[rt-users] External Auth config with RT on Debian
Kevin Falcone
falcone at bestpractical.com
Mon Jul 1 12:14:20 EDT 2013
On Fri, Jun 28, 2013 at 12:29:22PM -0700, jsolberg wrote:
> Default settings till here....
> #PLUGINS
> Set( @Plugins, qw(RT::Authen::ExternalAuth));
>
> #External Auth Settings
>
> Set($ExternalAuthPriority, [ 'My_LDAP',] );
> Set($ExternalInfoPriority, [ 'My_LDAP',] );
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, {
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'server' => 'dc2.xxxxxx.com',
> 'user' => 'cn=Bind
> Ldap,ou=User,Logins,dc=intrepidls,dc=com',
> 'pass' => 'xxxxxxx',
> 'base' => 'dc=xxxx,dc=com',
> 'filter' =>
> '(&(ObjectCategory=User)(ObjectClass=Person))',
> 'd_filter' =>
> '(userAccountControl:1.2.840.113556.1.4.803=2)',
> 'group' => 'cn=Domain
> Users,ou=Groups_Security,dc=xxxxx,dc=com',
> 'group_attr' => 'member',
> 'tls' => 0,
> 'ssl_version' => 3,
> 'net_ldap_args' => [ version => 3, port => 3268 ],
> 'group_scope' => 'base',
> 'group_attr_value' => 'GROUP_ATTR_VALUE',
> 'attr_match_list' => [
> 'Name',
> 'EmailAddress',
> 'RealName',
> ],
> 'attr_map' => {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'sAMAccountName',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> },
> },
> # An example SSO cookie service
> 'My_SSO_Cookie' => {
> 'type' => 'cookie',
> 'name' => 'loginCookieValue',
> 'u_table' => 'users',
> 'u_field' => 'username',
> 'u_match_key' => 'userID',
> 'c_table' => 'login_cookie',
> 'c_field' => 'loginCookieValue',
> 'c_match_key' => 'loginCookieUserID',
> 'db_service_name' => 'My_MySQL'
> },
> } );
>
> 1;
>
> I then use update-rt-siteconfig to merge these settings into
> RT_SiteConfig.pm. From what I read this is all correct and "Should" allow AD
> accounts to log in. Here is what is logging in the apache2 error log:
>
> [Fri Jun 28 19:01:58 2013] [warning]: The actual HTTP_HOST (admin-rt4) does
> NOT match the configured WebDomain (localhost). Perhaps you should
> Set($WebDomain, 'admin-rt4'); in RT_SiteConfig.pm, otherwise your internal
> links may be broken.
> (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:1194)
> [Fri Jun 28 19:02:09 2013] [error]: FAILED LOGIN for jsolberg at xxxxxx.com
> from 10.10.30.62 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:740)
> [Fri Jun 28 19:02:40 2013] [error]: FAILED LOGIN for jsolberg from
> 10.10.30.62 ( /usr/share/request-tracker4/lib/RT/Interface/Web.pm:740)
> [Fri Jun 28 19:02:52 2013] [info]: Successful login for root from
> 10.10.30.62 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:745)
> root at admin-rt4:/usr/share/request-tracker4/lib#
Navigate to Tools -> Configuration -> System Configuration and check
that Plugins contains RT::Authen::ExternalAuth.
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130701/b4b4e5a0/attachment.sig>
More information about the rt-users
mailing list