I think I am close now. I made those changes to the config. I am receiving an error when I try to login with my AD credentials. The error is: [Mon Aug 29 17:35:31 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to rt.mydomain.local (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437)
Do I need to specify an ldap port? I did add a username and password to authenticate. josh.cole wrote: > > Thank you very much for your feedback. I really appreciate it. > > Andrew Wagner-4 wrote: >> >> Yes, Josh. That is correct. The ExternalAuthen checks all locations >> for users under the base OU. Either change your specified base in >> RT_SiteConfig.pm or move the users to the OU that you want RT to search. >> >> Andrew Wagner >> Assistant Network Administrator >> [email protected] >> 265-5710 >> Room 370B >> Wisconsin Center for Education Research (WCER) >> www.wcer.wisc.edu >> >> >> On 8/29/2011 11:39 AM, josh.cole wrote: >>> Thank you for your response. So just to make sure I understand, if the >>> users >>> I want to be able to authenticate in RT are not in the OU specified it >>> will >>> not work? So I should move those users to whatever the OU is that I >>> specify >>> in the base? >>> >>> Andrew Wagner-4 wrote: >>>> 1. For group_attr, you want the term to be 'member'. That checks for >>>> membership in the group. >>>> >>>> 2. For your base, you need to choose the next highest level of Active >>>> Directory beyond where your users are stored. This means you need to >>>> specify the OU where your users are, not just a random "Users" OU. >>>> >>>> Andrew Wagner >>>> Assistant Network Administrator >>>> [email protected] >>>> 265-5710 >>>> Room 370B >>>> Wisconsin Center for Education Research (WCER) >>>> www.wcer.wisc.edu >>>> >>>> >>>> On 8/29/2011 11:26 AM, josh.cole wrote: >>>>> I am trying to make this work. I installed the latest version of >>>>> ExternalAuth. I am working with Request Tracker for the first time, >>>>> just >>>>> upgraded from 3.8.7 to 4.0.1. There are a few things that I think are >>>>> off >>>>> but I am not sure what the correct solution is. >>>>> >>>>> 1. I am not sure what to use for the group_attr I want to have users >>>>> in >>>>> the >>>>> group Request-Tracker inside of AD be able to authenticate with their >>>>> credentials when logging into RT and I believe the filter is set >>>>> correctly >>>>> other than what needs to be added for the group_attribute. I am not >>>>> sure >>>>> what that should be. >>>>> >>>>> 2. For my base statement. I am specifying the Users OU but none of my >>>>> users >>>>> are in that OU. I am not sure exactly what it's looking for there. >>>>> >>>>> Any help is appreciated! >>>>> ExternalAuth config: >>>>> >>>>> I have added the following to my RT_SiteConfig.pm: >>>>> >>>>> @RT::MailPlugins = ("RT::Authen::ExternalAuth"); >>>>> Set(@Plugins, qw(RT::Authen::ExternalAuth) ); >>>>> Set($ExternalAuthPriority, [ 'Active_Directory' >>>>> ] >>>>> ); >>>>> Set($ExternalInfoPriority, [ 'Active_Directory' >>>>> ] >>>>> ); >>>>> Set($AutoCreateNonExternalUsers, 0); >>>>> >>>>> Set($ExternalSettings, { 'Active_Directory' => { >>>>> 'type' >>>>> => 'ldap', >>>>> 'auth' >>>>> => 1, >>>>> 'info' >>>>> => 1, >>>>> 'server' >>>>> => 'rt.mydomain.local', >>>>> 'base' >>>>> => 'OU=Users,DC=mydomain,DC=local', >>>>> # The filter >>>>> to >>>>> use >>>>> to match RT-Users >>>>> 'filter' >>>>> => '(objectclass=person)', >>>>> # The filter >>>>> that >>>>> will only match disabled users >>>>> 'd_filter' >>>>> => '(userAccountControl:1.2.840.113556.1.4.803:=2)', >>>>> # Should we >>>>> try >>>>> to >>>>> use TLS to encrypt connections? >>>>> 'tls' >>>>> => 0, >>>>> # What other >>>>> args >>>>> should I pass to Net::LDAP->new($host,@args)? >>>>> >>>>> 'net_ldap_args' >>>>> => [ version => 3 ], >>>>> # Does >>>>> authentication depend on group membership? What group name? >>>>> 'group' >>>>> => 'Request-Tracker', >>>>> # What is >>>>> the >>>>> attribute for the group object that determines membership? >>>>> >>>>> #'group_attr' >>>>> => 'GROUP_ATTR', >>>>> ## RT >>>>> ATTRIBUTE >>>>> MATCHING SECTION >>>>> # The list >>>>> of RT >>>>> attributes that uniquely identify a user >>>>> >>>>> 'attr_match_list' >>>>> => [ 'ExternalAuthId','EmailAddress' ], >>>>> # The >>>>> mapping of >>>>> RT >>>>> attributes on to LDAP attributes >>>>> 'attr_map' >>>>> => { 'Name' => 'sAMAccountName', >>>>> >>>>> 'EmailAddress' => 'mail', >>>>> >>>>> 'Organization' => 'physicalDeliveryOfficeName', >>>>> >>>>> 'RealName' => 'displayName', >>>>> >>>>> 'ExternalAuthId' => 'sAMAccountName', >>>>> >>>>> 'Gecos' => 'sAMAccountName', >>>>> >>>>> 'WorkPhone' => 'telephoneNumber', >>>>> >>>>> 'Address1' => 'streetAddress', >>>>> >>>>> 'City' => 'l', >>>>> >>>>> 'State' => 'st', >>>>> >>>>> 'Zip' => 'postalCode', >>>>> >>>>> 'Country' => 'co' >>>>> >>>>> } >>>>> } >>>>> } >>>>> ); >>>>> >>>> >>>> >>>> -------- >>>> RT Training Sessions (http://bestpractical.com/services/training.html) >>>> * Chicago, IL, USA September 26& 27, 2011 >>>> * San Francisco, CA, USA October 18& 19, 2011 >>>> * Washington DC, USA October 31& November 1, 2011 >>>> * Melbourne VIC, Australia November 28& 29, 2011 >>>> * Barcelona, Spain November 28& 29, 2011 >>>> >> >> >> >> -------- >> RT Training Sessions (http://bestpractical.com/services/training.html) >> * Chicago, IL, USA September 26 & 27, 2011 >> * San Francisco, CA, USA October 18 & 19, 2011 >> * Washington DC, USA October 31 & November 1, 2011 >> * Melbourne VIC, Australia November 28 & 29, 2011 >> * Barcelona, Spain November 28 & 29, 2011 >> > > -- View this message in context: http://old.nabble.com/Has-anyone-sucessfully-configured-LDAP-to-authenticate-against-AD-with-version-4.0.1--tp32358024p32358824.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011
