[rt-users] LDAP with AD RT:3.8.4 ExternalAuth
Robert Nesius
nesius at gmail.com
Mon Sep 21 12:15:49 EDT 2009
>> Set(@Plugins,qw(RT::FM));
You need to turn on the extension by adding the
RT::Authen::ExternalAuth module to that quoted array.
Also, I saw this below:
>> # The username RT should use to connect to the LDAP server
>> 'user' => 'AD_Info\\LDAP',
>> 'pass' => 'pass',
That may or may not work. If your user is LDAP, you may actually need
to use: LDAP at domain.yourcompany.com, and you may need to add the
@domain.yourcompany.com as an auto-appended suffix so your users can
log on with their basic username.
-Rob
On Mon, Sep 21, 2009 at 10:48 AM, Beryl N. Snyder <BSnyder at tmcdesign.com> wrote:
>
> I am running RT 3.8.4 with the RT::Authen::ExternalAuth plugin. My Request tracker server does not appear to be accessing the AD server for login. If I run tcpdump I do not see a connection to the AD server being attempted and the local logins still work. Is there another config file I need to change? I would be grateful for any help.
>
>
>
> The RT_SiteConfig.pm
>
>
>
> Set($LogToSyslog,'debug');
>
> # THE BASICS:
>
>
>
> Set($rtname, 'support.example.org');
>
> Set($Organization, 'example.org');
>
> Set($CorrespondAddress , 'bsnyder at domain.com');
>
> Set($CommentAddress , 'comment-test at domain.com');
>
> Set($Timezone , 'US/Mountan'); # obviously choose what suits you
>
>
>
> #LDAP
>
> Set(@Plugins,qw(RT::Authen::ExternalAuth));
>
>
>
>
>
> Set($ExternalAuthPriority, ['My_LDAP']);
>
> Set($ExternalInfoPriority, ['My_LDAP']);
>
>
>
> Set($ExternalSettings, {'My_LDAP' => {
>
> ## GENERIC SECTION
>
> # The type of service (db/ldap/cookie)
>
> 'type' => 'ldap',
>
> # The server hosting the service
>
> 'server' => '10.x.x.x', #Ip Addy is correct
>
> ## SERVICE-SPECIFIC SECTION
>
> # If you can bind to your LDAP server anonymously you should
>
> # remove the user and pass config lines, otherwise specify them here:
>
> #
>
> # The username RT should use to connect to the LDAP server
>
> 'user' => 'AD_Info\\LDAP',
>
> 'pass' => 'pass',
>
> #
>
> # The LDAP search base
>
> 'base' => 'ou=*,dc=DCinfo,dc=local',
>
> #
>
> # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
>
> # YOU **MUST** SPECIFY A filter AND A d_filter!!
>
> #
>
> # The filter to use to match RT-Users
>
> 'filter' => '(objectClass=*)',
>
> # A catch-all example filter: '(objectClass=*)'
>
> #
>
> # The filter that will only match disabled users
>
> 'd_filter' => '(objectClass=FooBarBaz))',
>
> # A catch-none example d_filter: '(objectClass=FooBarBaz)'
>
> #
>
> # Should we try to use TLS to encrypt connections?
>
> 'tls' => 0,
>
> # SSL Version to provide to Net::SSLeay *if* using SSL
>
> 'ssl_version' => 3,
>
> # What other args should I pass to Net::LDAP->new($host, at args)?
>
> 'net_ldap_args' => [ version => 3 ],
>
> 'attr_match_list' => [ 'Name','EmailAddress'],
>
> # The mapping of RT attributes on to LDAP attributes
>
> 'attr_map' => { 'Name' => 'sAMAccountName',
>
> 'EmailAddress' => 'mail',
>
> }
>
> }
>
> }
>
> );
>
>
>
> Set($DatabaseType, 'mysql'); # e.g. Pg or mysql
>
> Set($DatabaseUser , 'rtuser');
>
> Set($DatabasePassword , 'password');
>
> Set($DatabaseName , 'rt3'); # Ensure this is set to rt3!
>
> Set($WebPath , "/rt");
>
> Set($WebBaseURL , "http://support.example.org");
>
> Set(@Plugins,qw(RT::FM));
>
> 1;
>
>
>
>
>
> Syslog
>
> Sep 18 16:03:49 RequstTracker RT: FAILED LOGIN for testuser from 10.50.1.192 (/opt/rt3/share/html/autohandler:268)
>
> Sep 18 16:04:17 RequstTracker RT: You've enabled GD, but we couldn't load the module: Can't locate GD.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 365.
>
> Sep 18 16:04:17 RequstTracker RT: You've enabled GraphViz, but we couldn't load the module: Can't locate GraphViz.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 352.
>
> Sep 18 16:04:17 RequstTracker RT: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP support has been disabled
>
>
>
>
>
> Beryl Snyder
>
>
>
> IT Specialist
>
> TMC Design Corporation
>
> 4325 Del Rey BLVD
>
> Las Cruces, NM 88012
>
> Phone: 575-382-4600
>
> Fax: 575-523-8588
>
>
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
More information about the rt-users
mailing list