[rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?

josh.cole josh.cole at fresno.edu
Mon Aug 29 12:26:22 EDT 2011

I am trying to make this work. I installed the latest version of
ExternalAuth. I am working with Request Tracker for the first time, just
upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off
but I am not sure what the correct solution is. 

1. I am not sure what to use for the group_attr I want to have users in the
group Request-Tracker inside of AD be able to authenticate with their
credentials when logging into RT and I believe the filter is set correctly
other than what needs to be added for the group_attribute. I am not sure
what that should be.

2. For my base statement. I am specifying the Users OU but none of my users
are in that OU. I am not sure exactly what it's looking for there.  
Any help is appreciated!                                                                                                                                                                                   
ExternalAuth config:

I have added the following to my RT_SiteConfig.pm:

@RT::MailPlugins = ("RT::Authen::ExternalAuth");
Set(@Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority,  [   'Active_Directory'
Set($ExternalInfoPriority,  [ 'Active_Directory'
Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings,      {   'Active_Directory'       =>  {   'type'                     
=>  'ldap',
=>  1,
=>  1,
=>  'rt.mydomain.local',
=>  'OU=Users,DC=mydomain,DC=local',
                                                        # The filter to use
to match RT-Users
=>  '(objectclass=person)',
                                                        # The filter that
will only match disabled users
=>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                                        # Should we try to
use TLS to encrypt connections?
=>  0,
                                                        # What other args
should I pass to Net::LDAP->new($host, at args)?
=> [    version =>  3   ],
                                                        # Does
authentication depend on group membership? What group name?
=>  'Request-Tracker',
                                                        # What is the
attribute for the group object that determines membership?
                                                        ## RT ATTRIBUTE
                                                        # The list of RT
attributes that uniquely identify a user
=> [   'ExternalAuthId','EmailAddress' ],
                                                        # The mapping of RT
attributes on to LDAP attributes
=>  {   'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'displayName',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'

View this message in context: http://old.nabble.com/Has-anyone-sucessfully-configured-LDAP-to-authenticate-against-AD-with-version-4.0.1--tp32358024p32358024.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

More information about the rt-users mailing list