RE: [rt-users] LDAP Summary and supported implementations

Thu, 20 Apr 2006 13:03:47 -0700


Oh crap.. how'd that miss the cut-n-paste?

Set($LdapBase, 'cn=Users,dc=<domain>,dc=com');                    # search base

:-)

(again, note the Capital U in "Users")

--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
[EMAIL PROTECTED]
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank :



"Matt Nichols" <[EMAIL PROTECTED]>

04/20/2006 12:59 PM

To
<[EMAIL PROTECTED]>
cc
<[email protected]>
Subject
RE: [rt-users] LDAP Summary and supported implementations





Do you define an LdapBase variable in your config?
 
Thanks again.
 
-Matt
 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 20, 2006 2:47 PM
To: Matt Nichols
Cc: [email protected]
Subject: RE: [rt-users] LDAP Summary and supported implementations
 

Matt:

I've gotten this working with AD.  The trick for AD is making sure you search for "sAMAccountName" instead of "uid".

Here are the bare essentials you'll need:

Set($LdapUser, 'cn=<binduser>,CN=Users,dc=<domain>,dc=com');       # LDAP bind user
Set($LdapPass, '<password>');                                   # LDAP bind user pass
Set($LdapUidAttr, 'sAMAccountName');                            # attribute for RT account name
Set($LdapFilter, 'objectclass=user');                       # filter LDAP entries (e.g., only people)
Set($LdapNameAttr, 'cn');                                       # attribute for RT user name
Set($LdapMailAttr, 'mail');                                     # attribute for RT email addy

Note that "Users" requires the capital U...

Bear in mind this won't auto-populate the RT database from the LDAP database.  Your users will fail unless they already have an RT account.

The Moseman contribution allows for setting up accounts on-the-fly, but I've had some difficulty in getting it to pull in all the LDAP (AD) records (SQL errors are reported in the logging).  I haven't been able to put in much time in debugging..

The Mehl contribution does a better job and has good instructions, but has the drawback of requiring mod_ntlm and the NT LanMan hash vulnerability.

Hope this helps.

--
Eric N. Valor
Sr. Systems Administrator
DaimlerChrysler Research & Technology North America, Inc.
[EMAIL PROTECTED]
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank : 
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


We're hiring! Come hack Perl for Best Practical: 
http://bestpractical.com/about/jobs.html

Reply via email to