[rt-users] ExternalAuth
Michael James
MJames at stonebridgebank.com
Wed Jan 13 15:36:29 EST 2010
Running SuSE Linux, eDirectory, LDAP, RT 3.8.7. In my test setting, I can query ldap anonymously. I downloaded RT-Authen-ExternalAuth-0.08.tar.gz and installed it. I notice the wiki page (http://wiki.bestpractical.com/view/ExternalAuth ) says to "answer the prompt as to your RT base directory", but I didn't observe that behavior. Added the required entries to RT_SiteConfig.pm as far as I can tell (see below). Trying to log on as "mjames", I only get "your username or password is incorrect".
I feel like I'm missing something obvious... Any ideas?
Mike
Output of ldapsearch command:
rt384:~ # ldapsearch -x -b "o=sbf" -h lxutility "cn=mjames" mail uid
# extended LDIF
#
# LDAPv3
# base <o=sbf> with scope subtree
# filter: cn=mjames
# requesting: mail uid
#
# MJames, STONEBRIDGE, SBF
dn: cn=MJames,ou=STONEBRIDGE,o=SBF
# MJames, Users, STONEBRIDGEBANK, SBF
dn: cn=MJames,cn=Users,ou=STONEBRIDGEBANK,o=SBF
uid: MJames
mail: MJames at stonebridgebank.com
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
cat RT_SiteConfig.pm
Set( $rtname, 'CashMgt');
Set(@Plugins , qw(RT::Authen::ExternalAuth));
Set($WebBaseURL , "http://cashmgt.stonebridgebank.com");
Set( $Organization , "cashmgt.stonebridgebank.com");
Set($Timezone , "US/Eastern");
Set($RTAddressRegexp , '^rt\@cashmgt.stonebridgebank.com$');
Set($DatabaseType , 'mysql');
Set($DatabaseUser , 'rt_user');
Set($DatabasePassword , 'rt_pass');
Set($DatabaseName , 'cashmgt');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($MaxAttachmentSize, 50000000);
Set($WebPath , "");
Set($CorrespondAddress , 'correspond at cashmgt.stonebridgebank.com');
Set($CommentAddress , 'comment at cashmgt.stonebridgebank.com');
Set($ExternalAuthPriority, [ 'My_LDAP',
'My_MySQL',
]
);
Set($ExternalInfoPriority, [ 'My_MySQL',
'My_LDAP'
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
'My_MySQL' => { ## GENERIC SECTION
'type' => 'db',
'server' => 'localhost',
'database' => 'cashmgt',
'table' => 'USERS',
'user' => 'rt_user',
'pass' => 'rt_pass',
'port' => '3306',
'dbi_driver' => 'mysql',
'u_field' => 'name',
'p_field' => 'password',
'p_enc_pkg' => 'Crypt::MySQL',
'p_enc_sub' => 'password',
'd_field' => 'disabled',
'd_values' => ['0'],
'attr_match_list' => [ 'Gecos',
'Name'
],
'attr_map' => { 'Name' => 'username',
'EmailAddress' => 'email',
'ExternalAuthId' => 'username',
'Gecos' => 'userID'
}
},
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => { ## GENERIC SECTION
'type' => 'ldap',
'server' => '172.31.4.56',
'base' => 'o=sbf',
'filter' => '(objectClass=*)',
'd_filter' => '(employmentStatus=Terminated)',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [
'Name',
'EmailAddress'
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' => { 'Name' => 'uid',
'EmailAddress' => 'mail'
}
},
}
);
1;
The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify Stonebridge Bank immediately by replying to this message and deleting it from your computer.
More information about the rt-users
mailing list