[rt-users] Making autocreated AD users into privileged users
April Rosenberg
aprilr at yelp.com
Wed Sep 7 17:48:59 EDT 2011
Good Afternoon,
I have been working to figure this out for a while and I am just not sure
what I am not doing wrong and I am unable to find much information on this
on the web. I am running Request Tracker 3.8.7 on Ubuntu 10.04 with MySQL
5.0.92 and Apache 2.2.14 with mod perl 2.0.4. I have
RT::Authen::ExternalAuth configured and I am able to send an email as a user
and they are then able to log in and view their ticket. However, I would
like to set up some of the users as privileged users as they are the queue
managers but they are not showing in the Configuration/Users screen. I have
Set($AutoCreate, {Privileged => 1}); so I thought I would be able to at
least edit my users, but they are not showing up. My RTSiteConfig.pm is
below with the personal info obscured. If anyone can help that would be
greatly appreciated. Thanks!
April
# This file was generated by running "update-rt-siteconfig-3.8".
#
# While local modifications will not be overwritten without permission,
# it is recommended the they are instead placed in
# /etc/request-tracker3.8/RT_SiteConfig.d
#
# Note that modifications to the RT_SiteConfig.d directory won't
# take effect until the update command mentioned above is run again.
# start /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone
# dynamically find out the current timezone
my $zone = "UTC";
$zone=`/bin/cat /etc/timezone`
if -f "/etc/timezone";
chomp $zone;
Set($Timezone, $zone);
# end /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone
# start /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf
# THE BASICS:
Set($rtname, 'tickets');
Set($Organization, ' XXXXXX ');
Set($CorrespondAddress , ' XXXXXX ');
Set($CommentAddress , ' XXXXXX ');
Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1');
Set($WebExternalGecos , undef);
Set($WebExternalAuto , '1');
Set($MaxAttachmentSize , 10000000);
Set($FriendlyFromLineFormat, "\"%s\" <%s>");
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
# THE WEBSERVER:
Set($WebPath , "/rt");
Set($WebBaseURL , "http:// XXXXXX ");
# end /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf
# start /etc/request-tracker3.8/RT_SiteConfig.d/51-dbconfig-common
# THE DATABASE:
# generated by dbconfig-common
# map from dbconfig-common database types to their names as known by RT
my %typemap = (
mysql => 'mysql',
pgsql => 'Pg',
sqlite3 => 'SQLite',
);
Set($DatabaseType, $typemap{mysql} || "UNKNOWN");
Set($DatabaseHost, 'localhost');
Set($DatabasePort, '');
Set($DatabaseUser , ' XXXXXX ');
Set($DatabasePassword , ' XXXXXX ');
# SQLite needs a special case, since $DatabaseName must be a full pathname
my $dbc_dbname = 'rtdb'; if ( "mysql" eq "sqlite3" ) { Set ($DatabaseName,
'' . '/' . $dbc_dbname); } else { Set ($DatabaseName, $dbc_dbname); }
# end /etc/request-tracker3.8/RT_SiteConfig.d/51-dbconfig-common
1;
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, [ 'My_LDAP' ] );
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, [ 'My_LDAP' ] );
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 0);
Set($AutoCreate, {Privileged => 1});
# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
#Set(ExternalAuthPriority,['My_LDAP']);
#
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
'My_LDAP' => {
'type' => 'ldap',
'server' => ' XXXXXX ',
'user' => ' XXXXXX ',
'pass' => ' XXXXXX ',
'base' => ' XXXXXX ',
#
# ALL FILTERS MUST
BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST**
SPECIFY A filter AND A d_filter!!
#
# The filter to use
to match RT-Users
'filter' =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
#
# The filter that
will only match disabled users
'd_filter'
=> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
#
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
# Does
authentication depend on group membership? What group name?
#'group' => 'cn=Domain
Users,cn=Users,dc=ad,dc=yelpcorp,dc=com',
# What is the
attribute for the group object that determines membership?
#'group_attr' => 'member',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
# This example shows
what you *can* specify.. I recommend reducing this
# to just the Name
and EmailAddress to save encountering problems later.
'attr_match_list' => [ 'EmailAddress' ],
# The mapping of RT
attributes on to LDAP attributes
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos'
=> 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1'
=> 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110907/c18aab3f/attachment.htm>
More information about the rt-users
mailing list