Agent (staff) login using LDAP

silver · November 28, 2023, 3:58pm

Hello,
Please advise how I can set agents to log in using Active Directory accounts?
What I mean is to import a team and that team had permissions to a specific queue.
My RT version: 5.0.3
RT_SiteConfig.pm:

use utf8;
Set( $rtname, ‘rt.mydomain_com’);
Set($WebDomain, ‘rt.mydomain_com’);
Set($DatabasePassword, q{password});
Set($LogToFile, ‘debug’);
Set($LogToFileNamed, ‘rt3.mydomain_com.log’);
Set($LogDir, ‘/var/log/rt5’);
Set( %FullTextSearch,
Enable => 1,
Indexed => 1,
Table => ‘AttachmentsIndex’,
);

Set($RTAddressRegexp, ‘rt@mydomain_com’);
Set(@ReferrerWhitelist, qw(localhost:80 127.0.0.1:80));
Set($WebPort, ‘443’);

Set( $SendmailPath, ‘/opt/rt5/etc/msmtp_wrapper’ );
comugin(‘RT::IR’);

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);

Set($LDAPHost,‘ldap.mydomain_com’);
Set($LDAPOptions, [ port    => 636,
                    scheme  => 'ldaps',
                    raw     => qr/(\;binary)/,
                    version => 3]);
Set($LDAPUser,‘CN=RT,OU=Functional,OU=Emcomoyees,OU=UsersAccounts,DC=mydomain,DC=com’);
Set($LDAPPassword,‘password’);
Set($LDAPBase, ‘OU=Active,OU=Emcomoyees,OU=UsersAccounts,DC=mydomain,DC=com’);

Set($LDAPFilter, ‘(&(objectClass=user)(department=IT Department))’);
Set($LDAPMapping, {
Name => ‘sAMAccountName’,
EmailAddress => ‘mail’,
Organization => ‘department’,
RealName => ‘cn’,
NickName => ‘givenName’,
ExternalAuthId => ‘sAMAccountName’,
Gecos => ‘sAMAccountName’,
WorkPhone => ‘telephoneNumber’,
MobilePhone => ‘mobile’,
Address1 => ‘streetAddress’,
City => ‘l’,
State => ‘st’,
Zip => ‘postalCode’,
Country => ‘co’
});

Set($ExternalAuthPriority, [ ‘My_LDAP’ ]);
Set($ExternalInfoPriority, [ ‘My_LDAP’ ]);
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘tls’ => 1,
‘server’ => ‘ldap.mydomain_com’,
‘user’ => ‘CN=RT,OU=Functional,OU=Emcomoyees,OU=UsersAccounts,DC=mydomain,DC=com’,
‘pass’ => ‘password’,
‘base’ => ‘OU=Active,OU=Emcomoyees,OU=UsersAccounts,DC=mydomain,DC=com’,
‘filter’ => ‘(&(objectClass=user)(department=IT Department))’,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘userPrincipalName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘name’,
},
},
});

Imports users:
/opt/rt5/sbin/rt-ldapimport --import

Import goes through

[44225] [Tue Nov 28 15:22:13 2023] [debug]: Using html2text for HTML → text conversion (/opt/rt5/sbin/…/lib/RT/Interface/Email.pm:1555)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: connecting to ldap.mydomain_com (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:428)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: binding as CN=RT,OU=Functional,OU=Emcomoyees,OU=UsersAccounts,DC=mydomain,DC=com (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:436)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: searching with: base => ‘OU=Active,OU=Emcomoyees,OU=UsersAccounts,DC=mydomain,DC=com’ filter => ‘(&(objectClass=user)(department=IT Department))’ scope => ‘sub’ (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:505)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: search found 12 objects (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:539)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user1’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 1/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user2’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 2/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user3’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 3/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user4’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 4/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user5’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 5/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user6’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 6/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user7’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 7/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user8’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 8/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user9’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 9/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user10’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 10/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user11’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 11/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Skipping user ‘user12’, as it is numeric (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:628)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: Imported 12/12 users (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:607)
[44225] [Tue Nov 28 15:22:14 2023] [warning]: Not running a group import, configuration not set (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:1192)
[44225] [Tue Nov 28 15:22:14 2023] [debug]: No results found, no group import (/opt/rt5/sbin/…/lib/RT/LDAPImport.pm:1144)

After importing, I don’t see my agents (Staff) in the user list: Admin → Users → Select

When I go to mydomian.com and provide username and password → user1@mydomain_com. I am logged in, but I am in the panel https://rt.mydomain_com/SelfService/

I would like agents (Staff) to be able to log in using their AD accounts, can anyone help me achieve this goal?

silver · December 13, 2023, 12:11pm

Everything works, I just didn’t mark (Privileged) the option on the user list