Dear All,
I have installed the RT 3.6.5 originally using it's database (Pg) for
authentication. Initially it went fine with all the features working.
However, I decided to enable authentication of RT through AD (
tradardc02.tra.go.tz) as shown in the attached RT_SiteConfig file. On
choosing the priority I set AD as the primary choice and 'localhost' -
meaning the RT database for authentication. Now I am getting the following
errors:
x1 - [Tue Apr 22 12:40:23 2008] [crit]: Failed to create user
[EMAIL PROTECTED]: Co
uld not set user info (/usr/lib/RT/User_Overlay.pm:617)
[Tue Apr 22 12:40:23 2008] [error]: Could not load create a user with the
email
address '[EMAIL PROTECTED]' to add as a watcher for ticket 667
(/usr/lib/RT/Ti
cket_Overlay.pm:1424)
x2- [Tue Apr 22 12:51:12 2008] [error]: Invalid type specification in config
tradard
c02.tra.go.tz (/usr/lib/RT/User_Vendor.pm:289)
[Tue Apr 22 12:51:12 2008] [error]: Invalid type specification in config
localho
st (/usr/lib/RT/User_Vendor.pm:289)
Please help to resolve these problems.
With kindest regards,
Emmanuel
# Any configuration directives you include here will override
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
# perl -c /path/to/your/etc/RT_SiteConfig.pm
#
# Base Configuration
#
Set($rtname , "helpdesk.tra.go.tz");
Set($Organization , "tra.go.tz");
Set($Timezone , 'Africa/Khartoum');
#
# Logging
#
Set($LogDir, '/var/log');
#
### Start LDAP/Active Directory Configurations
#
### What auth methods do you like and in what order?
#
# Using Installed RT_SiteConfig.pm from External-Auth Module
#
#
#
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
#Set($ExternalAuthPriority, [ 'My_LDAP',
# 'My_MySQL'
# ]
#);
et($ExternalAuthPriority, [ 'tradardc02.tra.go.tz',
'localhost'
]
;
The order in which the services defined in ExternalSettings
should be used to get information about users. This includes
RealName, Tel numbers etc, but also whether or not the user
should be considered disabled.
Once user info is found, no more services are checked.
et($ExternalInfoPriority, [ 'tradardc02.tra.go.tz',
'localhost'
]
;
Continue with recommended Configuration for AD
et($AuthMethods, ['LDAP', 'Internal']);
## LDAP Settings
There are two different branches of this: LdapAuth* and LdapInfo*;
# additionally, most of the old Ldap* variables are honored, too.
#
# This means if you only have one LDAP server/config you can just set
# "LdapServer", "LdapUser", etc. and they will be used for both
# authentication and information
### Enable/Disable LDAP services
#Set($LdapExternalAuth, 1);
#Set($LdapExternalInfo, 1);
#
Set($LdapExternalAuth, 0);
Set($LdapExternalInfo, 0);
#
### Common Settings: affecting both auth and info services
# Should we create accounts for users who aren't in LDAP?
#Set($LdapAutoCreateNonLdapUsers, 1);
Set($LdapAutoCreateNonLdapUsers, 0);
# Should we assign the privileged rights to the user?
Set($AutoCreate, {Privileged => 1});
# Map RT attributes to LDAP attributes
#
# The mapping below is known to work in Windows 2003 w/Active Directory
#
####
#### NOTE
####
#### You have the following options for the user id with Active Directory,
####
#### 'mail'
#### Users email address, [EMAIL PROTECTED]
####
#### 'userPrincipalName'
#### New user logon name stored in the following format, [EMAIL PROTECTED]
####
#### 'sAMAccountName' (Default for this config)
#### Also known as the pre-Windows 2000 Logon Name
Set( $LdapAttrMap, {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalContactInfoId' => 'dn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'HomePhone' => 'homePhone',
'WorkPhone' => 'telephoneNumber',
'MobilePhone' => 'mobile',
'PagerPhone' => 'pager',
'Address1' => 'streetAddress',
'Address2' => 'postOfficeBox',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co',
'FreeformContactInfo' => 'info',
}
);
# A list of RT attrs which can uniquely identify a user,
# ordered from most to least preferred.
Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
'EmailAddress', 'RealName',
'WorkPhone', 'Address2']
);
# A list of LDAP attrs to examine when canonicalizing email addresses,
# ordered from most to least preferred
Set($LdapEmailAttrMatchList, ['mail', 'mailRoutingAddress',
'mailAlternateAddress']
);
# A list of prefixes to apply to email address matches.
# Windows 2003 AD uses prefixes or smtp: or SMTP:.
# If not required just leave ''
Set($LdapEmailAttrMatchPrefix, ['', 'smtp:', 'SMTP:'] );
# The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo*
#Set($LdapServer, 'ldap.example.com');
Set($LdapServer, 'tradardc02.tra.go.tz');
Set($LdapBase, 'ou=People,dc=tra,dc=go,dc=tz');
#Set($LdapFilter, '(objectclass=posixAccount)');
#Set($LdapFilter, '(objectclass=*)');
Set($LdapFilter, '*');
# Windows 2003 Active Directory does not allow anonymous LDAP binding
# thus you must pass Net::LDAP a username and password that has
# access to read the directory.
#
# You may also need to specify the full distinguished name instead of
# just a username for LdapUser below.
# e.g. cn=Username,cn=Users,dc=yourdomain,dc=com
#
#Set($LdapUser, '[EMAIL PROTECTED]');
Set($LdapUser, '[EMAIL PROTECTED]');
#Set($LdapPass, 'password');
Set($LdapPass, '@n0str1ch');
# This filter is used by RT::User::UpdateFromLdap to test whether an
# LDAP user's RT account should be disabled. Any user whose LDAP record
# passes this filter (returns true) will be disabled at login
Set($LdapDisableFilter, '(employmentStatus=Terminated)');
# If you set these, only members of this group can auth via LDAP
#Set($LdapGroup, 'cn=RT,ou=Group,dc=example,dc=com');
#Set($LdapGroupAttr, 'uniqueMember');
# These turn on SSL for LDAP
#Set($LdapTLS, 0);
#Set($LdapSSLVersion, 3);
### IF YOU USE THE SAME LDAP SERVER FOR AUTH AND INFO STOP HERE ###
### Authentication settings
#
# These are used only if their $RT::Ldap* analogs are not set;
# if you want one of these variables to be honored, you must comment
# out the corresponding $RT::Ldap* variable above
#Set($LdapAuthServer, 'ldap.example.com');
#Set($LdapAuthBase, 'ou=People,dc=example,dc=com');
#Set($LdapAuthFilter, "(objectclass=posixAccount)");
#Set($LdapAuthUser, '');
#Set($LdapAuthPass, '');
# This filter is used by RT::User::UpdateFromLdap to test whether an
# LDAP user's RT account should be disabled. Any user whose LDAP record
# passes this filter (returns true) will be disabled at login
# Set($LdapAuthDisableFilter, '(employmentStatus=Terminated)');
# If you set these, only members of this group can auth via LDAP
#Set($LdapAuthGroup, 'cn=RT,ou=Group,dc=example,dc=com');
#Set($LdapAuthGroupAttr, 'uniqueMember');
# These turn on SSL for LDAP
#Set($LdapAuthTLS, 0);
#Set($LdapAuthSSLVersion, 3);
### Information settings
#
# These are used only if their $RT::Ldap* analogs are not set;
# if you want one of these variables to be honored, you must comment
# out the corresponding $RT::Ldap* variable above
#Set($LdapInfoServer, 'ldap.example.com');
#Set($LdapInfoBase, 'ou=People,dc=example,dc=com');
#Set($LdapInfoFilter, "(objectclass=posixAccount)");
#Set($LdapInfoUser, '');
#Set($LdapInfoPass, '');
# This filter is used by RT::User::UpdateFromLdap to test whether an
# LDAP user's RT account should be disabled. Any user whose LDAP record
# passes this filter (returns true) will be disabled at login
# Set($LdapInfoDisableFilter, '(employmentStatus=Terminated)');
# These turn on SSL for LDAP
#Set($LdapInfoTLS, 0);
#Set($LdapInfoSSLVersion, 3);
#
#
## End of Ldap/Active Directory Configuration
#
# Incoming mail gateway configuration
#
Set($RTAddressRegexp , '[EMAIL PROTECTED]');
#Set($CanonicalizeEmailAddressMatch , '@tra\.go\.tz$');
#Set($CanonicalizeEmailAddressReplace , '@helpdesk.tra.go.tz$');
#
# Logging
#
Set($LogDir, '/var/log');
#
# Web interface configuration
#
#
# Web interface configuration
#
Set($WebPath , "");
Set($PreferRichText, "true");
Set($OldestTransactionsFirst, '0');
Set($WebBaseURL , "https://support.tra.go.tz:$WebPort";);
Set($WebURL , $WebBaseURL . $WebPath . "/");
# $WebImagesURL points to the base URL where RT can find its images.
Set($WebImagesURL , $WebPath . "/NoAuth/images/");
# $LogoURL points to the URL of the RT logo displayed in the web UI
Set($LogoURL , $WebImagesURL . "bplogo.gif");
1;_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
