[rt-users] ldap-auth with rt Centos rpm install

Bill Gurley gurley at ion.chem.utk.edu
Fri Mar 10 08:47:51 EST 2006 

Chaim Rieger wrote:
> Bill Gurley wrote:
> 
>> I recently set up a new Centos 4.2 machine and installed rt with the 
>> rpm-install found here:
>>
>> http://wiki.bestpractical.com/index.cgi?RPMInstall
>>
>> very smooth install, and it worked great with normal rt-internal 
>> authentication.  But I wanted to set up ldap authentication using this 
>> overlay and procedure:
>>
>> http://wiki.bestpractical.com/index.cgi?LDAP
>>
>> But I never could get the overlay to work.  After spending several 
>> days on this, I've decided that there is something wrong with my rt 
>> installation that's preventing the overlay from working.  Or maybe I 
>> didn't install it correctly.  (The file paths in the Centos 
>> rpm-install are very different from other rt installations.)
>>
>> I'm going to start over with ubuntu 5.10 and rt installed from 
>> apt-get.  But I'm more comfortable with Redhat-ish distributions.  Has 
>> anyone else tried to do ldap-auth overlay with the CentOS rpm install?
>>
> 
> can you please post the ldap lines from your siteconfig.pm, i've used 
> ldap overlay many times never had too much of an issue.


Chaim:

It seems that this rt system is not even calling the ldap code, but as 
you requested, below are the ldap lines from my Site_Config.pm file. 
The ldap server is internal to the rt machine, so I did no edits below 
the line "### IF YOU USE THE SAME LDAP SERVER FOR AUTH AND INFO STOP 
HERE ###".

My rt log does not mention anything about ldap.  The only thing in the 
log are lines "FAILED LOGIN for...", which I think is the failure to 
login using the internal rt login.  Also let me emphasize that users 
that I created in the rt internal system DO login just fine.

This Centos rpm install has all of the overlays, Users.pm, Ticket.pm 
etc. in /usr/lib/rt/RT, so that is where I placed the User_Local.pm for 
the ldap overlay.  The RT_SiteConfig.pm file was placed in /etc/rt.

Also note that the original file has the $LdapUser and $LdapPass lines 
commented out.  I have tried it with these lines active and not active.

I appreciate any suggestions.

----------------------------------------------------------------

### What auth methods do you like and in what order?
Set($AuthMethods, ['LDAP', 'Internal']);

### LDAP Settings
#
# There are two different branches of this: LdapAuth* and LdapInfo*;
# additionally, most of the old Ldap* variables are honored, too.
#
# This means if you only have one LDAP server/config you can just set
# "LdapServer", "LdapUser", etc. and they will be used for both
# authentication and information

### Enable/Disable LDAP services
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);

### Common Settings: affecting both auth and info services

# Map RT attributes to LDAP attributes
Set($LdapAttrMap, {'Name' => 'uid',
                    'EmailAddress' => 'mail',
                    'Organization' => 'ou',
                    'RealName' => 'cn',
                    'ExternalContactInfoId' => 'dn',
                    'ExternalAuthId' => 'uid',
                    'Gecos' => 'gecos',
                    'WorkPhone' => 'telephoneNumber',
                    'Address1' => 'roomNumber',
                    'Address2' => 'physicalDeliveryOfficeName'}
);

# A list of RT attrs which can uniquely identify a user,
# ordered from most to least preferred.
Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
                            'EmailAddress', 'RealName',
                            'WorkPhone', 'Address2']
);

# A list of LDAP attrs to examine when canonicalizing email addresses,
# ordered from most to least preferred
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
                               'mailAlternateAddress']
);

# The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo*
Set($LdapServer, 'localhost');
Set($LdapBase, 'ou=Users,dc=chem,dc=utk,dc=edu');
Set($LdapFilter, "(objectclass=posixAccount)");
Set($LdapUser, 'cn=Manager,ou=Users,dc=chem,dc=utk,dc=edu');
Set($LdapPass, 'secret');

# If you set these, only members of this group can auth via LDAP
#Set($LdapGroup, 'cn=RT,ou=Group,dc=example,dc=com');
#Set($LdapGroupAttr, 'uniqueMember');

# These turn on SSL for LDAP
#Set($LdapTLS, 0);
#Set($LdapSSLVersion, 3);

1;

-------------------------------------------------------


-Bill-

---------------------------------
  Bill Gurley, Technical Director
  Department of Chemistry
  Univ. of Tennessee, Knoxville

More information about the rt-users mailing list