I'm going down the route of integrating a new RT 3.8.1 install in to a Windows 2003 Active Directory environment, and after going through the wiki web of information, I found that the "proper" method is now RT::Authen::ExternalAuth. That was, unfortunately, after I tried several other methods. :(
Anyhow, I saw a couple of postings on the list (specifically: http://lists.bestpractical.com/pipermail/rt-users/2008-July/052959.html), and managed to get things configured, but not functioning. :( I am able to successfully ldapsearch : ldapsearch -LLL -x -D "CN=Administrator,OU=IT Department,OU=Users,DC=ourdomain,DC=local" -w ourpasswd -h ad.ourdomain.local "(objectClass=Person)" -b "dc=ourdomain,dc=local" And I tried a couple of different variants for searching with command line success: (objectClass=*), (sAMAccountName=user) However, I cannot seem to get it to work for RT. I'm getting "Your username or password is incorrect" after only a few seconds of processing. Probably the thing preventing me from debugging this further is.. well.. I'm not sure how to turn up the volume on the debugging. The most I am seeing in the logs is the login failure. Any ideas? Thanks! -Rich RT_SiteConfig.pm contains: # The order in which the services defined in ExternalSettings # should be used to authenticate users. User is authenticated # if successfully confirmed by any service - no more services # are checked. Set($ExternalAuthPriority, [ 'My_LDAP' ] ); # The order in which the services defined in ExternalSettings # should be used to get information about users. This includes # RealName, Tel numbers etc, but also whether or not the user # should be considered disabled. # Once user info is found, no more services are checked. Set($ExternalInfoPriority, [ 'My_LDAP' ] ); # If this is set to true, then the relevant packages will # be loaded to use SSL/TLS connections. At the moment, # this just means "use Net::SSLeay;" Set($ExternalServiceUsesSSLorTLS, 0); # If this is set to 1, then users should be autocreated by RT # as internal users if they fail to authenticate from an # external service. Set($AutoCreateNonExternalUsers, 1); # These are the full settings for each external service as a HashOfHashes # Note that you may have as many external services as you wish. They will # be checked in the order specified in the Priority directives above. # e.g. # Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']); # Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE 'My_LDAP' => { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' => 'ldap', # Should the service be used for authentication? 'auth' => 1, # Should the service be used for information? 'info' => 1, # The server hosting the service 'server' => 'ad.ourdomain.local', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' => 'CN=Administrator,OU=IT Department,OU=Users,DC=ourdomain,DC=local', # The password RT should use to connect to the LDAP server 'pass' => 'ourpasswd', # # The LDAP search base 'base' => 'dc=ourdomain,dc=local', # The filter to use to match RT-Users 'filter' => '(objectclass=Person)', # The filter that will only match disabled users # 'd_filter' => '(serAccountControl:1.2.840.113556.1.4.803:=2)', 'd_filter' => '(&(objectCategory=person)(objectClass=user) (userAccountControl:1.2.840.113556.1.4.803:=2))', # Should we try to use TLS to encrypt connections? 'tls' => 0, # What other args should I pass to Net::LDAP->new($host,@args)? 'net_ldap_args' => [ version => 3 ], # Does authentication depend on group membership? What group name? 'group' => '', # What is the attribute for the group object that determines membership? 'group_attr' => '', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' } } } ); 1; _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
