[rt-users] LDAP_Overlay Questions

OliveAddict oliveaddict at gmail.com
Wed Jun 1 20:21:17 EDT 2005 

Hello Stevo,

For Active Directory, have you tried setting...?
'RealName'            => 'displayName',

I am having problems getting the LDAP Overlay from Mosemann to work
with AD on Windows 2003.  I am able to get ldapsearch working with
these settings.  I can also get the sample script in Authen::Smb's man
page working.  Unfortunately, RT will not authenticate with LDAP or
SMB.

Since I prefer to get LDAP working, here are those settings....

$LdapServer="foobar.mydomain.com";   # replaced real domain with mydomain
$LdapUser="Bind LDAP";      # works w/ ldapsearch command
$LdapPass="secret";
$LdapBase="cn=Users,dc=mydomain,dc=com";
$LdapUidAttr="sAMAccountName";    # is this right?
$LdapFilter="(objectclass=user)";   # works with ldapsearch
$LdapMap = {          
    'Name'                => $RT::LdapUidAttr,
    'EmailAddress'        => 'mail',
    'RealName'            => 'displayName',  # works?
};

----- Original Message ----- 
List:       rt-users
Subject:    Re: [rt-users] LDAP_Overlay Questions
From:       "Stevo" <checkpoint () ozbergs ! com>
Date:       2005-05-26 20:56:36
Message-ID: <00f101c56235$6835c430$6750230a () omneon ! local>
[Download message RAW]

Perfect - thanks Iris...

Now onto the harder question below (#1).  Does anyone have experience with 
this??  I checked my RT_SiteConfig file and I have the following mappings in 
place:

$LdapMap = {                    # map LDAP attributes to RT3
#    'RT user paramater'   => 'LDAP entry',
    'Name'                => $RT::LdapUidAttr,
    'EmailAddress'        => 'mail',
    'RealName'            => 'cn',
};


But I'm not getting the EmailAddress or RealName mapping over... just the 
username!

Any ideas?

-Steve

----- Original Message ----- 
From: Brookes, Iris
To: Stevo
Sent: Thursday, May 26, 2005 1:51 PM
Subject: RE: [rt-users] LDAP_Overlay Questions


You can set the user to super user thur

Configuration ==> Global ==> User Rights

Regards,

Iris Brookes

 -----Original Message-----
From: rt-users-bounces at lists.bestpractical.com 
[mailto:rt-users-bounces at lists.bestpractical.com]On Behalf Of Stevo
Sent: Thursday, May 26, 2005 4:24 PM
To: rt-users at lists.bestpractical.com
Subject: [rt-users] LDAP_Overlay Questions


Hi All,

I have a brand spanking new install of RT 3.4.2 and have the ldap_overlay 
authenticating against my AD controllers and can log into RT's web interface 
just fine (using my AD creds).  I do,however, have a couple of issues to nut 
out:

1) When the account is auto-created (from the user logging in via the web 
interface), the email address of the AD user is not populated into RT.  Is 
there a way to do this automatically?  The next step is to use the mailgate 
to enable email, but I wanted to make sure the web side was working first.

2) If a user is auto-created using the web interface and I check the box in 
their account that "Lets this user be granted rights", when the user logs 
in, they don't have super-user rights like the root user does.  Like they 
can't see the queue (just the default general one that's created), nor can 
they see the configuration tab.  Is there a way to make that user a 
super-user like the root account?

Thanks for your help

-Stevo

More information about the rt-users mailing list