I am trying to accomplish two things: First, to integrate RT with Active Directory such that an RT user account will automatically be created in either of the following cases. a) when a user first submits a ticket request via email, and b) when a user first logs in via the RT web interface Secondly, Single sign-on, such that once an RT account has been created an MS-Windows user will not need to enter their password on subsequent visits to the RT web interface. I've started by attempting to implement the Auth::ExternalAuth extension but have been unable to get it working. I cannot log into the RT web interface using any account except the root account that has already been created within RT. Once in RT as root, I am unable to create a new user. I get the error "User could not be created: Could not set user info." I've tried the solution mentioned in this thread --> http://www.gossamer-threads.com/lists/rt/users/94218 to get RT to auto-create users, but to no avail. Note that when I uncomment the statement "Set($WebExternalAuto,1);" and restart apache the RT login screen provides no login box in which to enter a username or a password. Any advice would be greatly appreciated. Below is my RT configuration. #Begin /opt/rt3/etc/RT_SiteConfig.pm tail ... # The following two statements support single sign-on. # but I have commented them out for now since they are # said to conflict with the ExternalAuth extension. # See http://wiki.bestpractical.com/view/ExternalAuth <http://wiki.bestpractical.com/view/ExternalAuth> .
# Tell RT to trust the webserver to handle authentication. # Set($WebExternalAuth, 3); # If the webserver hands RT a user RT is not # familiar with, RT should just go ahead and # create an account. # Set($WebExternalAuto, 1); ... # Include the configuration for the ExternalAuth extension. require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm"; Set($AutoCreate,{Privileged => 0}); 1; #End /opt/rt3/etc/RT_SiteConfig.pm #Begin /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm in its entirety. Set($ExternalAuthPriority, [ 'Heapy_AD_LDAP' ] ); Set($ExternalInfoPriority, [ 'Heapy_AD_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'Heapy_AD_LDAP' => { 'type' => 'ldap', 'server' => 'serverxyz.domain.domainSuffix', 'user' => 'cn=ldap,ou=Services,dc=domain,dc=domainSuffix', 'pass' => 'the_ldap_password', 'base' => 'dc=domain,dc=domainSuffix', 'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))', 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)', # 'tls' => 0, # 'ssl_version' => 3, 'net_ldap_args' => [ version => 3 ], 'group' => 'cn=group,ou=Services,dc=domain,dc=domainSuffix', 'group_attr' => 'member', 'attr_match_list' => [ 'Name', 'EmailAddress' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' } } } ); Set(@Plugins, qw(RT::Authen::ExternalAuth)); 1; #End /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com