[rt-users] RT version 3.8.0 and RT-Authen-ExternalAuth-0.05

Brian Buchanan brianbuchanan at interfast.ca
Fri Jul 25 11:11:52 EDT 2008 

I can say it works with Active Directory.  I had to install perl-LDAP
though, on my CentOS5 machine. yum install perl-LDAP

I had just got the plugin working under 3.6.6 when 3.8.0 came out.  I
moved my 3.6.6 directory out of the way, did it's install, and then ran
the ExternalAuth install.

I noticed the path changed too when I copied over the plugin's
RT_SiteConfig.pm file and had to fix the require line in my main
RT_SiteConfig.pm.

In case this can help, here's a stripped and manually redacted version
of my RT_SiteConfig.pm in the Plugin's etc/ directory which works in my
Windows 2000 Active Directory environment:  (It's included via the main
RT_SiteConfig.pm with a 'require
"/opt/rt3/local/plugins/RT-AuthenExternalAuth/etc/RT_SiteConfig.pm";'
line)

Set($ExternalAuthPriority,  [   'My_LDAP'
                            ]
);

Set($ExternalInfoPriority,  [   'My_LDAP'
                            ]
);

Set($ExternalServiceUsesSSLorTLS,    0);

Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings,      {
      'My_LDAP'       =>  {
'type'                      =>  'ldap',
'auth'                      =>  1,
'info'                      =>  1,
'server'                    =>  'adomaincontroller.example.com',
'user'                      => 
      'CN=RTLDAPLookupUser,OU=someou,DC=example,DC=com',
'pass'                      => 'passwordofrtlookupuser',
'base'                      =>  'DC=example,DC=com',
'filter'                    =>  '(objectClass=Person)',
'd_filter'                  =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls'                       =>  0,
'net_ldap_args'             => [    version =>  3   ],
'group'                     =>  '',
'group_attr'                =>  '',
'attr_match_list'           => [    'Name',
  'EmailAddress',
  'RealName',
  'WorkPhone',
  'Address2'
  ],
'attr_map'                  =>  {   
  'Name' => 'sAMAccountName',
  'EmailAddress' => 'mail',
  'Organization' => 'physicalDeliveryOfficeName',
  'RealName' => 'cn',
  'ExternalAuthId' => 'sAMAccountName',
  'Gecos' => 'sAMAccountName',
  'WorkPhone' => 'telephoneNumber',
  'Address1' => 'streetAddress',
  'City' => 'l',
  'State' => 'st',
  'Zip' => 'postalCode',
  'Country' => 'co'
}
   ],
 }
}
);

1;

I also used ldapdisplay to test the ldap query of the Active Directory:

ldapsearch -LLL -x -D "CN=RTLDAPLookupUser,OU=someou,DC=example,DC=com"
-w passwordofrtlookupuser -h adomaincontroller.example.com
"(&(sAMAccountName=BRIAN)(objectClass=Person))" 

BTW, for about an hour I found I was changing the left side of the
password of the RT lookup user in RT_SiteConfig.pm, (The parameter name)
rather than the right side, the value.  I don't know why, I was just
replacing `user` with the user and `pass` with the password I guess,
even though I did the correct right-side replacement on everything else.

HTH.

Brian

On Fri, 2008-07-25 at 11:29 +0100, Jason Doran wrote:
> Hi,
> I have just installed RT 3.8.0 and RT-Authen-ExternalAuth-0.05.
> 
> *Before* I post a more detailed report, I just would like to know if  
> this
> is known to work with the new RT.

More information about the rt-users mailing list