[rt-users] REALLY Confused about RT Extension ExternalAuth and LDAP
Nick Kartsioukas
change+lists.rt at nightwind.net
Mon Nov 16 15:10:55 EST 2009
On Mon, 16 Nov 2009 11:46:55 -0800, "Ken Crocker" <kfcrocker at lbl.gov>
said:
> I went to our 3.6.4 directories and didn't see anything in /local/etc at
> all.
>
> So, if I have been using LDAP successfully with my 3.6.4 version, what do
> I need to do in order to have it work in my 3.8.6 installation?
>
> Do I even need the "ExternalAuth" extension?
>
> If so, what files do I move over from my 3.6.4 files, if anything?
I'm not sure what the LDAP auth support was in 3.6.x, I'm using the
ExternalAuth plugin (v0.8) with RT 3.8.x with no issues.
> My 3.6.4 RT_SiteConfig "Auth" settings show the following:
Again, not sure about 3.6's LDAP support, so I can't comment on
that...but the documentation seems to imply that all LDAP auth support
was moved out of RT and is now soley supported by the ExternalAuth
plugin.
> So, for 3.8.6 I set up my RT_SiteConfig settings to this:
> # Now what follows are the settings for LDAP Authorization
> Set($AuthMethods, ['My_LDAP', 'Internal']);
> Set($ExternalAuthPriority, ['My_LDAP']);
> Set($ExternalInfoPriority, ['My_LDAP']);
> Set($LdapExternalAuth, 1); # enable LDAP authentication/lookups
> Set($LdapAutoCreateNonLdapUsers, 0);
> Set($CanonicalizeOnCreate , 0);
> Set($LdapTLS, 1);
> Set($LdapSSLVersion, 3);
Doesn't appear correct for ExternalAuth's configuration, once you
install ExternalAuth you can look at a sample config file in
local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm I'll attach a
sanitized and commented snippet of my config as well that you can use as
a starting point.
> I saw some bug reports on ExternalAuth v.08. Is that fixed yet?
> Do I even need it if I'm using LDAP?
I haven't been bitten by any bugs in it yet, but I'm curious to know
what bugs exist.
> Also, for each Plugin in my array, what corresponding files do I need and
> where do I put them?
Each plugin you have should have a config and install script...any
configuration they use should be in RT_SiteConfig.pm, so a fresh install
of those plugins into your new RT 3.8 directory should be fine as long
as you copy relevant lines over from your RT 3.6 config.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldap_config
Type: application/octet-stream
Size: 2394 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20091116/739c8705/attachment.obj>
More information about the rt-users
mailing list