Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base?
Andrew Wagner-4 wrote: > > 1. For group_attr, you want the term to be 'member'. That checks for > membership in the group. > > 2. For your base, you need to choose the next highest level of Active > Directory beyond where your users are stored. This means you need to > specify the OU where your users are, not just a random "Users" OU. > > Andrew Wagner > Assistant Network Administrator > [email protected] > 265-5710 > Room 370B > Wisconsin Center for Education Research (WCER) > www.wcer.wisc.edu > > > On 8/29/2011 11:26 AM, josh.cole wrote: >> I am trying to make this work. I installed the latest version of >> ExternalAuth. I am working with Request Tracker for the first time, just >> upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off >> but I am not sure what the correct solution is. >> >> 1. I am not sure what to use for the group_attr I want to have users in >> the >> group Request-Tracker inside of AD be able to authenticate with their >> credentials when logging into RT and I believe the filter is set >> correctly >> other than what needs to be added for the group_attribute. I am not sure >> what that should be. >> >> 2. For my base statement. I am specifying the Users OU but none of my >> users >> are in that OU. I am not sure exactly what it's looking for there. >> >> Any help is appreciated! >> ExternalAuth config: >> >> I have added the following to my RT_SiteConfig.pm: >> >> @RT::MailPlugins = ("RT::Authen::ExternalAuth"); >> Set(@Plugins, qw(RT::Authen::ExternalAuth) ); >> Set($ExternalAuthPriority, [ 'Active_Directory' >> ] >> ); >> Set($ExternalInfoPriority, [ 'Active_Directory' >> ] >> ); >> Set($AutoCreateNonExternalUsers, 0); >> >> Set($ExternalSettings, { 'Active_Directory' => { 'type' >> => 'ldap', >> 'auth' >> => 1, >> 'info' >> => 1, >> 'server' >> => 'rt.mydomain.local', >> 'base' >> => 'OU=Users,DC=mydomain,DC=local', >> # The filter to >> use >> to match RT-Users >> 'filter' >> => '(objectclass=person)', >> # The filter >> that >> will only match disabled users >> 'd_filter' >> => '(userAccountControl:1.2.840.113556.1.4.803:=2)', >> # Should we try >> to >> use TLS to encrypt connections? >> 'tls' >> => 0, >> # What other >> args >> should I pass to Net::LDAP->new($host,@args)? >> 'net_ldap_args' >> => [ version => 3 ], >> # Does >> authentication depend on group membership? What group name? >> 'group' >> => 'Request-Tracker', >> # What is the >> attribute for the group object that determines membership? >> #'group_attr' >> => 'GROUP_ATTR', >> ## RT ATTRIBUTE >> MATCHING SECTION >> # The list of RT >> attributes that uniquely identify a user >> >> 'attr_match_list' >> => [ 'ExternalAuthId','EmailAddress' ], >> # The mapping of >> RT >> attributes on to LDAP attributes >> 'attr_map' >> => { 'Name' => 'sAMAccountName', >> >> 'EmailAddress' => 'mail', >> >> 'Organization' => 'physicalDeliveryOfficeName', >> >> 'RealName' => 'displayName', >> >> 'ExternalAuthId' => 'sAMAccountName', >> >> 'Gecos' => 'sAMAccountName', >> >> 'WorkPhone' => 'telephoneNumber', >> >> 'Address1' => 'streetAddress', >> >> 'City' => 'l', >> >> 'State' => 'st', >> >> 'Zip' => 'postalCode', >> >> 'Country' => 'co' >> >> } >> } >> } >> ); >> > > > > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 > -- View this message in context: http://old.nabble.com/Has-anyone-sucessfully-configured-LDAP-to-authenticate-against-AD-with-version-4.0.1--tp32358024p32358276.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011
