Chaim Rieger wrote:
Bill Gurley wrote:
I recently set up a new Centos 4.2 machine and installed rt with the
rpm-install found here:
Request Tracker Wiki
very smooth install, and it worked great with normal rt-internal
authentication. But I wanted to set up ldap authentication using this
overlay and procedure:
Request Tracker Wiki
But I never could get the overlay to work. After spending several
days on this, I’ve decided that there is something wrong with my rt
installation that’s preventing the overlay from working. Or maybe I
didn’t install it correctly. (The file paths in the Centos
rpm-install are very different from other rt installations.)
I’m going to start over with ubuntu 5.10 and rt installed from
apt-get. But I’m more comfortable with Redhat-ish distributions. Has
anyone else tried to do ldap-auth overlay with the CentOS rpm install?
can you please post the ldap lines from your siteconfig.pm, i’ve used
ldap overlay many times never had too much of an issue.
Chaim:
It seems that this rt system is not even calling the ldap code, but as
you requested, below are the ldap lines from my Site_Config.pm file.
The ldap server is internal to the rt machine, so I did no edits below
the line “### IF YOU USE THE SAME LDAP SERVER FOR AUTH AND INFO STOP
HERE ###”.
My rt log does not mention anything about ldap. The only thing in the
log are lines “FAILED LOGIN for…”, which I think is the failure to
login using the internal rt login. Also let me emphasize that users
that I created in the rt internal system DO login just fine.
This Centos rpm install has all of the overlays, Users.pm, Ticket.pm
etc. in /usr/lib/rt/RT, so that is where I placed the User_Local.pm for
the ldap overlay. The RT_SiteConfig.pm file was placed in /etc/rt.
Also note that the original file has the $LdapUser and $LdapPass lines
commented out. I have tried it with these lines active and not active.
I appreciate any suggestions.
What auth methods do you like and in what order?
Set($AuthMethods, [‘LDAP’, ‘Internal’]);
LDAP Settings
There are two different branches of this: LdapAuth* and LdapInfo*;
additionally, most of the old Ldap* variables are honored, too.
This means if you only have one LDAP server/config you can just set
“LdapServer”, “LdapUser”, etc. and they will be used for both
authentication and information
Enable/Disable LDAP services
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Common Settings: affecting both auth and info services
Map RT attributes to LDAP attributes
Set($LdapAttrMap, {‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘ou’,
‘RealName’ => ‘cn’,
‘ExternalContactInfoId’ => ‘dn’,
‘ExternalAuthId’ => ‘uid’,
‘Gecos’ => ‘gecos’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘roomNumber’,
‘Address2’ => ‘physicalDeliveryOfficeName’}
);
A list of RT attrs which can uniquely identify a user,
ordered from most to least preferred.
Set($LdapRTAttrMatchList, [‘ExternalContactInfoId’, ‘Name’,
‘EmailAddress’, ‘RealName’,
‘WorkPhone’, ‘Address2’]
);
A list of LDAP attrs to examine when canonicalizing email addresses,
ordered from most to least preferred
Set($LdapEmailAttrMatchList, [‘mail’, ‘mailRoutingAddress’,
‘mailAlternateAddress’]
);
The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo*
Set($LdapServer, ‘localhost’);
Set($LdapBase, ‘ou=Users,dc=chem,dc=utk,dc=edu’);
Set($LdapFilter, “(objectclass=posixAccount)”);
Set($LdapUser, ‘cn=Manager,ou=Users,dc=chem,dc=utk,dc=edu’);
Set($LdapPass, ‘secret’);
If you set these, only members of this group can auth via LDAP
#Set($LdapGroup, ‘cn=RT,ou=Group,dc=example,dc=com’);
#Set($LdapGroupAttr, ‘uniqueMember’);
These turn on SSL for LDAP
#Set($LdapTLS, 0);
#Set($LdapSSLVersion, 3);
1;
-Bill-
Bill Gurley, Technical Director
Department of Chemistry
Univ. of Tennessee, Knoxville