I apologize; I must not have caught the e-mail from Ruslan. Here is my
full RT_SiteConfig:
root@help:/opt/rt4/etc# cat RT_SiteConfig.pm
Any configuration directives you include here will override
RT’s default configuration file, RT_Config.pm
To include a directive here, just copy the equivalent statement
from RT_Config.pm and change the value. We’ve included a single
sample value below.
This file is actually a perl module, so you can include valid
perl code, as well.
The converse is also true, if this file isn’t valid perl, you’re
going to run into trouble. To check your SiteConfig file, use
this comamnd:
perl -c /path/to/your/etc/RT_SiteConfig.pm
Set($rtname, ‘help.carthage.edu’);
Set($Organization, ‘carthage.edu’);
Set($CorrespondAddress, ‘xxxxxx@carthage.edu’);
Set($CommentAddress, ‘xxxxxx@carthage.edu’);
Set($Timezone, “US/Central”);
DATABASE STUFF
Set($DatabaseType, ‘mysql’);
Set($DatabaseUser, ‘root’);
Set($DatabasePassword, ‘xxxxxxx’);
Set($DatabaseName, ‘rt4’);
WEB SERVER STUFF
Set($WebPath, “/rt/”);
Set($WebDomain, ‘help.carthage.edu’);
Set($WebPort, 443);
Set($WebBaseURL, “http://help.carthage.edu”);
Set($DisabledGD, undef);
Set($RestrictReferrer, 0);
Set($LogToFile, ‘debug’);
OTHER CUSTOMIZATIONS
Set($DisableGD, 0);
Set($HomepageComponents, [qw(
QuickCreate Quicksearch MyAdminQueues MySupportQueues MyReminders
RefreshHomepage Dashboards Links MOTD Consultant)]);
Set(@Plugins, qw(
RT::Authen::ExternalAuth
RT::Extension::Timeline
RT::Extension::MandatorySubject
RT::Extension::MandatoryRequestor
RTx::EmailCompletion
RT::Extension::MobileUI
RT::Extension::ReportSpam
RT::Extension::JSGantt
));
The order in which the services defined in ExternalSettings
should be used to authenticate users. User is authenticated
if successfully confirmed by any service - no more services
are checked.
Set($ExternalAuthPriority, [ ‘My_LDAP’,
]
);
The order in which the services defined in ExternalSettings
should be used to get information about users. This includes
RealName, Tel numbers etc, but also whether or not the user
should be considered disabled.
Once user info is found, no more services are checked.
You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, [ #‘My_MySQL’,
‘My_LDAP’
]
);
default => {
actions => [
'new -> open' => { label => 'Open it', update => 'Respond'
},
‘new → resolved’ => { label => ‘Resolve’, update => ‘Respond’
},
‘new → rejected’ => { label => ‘Reject’, update => ‘Respond’
},
‘new → deleted’ => { label => ‘Delete’ },
'open -> stalled' => { label => 'Stall', update => 'Comment'
},
‘open → resolved’ => { label => ‘Resolve’, update => ‘Respond’
},
‘open → rejected’ => { label => ‘Reject’, update => ‘Respond’
},
'stalled -> open' => { label => 'Open it' },
'resolved -> open' => { label => 'Re-open', update => 'Comment'
},
‘rejected → open’ => { label => ‘Re-open’, update => ‘Comment’
},
‘deleted → open’ => { label => ‘Undelete’ },
],
},
If this is set to true, then the relevant packages will
be loaded to use SSL/TLS connections. At the moment,
this just means “use Net::SSLeay;”
Set($ExternalServiceUsesSSLorTLS, 0);
If this is set to 1, then users should be autocreated by RT
as internal users if they fail to authenticate from an
external service.
Set($AutoCreateNonExternalUsers, 1);
These are the full settings for each external service as a HashOfHashes
Note that you may have as many external services as you wish. They will
be checked in the order specified in the Priority directives above.
e.g.
Set(ExternalAuthPriority,[‘My_LDAP’,‘My_MySQL’,‘My_Oracle’,‘SecondaryLDAP’,‘Other-DB’]);
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
‘My_LDAP’ => { ## GENERIC SECTION
# The type of
service (db/ldap/cookie)
‘type’
=> ‘ldap’,
# The server
hosting the service
‘server’
=> ‘10.2.2.15’,
## SERVICE-SPECIFIC
SECTION
# If you can bind
to your LDAP server anonymously you should
# remove the user
and pass config lines, otherwise specify them here:
# The username RT
should use to connect to the LDAP server
‘user’
=> ‘cn=ZENworks,ou=users,o=carthage’,
# The password RT
should use to connect to the LDAP server
‘pass’
=> ‘xxxxxxx’,
# The LDAP search
base
‘base’
=> ‘o=CARTHAGE’,
# ALL FILTERS MUST
BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU MUST
SPECIFY A filter AND A d_filter!!
# The filter to use
to match RT-Users
‘filter’
=> ‘(objectClass=carthageUser)’,
# A catch-all
example filter: ‘(objectClass=*)’
# The filter that
will only match disabled users
‘d_filter’
=> ‘(objectClass=FooFooBar)’,
# A catch-none
example d_filter: ‘(objectClass=FooBarBaz)’
# Should we try to
use TLS to encrypt connections?
‘tls’
=> 0,
# SSL Version to
provide to Net::SSLeay if using SSL
#‘ssl_version’
=> 3,
# What other args
should I pass to Net::LDAP->new($host,@args)?
#‘net_ldap_args’
=> [ version => 3 ],
# Does
authentication depend on group membership? What group name?
#‘group’
=> ‘GROUP_NAME’,
# What is the
attribute for the group object that determines membership?
#‘group_attr’
=> ‘GROUP_ATTR’,
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
# This example
shows what you can specify… I recommend reducing this
# to just the Name
and EmailAddress to save encountering problems later.
‘attr_match_list’
=> [ ‘Name’,
'EmailAddress',
'RealName',
],
# The mapping of RT
attributes on to LDAP attributes
‘attr_map’
=> { ‘Name’ => ‘cn’,
'RealName' => 'cn',
'ExternalAuthId' => 'cn',
'Gecos' => 'cn',
'NickName' =>
‘carthageNameID’,
‘EmailAddress’ => ‘mail’,
}
},
}
);
1;
Thanks!
Max
Max McGrath
Network Administrator
Carthage College
262-552-5512
mmcgrath@carthage.eduOn Tue, May 29, 2012 at 4:33 PM, Thomas Sibley trs@bestpractical.comwrote:
On 05/29/2012 11:32 AM, Max McGrath wrote:
I sent this same question out last week with now response – I’m trying
again!
[snip]
Am I missing anything?
Yes, my coworker Ruslan’s response to your original mail yesterday
asking for your full config.