Authenticate with multiple LDAP Domains

RT Users
1

Just wanted to post this as it may help someone. I needed to authenticate against multiple AD domains and in the archives someone had asked how to do this. Here is my ExternalAuth: RT_SiteConfig.pm file.

Set($ExternalAuthPriority, [ ‘My_LDAP’, ‘My_LDAP2’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’, ‘My_LDAP2’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {

                 'type'                  =>  'ldap',
                 'server'                =>  '192.168.0.1',
                 'user'                  =>  'CN=rt, OU=TEST-CO, DC=Domain1, DC=COM',
                 'pass'                  =>  'passowrd',
                 'base'                  =>  'DC=Domain1,DC=COM',

                 'filter'                =>  '(ObjectClass=*)',

‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

                 'tls'                   =>  0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>  3           ],

‘group’ => ‘cn=RT Users,ou=Services,dc=internal,dc=local’,

‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name', 'EmailAddress'   ],
                 'attr_map'              => {   'Name' => 'sAMAccountName',
                                                'EmailAddress' => 'mail',
                                                'Organization' => 'physicalDeliveryOfficeName',
                                                'RealName' => 'cn',
                                                'ExternalAuthId' => 'sAMAccountName',
                                                'Gecos' => 'sAMAccountName',
                                                'WorkPhone' => 'telephoneNumber',
                                                'Address1' => 'streetAddress',
                                                'City' => 'l',
                                                'State' => 'st',
                                                'Zip' => 'postalCode',
                                                'Country' => 'co'
                                                                                            }
                                            },

                                  'My_LDAP2'               =>  {

                 'type'                  =>  'ldap',
                 'server'                =>  '192.168.1.1',
                 'user'                  =>  'CN=rt, OU=TEST-CO, DC=Domain2, DC=COM',
                 'pass'                  =>  'password',
                 'base'                  =>  'DC=Domain2,DC=COM',

                 'filter'                =>  '(ObjectClass=*)',

‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

                 'tls'                   =>  0,

‘ssl_version’ => 3,

                 'net_ldap_args'         => [    version =>  3           ],

‘group’ => ‘cn=RT Users,ou=Services,dc=internal,dc=local’,

‘group_attr’ => ‘member’,

                 'attr_match_list'       => [   'Name', 'EmailAddress'   ],
                 'attr_map'              => {   'Name' => 'sAMAccountName',
                                                'EmailAddress' => 'mail',
                                                'Organization' => 'physicalDeliveryOfficeName',
                                                'RealName' => 'cn',
                                                'ExternalAuthId' => 'sAMAccountName',
                                                'Gecos' => 'sAMAccountName',
                                                'WorkPhone' => 'telephoneNumber',
                                                'Address1' => 'streetAddress',
                                                'City' => 'l',
                                                'State' => 'st',
                                                'Zip' => 'postalCode',
                                                'Country' => 'co'
                                            }
                                                                                            }

                        }

);

1;

2

Sorry, but my post was not directed towards your issue.

Just a general howto post to accomplish authentication against multiple LDAP servers.

ArielFrom: borngunners@aol.com [mailto:borngunners@aol.com]
Sent: Thursday, June 10, 2010 12:38 PM
To: Ariel Saia
Subject: Re: [rt-users] Authenticate with multiple LDAP Domains

That looks nice, but I believe my issue is with the following:
#THE LDAP SERVER
Set(@Plugins, qw(RT::Authen::ExternalAuth));
Set($EmailCompletionUnprivileged,“privileged”);

If I comment them out, everything is fine, apache2 can restart, but if uncomment apache2 will fail.

What is the work around for that?

thanks,