Do you define an LdapBase variable in your
config?
Thanks again.
-Matt
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 20, 2006
2:47 PM
To: Matt Nichols
Cc:
[email protected]
Subject: RE: [rt-users] LDAP
Summary and supported implementations
Matt:
I've
gotten this working with AD. The trick for AD is making sure you search
for "sAMAccountName" instead of "uid".
Here
are the bare essentials you'll need:
Set($LdapUser,
'cn=<binduser>,CN=Users,dc=<domain>,dc=com');
# LDAP bind user
Set($LdapPass,
'<password>');
# LDAP bind user pass
Set($LdapUidAttr,
'sAMAccountName');
# attribute for RT account name
Set($LdapFilter,
'objectclass=user');
# filter LDAP entries (e.g., only people)
Set($LdapNameAttr,
'cn');
# attribute for RT user
name
Set($LdapMailAttr,
'mail');
# attribute for RT email addy
Note
that "Users" requires the capital U...
Bear
in mind this won't auto-populate the RT database from the LDAP database. Your
users will fail unless they already have an RT account.
The
Moseman
contribution allows for setting up accounts
on-the-fly, but I've had some difficulty in getting it to pull in all the LDAP
(AD) records (SQL errors are reported in the logging). I haven't been
able to put in much time in debugging..
The
Mehl
contribution does a better job and has good
instructions, but has the drawback of requiring mod_ntlm and the NT LanMan hash
vulnerability.
Hope
this helps.
--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
[EMAIL PROTECTED]
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536
: This Space Intentionally Left Blank :
|
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
