[rt-users] eDirectory authentication and groups question

Scott Melot SMelot at lmusd.org
Fri Dec 4 19:35:57 EST 2009


Hello:

I've been working on migrating my school district from an MS Access based work order system to RT.   I have been able to get it up and running with Ubuntu 8.04, MySQL 5, RT 3.8.6, ExternalAuth 0.08 and RTFM 2.4.2.  But I am having some problems

What I would like to do is have general staff be able to log in and have an account created, then for a support staff to be able to manually (automatically would be better but I'll take manual) add them to a custom group within RT if they need more permissions than to submit a trouble ticket to the support queue.

Currently I am able to authenticate to my eDirectory through LDAP and ExternalAuth as an unpriveleged user but I haven't been able to figure out the rest.  Any help or suggestions would be appreciated.  I am including my RT_SiteConfig (modified to protect some information) below.


# THE BASICS:

Set($rtname, 'server.name');
Set($Organization, 'LMUSD');

Set($CorrespondAddress , 'removed');
Set($CommentAddress , 'removed');

Set($Timezone , 'US/PACIFIC'); # obviously choose what suits you

# THE DATABASE:

Set($DatabaseType, 'mysql'); # e.g. Pg or mysql

# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.

Set($DatabaseUser , 'removed');
Set($DatabasePassword , 'removed');
Set($DatabaseName , 'removed');

# THE WEBSERVER:

Set($WebDomain, 'localhost' );
Set($WebPath , "");
Set($WebBaseURL , "http://removed");

# THE PLUGINS
Set(@Plugins,qw(
 RT::FM
 RT::Authen::ExternalAuth
));

# LDAP Authentication
Set($ExternalAuthPriority,  [   'My_LDAP', ] );

Set($ExternalInfoPriority,  [   'My_LDAP' ] );

Set($ExternalServiceUsesSSLorTLS,    0);

Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings,      { 'My_LDAP'       =>  {     'type' =>  'ldap',
                                                                                                                'server' =>  'removed',
                                                                                                                'base' =>  'o=<context>',
                                                                                                                'filter' =>  '(objectClass=Person)',
                                                                                                                'd_filter' => '(objectClass=Computer)',
                                                                                                                'tls' =>  0,
                                                                                                                'ssl_version' =>  3,
                                                                                                                'net_ldap_args' => [    version =>  3   ],
                                                                                                                #'group' =>  'RT_Users',
                                                                                                                #'group_attr' =>  'groupmembersattribute',
                                                                                                                #
                                                                                                                'attr_match_list' => [ 'Name',
                                                                               'EmailAddress',
                                                                             ],
                                                                                                                #
                                                                                                                'attr_map' =>  {   'Name' => 'uid',
                                                                                                                                   'EmailAddress' => 'mail',

                                                                                                                                                }
                                                                                                },

                                                        }
                );


1;


Scott Melot
Personal Computer Network Specialist III, Information Technology Services
Lucia Mar Unified School District
Phone: (805) 474-3000 ext 1016




More information about the rt-users mailing list