[rt-users] SenderMustExistInExternalDatabase Broken in RT3?
Jeff Hoover
jeff.hoover at infotechfl.com
Tue Apr 22 11:15:03 EDT 2003
Karsten,
I am also new to RT3. I haven't quite figured everything out yet, but I'll
share with everyone what I have done so far incase someone else wants to
use this. To authenticate against LDAP you need to set RT's
$WebExternalAuth settings (in RT_SiteConfig) and use Apache's AuthLDAP module.
To autocreate accounts when logging in you have to modify the
LookupExternalUserInfo subroutine to your liking. I'll paste mine
below. Maybe someone will improve it. I also edited
rt3/var/mason_data/obj/standard/autohandler to add:
$UserObj->SetEmailAddress("$user\@mydomain.com") if defined $user;
under $UserObj->SetRealName($realname) if defined $realname;
Also, if you want users to have unprivileged accounts created automatically
instead of privileged, change line 75 to:
$UserObj->SetPrivileged(0);
Hope that helps you get started.
-- Jeff
ps - you WILL have to modify the subroutine for your LDAP setup. This
subroutine was based off either an old email posting or a file in the
contribs, I don't remember.
sub LookupExternalUserInfo {
my $self = shift;
my $EmailAddress = shift;
my $RealName = shift;
my $FoundInExternalDatabase = 0;
my %params;
#Name is the RT username you want to use for this user.
$params{'Name'} = $EmailAddress;
$params{'EmailAddress'} = $EmailAddress;
$params{'RealName'} = $RealName;
$RT::Logger->debug("LookupExternalUserInfo: Entered with:\n",
"\tName = $params{'Name'}\n",
"\tEmailAddress = $params{'EmailAddress'}\n",
"\tRealName = $params{'RealName'}\n",
"\tFound = $FoundInExternalDatabase\n");
$params{'RealName'} =~ s/\"//g;
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS);
use constant LDAP => q(ldap.yourdomain.com);
use constant LDAP_PORT => q(389);
use constant LDAP_BASE => q(ou=People,dc=yourdomain,dc=com);
use constant LDAP_UID => q(uid);
use constant LDAP_EMAIL => q(mail);
use constant LDAP_ALT_EMAIL => q(mailAlternateAddress);
use constant LDAP_CN => q(cn);
my $ldap = new Net::LDAP(LDAP, port => LDAP_PORT)
or $RT::Logger->critical("LookupExternalUserInfo: Cannot connect to ",
"LDAP'\n"),
return ($FoundInExternalDatabase, %params);
my $mesg = $ldap->bind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Cannot bind anonymously ",
"to LDAP:", $mesg->code, "\n");
$params{'RealName'} = "\"$params{'RealName'}\"";
return ($FoundInExternalDatabase, %params);
}
my $filter = "@{[ LDAP_EMAIL ]}=$params{'EmailAddress'}";
$RT::Logger->debug("LookupExternalUserInfo: First search filter ",
"'$filter'\n");
$mesg = $ldap->search(base => LDAP_BASE,
filter => $filter,
attrs => [ LDAP_UID, LDAP_EMAIL, LDAP_CN ]);
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Could not search for ",
"$filter: ", $mesg->code, "\n");
$params{'RealName'} = "\"$params{'RealName'}\"";
return ($FoundInExternalDatabase, %params);
}
$RT::Logger->debug("LookupExternalUserInfo: First search produced ",
$mesg->count, " results\n");
# E-mail search failed
unless ($mesg->count == 1) {
$filter = "@{[ LDAP_ALT_EMAIL ]}=$params{'EmailAddress'}";
$RT::Logger->debug("LookupExternalUserInfo: Second search filter ",
"'$filter'\n");
$mesg = $ldap->search(base => LDAP_BASE,
filter => $filter,
attrs => [ LDAP_UID, LDAP_EMAIL, LDAP_CN ]);
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Could not search for ",
"$filter: ", $mesg->code, "\n");
$params{'RealName'} = "\"$params{'RealName'}\"";
return ($FoundInExternalDatabase, %params);
}
}
$RT::Logger->debug("LookupExternalUserInfo: Second search produced ",
$mesg->count, " results with filter $filter\n");
# One of the two searches succeeded with just one match
if ($mesg->count == 1) {
$params{'Name'} = ($mesg->first_entry->get_value(LDAP_UID))[0];
$params{'EmailAddress'} = ($mesg->first_entry->get_value(LDAP_EMAIL))[0];
$params{'RealName'} = ($mesg->first_entry->get_value(LDAP_CN))[0];
$FoundInExternalDatabase = 1;
}
$mesg = $ldap->unbind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Could not unbind from ",
"LDAP: ", $mesg->code, "\n");
}
undef $ldap;
undef $mesg;
$params{'RealName'} = "\"$params{'RealName'}\"";
$RT::Logger->debug("LookupExternalUserInfo: Leaving LDAP examination ",
"with:\n",
"\tName = $params{'Name'}\n",
"\tEmailAddress = $params{'EmailAddress'}\n",
"\tRealName = $params{'RealName'}\n",
"\tFound = $FoundInExternalDatabase\n");
return ($FoundInExternalDatabase, %params) if $FoundInExternalDatabase;
}
At 10:37 AM 4/22/2003, Karsten Konrad wrote:
>Hi Jeff,
>
>I'm rather new to RT and very new to LDAP. Could you please tell me what
>you did to get authentication via ldap. How did you modify
>emailparser.pm?
>
>please help :)
>tia, karsten...
>
>
>On Fri, 2003-04-18 at 17:18, Jeff Hoover wrote:
> > I am using rt 3.0.1 on Redhat 7.3 with the following in RT_SiteConfig:
> >
> > Set($LookupSenderInExternalDatabase, 1);
> > Set($SenderMustExistInExternalDatabase , 1);
> > Set($WebExternalAuth , 1);
> > Set($WebExternalGecos , 1);
> > Set($WebExternalAuto , 1);
> >
> > I modified the LookupExternalUserInfo subroutine in lib\RT\EmailParser.pm
> > to work with my LDAP server. I can login through the web and everything
> > works fine.
> >
> > I only want LDAP users to be able to create tickets via web or
> > email. Problem is, any address has an account created when I request a
> > ticket via email. I thought the point of
> SenderMustExistInExternalDatabase
> > was to prevent this from happening. I do NOT have CreateTicket privileges
> > set to everyone.
> >
> > Does anyone else have this working in RT 3.0.1? Any suggestions for
> what I
> > am doing wrong?
> >
> > Further investigation in lib\RT\EmailParser.pm shows the following
> > statement in the GetCurrentUser sub:
> >
> > if ( $RT::SenderMustExistInExternalDatabase &&
> > !$UserFoundInExternalDatabase ) {
> >
> > If changed to:
> >
> > if ( $RT::SenderMustExistInExternalDatabase ) {
> >
> > accounts are still being created.
> >
> > Confused,
> > Jeff
> >
> > _______________________________________________
> > rt-users mailing list
> > rt-users at lists.fsck.com
> > http://lists.fsck.com/mailman/listinfo/rt-users
> >
> > Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
More information about the rt-users
mailing list