[rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
josh.cole
josh.cole at fresno.edu
Mon Aug 29 12:26:22 EDT 2011
I am trying to make this work. I installed the latest version of
ExternalAuth. I am working with Request Tracker for the first time, just
upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off
but I am not sure what the correct solution is.
1. I am not sure what to use for the group_attr I want to have users in the
group Request-Tracker inside of AD be able to authenticate with their
credentials when logging into RT and I believe the filter is set correctly
other than what needs to be added for the group_attribute. I am not sure
what that should be.
2. For my base statement. I am specifying the Users OU but none of my users
are in that OU. I am not sure exactly what it's looking for there.
Any help is appreciated!
ExternalAuth config:
I have added the following to my RT_SiteConfig.pm:
@RT::MailPlugins = ("RT::Authen::ExternalAuth");
Set(@Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ 'Active_Directory'
]
);
Set($ExternalInfoPriority, [ 'Active_Directory'
]
);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { 'Active_Directory' => { 'type'
=> 'ldap',
'auth'
=> 1,
'info'
=> 1,
'server'
=> 'rt.mydomain.local',
'base'
=> 'OU=Users,DC=mydomain,DC=local',
# The filter to use
to match RT-Users
'filter'
=> '(objectclass=person)',
# The filter that
will only match disabled users
'd_filter'
=> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
# Should we try to
use TLS to encrypt connections?
'tls'
=> 0,
# What other args
should I pass to Net::LDAP->new($host, at args)?
'net_ldap_args'
=> [ version => 3 ],
# Does
authentication depend on group membership? What group name?
'group'
=> 'Request-Tracker',
# What is the
attribute for the group object that determines membership?
#'group_attr'
=> 'GROUP_ATTR',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
'attr_match_list'
=> [ 'ExternalAuthId','EmailAddress' ],
# The mapping of RT
attributes on to LDAP attributes
'attr_map'
=> { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'displayName',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
--
View this message in context: http://old.nabble.com/Has-anyone-sucessfully-configured-LDAP-to-authenticate-against-AD-with-version-4.0.1--tp32358024p32358024.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
More information about the rt-users
mailing list