Import ldap users in RT with RT::Authen::ExternalAuth

Natxo_Asenjo · July 3, 2009, 12:52pm

hi,

yesterday I got RT::Authen::ExternalAuth working (v.0.0.8 I think, the
latest) with rt 3.8.4 and an openldap server. All according to the
README and wiki instructions, thanks for the great extension.

I was wondering if there is a way to import the users from the ldap
server into the rt database before they log in.

Groeten,
J.Asenjo

Mike_Peachey · July 3, 2009, 1:28pm

Fri 03 Jul 2009 13:52:27 GMT
Natxo Asenjo wrote:

hi,

yesterday I got RT::Authen::ExternalAuth working (v.0.0.8 I think, the
latest) with rt 3.8.4 and an openldap server. All according to the
README and wiki instructions, thanks for the great extension.

I was wondering if there is a way to import the users from the ldap
server into the rt database before they log in.

Visit the wiki and you shall find an rt-import-ldap (or is it
rt-ldap-import) script.

http://wiki.bestpractical.com
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England

Natxo_Asenjo · July 3, 2009, 6:30pm

hi,

I found this:

http://www.cpan.org/modules/by-module/RT/RT-Extension-LDAPImport-0.06.tar.gz

and installed it according to the instructions in the README. My RT
installation is also vanilla 3.8.3, so everything is in /opt/rt3

The settings in RT_SiteConfig.pm are:

Set($LDAPHost,‘host.domain.tld’);
Set($LDAPUser, ‘cn=user,dc=domain,dc=tld’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘ou=users,dc=domain,dc=tld’);
Set($LDAPFilter, ‘cn = *’);
Set($LDAPMapping, {Name => ‘uid’,
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘departmentName’});

Set($LDAPGroupName,‘Imported Users’);
Set($LDAPUpdateUsers,1);

The first run wasn’t very sucessful:

Can’t locate RT/Extension/LDAPImport.pm in @INC (@INC contains:
/opt/rt3/local/lib /opt/rt3/lib /etc/perl /usr/local/lib/perl/5.10.0
/usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at
./rtldapimport line 13.

I had to add this path to rtldapimport because it would not find a module:

after: use lib qw(@RT_LIB_PATH@);

use lib qw(/opt/rt3/local/lib /opt/rt3/lib
    /opt/rt3/local/plugins/RT-Extension-LDAPImport/lib);

After that it runs

host:/opt/rt3/local/plugins/RT-Extension-LDAPImport/bin# ./rtldapimport --debug
Starting import
connecting to host.domain.tld
binding as cn=user,dc=domain,dc=tld
searching with base => ‘ou=users,dc=domain,dc=tld’ filter => ‘cn = *’
search found 0 users
No results found, no import
Finished import

But it is incorrect, there are 16 objects in that container:

$ ldapsearch -x -b “ou=users,dc=domain,dc=tld” -h host.domain.tld “(cn=*)” cn
…(lots of output with user dn and cn)

numResponses: 17

numEntries: 16

Am I doing something wrong? maybe the ldap filter in RT_SiteConfig.pm?
Groeten,
J.Asenjo

Gary_Greene1 · July 3, 2009, 7:48pm

hi,

yesterday I got RT::Authen::ExternalAuth working (v.0.0.8 I think, the
latest) with rt 3.8.4 and an openldap server. All according to the
README and wiki instructions, thanks for the great extension.

I was wondering if there is a way to import the users from the ldap
server into the rt database before they log in.

–
Groeten,
J.Asenjo

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

I’ve successfully used RT::Extension::LDAPImport to bring users in, and then
use RT::Authen::ExternalAuth for passwords.

Gary_Greene1 · July 3, 2009, 7:51pm

hi,

I found this:

http://www.cpan.org/modules/by-module/RT/RT-Extension-LDAPImport-0.06.tar.gz

and installed it according to the instructions in the README. My RT
installation is also vanilla 3.8.3, so everything is in /opt/rt3

The settings in RT_SiteConfig.pm are:

Set($LDAPHost,‘host.domain.tld’);
Set($LDAPUser, ‘cn=user,dc=domain,dc=tld’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘ou=users,dc=domain,dc=tld’);
Set($LDAPFilter, ‘cn = *’);
Set($LDAPMapping, {Name => ‘uid’,
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘departmentName’});

Set($LDAPGroupName,‘Imported Users’);
Set($LDAPUpdateUsers,1);

The first run wasn’t very sucessful:

Can’t locate RT/Extension/LDAPImport.pm in @INC (@INC contains:
/opt/rt3/local/lib /opt/rt3/lib /etc/perl /usr/local/lib/perl/5.10.0
/usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at
./rtldapimport line 13.

I had to add this path to rtldapimport because it would not find a module:

after: use lib qw(@RT_LIB_PATH@);
use lib qw(/opt/rt3/local/lib /opt/rt3/lib
    /opt/rt3/local/plugins/RT-Extension-LDAPImport/lib);
After that it runs

host:/opt/rt3/local/plugins/RT-Extension-LDAPImport/bin# ./rtldapimport
–debug
Starting import
connecting to host.domain.tld
binding as cn=user,dc=domain,dc=tld
searching with base => ‘ou=users,dc=domain,dc=tld’ filter => ‘cn = *’
search found 0 users
No results found, no import
Finished import

But it is incorrect, there are 16 objects in that container:

$ ldapsearch -x -b “ou=users,dc=domain,dc=tld” -h host.domain.tld “(cn=*)” cn
…(lots of output with user dn and cn)

numResponses: 17

numEntries: 16

Am I doing something wrong? maybe the ldap filter in RT_SiteConfig.pm?

Your filter is incomplete. Are you using AD or OpenLDAP?

Kevin_Gagel · July 3, 2009, 8:06pm

I’ve successfully used RT::Extension::LDAPImport to bring users in, and then
use RT::Authen::ExternalAuth for passwords.

Is that the only way?

Kevin W. Gagel
Network Administrator
Local 5448
My blog:
http://mail.cnc.bc.ca/blogs/gagel
My shared files:
http://mail.cnc.bc.ca/users/gagel

Gary_Greene1 · July 3, 2009, 8:12pm

— Original message —

I’ve successfully used RT::Extension::LDAPImport to bring users in, and then
use RT::Authen::ExternalAuth for passwords.

Is that the only way?

Kevin W. Gagel
Network Administrator
Local 5448
My blog:
http://mail.cnc.bc.ca/blogs/gagel
My shared files:
http://mail.cnc.bc.ca/users/gagel

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

It¹s not the ONLY way, but it is one way that DOES work. You could write a
script that pulls users from LDAP and then use the REST API to import them.

Natxo_Asenjo · July 3, 2009, 8:15pm

The settings in RT_SiteConfig.pm are:

Set($LDAPHost,‘host.domain.tld’);
Set($LDAPUser, ‘cn=user,dc=domain,dc=tld’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘ou=users,dc=domain,dc=tld’);
Set($LDAPFilter, ‘cn = *’);
Set($LDAPMapping, {Name => ‘uid’,
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘departmentName’});

[knip]

Your filter is incomplete. Are you using AD or OpenLDAP?

openldap. So any tips about how the filter should look like?

TIA,

Natxo

Gary_Greene1 · July 3, 2009, 8:43pm

The settings in RT_SiteConfig.pm are:

Set($LDAPHost,‘host.domain.tld’);
Set($LDAPUser, ‘cn=user,dc=domain,dc=tld’);
Set($LDAPPassword, ‘password’);
Set($LDAPBase, ‘ou=users,dc=domain,dc=tld’);
Set($LDAPFilter, ‘cn = *’);
Set($LDAPMapping, {Name => ‘uid’,
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘departmentName’});

[knip]

Your filter is incomplete. Are you using AD or OpenLDAP?

openldap. So any tips about how the filter should look like?

TIA,

Natxo

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

You’ll likely want to do something like this:

(&(objectClass = person)(uid = *))

Natxo_Asenjo · July 3, 2009, 9:14pm

[knip]

Your filter is incomplete. Are you using AD or OpenLDAP?

openldap. So any tips about how the filter should look like?

You’ll likely want to do something like this:

(&(objectClass = person)(uid = *))

that did the trick. Thanks!

Mike_Peachey · July 6, 2009, 8:58am

Fri 03 Jul 2009 21:12:35 GMT
Gary Greene wrote:> On 7/3/09 1:06 PM, “Kevin Gagel” gagel@cnc.bc.ca wrote:

To be clear… users are imported by ExternalAuth when they log in. The
import scripts are to have them all added at once.
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Kevin_Falcone · July 8, 2009, 4:15pm

Can’t locate RT/Extension/LDAPImport.pm in @INC (@INC contains:
/opt/rt3/local/lib /opt/rt3/lib /etc/perl /usr/local/lib/perl/5.10.0
/usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at
./rtldapimport line 13.

I had to add this path to rtldapimport because it would not find a module:

after: use lib qw(@RT_LIB_PATH@);
use lib qw(/opt/rt3/local/lib /opt/rt3/lib
    /opt/rt3/local/plugins/RT-Extension-LDAPImport/lib);

I suspect this is because you didn’t enable the plugin (otherwise the
plugin lib dir would already be included in @INC)

I’ve released an updated version of the module with improved docs:
4. Edit your /opt/rt3/etc/RT_SiteConfig.pm
Set(@Plugins, qw(RT::Extension::LDAPImport));
or add RT::Extension::LDAPImport to your existing @Plugins line

-kevin