Addressing character encoding and active directory group permissions

Guzman_Olivera · April 9, 2024, 9:45pm

Hello everyone,

I’m setting up my site with Active Directory. I’ve managed to authenticate my user correctly, however, upon accessing, I notice that the user’s first name (which includes an accent mark) appears with a strange character instead.

Here is my RT_SiteConfig.pm file with my current configuration:

use utf8;

Set($LogToFile , 'debug');
Set($LogDir, './var/log');
Set($LogToFileNamed , "rt.log");


Set($rtname, "rtiserver.domain.local");
Set($WebDomain, "rtirserver.domain.local");
Set($Organization, "domain.local");
Set($WebPort, 443);
Set($WebPath, '');
#Set($WebPath, '/opt/rt5');
#Set( $WebSecureCookies, 0 );
Set($Timezone, "America/Montevideo");

# Configuración del juego de caracteres en RT_SiteConfig.pm
Set($DatabaseCharset, 'es_UY.UTF-8');
Set($WebCharset, 'es_UY.UTF-8');

# Para corregir advertencia "Possible cross-site request forgery"
Set(@ReferrerWhitelist, qw(rtirserver.domain.local:443 rtirserver.domain.local:80));
Set($WebFallbackToRTLogin, 1);

Plugin('RT::IR');

# Configuracion LDAP

Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
    'My_LDAP' => {
        'type' => 'ldap',
        'server' => 'domain.local',
        'port' => '389',
        'user' => 'superuser',
        'pass' => 'superpassword',
        'base' => 'OU=MyOU,DC=domain,DC=local',
        'filter'        => '(objectClass=Person)',
        #       'group' => 'OU=MyGroups,DC=domain,DC=local',
        #'group_attr' => 'member',
        #      'filter' => '(&(samAccountName=%s)(objectClass=user)(samAccountType=805306368))',

        #       'filter' => '(objectClass=inetOrgPerson)',
        'attr_match_list' => [
            'Name',
            'EmailAddress',
        ],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'WorkPhone' => 'telephoneNumber',
            'Address1' => 'streetAddress',
            'City' => 'l',
            'State' => 'st',
            'Zip' => 'postalCode',
            'Country' => 'co',
        },
    },
});

1;

How can I fix this character encoding issue?

Additionally, I would like the user to have certain permissions based on the Active Directory group they belong to. Does this require modifying the configuration in the RT_SiteConfig.pm file o anything else?

Any additional information needed will be provided accordingly.

sollericos · April 10, 2024, 6:02am

I use “raw” setting in $LDAPOptions (syncing to an LDAP server):

Set($LDAPOptions, [ port    => 636,
                    raw     => qr/(\;binary)/,
                    ...

I hope it’s useful for you.

About permissions by group, check this post, maybe you’ll find a hint:

Guzman_Olivera · April 10, 2024, 10:09pm

@sollericos Hi! Thank you very much for your prompt response. Using the raw setting did the trick, I simply had to adjust my configuration differently since I was utilizing $ExternalSettings.

I incorporated this line within the “My_LDAP” object:

'net_ldap_args' => [ scheme => 'ldap', port => 389, raw => qr/(\;binary)/ ],

I will now focus on resolving the permission issues.

I’m encountering specific difficulty enabling LDAP users to create tickets. By default, they belong to the “Unprivileged” group.

sollericos · April 11, 2024, 6:32am

Grate!
So, my response to the other post will help you too. I made it to enable privileged users by group. If you find any better solution or you have any doubt, please, let me know on that post.