Hello,
V0.07_01 is working for us for authentication with MSFT AD, after
installing it on top of 0.06. New users can log in and get "autocreated"
properly.
Thanks a lot to all developers for the quick solution.
This is what we added to RT_SiteConfig.pm, in case it may help someone
else:
Config per LDAP Authentication
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
LDAP Settings
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($ExternalAuthPriority, [ ‘AD_LDAP’
]
);
Set($ExternalInfoPriority, [ ‘AD_LDAP’
]
);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
’AD_LDAP’ => { ## GENERIC SECTION
The type of service (db/ldap/cookie)
‘type’ => ‘ldap’,
Should the service be used for authentication?
‘auth’ => 1,
Should the service be used for information?
‘info’ => 0,
The server hosting the service
‘server’ => ‘’,
SERVICE-SPECIFIC SECTION
If you can bind to your LDAP server anonymously you should
remove the user and pass config lines, otherwise specify them here:
The username RT should use to connect to the LDAP server
‘user’ => ‘<MyDomain\username>’,
The password RT should use to connect to the LDAP server
‘pass’ => ‘’,
The LDAP search base
‘base’ => ‘ou=,dc=nervianoms,dc=com’,
The filter to use to match RT-Users
‘filter’ =>
’(&(objectCategory=person)(objectClass=user))’,
The filter that will only match disabled users
‘d_filter’ =>
’(&(objectCategory=person)(objectClass=user)
(userAccountControl:1.2.840.113556.1.4.803:=2))’,
Should we try to use TLS to encrypt connections?
‘tls’ => 0,
What other args should I pass to Net::LDAP->new($host,@args)?
‘net_ldap_args’ => [ version => 3 ],
Does authentication depend on group membership? What group name?
#GV#‘group’ => ‘GROUP_NAME’,
What is the attribute for the group object that determines membership?
#GV#‘group_attr’ => ‘GROUP_ATTR’,
RT ATTRIBUTE MATCHING SECTION
The list of RT attributes that uniquely identify a user
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’
],
The mapping of RT attributes on to LDAP attributes
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘ExternalAuthId’ =>
‘sAMAccountName’,
}
}
}
);
Fine config per LDAP authentication…
Gabriele Franzini
ICT Applications Manager
Nerviano Medical Sciences SRL
PO Box 11 - Viale Pasteur 10
20014 Nerviano Italy