[rt-users] Intergration with LDAP
Nelson Pereira
npereira at protus.com
Tue Apr 8 13:21:55 EDT 2008
How do I disable this functionality as this has made my RT unusable...
I'm getting all sorts of issues in the httpd logs...:
[Tue Apr 8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj Can't
bind: LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
[Tue Apr 8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj Can't
bind: LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
[Tue Apr 8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj Can't
bind: LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
[Tue Apr 8 17:19:02 2008] [crit]: User creation failed in mailgateway:
Could not set user info (/opt/rt3/lib/RT/Interface/Email.pm:243)
[Tue Apr 8 17:19:02 2008] [crit]: User 'npereira at domain.com' could not
be loaded in the mail gateway (/opt/rt3/lib/RT/Interface/Email.pm:243)
[Tue Apr 8 17:19:02 2008] [error]: RT could not load a valid user, and
RT's configuration does not allow
for the creation of a new user for this email (npereira at domain.com).
You might need to grant 'Everyone' the right 'CreateTicket' for the
queue general. (/opt/rt3/lib/RT/Interface/Email.pm:243)
[Tue Apr 8 17:19:03 2008] [error]: Could not record email: Could not
load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
How do I remove this and go back to the standard standalone MySQL
auth...?
________________________________
From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Nelson
Pereira
Sent: Tuesday, April 08, 2008 1:05 PM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Intergration with LDAP
Ok, So I read the instruction on the link given although I still cannot
login with a valid Active Directory account....
Installed the CPAN module...
I made the changes in the RT_SiteConfig.pm, restarted the webserver (OK)
Try to login and I get this error in /var/log/httpd/error_log
[Tue Apr 8 17:07:02 2008] [error]: Could not record email: RT couldn't
find the queue: general
(/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
[Tue Apr 8 17:07:13 2008] [critical]: RT::User::_GetBoundLdapObj Can't
bind: LDAP_INVALID_CREDENTIALS 49
(/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
What is this saying?
My RT_SiteConfig.pm
#####################################################################
###################### LDAP AUthentication###########################
#####################################################################
# Order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, [ 'My_LDAP',
'My_MySQL'
]
);
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
# Once user info is found, no more services are checked.
Set($ExternalInfoPriority, [ 'My_MySQL',
'My_LDAP'
]
);
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 1);
# These are the full settings for each external service as a
HashOfHashes
# Note that you may have as many external services as you wish. They
will
# be checked in the order specified in the Priority directives above.
# e.g.
#
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDA
P','Other-DB']);
#
Set($ExternalSettings, { # A LDAP SERVICE
'My_LDAP' => { ## GENERIC
SECTION
# The type of
service (db/ldap/cookie)
'type'
=> 'ldap',
# Should the
service be used for authentication?
'auth'
=> 1,
# Should the
service be used for information?
'info'
=> 1,
# The server
hosting the service
'server'
=> 'my.domain.name',
##
SERVICE-SPECIFIC SECTION
# If you can
bind to your LDAP server anonymously you should
# remove the
user and pass config lines, otherwise specify them here:
#
# The username
RT should use to connect to the LDAP server
'user'
=> 'myldapuser',
# The password
RT should use to connect to the LDAP server
'pass'
=> 'myladappass$',
#
# The LDAP
search base
'base'
=> 'cn=Users,dc=protus,dc=org',
# The filter to
use to match RT-Users
'filter'
=> '(FILTER_STRING)',
# The filter
that will only match disabled users
'd_filter'
=> '(FILTER_STRING)',
# Should we try
to use TLS to encrypt connections?
'tls'
=> 0,
# What other
args should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args'
=> [ version => 3 ],
# Does
authentication depend on group membership? What group name?
'group'
=> 'GROUP_NAME',
# What is the
attribute for the group object that determines membership?
'group_attr'
=> 'GROUP_ATTR',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
'attr_match_list' => [ 'Name',
'EmailAddress',
'RealName',
'WorkPhone',
'Address2'
],
# The mapping of
RT attributes on to LDAP attributes
'attr_map'
=> { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
Nelson Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080408/64083275/attachment.htm>
More information about the rt-users
mailing list