2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random "Users" OU.
Andrew Wagner Assistant Network Administrator [email protected] 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote:
I am trying to make this work. I installed the latest version of
ExternalAuth. I am working with Request Tracker for the first time, just
upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off
but I am not sure what the correct solution is.
1. I am not sure what to use for the group_attr I want to have users in the
group Request-Tracker inside of AD be able to authenticate with their
credentials when logging into RT and I believe the filter is set correctly
other than what needs to be added for the group_attribute. I am not sure
what that should be.
2. For my base statement. I am specifying the Users OU but none of my users
are in that OU. I am not sure exactly what it's looking for there.
Any help is appreciated!
ExternalAuth config:
I have added the following to my RT_SiteConfig.pm:
@RT::MailPlugins = ("RT::Authen::ExternalAuth");
Set(@Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, [ 'Active_Directory'
]
);
Set($ExternalInfoPriority, [ 'Active_Directory'
]
);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, { 'Active_Directory' => { 'type'
=> 'ldap',
'auth'
=> 1,
'info'
=> 1,
'server'
=> 'rt.mydomain.local',
'base'
=> 'OU=Users,DC=mydomain,DC=local',
# The filter to use
to match RT-Users
'filter'
=> '(objectclass=person)',
# The filter that
will only match disabled users
'd_filter'
=> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
# Should we try to
use TLS to encrypt connections?
'tls'
=> 0,
# What other args
should I pass to Net::LDAP->new($host,@args)?
'net_ldap_args'
=> [ version => 3 ],
# Does
authentication depend on group membership? What group name?
'group'
=> 'Request-Tracker',
# What is the
attribute for the group object that determines membership?
#'group_attr'
=> 'GROUP_ATTR',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
'attr_match_list'
=> [ 'ExternalAuthId','EmailAddress' ],
# The mapping of RT
attributes on to LDAP attributes
'attr_map'
=> { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'displayName',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
smime.p7s
Description: S/MIME Cryptographic Signature
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011
