[rt-users] Intergration with LDAP
Drew Barnes
barnesaw at ucrwcu.rwc.uc.edu
Tue Apr 8 13:29:46 EDT 2008
Try this. In RT_SiteConfig.pm
Set($WebFallbackToInternalAuth , 1); (or maybe it needs to be True.
can't recall.)
Nelson Pereira wrote:
>
> How do I disable this functionality as this has made my RT unusable…
> I’m getting all sorts of issues in the httpd logs…:
>
>
>
> [Tue Apr 8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj
> Can't bind: LDAP_INVALID_CREDENTIALS 49
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
> [Tue Apr 8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj
> Can't bind: LDAP_INVALID_CREDENTIALS 49
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
> [Tue Apr 8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj
> Can't bind: LDAP_INVALID_CREDENTIALS 49
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
> [Tue Apr 8 17:19:02 2008] [crit]: User creation failed in
> mailgateway: Could not set user info
> (/opt/rt3/lib/RT/Interface/Email.pm:243)
>
> [Tue Apr 8 17:19:02 2008] [crit]: User 'npereira at domain.com' could
> not be loaded in the mail gateway (/opt/rt3/lib/RT/Interface/Email.pm:243)
>
> [Tue Apr 8 17:19:02 2008] [error]: RT could not load a valid user,
> and RT's configuration does not allow
>
> for the creation of a new user for this email (npereira at domain.com).
>
>
>
> You might need to grant 'Everyone' the right 'CreateTicket' for the
>
> queue general. (/opt/rt3/lib/RT/Interface/Email.pm:243)
>
> [Tue Apr 8 17:19:03 2008] [error]: Could not record email: Could not
> load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
>
>
>
>
>
> How do I remove this and go back to the standard standalone MySQL auth…?
>
> ------------------------------------------------------------------------
>
> *From:* rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] *On Behalf Of
> *Nelson Pereira
> *Sent:* Tuesday, April 08, 2008 1:05 PM
> *To:* rt-users at lists.bestpractical.com
> *Subject:* Re: [rt-users] Intergration with LDAP
>
>
>
> Ok, So I read the instruction on the link given although I still
> cannot login with a valid Active Directory account....
>
>
>
> Installed the CPAN module…
>
>
>
> I made the changes in the RT_SiteConfig.pm, restarted the webserver (OK)
>
> Try to login and I get this error in /var/log/httpd/error_log
>
>
>
> [Tue Apr 8 17:07:02 2008] [error]: Could not record email: RT
> couldn't find the queue: general
> (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
>
> [Tue Apr 8 17:07:13 2008] [critical]: RT::User::_GetBoundLdapObj
> Can't bind: LDAP_INVALID_CREDENTIALS 49
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
>
>
> What is this saying?
>
>
>
> My RT_SiteConfig.pm
>
>
>
>
>
> #####################################################################
>
> ###################### LDAP AUthentication###########################
>
> #####################################################################
>
>
>
> # Order in which the services defined in ExternalSettings
>
> # should be used to authenticate users. User is authenticated
>
> # if successfully confirmed by any service - no more services
>
> # are checked.
>
> Set($ExternalAuthPriority, [ 'My_LDAP',
>
> 'My_MySQL'
>
> ]
>
> );
>
>
>
> # The order in which the services defined in ExternalSettings
>
> # should be used to get information about users. This includes
>
> # RealName, Tel numbers etc, but also whether or not the user
>
> # should be considered disabled.
>
> # Once user info is found, no more services are checked.
>
> Set($ExternalInfoPriority, [ 'My_MySQL',
>
> 'My_LDAP'
>
> ]
>
> );
>
>
>
> # If this is set to true, then the relevant packages will
>
> # be loaded to use SSL/TLS connections. At the moment,
>
> # this just means "use Net::SSLeay;"
>
> Set($ExternalServiceUsesSSLorTLS, 0);
>
>
>
> # If this is set to 1, then users should be autocreated by RT
>
> # as internal users if they fail to authenticate from an
>
> # external service.
>
> Set($AutoCreateNonExternalUsers, 1);
>
>
>
> # These are the full settings for each external service as a HashOfHashes
>
> # Note that you may have as many external services as you wish. They will
>
> # be checked in the order specified in the Priority directives above.
>
> # e.g.
>
> #
> Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
>
> #
>
> Set($ExternalSettings, { # A LDAP SERVICE
>
> 'My_LDAP' => { ## GENERIC SECTION
>
> # The type of
> service (db/ldap/cookie)
>
>
> 'type' => 'ldap',
>
> # Should the
> service be used for authentication?
>
>
> 'auth' => 1,
>
> # Should the
> service be used for information?
>
>
> 'info' => 1,
>
> # The server
> hosting the service
>
>
> 'server' => 'my.domain.name',
>
> ##
> SERVICE-SPECIFIC SECTION
>
> # If you can
> bind to your LDAP server anonymously you should
>
> # remove the
> user and pass config lines, otherwise specify them here:
>
> #
>
> # The username
> RT should use to connect to the LDAP server
>
>
> 'user' => 'myldapuser',
>
> # The password
> RT should use to connect to the LDAP server
>
>
> 'pass' => 'myladappass$',
>
> #
>
> # The LDAP
> search base
>
>
> 'base' => 'cn=Users,dc=protus,dc=org',
>
> # The filter
> to use to match RT-Users
>
>
> 'filter' =>
> '(FILTER_STRING)',
>
> # The filter
> that will only match disabled users
>
> 'd_filter'
> => '(FILTER_STRING)',
>
> # Should we
> try to use TLS to encrypt connections?
>
>
> 'tls' => 0,
>
> # What other
> args should I pass to Net::LDAP->new($host, at args)?
>
>
> 'net_ldap_args' => [ version => 3 ],
>
> # Does
> authentication depend on group membership? What group name?
>
>
> 'group' => 'GROUP_NAME',
>
> # What is the
> attribute for the group object that determines membership?
>
>
> 'group_attr' => 'GROUP_ATTR',
>
> ## RT
> ATTRIBUTE MATCHING SECTION
>
> # The list of
> RT attributes that uniquely identify a user
>
>
> 'attr_match_list' => [ 'Name',
>
>
> 'EmailAddress',
>
>
> 'RealName',
>
>
> 'WorkPhone',
>
>
> 'Address2'
>
>
> ],
>
> # The mapping
> of RT attributes on to LDAP attributes
>
>
> 'attr_map' => { 'Name' => 'sAMAccountName',
>
>
> 'EmailAddress' => 'mail',
>
>
> 'Organization' => 'physicalDeliveryOfficeName',
>
>
> 'RealName' => 'cn',
>
>
> 'ExternalAuthId' => 'sAMAccountName',
>
>
> 'Gecos' => 'sAMAccountName',
>
>
> 'WorkPhone' => 'telephoneNumber',
>
>
> 'Address1' => 'streetAddress',
>
>
> 'City' => 'l',
>
>
> 'State' => 'st',
>
>
> 'Zip'
> => 'postalCode',
>
>
> 'Country' => 'co'
>
>
> }
>
> }
>
> }
>
> );
>
> 1;
>
>
>
>
>
>
>
> Nelson Pereira
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
More information about the rt-users
mailing list