set($SenderMustExistInExternalDatabase , undef);
>
># }}}
>
># {{{ Outgoing mail configuration
>
># RT is designed such that any mail which already has a ticket-id associated
># with it will get to the right place automatically.
>
># $CorrespondAddress and $CommentAddress are the default addresses
># that will be listed in From: and Reply-To: headers of correspondence
># and comment mail tracked by RT, unless overridden by a queue-specific
># address.
>
>Set($CorrespondAddress , 'tickets at ...com');
>
>Set($CommentAddress , 'helpdesk-ny at ...com');
>
>#Sendmail Configuration
>
># $MailCommand defines which method RT will use to try to send mail
># We know that 'sendmailpipe' works fairly well.
># If 'sendmailpipe' doesn't work well for you, try 'sendmail'
>#
># Note that you should remove the '-t' from $SendmailArguments
># if you use 'sendmail rather than 'sendmailpipe'
>
>Set($MailCommand , 'sendmailpipe');
>
># $SendmailArguments defines what flags to pass to $Sendmail
># assuming you picked 'sendmail' or 'sendmailpipe' as the $MailCommand above.
># If you picked 'sendmailpipe', you MUST add a -t flag to $SendmailArguments
>
># These options are good for most sendmail wrappers and workalikes
>Set($SendmailArguments , "-oi -t");
>
># These arguments are good for sendmail brand sendmail 8 and newer
>#Set($SendmailArguments,"-oi -t -ODeliveryMode=b -OErrorMode=m");
>
># If you selected 'sendmailpipe' above, you MUST specify the path
># to your sendmail binary in $SendmailPath.
># !! If you did not # select 'sendmailpipe' above, this has no effect!!
>Set($SendmailPath , "/usr/sbin/sendmail");
>
># By default, RT sets the outgoing mail's "From:" header to
># "SenderName via RT". Setting this option to 0 disables it.
>
>Set($UseFriendlyFromLine , 1);
>
># sprintf() format of the friendly 'From:' header; its arguments
># are SenderName and SenderEmailAddress.
>Set($FriendlyFromLineFormat , "\"%s via RT\" <%s>");
>
># RT can optionally set a "Friendly" 'To:' header when sending messages to
># Ccs or AdminCcs (rather than having a blank 'To:' header.
>
># This feature DOES NOT WORK WITH SENDMAIL[tm] BRAND SENDMAIL
># If you are using sendmail, rather than postfix, qmail, exim or some
>other MTA,
># you _must_ disable this option.
>
>Set($UseFriendlyToLine , 0);
>
># sprintf() format of the friendly 'From:' header; its arguments
># are WatcherType and TicketId.
>Set($FriendlyToLineFormat, "\"%s of $RT::rtname Ticket #%s\":;");
>
># By default RT doesn't notify the person who performs an update, as they
># already know what they've done. If you'd like to change this behaviour,
># Set $NotifyActor to 1
>
>Set($NotifyActor, 1);
>
>
># }}}
>
># {{{ Logging
># Logging. The default is to log anything except debugging
># information to syslog. Check the Log::Dispatch POD for
># information about how to get things by syslog, mail or anything
># else, get debugging info in the log, etc.
>
># It might generally make
># sense to send error and higher by email to some administrator.
># If you do this, be careful that this email isn't sent to this RT instance.
>
># the minimum level error that will be logged to the specific device.
># levels from lowest to highest:
># debug info notice warning error critical alert emergency
>
># Mail loops will generate a critical log message.
>#Set($LogToSyslog , 'debug');
>#Set($LogToScreen , 'info');
>Set($LogToFile , 'debug');
>Set($LogDir, '/usr/local/rt3/var/log');
>Set($LogToFileNamed , "rt.log"); #log to rt.log
>
># On Solaris, set to ( socket => 'inet' ). Options here override any
># other options RT passes to Log::Dispatch::Syslog. Other interesting
># flags include facility and logopt. (See the Log::Dispatch::Syslog
># documentation for more information.) (Maybe ident too, if you have
># multiple RT installations.)
>#socket => 'inet'
>@LogToSyslogConf = () unless (@LogToSyslogConf);
>
># }}}
>
># {{{ Web interface configuration
>
># Define the directory name to be used for images in rt web
># documents.
>
># If you're putting the web ui somewhere other than at the root of
># your server
># $WebPath requires a leading / but no trailing /
>
>Set($WebPath , "");
>
># This is the Scheme, server and port for constructing urls to webrt
># $WebBaseURL doesn't need a trailing /
>
>Set($WebBaseURL , "http://........com");
>
>Set($WebURL , $WebBaseURL . $WebPath . "/");
>
># $WebImagesURL points to the base URL where RT can find its images.
>
>Set($WebImagesURL , $WebURL . "NoAuth/images/");
>
># $RTLogoURL points to the URL of the RT logo displayed in the web UI
>
>Set($LogoURL , $WebImagesURL . "rt.jpg");
>
># For message boxes, set the entry box width and what type of wrapping
># to use.
>#
># Default width: 72
>Set($MessageBoxWidth , 72);
>
># Default wrapping: "HARD" (choices "SOFT", "HARD")
>Set($MessageBoxWrap, "HARD");
>
># if TrustHTMLAttachments is not defined, we will display them
># as text. This prevents malicious HTML and javascript from being
># sent in a request (although there is probably more to it than that)
>Set($TrustHTMLAttachments , undef);
>
># If $WebExternalAuth is defined, RT will defer to the environment's
># REMOTE_USER variable.
>
>Set($WebExternalAuth , "true");
>
># If $WebFallbackToInternalAuth is undefined, the user is allowed a chance
># of fallback to the login screen, even if REMOTE_USER failed.
>
>Set($WebFallbackToInternalAuth , "true");
>
># $WebExternalGecos means to match 'gecos' field as the user identity);
># useful with mod_auth_pwcheck and IIS Integrated Windows logon.
>
>Set($WebExternalGecos , undef);
>
># $WebExternalAuto will create users under the same name as REMOTE_USER
># upon login, if it's missing in the Users table.
>
>Set($WebExternalAuto , "true");
>
># $WebSessionClass is the class you wish to use for managing Sessions.
># It defaults to use your SQL database, but if you are using MySQL 3.x and
># plans to use non-ascii Queue names, uncomment and add this line to
># RT_SiteConfig.pm will prevent session corruption.
>
># Set($WebSessionClass , 'Apache::Session::File');
>
># $MaxInlineBody is the maximum attachment size that we want to see
># inline when viewing a transaction. 13456 is a random sane-sounding
># default.
>
>Set($MaxInlineBody, 13456);
>
># $MyTicketsLength is the length of the owned tickets table on the
># front page. For some people, the default of 10 isn't big enough
># to get a feel for how much work needs to be done before you get
># some time off.
>
>Set($MyTicketsLength, 10);
>
># $MyRequestsLength is the length of the requested tickets table
># on the front page.
>
>Set($MyRequestsLength, 10);
>
># @MasonParameters is the list of parameters for the constructor of
># HTML::Mason's Apache or CGI Handler. This is normally only useful
># for debugging, eg. profiling individual components with
># (preamble => 'my $p = MasonX::Profiler->new($m, $r);');
>
>@MasonParameters = () unless (@MasonParameters);
>
># }}}
>
>
># {{{ RT UTF-8 Settings
>
># An array that contains languages supported by RT's internationalization
># interface. Defaults to all *.po lexicons; set it to qw(en ja) will make
># RT bilingual instead of multilingual, but will save same memory.
>
>@LexiconLanguages = qw(*) unless (@LexiconLanguages);
>
># An array that contains default encodings used to guess which charset
># an attachment uses if not specified. Must be recognized by
># Encode::Guess.
>
>@EmailInputEncodings = qw(utf-8 iso-8859-1 us-ascii) unless
>(@EmailInputEncodings);
>
># The charset for localized email. Must be recognized by Encode.
>
>Set($EmailOutputEncoding , 'utf-8');
>
># }}}
>
># {{{ RT Date Handling Options (for Time::ParseDate)
>
># Set this to 1 if your local date convention looks like "dd/mm/yy"
># instead of "mm/dd/yy".
>
>Set($DateDayBeforeMonth , 1);
>
># Should "Tuesday" default to meaning "Next Tuesday" or "Last Tuesday"?
># Set to 0 for "Next" or 1 for "Last".
>
>Set($AmbiguousDayInPast , 1);
>
># }}}
>
>1;
>
>
>httpd.conf
>
>ServerName helpdesk.....com
> DocumentRoot /usr/local/rt3/share/html
> AddDefaultCharset UTF-8
> PerlModule Apache::DBI
> PerlRequire /usr/local/rt3/bin/webmux.pl
> <Location />
> SetHandler perl-script
> PerlHandler RT::Mason
> AuthName "RT Web Users"
> AuthType Basic
> AuthLDAPAuthoritative off
> AuthLDAPurl ldap://ldap.....com/?cn?sub
> require valid-user
> </Location>
> ErrorLog /var/log/helpdesk-error.log
> CustomLog /var/log/helpdesk-access.log common
> CustomLog /var/log/helpdesk-combined.log combined
></VirtualHost>
More information about the Rt-devel
mailing list