[rt-users] Intergration with LDAP

Drew Barnes barnesaw at ucrwcu.rwc.uc.edu
Tue Apr 8 13:29:46 EDT 2008


Try this.  In RT_SiteConfig.pm
Set($WebFallbackToInternalAuth , 1); (or maybe it needs to be True.  
can't recall.)

Nelson Pereira wrote:
>
> How do I disable this functionality as this has made my RT unusable… 
> I’m getting all sorts of issues in the httpd logs…:
>
>  
>
> [Tue Apr  8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj 
> Can't bind: LDAP_INVALID_CREDENTIALS 49 
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
> [Tue Apr  8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj 
> Can't bind: LDAP_INVALID_CREDENTIALS 49 
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
> [Tue Apr  8 17:19:02 2008] [critical]: RT::User::_GetBoundLdapObj 
> Can't bind: LDAP_INVALID_CREDENTIALS 49 
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
> [Tue Apr  8 17:19:02 2008] [crit]: User creation failed in 
> mailgateway: Could not set user info 
> (/opt/rt3/lib/RT/Interface/Email.pm:243)
>
> [Tue Apr  8 17:19:02 2008] [crit]: User  'npereira at domain.com' could 
> not be loaded in the mail gateway (/opt/rt3/lib/RT/Interface/Email.pm:243)
>
> [Tue Apr  8 17:19:02 2008] [error]: RT could not load a valid user, 
> and RT's configuration does not allow
>
> for the creation of a new user for this email (npereira at domain.com).
>
>  
>
> You might need to grant 'Everyone' the right 'CreateTicket' for the
>
> queue general. (/opt/rt3/lib/RT/Interface/Email.pm:243)
>
> [Tue Apr  8 17:19:03 2008] [error]: Could not record email: Could not 
> load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
>
>  
>
>  
>
> How do I remove this and go back to the standard standalone MySQL auth…?
>
> ------------------------------------------------------------------------
>
> *From:* rt-users-bounces at lists.bestpractical.com 
> [mailto:rt-users-bounces at lists.bestpractical.com] *On Behalf Of 
> *Nelson Pereira
> *Sent:* Tuesday, April 08, 2008 1:05 PM
> *To:* rt-users at lists.bestpractical.com
> *Subject:* Re: [rt-users] Intergration with LDAP
>
>  
>
> Ok, So I read the instruction on the link given although I still 
> cannot login with a valid Active Directory account....
>
>  
>
> Installed the CPAN module…
>
>  
>
> I made the changes in the RT_SiteConfig.pm, restarted the webserver (OK)
>
> Try to login and I get this error in /var/log/httpd/error_log
>
>  
>
> [Tue Apr  8 17:07:02 2008] [error]: Could not record email: RT 
> couldn't find the queue: general 
> (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
>
> [Tue Apr  8 17:07:13 2008] [critical]: RT::User::_GetBoundLdapObj 
> Can't bind: LDAP_INVALID_CREDENTIALS 49 
> (/opt/rt3/local/lib/RT/User_Vendor.pm:1056)
>
>  
>
> What is this saying?
>
>  
>
> My RT_SiteConfig.pm
>
>  
>
>  
>
> #####################################################################
>
> ###################### LDAP AUthentication###########################
>
> #####################################################################
>
>  
>
> # Order in which the services defined in ExternalSettings
>
> # should be used to authenticate users. User is authenticated
>
> # if successfully confirmed by any service - no more services
>
> # are checked.
>
> Set($ExternalAuthPriority,  [   'My_LDAP',
>
>                                 'My_MySQL'
>
>                             ]
>
> );
>
>  
>
> # The order in which the services defined in ExternalSettings
>
> # should be used to get information about users. This includes
>
> # RealName, Tel numbers etc, but also whether or not the user
>
> # should be considered disabled.
>
> # Once user info is found, no more services are checked.
>
> Set($ExternalInfoPriority,  [   'My_MySQL',
>
>                                 'My_LDAP'
>
>                             ]
>
> );
>
>  
>
> # If this is set to true, then the relevant packages will
>
> # be loaded to use SSL/TLS connections. At the moment,
>
> # this just means "use Net::SSLeay;"
>
> Set($ExternalServiceUsesSSLorTLS,    0);
>
>  
>
> # If this is set to 1, then users should be autocreated by RT
>
> # as internal users if they fail to authenticate from an
>
> # external service.
>
> Set($AutoCreateNonExternalUsers,    1);
>
>  
>
> # These are the full settings for each external service as a HashOfHashes
>
> # Note that you may have as many external services as you wish. They will
>
> # be checked in the order specified in the Priority directives above.
>
> # e.g.
>
> #   
> Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
>
> #
>
> Set($ExternalSettings,      {   # A LDAP SERVICE
>
>                                 'My_LDAP'       =>  {   ## GENERIC SECTION
>
>                                                         # The type of 
> service (db/ldap/cookie)
>
>                                                         
> 'type'                      =>  'ldap',
>
>                                                         # Should the 
> service be used for authentication?
>
>                                                         
> 'auth'                      =>  1,
>
>                                                         # Should the 
> service be used for information?
>
>                                                         
> 'info'                      =>  1,
>
>                                                         # The server 
> hosting the service
>
>                                   
>                       'server'                    =>  'my.domain.name',
>
>                                                         ## 
> SERVICE-SPECIFIC SECTION
>
>                                                         # If you can 
> bind to your LDAP server anonymously you should
>
>                                                         # remove the 
> user and pass config lines, otherwise specify them here:
>
>                                                         #
>
>                                                         # The username 
> RT should use to connect to the LDAP server
>
>                                                         
> 'user'                      =>  'myldapuser',
>
>                                                         # The password 
> RT should use to connect to the LDAP server
>
>                                                         
> 'pass'                    =>  'myladappass$',
>
>                                                         #
>
>                                                         # The LDAP 
> search base
>
>                                                         
> 'base'                      =>  'cn=Users,dc=protus,dc=org',
>
>                                                         # The filter 
> to use to match RT-Users
>
>                         
>                                 'filter'                    =>  
> '(FILTER_STRING)',
>
>                                                         # The filter 
> that will only match disabled users
>
>                                                         'd_filter'  
>                 =>  '(FILTER_STRING)',
>
>                                                         # Should we 
> try to use TLS to encrypt connections?
>
>                                                         
> 'tls'                       =>  0,
>
>                                                         # What other 
> args should I pass to Net::LDAP->new($host, at args)?
>
>                                                         
> 'net_ldap_args'             => [    version =>  3   ],
>
>                                                         # Does 
> authentication depend on group membership? What group name?
>
>                                                         
> 'group'                     =>  'GROUP_NAME',
>
>                                                         # What is the 
> attribute for the group object that determines membership?
>
>                                                         
> 'group_attr'                =>  'GROUP_ATTR',
>
>                                                         ## RT 
> ATTRIBUTE MATCHING SECTION
>
>                                                         # The list of 
> RT attributes that uniquely identify a user
>
>                                                         
> 'attr_match_list'           => [    'Name',
>
>                                           
>                                                   'EmailAddress',
>
>                                                                                             
> 'RealName',
>
>                                                                                       
>       'WorkPhone',
>
>                                                                                             
> 'Address2'
>
>                                                                                         
> ],
>
>                                                         # The mapping 
> of RT attributes on to LDAP attributes
>
>                                                         
> 'attr_map'                  =>  {   'Name' => 'sAMAccountName',
>
>                                                                       
>                       'EmailAddress' => 'mail',
>
>                                                                                             
> 'Organization' => 'physicalDeliveryOfficeName',
>
>                                                                     
>                         'RealName' => 'cn',
>
>                                                                                             
> 'ExternalAuthId' => 'sAMAccountName',
>
>                                                                                   
>           'Gecos' => 'sAMAccountName',
>
>                                                                                             
> 'WorkPhone' => 'telephoneNumber',
>
>                                                                                            
>  'Address1' => 'streetAddress',
>
>                                                                                             
> 'City' => 'l',
>
>                                                                                             
> 'State' => 'st',
>
>         
>                                                                                     'Zip' 
> => 'postalCode',
>
>                                                                                             
> 'Country' => 'co'
>
>                                        
>                                                  }
>
>                                                     }
>
>                                 }
>
> );
>
> 1;
>
>  
>
>  
>
>  
>
> Nelson Pereira
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com



More information about the rt-users mailing list