Addressing character encoding and active directory group permissions

Hello everyone,

I’m setting up my site with Active Directory. I’ve managed to authenticate my user correctly, however, upon accessing, I notice that the user’s first name (which includes an accent mark) appears with a strange character instead.

Here is my file with my current configuration:

use utf8;

Set($LogToFile , 'debug');
Set($LogDir, './var/log');
Set($LogToFileNamed , "rt.log");

Set($rtname, "rtiserver.domain.local");
Set($WebDomain, "rtirserver.domain.local");
Set($Organization, "domain.local");
Set($WebPort, 443);
Set($WebPath, '');
#Set($WebPath, '/opt/rt5');
#Set( $WebSecureCookies, 0 );
Set($Timezone, "America/Montevideo");

# Configuración del juego de caracteres en
Set($DatabaseCharset, 'es_UY.UTF-8');
Set($WebCharset, 'es_UY.UTF-8');

# Para corregir advertencia "Possible cross-site request forgery"
Set(@ReferrerWhitelist, qw(rtirserver.domain.local:443 rtirserver.domain.local:80));
Set($WebFallbackToRTLogin, 1);


# Configuracion LDAP

Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
    'My_LDAP' => {
        'type' => 'ldap',
        'server' => 'domain.local',
        'port' => '389',
        'user' => 'superuser',
        'pass' => 'superpassword',
        'base' => 'OU=MyOU,DC=domain,DC=local',
        'filter'        => '(objectClass=Person)',
        #       'group' => 'OU=MyGroups,DC=domain,DC=local',
        #'group_attr' => 'member',
        #      'filter' => '(&(samAccountName=%s)(objectClass=user)(samAccountType=805306368))',

        #       'filter' => '(objectClass=inetOrgPerson)',
        'attr_match_list' => [
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
            'WorkPhone' => 'telephoneNumber',
            'Address1' => 'streetAddress',
            'City' => 'l',
            'State' => 'st',
            'Zip' => 'postalCode',
            'Country' => 'co',


How can I fix this character encoding issue?

Additionally, I would like the user to have certain permissions based on the Active Directory group they belong to. Does this require modifying the configuration in the file o anything else?

Any additional information needed will be provided accordingly.

I use “raw” setting in $LDAPOptions (syncing to an LDAP server):

Set($LDAPOptions, [ port    => 636,
                    raw     => qr/(\;binary)/,

I hope it’s useful for you.

About permissions by group, check this post, maybe you’ll find a hint:

@sollericos Hi! Thank you very much for your prompt response. Using the raw setting did the trick, I simply had to adjust my configuration differently since I was utilizing $ExternalSettings.

I incorporated this line within the “My_LDAP” object:

'net_ldap_args' => [ scheme => 'ldap', port => 389, raw => qr/(\;binary)/ ],

I will now focus on resolving the permission issues.

I’m encountering specific difficulty enabling LDAP users to create tickets. By default, they belong to the “Unprivileged” group.

So, my response to the other post will help you too. I made it to enable privileged users by group. If you find any better solution or you have any doubt, please, let me know on that post.