[rt-users] RT::Authen::ExternalAuth
Kevin Falcone
falcone at bestpractical.com
Wed Sep 1 15:25:12 EDT 2010
On Wed, Sep 01, 2010 at 02:28:32PM -0400, Jason Ledford wrote:
> I think this is what you need
> http://search.cpan.org/dist/RT-Extension-LDAPImport/
> RT-Extension-LDAPImport (in case the url gets stripped).
>
> It's what I use along with the externalauth, that way I import all
> the users. I then run the script nightly to import changes. The
> external auth plugin will also update the details when the login.
LDAPImport is what I often recommend for folks, there is current work
in the git repo that should be looked at if you're missing features.
> But you can't assign permissions to a user that's never logged in.
If you run LDAPImport, that user should be there to find and make
privileged so you can grant them rights
-kevin
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dan Stilts
> Sent: Wednesday, September 01, 2010 2:16 PM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] RT::Authen::ExternalAuth
>
> As far as I know, this only gets updated when the user goes to login.
> However, I'm sure it's also very easily scriptable to pull rt3.Users and
> then pull the users from LDAP (AD) and update the user via sql in
> rt3.Users. Whether this would end up breaking anything, I'm not sure as
> this is just off the top of my head thinking, but I wouldn't think so.
>
> Just a thought.
>
> -Dan
>
>
> On 9/1/10 8:21 AM, Peter Barton wrote:
> > Thanks a bunch Dan!! That did the trick perfectly! I am now able to
> > authenticate successfully from AD and from the local system.
> >
> > Since it was so easy for you to spot my problem maybe you can help me
> > with one more request. Like I said at the end of my last email I have
> > run the "rt_logins_email2ldap" script and everyone has appropriate
> > usernames to match AD. Is there a way to have RT go through and
> > populate all the user information for each of the users that already
> > exist in my system? Or is this supposed to be a dynamic step? When I
> > open a ticket that existed prior to the installation of
> > RT::Authen::ExternalAuth the user information is not populated with
> > anything.
> >
> > Any direction you can give would be greatly appreciated.
> >
> > Thanks in advance,
> >
> > ----------
> > Peter Barton
> >
> > -----Original Message-----
> > From: rt-users-bounces at lists.bestpractical.com
> > [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Dan
> > Stilts
> > Sent: Tuesday, August 31, 2010 5:38 PM
> > To: rt-users at lists.bestpractical.com
> > Subject: Re: [rt-users] RT::Authen::ExternalAuth
> >
> > Peter,
> >
> > Looks like you have two plugin lines:
> >
> > Set(@Plugins, qw(RT::Authen::ExternalAuth));
> > Set(@Plugins, qw(RTx::Calendar));
> >
> > Try:
> > Set(@Plugins,(qw(RT::Authen::ExternalAuth RTx::Calendar)));
> >
> > Your second plugin line is overwriting the first one.
> >
> > -Dan
> >
> > On 8/31/10 3:05 PM, Peter Barton wrote:
> >> I have been searching all day long and I am having some issues getting
> >> this running. Here is a quick copy of my RT_SiteConfig.pm:
> >>
> >> Set(@Plugins, qw(RT::Authen::ExternalAuth));
> >>
> >> Set(@Plugins, qw(RTx::Calendar));
> >>
> >> Set($LogToFile,'debug');
> >>
> >> Set($TrustHTMLAttachments, 1);
> >>
> >> Set($ExternalAuthPriority, [ 'My_LDAP'
> >>
> >> ]
> >>
> >> );
> >>
> >> Set($ExternalInfoPriority, [ 'My_LDAP'
> >>
> >> ]
> >>
> >> );
> >>
> >> Set($ExternalServiceUsesSSLorTLS, 0);
> >>
> >> Set($AutoCreateNonExternalUsers, 0);
> >>
> >> Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
> >>
> >> 'My_MySQL' => { ## GENERIC SECTION
> >>
> >> 'type' => 'mysql',
> >>
> >> 'server' => 'localhost',
> >>
> >> 'database' => 'rt3',
> >>
> >> 'table' => 'USERS_TABLE',
> >>
> >> 'user' => 'rt_user',
> >>
> >> 'pass' => 'blahblah',
> >>
> >> 'port' => '3306',
> >>
> >> 'dbi_driver' => 'mysql',
> >>
> >> 'u_field' => 'username',
> >>
> >> 'p_field' => 'password',
> >>
> >> 'p_enc_pkg' => 'Crypt::MySQL',
> >>
> >> 'p_enc_sub' => 'password',
> >>
> >> 'd_field' => 'disabled',
> >>
> >> 'd_values' => ['0'],
> >>
> >> 'attr_match_list' => [ 'Gecos',
> >>
> >> 'Name'
> >>
> >> ],
> >>
> >> 'attr_map' => { 'Name' => 'username',
> >>
> >> 'EmailAddress' => 'email',
> >>
> >> 'ExternalAuthId' => 'username',
> >>
> >> 'Gecos' => 'userID'
> >>
> >> }
> >>
> >> },
> >>
> >> # AN EXAMPLE LDAP SERVICE
> >>
> >> 'My_LDAP' => { ## GENERIC SECTION
> >>
> >> 'type' => 'ldap',
> >>
> >> 'server' => 'iesicorp.tf.prv',
> >>
> >> 'user' => 'cn=user,dc=tf,dc=prv',
> >>
> >> 'pass' => 'blahblah',
> >>
> >> 'base' => 'dc=tf,dc=prv',
> >>
> >> 'filter' => '(objectClass=user)',
> >>
> >> 'd_filter' => '(objectClass=FooBarBaz)',
> >>
> >> 'tls' => 0,
> >>
> >> 'ssl_version' => 3,
> >>
> >> 'net_ldap_args' => [ version => 3 ],
> >>
> >> # 'group' => 'Domain Users',
> >>
> >> # 'group_attr' => 'memberof',
> >>
> >> 'attr_match_list' => [ 'Name',
> >>
> >> 'EmailAddress',
> >>
> >> 'RealName',
> >>
> >> 'WorkPhone',
> >>
> >> 'Address2'
> >>
> >> ],
> >>
> >> # The mapping of RT attributes on to LDAP attributes
> >>
> >> 'attr_map' => { 'Name' => 'sAMAccountName',
> >>
> >> 'EmailAddress' => 'mail',
> >>
> >> 'Organization' => 'physicalDeliveryOfficeName',
> >>
> >> 'RealName' => 'cn',
> >>
> >> 'ExternalAuthId' => 'sAMAccountName',
> >>
> >> 'Gecos' => 'sAMAccountName',
> >>
> >> 'WorkPhone' => 'telephoneNumber',
> >>
> >> 'Address1' => 'streetAddress',
> >>
> >> 'City' => 'l',
> >>
> >> 'State' => 'st',
> >>
> >> 'Zip' => 'postalCode',
> >>
> >> 'Country' => 'co'
> >>
> >> }
> >>
> >> },
> >>
> >> When I restart apache2 everything works fine. I see no errors. Yet
> > when
> >> I log into the web page I get this:
> >>
> >> [Tue Aug 31 21:44:27 2010] [info]: Successful login for pbarton from
> >> 192.168.10.60 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:430)
> >>
> >> I check the "System Configuration" and I see no reference to
> >> RT::Authen::ExternalAuth anywhere in there. From all the logs it does
> >> not even appear that I am loading this plugin.
> >>
> >> BTW, I am running Ubuntu 8.0.4 LTS and RT version 3.8.6 and I
> > installed
> >> RT::Authen::ExternalAuth from cpan version 0.08.
> >>
> >> I have successfully run the "rt_logins_email2ldap" script and was able
> >> to make all the necessary changes to accomoodate the change from local
> >> user auth to LDAP auth. Any help anyone
> >>
> >> Can provide I would be greatly appreciative.
> >>
> >> Thanks,
> >>
> >> ----------
> >>
> >> Peter Barton
> >>
> >>
> >>
> >>
> >> RT Training in Washington DC, USA on Oct 25& 26 2010
> >> Last one this year -- Learn how to get the most out of RT!
> >
> > RT Training in Washington DC, USA on Oct 25& 26 2010
> > Last one this year -- Learn how to get the most out of RT!
> >
> > RT Training in Washington DC, USA on Oct 25& 26 2010
> > Last one this year -- Learn how to get the most out of RT!
>
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
>
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100901/3f5c7a21/attachment.sig>
More information about the rt-users
mailing list