Thank you very much for your feedback. I really appreciate it. Andrew Wagner-4 wrote: > > Yes, Josh. That is correct. The ExternalAuthen checks all locations > for users under the base OU. Either change your specified base in > RT_SiteConfig.pm or move the users to the OU that you want RT to search. > > Andrew Wagner > Assistant Network Administrator > [email protected] > 265-5710 > Room 370B > Wisconsin Center for Education Research (WCER) > www.wcer.wisc.edu > > > On 8/29/2011 11:39 AM, josh.cole wrote: >> Thank you for your response. So just to make sure I understand, if the >> users >> I want to be able to authenticate in RT are not in the OU specified it >> will >> not work? So I should move those users to whatever the OU is that I >> specify >> in the base? >> >> Andrew Wagner-4 wrote: >>> 1. For group_attr, you want the term to be 'member'. That checks for >>> membership in the group. >>> >>> 2. For your base, you need to choose the next highest level of Active >>> Directory beyond where your users are stored. This means you need to >>> specify the OU where your users are, not just a random "Users" OU. >>> >>> Andrew Wagner >>> Assistant Network Administrator >>> [email protected] >>> 265-5710 >>> Room 370B >>> Wisconsin Center for Education Research (WCER) >>> www.wcer.wisc.edu >>> >>> >>> On 8/29/2011 11:26 AM, josh.cole wrote: >>>> I am trying to make this work. I installed the latest version of >>>> ExternalAuth. I am working with Request Tracker for the first time, >>>> just >>>> upgraded from 3.8.7 to 4.0.1. There are a few things that I think are >>>> off >>>> but I am not sure what the correct solution is. >>>> >>>> 1. I am not sure what to use for the group_attr I want to have users in >>>> the >>>> group Request-Tracker inside of AD be able to authenticate with their >>>> credentials when logging into RT and I believe the filter is set >>>> correctly >>>> other than what needs to be added for the group_attribute. I am not >>>> sure >>>> what that should be. >>>> >>>> 2. For my base statement. I am specifying the Users OU but none of my >>>> users >>>> are in that OU. I am not sure exactly what it's looking for there. >>>> >>>> Any help is appreciated! >>>> ExternalAuth config: >>>> >>>> I have added the following to my RT_SiteConfig.pm: >>>> >>>> @RT::MailPlugins = ("RT::Authen::ExternalAuth"); >>>> Set(@Plugins, qw(RT::Authen::ExternalAuth) ); >>>> Set($ExternalAuthPriority, [ 'Active_Directory' >>>> ] >>>> ); >>>> Set($ExternalInfoPriority, [ 'Active_Directory' >>>> ] >>>> ); >>>> Set($AutoCreateNonExternalUsers, 0); >>>> >>>> Set($ExternalSettings, { 'Active_Directory' => { >>>> 'type' >>>> => 'ldap', >>>> 'auth' >>>> => 1, >>>> 'info' >>>> => 1, >>>> 'server' >>>> => 'rt.mydomain.local', >>>> 'base' >>>> => 'OU=Users,DC=mydomain,DC=local', >>>> # The filter >>>> to >>>> use >>>> to match RT-Users >>>> 'filter' >>>> => '(objectclass=person)', >>>> # The filter >>>> that >>>> will only match disabled users >>>> 'd_filter' >>>> => '(userAccountControl:1.2.840.113556.1.4.803:=2)', >>>> # Should we >>>> try >>>> to >>>> use TLS to encrypt connections? >>>> 'tls' >>>> => 0, >>>> # What other >>>> args >>>> should I pass to Net::LDAP->new($host,@args)? >>>> >>>> 'net_ldap_args' >>>> => [ version => 3 ], >>>> # Does >>>> authentication depend on group membership? What group name? >>>> 'group' >>>> => 'Request-Tracker', >>>> # What is the >>>> attribute for the group object that determines membership? >>>> #'group_attr' >>>> => 'GROUP_ATTR', >>>> ## RT >>>> ATTRIBUTE >>>> MATCHING SECTION >>>> # The list of >>>> RT >>>> attributes that uniquely identify a user >>>> >>>> 'attr_match_list' >>>> => [ 'ExternalAuthId','EmailAddress' ], >>>> # The mapping >>>> of >>>> RT >>>> attributes on to LDAP attributes >>>> 'attr_map' >>>> => { 'Name' => 'sAMAccountName', >>>> >>>> 'EmailAddress' => 'mail', >>>> >>>> 'Organization' => 'physicalDeliveryOfficeName', >>>> >>>> 'RealName' => 'displayName', >>>> >>>> 'ExternalAuthId' => 'sAMAccountName', >>>> >>>> 'Gecos' => 'sAMAccountName', >>>> >>>> 'WorkPhone' => 'telephoneNumber', >>>> >>>> 'Address1' => 'streetAddress', >>>> >>>> 'City' => 'l', >>>> >>>> 'State' => 'st', >>>> >>>> 'Zip' => 'postalCode', >>>> >>>> 'Country' => 'co' >>>> >>>> } >>>> } >>>> } >>>> ); >>>> >>> >>> >>> -------- >>> RT Training Sessions (http://bestpractical.com/services/training.html) >>> * Chicago, IL, USA September 26& 27, 2011 >>> * San Francisco, CA, USA October 18& 19, 2011 >>> * Washington DC, USA October 31& November 1, 2011 >>> * Melbourne VIC, Australia November 28& 29, 2011 >>> * Barcelona, Spain November 28& 29, 2011 >>> > > > > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Chicago, IL, USA September 26 & 27, 2011 > * San Francisco, CA, USA October 18 & 19, 2011 > * Washington DC, USA October 31 & November 1, 2011 > * Melbourne VIC, Australia November 28 & 29, 2011 > * Barcelona, Spain November 28 & 29, 2011 >
-- View this message in context: http://old.nabble.com/Has-anyone-sucessfully-configured-LDAP-to-authenticate-against-AD-with-version-4.0.1--tp32358024p32358398.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011
