[rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?

josh.cole josh.cole at fresno.edu
Mon Aug 29 12:26:22 EDT 2011


I am trying to make this work. I installed the latest version of
ExternalAuth. I am working with Request Tracker for the first time, just
upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off
but I am not sure what the correct solution is. 

1. I am not sure what to use for the group_attr I want to have users in the
group Request-Tracker inside of AD be able to authenticate with their
credentials when logging into RT and I believe the filter is set correctly
other than what needs to be added for the group_attribute. I am not sure
what that should be.

2. For my base statement. I am specifying the Users OU but none of my users
are in that OU. I am not sure exactly what it's looking for there.  
 
Any help is appreciated!                                                                                                                                                                                   
ExternalAuth config:

I have added the following to my RT_SiteConfig.pm:

@RT::MailPlugins = ("RT::Authen::ExternalAuth");
Set(@Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority,  [   'Active_Directory'
                            ]
);
Set($ExternalInfoPriority,  [ 'Active_Directory'
                            ]
);
Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings,      {   'Active_Directory'       =>  {   'type'                     
=>  'ldap',
                                                        'auth'                     
=>  1,
                                                        'info'                     
=>  1,
                                                        'server'                   
=>  'rt.mydomain.local',
                                                        'base'                     
=>  'OU=Users,DC=mydomain,DC=local',
                                                        # The filter to use
to match RT-Users
                                                        'filter'                   
=>  '(objectclass=person)',
                                                        # The filter that
will only match disabled users
                                                        'd_filter'                 
=>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                                        # Should we try to
use TLS to encrypt connections?
                                                        'tls'                      
=>  0,
                                                        # What other args
should I pass to Net::LDAP->new($host, at args)?
                                                        'net_ldap_args'            
=> [    version =>  3   ],
                                                        # Does
authentication depend on group membership? What group name?
                                                        'group'                    
=>  'Request-Tracker',
                                                        # What is the
attribute for the group object that determines membership?
                                                        #'group_attr'               
=>  'GROUP_ATTR',
                                                        ## RT ATTRIBUTE
MATCHING SECTION
                                                        # The list of RT
attributes that uniquely identify a user
                                                        'attr_match_list'          
=> [   'ExternalAuthId','EmailAddress' ],
                                                        # The mapping of RT
attributes on to LDAP attributes
                                                        'attr_map'                 
=>  {   'Name' => 'sAMAccountName',
                                                                                           
'EmailAddress' => 'mail',
                                                                                           
'Organization' => 'physicalDeliveryOfficeName',
                                                                                           
'RealName' => 'displayName',
                                                                                           
'ExternalAuthId' => 'sAMAccountName',
                                                                                           
'Gecos' => 'sAMAccountName',
                                                                                           
'WorkPhone' => 'telephoneNumber',
                                                                                           
'Address1' => 'streetAddress',
                                                                                           
'City' => 'l',
                                                                                           
'State' => 'st',
                                                                                           
'Zip' => 'postalCode',
                                                                                           
'Country' => 'co'
                                                                                       
}
                                                    }
                                }
);

-- 
View this message in context: http://old.nabble.com/Has-anyone-sucessfully-configured-LDAP-to-authenticate-against-AD-with-version-4.0.1--tp32358024p32358024.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.




More information about the rt-users mailing list