[rt-users] comments on my active directory experience
Senoner Samuel
Samuel.Senoner at eurac.edu
Wed Jul 16 12:34:22 EDT 2003
I also setup such a system and used RT3, apache 1.3.27 auth_ldap, all
debian packages.
I used the externaluserlookup with ldap, that was posted here some time
ago, changed all uids with sAMAccuontName,
So I have imported all the informations from LDAP,Full Name, account
name, e-mail, phone, description and so on, In autohandler I only
inserted lookupexternaldatabase before the creation of the new user, I
also hat to add use RT::EmailParser (an Overlay was provided with
emailLDAP).
I hope this helped somebody, who wants more information
-----Original Message-----
From: Sean Perry [mailto:sean.perry at intransa.com]
Sent: Friday,11 July,2003 20:56
To: rt-users at lists.fsck.com
Subject: [rt-users] comments on my active directory experience
this is mostly for people crawling the archives like I was doing last
week.
What I did to get Active Directory / LDAP working.
*) used latest apache, compiled with --with-ldap --enable-ldap
--enable-auth-ldap
*) have the following in my apache config:
<VirtualHost 172.30.1.60>
ServerName tracker.intransa.com
DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8
PerlModule Apache2 Apache::compat
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl
<Directory />
AuthType Basic
AuthName "Request Tracker"
# sAMAccountName is the first.last style user name
AuthLDAPURL "ldap://my.ldap/dc=mydomain,dc=com?sAMAccountName"
# need this account and setting because Active Directory
# does not allow anonymous binding by default
AuthLDAPBindDN "dummy.user at mydomain.com"
AuthLDAPBindPassword "asdfg"
AuthLDAPAuthoritative off
require valid-user
</Directory>
<FilesMatch "\.html$">
SetHandler perl-script
PerlHandler RT::Mason
</FilesMatch>
<LocationMatch "/Attachment/">
SetHandler perl-script
PerlHandler RT::Mason
</LocationMatch>
<LocationMatch "/REST/">
SetHandler perl-script
PerlHandler RT::Mason
</LocationMatch>
# need this so the mail gateway still works
<LocationMatch "/REST/1.0/NoAuth/">
Satisfy Any
Allow from all
</LocationMatch>
</VirtualHost>
*) I have tweaked var/mason_data/obj/standard/autohandler to add users
whenever a new user is authenticated. This means the user logs into the
web site once and then both mail and web access works.
I added in some magic from Chris Gilmore and others so some Net::LDAP
magic is called. This is because $realname has no value when using the
apache ldap authentication, so we have to look it up. Once again,
sAMAccountName is the key.
sub LookupLdapUserInfo {
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS);
use constant LDAP => q(my.ldap.server);
use constant LDAP_PORT => q(389);
use constant LDAP_BASE => q(dc=mydomain,dc=com);
use constant LDAP_UID => q(sAMAccountName);
use constant LDAP_CN => q(cn);
my ($user) = @_;
my $ldap = new Net::LDAP(LDAP, port => LDAP_PORT)
or return undef;
my $mesg = $ldap->bind('cn=Request
Tracker,cn=Users,dc=mydomain,dc=com',
password => 'asdfg');
return undef unless $mesg->code == LDAP_SUCCESS;
my $filter = "@{[ LDAP_UID ]}=$user";
$mesg = $ldap->search(base => LDAP_BASE,
filter => $filter,
attrs => [ LDAP_CN ]);
return undef unless ($mesg->code == LDAP_SUCCESS);
if ($mesg->count != 1 ||
($mesg->first_entry->get_value(LDAP_CN))[0] eq '') {
return undef;
}
my $cn = $mesg->first_entry->get_value(LDAP_CN);
$mesg = $ldap->unbind();
return $cn;
}
and later on ....
if ($RT::WebExternalAuto and !$session{'CurrentUser'}->Id() ) {
# Create users on-the-fly with default attributes
my $UserObj = RT::User->new(RT::CurrentUser->new('root'));
my ($val, $msg) = $UserObj->Create(
%{ref($RT::AutoCreate) ? $RT::AutoCreate : {}},
Name => $user,
Gecos => $user,
);
if ($val) {
$UserObj->SetPrivileged(0);
my $realname = LookupLdapUserInfo($user);
$UserObj->SetRealName($realname) if defined $realname;
$UserObj->SetEmailAddress("$user\@" . $RT::Organization) if
defined $user;
$session{'CurrentUser'}->Load($user);
}
Hope this helps the next explorer.
_______________________________________________
rt-users mailing list
rt-users at lists.fsck.com http://lists.fsck.com/mailman/listinfo/rt-users
Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
More information about the rt-users
mailing list