Experience hooking RT3 to MS-Exchange2000/Active Directory/LDAP?

Hi,

Does anybody out here has experience hooking RT3
to sync its database with MS-Exchange2000, or Active Directory.

I’m looking for RT3 to get its user login & password
from a windows 2000 machine.
I kind of see that you need to go through LDAP.
However when I use the LDAP Browser
( http://www.iit.edu/~gawojar/ldap/index.html )
I need to authentify myself with a username and a password
to have access to the list of users.

Has anybody successfully synced RT3 with Exchange/Active Directory ?

I’ve downloaded LDAP.pm and installed, but was not able
to modify it to use non-anymous binding

my $mesg = $ldap->bind();

bind to a directory with dn and password

my $mesg = $ldap->bind( “DC=company, DC=com”, password => “secret” );

but it still does not work:

[Thu Jun 26 23:31:36 2003] [debug]: LookupLdapUserInfo: Entered with:
Name = gilles
Address = gilles
RealName = gilles
Found = 0
(/home/rt/rt3/local/lib/RT/Interface/Email/Auth/LDAP.pm:141)
[Thu Jun 26 23:31:36 2003] [critical]: LookupLdapUserInfo: Cannot bind
anonymously to LDAP: 49
(/home/rt/rt3/local/lib/RT/Interface/Email/Auth/LDAP.pm:170)
[Thu Jun 26 23:31:36 2003] [notice]: Sender’s email address and name were not
found in LDAP. (/home/rt/rt3/local/lib/RT/Inter
face/Email/Auth/LDAP.pm:36)
[Thu Jun 26 23:31:37 2003] [error]: RT could not load a valid user, and RT’s
configuration does not allow
for the creation of a new user for your email.

Any suggestions ?

That configuration (LDAP to an exchange server) should be pretty common.

Thanks,

Gilles-Eric DESCAMPS
"sed quis custodiet ipsos custodes ?"

I’m looking for RT3 to get its user login & password
from a windows 2000 machine.

I have successfully introduced Windows integrated authentication
(aka NTLM single sign-on) to RT a while ago, using this setup in
Apache2’s httpd.conf:

LoadModule sspi_auth_module modules/mod_auth_sspi.so

# change "/rt3/" to whatever your RT base URL path is
<LocationMatch "/rt3/">
AuthName "RT"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SetHandler perl-script
PerlHandler RT::Mason
</LocationMatch>

The SSPI authentication module is available at:
http://www.syneapps.com/software/mod_auth_sspi/

I believe Apache1 can use mod_ntlm too, although I’ve never tested it:
http://www.syneapps.com/software/mod_ntlm/

You also need to put these two lines in RT_SiteConfig.pm:

Set( $WebExternalAuth, 1 );
Set( $WebExternalAuto, 1 );

Hope that helps. :slight_smile:

Thanks,
/Autrijus/

Do you want the config for Apache or for RT3?
Do you have Apache 1.03 or Apache 2?

I set up the LDAP authentication from my RT3 Server running with Apache
1.03 to an Active Directory.

And here my problems:

  1. The only problem is webfallbackauth, so I cannot log in as root in RT
    with webexternalauth.

  2. I also configured the automatic creation of the user, but I would be
    interesting to have also the user detils, for example the mail adress,
    so that not another account is created when this user sends a mail.

Thanks for help

SamuelFrom: Autrijus Tang [mailto:autrijus@autrijus.org]
Sent: Friday,27 June,2003 07:09
To: Gilles-Eric Descamps
Cc: rt-users@lists.fsck.com
Subject: Re: [rt-users] Experience hooking RT3 to MS-Exchange2000/Active
Directory/LDAP ?

Me too. Sorry I wrote it wrong.
RT3 can get authentication from apache.
Apache can get authentication from in many ways from Active directory. I
used LDAP. And it worked.

What do you exactly need?

Do someone have some scripts for LDAP working on RT3?
It would be interesting if some RT3 picks imformation through LDAP about
new user, that means mail and so on…

SamuelFrom: Gilles-Eric Descamps [mailto:ged@azulsystems.com]
Sent: Friday,27 June,2003 18:35
To: Senoner Samuel
Subject: RE: [rt-users] Experience hooking RT3 to MS-Exchange2000/Active
Directory/LDAP ?

I’ve apache 1.3.27 (latest of the 1.3.xxx)

From: Senoner Samuel [mailto:Samuel.Senoner@eurac.edu]
Sent: Friday, June 27, 2003 12:52 AM
To: Gilles-Eric Descamps
Cc: rt-users@lists.fsck.com
Subject: RE: [rt-users] Experience hooking RT3 to MS-Exchange2000/Active
Directory/LDAP ?

Do you want the config for Apache or for RT3?
Do you have Apache 1.03 or Apache 2?

I set up the LDAP authentication from my RT3 Server running with Apache
1.03 to an Active Directory.

And here my problems:

  1. The only problem is webfallbackauth, so I cannot log in as root in RT
    with webexternalauth.

  2. I also configured the automatic creation of the user, but I would be
    interesting to have also the user detils, for example the mail adress,
    so that not another account is created when this user sends a mail.

Thanks for help

Samuel

From: Autrijus Tang [mailto:autrijus@autrijus.org]
Sent: Friday,27 June,2003 07:09
To: Gilles-Eric Descamps
Cc: rt-users@lists.fsck.com
Subject: Re: [rt-users] Experience hooking RT3 to MS-Exchange2000/Active
Directory/LDAP ?

Senoner Samuel wrote:

Do you want the config for Apache or for RT3?
Do you have Apache 1.03 or Apache 2?

I set up the LDAP authentication from my RT3 Server running with Apache
1.03 to an Active Directory.

And here my problems:

  1. The only problem is webfallbackauth, so I cannot log in as root in RT
    with webexternalauth.

<Location /rt3>
AuthType Basic
AuthName "Request Tracker"
AuthUserFile /etc/…
AuthAuthoritative off

 AuthLDAPURL "ldap://..."
 AuthLDAPBindDN "..."
 AuthLDAPBindPassword "..."
 AuthLDAPAuthoritative off
 require valid-user
 ...

root is defined in the AuthUserFile, all other users are authenticated
via ldap.

  1. I also configured the automatic creation of the user, but I would be
    interesting to have also the user detils, for example the mail adress,
    so that not another account is created when this user sends a mail.
    http://lists.fsck.com/pipermail/rt-users/2003-April/013424.html

ciao, karsten…