Hi everyone,
I have been trying to get external authentication with ldapauth and
ldapimport working on a brand new rt 4.4 from the latest pull of
4.4-trunk.
I have the ldap authentication and rt-ldapimport working correctly
against our ldap server.
The one issue I can not appear to resolve is that I am prompted first
by the browsers authentication prompt and then by the RT login screen.
So you need to enter your authentication credentials twice.
I am hoping to just have the RT login screen, no browser authentication
prompt.
I'm sure it's something simple but I'm pulling my hair out :).
If someone could take a look at my config and tell me where the error is
I'd be eternally grateful:
Here is the section of my rt config.
The first few options are commented out as they are part of previous
attempts to make it work as expected.
#* Authentication
# configure external authentication
#Set($WebRemoteUserAuth, 1);
# check authentication on each request rather than just once
#Set($WebRemoteUserContinuous, 1);
# fall back to rt login if external auth fails.
#Set($WebFallbackToRTLogin, 1);
Set ($ExternalAuth, 1);
Set( $ExternalAuthPriority, ['URSYS_LDAP'] );
Set( $ExternalInfoPriority, ['URSYS_LDAP'] );
# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);
# LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'URSYS_LDAP' => {
'type' => 'ldap',
'server' => 'ldap.xxxxx,
'base' => 'cn=users,cn=accounts,dc=xxxxxx',
'user' => 'uid=system,cn=sysaccounts,xxxxx',
'pass' => 'xxxxxx',
'filter' => '(&(memberOf=cn=helpdesk-*))',
'attr_match_list' => [
'Name',
],
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
},
},
} );
# * rt-ldapimport configuration
# enable plugin
Plugin( qw(RT::LDAPImport));
Set($LDAPBase,'cn=users,cn=accounts,xxxxx');
Set($LDAPHost,'ldap.xxxxx');
Set($LDAPUser,'uid=system,cn=sysaccounts,xxxxxx');
Set($LDAPPassword,'xxxxxxxx');
Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))');
Set($LDAPMapping, {Name => 'uid', # required
EmailAddress => 'mail',
RealName => 'cn',
WorkPhone => 'telephoneNumber',
Organization => 'departmentName'});
# create users as privileged
Set($LDAPCreatePrivileged, 1);
# sync Groups from LDAP into RT
Set($LDAPGroupBase, 'cn=accounts,xxxxx');
Set($LDAPGroupFilter, '(&(objectClass=groupofnames)(cn=helpdesk-*))');
Set($LDAPGroupMapping, {Name => 'cn',
Description => 'description',
Member_Attr => 'member',
Member_Attr_Value => 'dn',
});
As above all the ldap stuff appears to work apart from the double
request for authentication.
Kind regards
Bart
--
Bart Bunting - URSYS
PH: 02 87452811
Mbl: 0409560005
---------
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016
