[rt-users] LDAP Summary and supported implementations
Matt Nichols
mnichols at wayport.net
Thu Apr 20 15:59:08 EDT 2006
Do you define an LdapBase variable in your config?
Thanks again.
-Matt
________________________________
From: eric.valor at daimlerchrysler.com
[mailto:eric.valor at daimlerchrysler.com]
Sent: Thursday, April 20, 2006 2:47 PM
To: Matt Nichols
Cc: rt-users at lists.bestpractical.com
Subject: RE: [rt-users] LDAP Summary and supported implementations
Matt:
I've gotten this working with AD. The trick for AD is making sure you
search for "sAMAccountName" instead of "uid".
Here are the bare essentials you'll need:
Set($LdapUser, 'cn=<binduser>,CN=Users,dc=<domain>,dc=com'); #
LDAP bind user
Set($LdapPass, '<password>'); # LDAP
bind user pass
Set($LdapUidAttr, 'sAMAccountName'); #
attribute for RT account name
Set($LdapFilter, 'objectclass=user'); # filter
LDAP entries (e.g., only people)
Set($LdapNameAttr, 'cn'); #
attribute for RT user name
Set($LdapMailAttr, 'mail'); #
attribute for RT email addy
Note that "Users" requires the capital U...
Bear in mind this won't auto-populate the RT database from the LDAP
database. Your users will fail unless they already have an RT account.
The Moseman contribution
<http://www.mosemann.com/software/LDAPSMB1.2_RT3.tar.gz> allows for
setting up accounts on-the-fly, but I've had some difficulty in getting
it to pull in all the LDAP (AD) records (SQL errors are reported in the
logging). I haven't been able to put in much time in debugging..
The Mehl contribution <http://blank.org/memory/output/rt-ad-sso.html>
does a better job and has good instructions, but has the drawback of
requiring mod_ntlm and the NT LanMan hash vulnerability.
Hope this helps.
--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
eric.valor at daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536
: This Space Intentionally Left Blank :
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060420/5dd180c8/attachment.htm>
More information about the rt-users
mailing list