[rt-users] Automatically Set "Let this user be granted rights"

Chris Ditri Cditri at experi-metal.com
Mon Apr 7 17:19:52 EDT 2014


Hi Jon, and thanks.

Set($WebDomain, 'rt.my-company.com');
Set($LDAPHost, 'QZXW-dc.my-company.com');
Set($LDAPUser, 'cn=rtuser,ou=utility,ou=QZXW Users,dc=my-company,dc=com');
Set($LDAPPassword, 'MyPW1234');
Set($LDAPBase, 'ou=QZXW Users,dc=my-company,dc=com');
Set($LDAPFilter, '(&)');
Set($LDAPUpdateUsers, 1);
Set($LDAPMapping, {Name         => 'uid', # required
                   EmailAddress => 'mail',
                   RealName     => 'cn',
                   WorkPhone    => 'telephoneNumber',
                   Organization => 'departmentName'});
Set($ExternalAuthPriority,  [   'My_LDAP',
                                'My_SSO_Cookie'
                            ]
);
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalInfoPriority,  [   'My_LDAP'
                            ]
);

Set($ExternalServiceUsesSSLorTLS,    0);

Set($AutoCreateNonExternalUsers,    0);

Set($ExternalAuthPriority,['My_LDAP','My_Oracle','SecondaryLDAP','Other-DB']);
Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
                                'My_LDAP'       =>  {   ## GENERIC SECTION
                                                        # The type of service (db/ldap/cookie)
                                                        'type'                      =>  'ldap',
                                                        # The server hosting the service
                                                        'server'                    =>  'QZXW-dc.my-company.com',
                                                        ## SERVICE-SPECIFIC SECTION
                                                        # If you can bind to your LDAP server anonymously you should
                                                        # remove the user and pass config lines, otherwise specify them here:
                                                        #
                                                        # The username RT should use to connect to the LDAP server
                                                        'user'                      =>  'joeadmin at my-company.com',

                                                        # The password RT should use to connect to the LDAP server
                                                        'pass'                    =>  'majorlycrypticpw',

                                                        #
                                                        # The LDAP search base
                                                        'base'                      =>  'ou=QZXW USERS,dc=my-company,dc=com',
                                                        #
                                                        # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
                                                        # YOU **MUST** SPECIFY A filter AND A d_filter!!
                                                        #
                                                        # The filter to use to match RT-Users
                                                        'filter'                    =>  '(&)',  ##(I have flip-flopped between this and the one suggested in the generic config, either seems to work)
                                                        # A catch-all example filter: '(objectClass=*)'
                                                        #
                                                        # The filter that will only match disabled users
                                                        'd_filter'                  =>  '',
                                                        # A catch-none example d_filter: '(objectClass=FooBarBaz)'
                                                        #
                                                        # Should we try to use TLS to encrypt connections?
                                                        'tls'                       =>  1,
                                                        # SSL Version to provide to Net::SSLeay *if* using SSL
                                                        'ssl_version'               =>  3,
                                                        # What other args should I pass to Net::LDAP->new($host, at args)?
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        # Does authentication depend on group membership? What group name?
                                                        # What is the attribute for the group object that determines membership?
                                                        # What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to 'dn')
                                                        ## RT ATTRIBUTE MATCHING SECTION
                                                        # The list of RT attributes that uniquely identify a user
                                                        # This example shows what you *can* specify.. I recommend reducing this
                                                        # to just the Name and EmailAddress to save encountering problems later.
                                                        'attr_match_list'           => [    'Name',
                                                                                            'EmailAddress',
                                                                                            'RealName',
                                                                                            'WorkPhone',
                                                                                            'Address2'
                                                                                        ],
                                                        # The mapping of RT attributes on to LDAP attributes
                                                        'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'physicalDeliveryOfficeName',
                                                                                            'RealName' => 'cn',
                                                                                            'ExternalAuthId' => 'sAMAccountName',
                                                                                            'Gecos' => 'sAMAccountName',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    },
                                }
);

1;
my $zone = "UTC";
$zone=`/bin/cat /etc/timezone`
    if -f "/etc/timezone";
chomp $zone;
Set($Timezone, $zone);

Set($rtname, 'rt.my-company.com');
Set($Organization, 'RT.my-company.com');

Set($CorrespondAddress , 'maintenance at my-company.com');
Set($CommentAddress , 'maintenance at my-company.com');
Set($RTAddressRegexp , '^maintenance(-comment)?\@(maintenance|rt)\.(my-company\.com|rt\.my-company\.com)$');

Set($WebPath , "/rt");
Set($WebBaseURL , "http://rt.my-company.com");

Set($LogToSyslog    , 'debug');
Set($LogToScreen    , 'info');

Set($LogToFile , 'debug'); #debug is very noisy
Set($LogDir, '/var/log/request-tracker4');
Set($LogToFileNamed , "rt.log");    #log to rt.log

my %typemap = (
    mysql   => 'mysql',
    pgsql   => 'Pg',
    sqlite3 => 'SQLite',
);

Set($DatabaseType, $typemap{mysql} || "UNKNOWN");

Set($DatabaseHost, 'localhost');
Set($DatabasePort, '');

Set($DatabaseUser , 'rtuser');
Set($DatabasePassword , 'QZXWBuild07');

my $dbc_dbname = 'rtdb'; if ( "mysql" eq "sqlite3" ) { Set ($DatabaseName, '' . '/' . $dbc_dbname); } else { Set ($DatabaseName, $dbc_dbname); }
1;
Spam - www.smoothwall.net<http://www.smoothwall.net/>

________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.

WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.

Thank you very much for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/b29e2206/attachment.htm>


More information about the rt-users mailing list