This may help:
http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html
On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner
<y...@seiner.com <mailto:y...@seiner.com>> wrote:
I'm coming back to RT after a few years. I am trying
to set up external auth against our AD server.
I have a working implementation for mediawiki, so I
know that it's possible on our system. As far as
possible I've duplicated the options from
mediawiki/php to rt/perl, but I am still missing
something important as all login attempts get
rejected with a NoUser.
The only thing that I find different (and I'm
searching my memory from a few years ago when I set
up mediawiki) there is a line where the user name is
pre-pended with the domain for AD:
$wgLDAPSearchStrings = array( 'HPM' =>
"HPM\\USER-NAME" );
And I can't find anything like that in the RT config.
Does anyone have a working AD external auth they can
share?
Thanks.
Here's the logfile snippet:
[4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting
to use external auth service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
[4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling
UserExists with $username (yans) and $service
(My_LDAP)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
[4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists
params:
username: yans , service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
[4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP
Search === Base: ou=Staff,dc=hpm,dc=net == Filter:
(&(objectClass=inetOrgPerson)(sAMAccountName=yans))
== Attrs:
cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
[4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check
Failed :: ( My_LDAP ) yans User not found
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483)
[4835] [Tue Jul 7 15:17:14 2015] [debug]:
Autohandler called ExternalAuth. Response: (0, No
User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED
LOGIN for yans from 10.10.30.51
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)
And here's the setup in RTSiteConfig.pm:
Plugin('RT::Authen::ExternalAuth');
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP' ]);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'file_print.hpm.net
<http://file_print.hpm.net>',
# By not passing 'user' and 'pass' we
are using an anonymous
# bind, which some servers to not allow
'base' => 'dc=hpm,dc=net',
'filter' => '(objectClass=inetOrgPerson)',
# Users are allowed to log in via
email address or account
# name
'attr_match_list' => [
'Name',
# 'EmailAddress',
],
# Import the following properties of
the user from LDAP upon
# login
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co',
},
},
} );