Hi,
If anyone can look at my RT_SiteConfig and suggest if I am doing
something wrong. I installed Authen::ExternalAuth and modified UserLocal.pm
I am unable to log in into RT with LDAP Credentials.
Error Log says. _GetBoundObj: Invalid Credentials.
Any configuration directives you include here will override
RT’s default configuration file, RT_Config.pm
To include a directive here, just copy the equivalent statement
from RT_Config.pm and change the value. We’ve included a single
sample value below.
This file is actually a perl module, so you can include valid
perl code, as well.
The converse is also true, if this file isn’t valid perl, you’re
going to run into trouble. To check your SiteConfig file, use
this comamnd:
perl -c /path/to/your/etc/RT_SiteConfig.pm
Set($WebBaseURL,‘http://10.10.10.10:443’); Set($WebPath,‘’);
Set($DatabaseName, ‘rt3’); Set($DatabaseType, ‘mysql’);
Set($DatbaseUser, ‘rt_user’); Set($DatabasePassword, ‘pass’);
Set($rtname,‘Ticket’); Set($Organization,“http://www.midcontinent.com”);
#Set(@Plugins,(qw(Extension::QuickDelete)));
#Set(@Plguins,(qw(RT::FM)));
Set(@Plugins,(qw(RT::Authen::ExternalAuth)));
#Set($LogToFileNamedl, “rt.log”);
#Set($LogToFile, ‘debug’);
Set($CorrespondAddress, ‘rt-its@midcontinent.com’);
Set($CommentAddress, ‘rt-comment@midcontinent.com’);
@MailCommand , ‘sendmailpipe’;
$SendMailArguments = “-oi -t”;
$SendmailPath = “/usr/sbin/sendmail”;
$SenderMustExistInExternaDatabase = undef;
#Set($MailCommand, ‘sendmail’);
#Set($SendMailArguments, “-bm --rt-its@midcontinent.com”);
#Set($SendmailPath, “/usr/sbin/exim4”);
Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);
Set($Timezone, ‘US/Central’);
$WebURL = $WebBaseURL . $WebPath . “/”;
#Set($WebExternalAuth, 1);
#Set($WebFallbackToInternalAuth, true);
should be used to get information about users. This includes
RealName, Tel numbers etc, but also whether or not the user
Should be considered disabled.
Once user info is found, no more services are checked.
Set ($ExternalAuthPriority, [‘My_LDAP’]);
Set ($ExternalInfoPriority, [‘My_LDAP’]);
#Set ($ExternalServiceUsesSSLorTLS, 1);
#If this is set true, then the relevant packages will
#be loaded to use SSL/TLS connections. At the moment,
this just means “use Net::SSLeay;”
Set ($AutoCreateNonExternalUsers, 1);
#These are full settings for each external service as a HashOfHashes
Note that you may have as many external services as you wish. They will
#be checked in the order specified in the Priority directives above.
e.g .
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalSettings, {
‘My_LDAP’ =>
{
GENERIC SECTION
The type of service (db/ldap/cookie)
‘type’ => ‘ldap’,
‘server’ => ‘10.10.10.10’,
‘port’ => ‘389’,
Should the service be used for authentication?
‘auth’ => 1,
Should the service be used for information?
‘info’ => 1,
The server hosting the service
#‘server’ => ‘server.midcontinent.local’,
SERVICE-SPECIFIC SECTION
If you can bind to your LDAP server anonymously you should
#remove the user and pass config lines, otherwise specify them here:
The username RT should be used to connect to the LDAP server
‘user’ => ‘CN=rmc, ou=users, ou=midcontinent, ou=local’,
The password RT should use to connect to the LDAP server
‘pass’ => ‘temporarypassword’,
The LDAP search base
‘base’ => ‘dc=server dc=midcontinent, dc=local’,
The filter to use to match RT-Users
#‘filter’ => ‘(uid=*)’,
‘filter’ => ‘(objectclass = Person)’,
The filter that will only match disable users
#‘d_filter’ => ‘(objectClass=pwdPolicy)’,
‘d_filter’ => ‘(userAccountControl : 1.2.840.113556.1.4.803:=2)’,
#‘d_filter’ => ‘(&(objectCategory=person)
(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))’,
Should we try to use TLS to encrypt connections?
‘tls’ => 1,
‘ssl_version’ => 3,
What other args should I pass to Net::LDAP->new($host, @args)?
‘net_ldap_args’ => [version => 3],
Does authentication depend on group membership? What group name?
#‘group’ =>‘’,
#what is the attribute for the group object that determines membership?
#‘group_attr’ => ‘’,
RT ATTRIBUTE MATCHING SECTION
#The list of RT attributes that uniquely identify a user
‘attr_match_list’ => [‘Name’,‘Email Address’],
The mapping of RT attributes on to LDAP attributes
#‘attr_map’ => {‘Name’ => ‘uid’, ‘EmailAddress’ => ‘mail’}
‘attr_map’ => {‘Name’ => ‘sAMAaccountName’,‘EmailAddress’ =>
‘mail’,‘Organization’ => ‘physicalDeliveryOfficeName’,‘RealName’ =>
‘cn’,‘EternalAuthId’=> ‘sAMAccountname’,
‘Gecos’ => ‘sAMAccountName’,‘WorkPhone’ => ‘telephoneNumber’,‘Address1’
=> ‘streetAddress’,‘City’ => ‘1’,‘State’ => ‘st’,‘Zip’ =>
‘postalCode’,‘Country’ => ‘co’
}
}
}
);
1;