Chaim Rieger wrote:
Navin Chandra Singh wrote:
Dear All,
I am attaching my RT_SiteConfig.pm for your reference.
can you please post the relevant lines of your SiteConfig,
LDAP Settings
There are two different branches of this: LdapAuth* and LdapInfo*;
additionally, most of the old Ldap* variables are honored, too.
This means if you only have one LDAP server/config you can just set
“LdapServer”, “LdapUser”, etc. and they will be used for both
authentication and information
Enable/Disable LDAP services
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Common Settings: affecting both auth and info services
Should we create accounts for users who aren’t in LDAP?
Set($LdapAutoCreateNonLdapUsers, 1);
Map RT attributes to LDAP attributes
THE MAPPING BELOW WILL NOT WORK FOR YOU UNLESS YOU CHANGE
IT TO MATCH YOUR LDAP SCHEMA! See
http://wiki.bestpractical.com/?LdapAttrMap
to learn how to set this variable properly for either LDAP or Windows
Active Directory.
Set($LdapAttrMap, {‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘Address2’ => ‘physicalDeliveryOfficeName’}
);
A list of RT attrs which can uniquely identify a user,
ordered from most to least preferred.
Set($LdapRTAttrMatchList, [‘ExternalContactInfoId’, ‘Name’ ]
);# ordered from most to least preferred
Set($LdapEmailAttrMatchList, [‘mail’, ‘mailRoutingAddress’]
);
A list of prefixes to apply to email address matches.
Windows 2003 AD uses prefixes or smtp: or SMTP:.
If not required just leave ‘’
Set($LdapEmailAttrMatchPrefix, [‘’, ‘smtp:’, ‘SMTP:’] );
The basics; if set, these override $RT::LdapAuth* and $RT::LdapInfo*
Set($LdapServer, ‘mail.bgr.ionidea.com’);
Set($LdapBase, ‘o=ionidea.com’);
Set($LdapFilter, ‘(objectclass=*)’);
Windows 2003 Active Directory does not allow anonymous LDAP binding
thus you must pass Net::LDAP a username and password that has
access to read the directory.
You may also need to specify the full distinguished name instead of
just a username for LdapUser below.
e.g. cn=Username,cn=Users,dc=yourdomain,dc=com
#Set($LdapUser, ‘’);
#Set($LdapPass, ‘’);
This filter is used by RT::User::UpdateFromLdap to test whether an
LDAP user’s RT account should be disabled. Any user whose LDAP record
passes this filter (returns true) will be disabled at login
Set($LdapDisableFilter, ‘(employmentStatus=Terminated)’);
If you set these, only members of this group can auth via LDAP
#Set($LdapGroup, ‘cn=RT,ou=Group,dc=example,dc=com’);
#Set($LdapGroupAttr, ‘uniqueMember’);
These turn on SSL for LDAP
#Set($LdapTLS, 0);
#Set($LdapSSLVersion, 3);### Authentication settings
These are used only if their $RT::Ldap* analogs are not set;
if you want one of these variables to be honored, you must comment
out the corresponding $RT::Ldap* variable above
#Set($LdapAuthServer, ‘ldap.example.com’);
#Set($LdapAuthBase, ‘ou=People,dc=example,dc=com’);
#Set($LdapAuthFilter, “(objectclass=posixAccount)”);
#Set($LdapAuthUser, ‘’);
#Set($LdapAuthPass, ‘’);
This filter is used by RT::User::UpdateFromLdap to test whether an
LDAP user’s RT account should be disabled. Any user whose LDAP record
passes this filter (returns true) will be disabled at login
Set($LdapAuthDisableFilter, ‘(employmentStatus=Terminated)’);
If you set these, only members of this group can auth via LDAP
#Set($LdapAuthGroup, ‘cn=RT,ou=Group,dc=example,dc=com’);
#Set($LdapAuthGroupAttr, ‘uniqueMember’);
These turn on SSL for LDAP
#Set($LdapAuthTLS, 0);
#Set($LdapAuthSSLVersion, 3);
Information settings
These are used only if their $RT::Ldap* analogs are not set;
if you want one of these variables to be honored, you must comment
out the corresponding $RT::Ldap* variable above
#Set($LdapInfoServer, ‘ldap.example.com’);
#Set($LdapInfoBase, ‘ou=People,dc=example,dc=com’);
#Set($LdapInfoFilter, “(objectclass=posixAccount)”);
#Set($LdapInfoUser, ‘’);
#Set($LdapInfoPass, ‘’);
This filter is used by RT::User::UpdateFromLdap to test whether an
LDAP user’s RT account should be disabled. Any user whose LDAP record
passes this filter (returns true) will be disabled at login
Set($LdapInfoDisableFilter, ‘(employmentStatus=Terminated)’);
These turn on SSL for LDAP
#Set($LdapInfoTLS, 0);
#Set($LdapInfoSSLVersion, 3);
IF YOU USE THE SAME LDAP SERVER FOR AUTH AND INFO STOP HERE
A list of LDAP attrs to examine when canonicalizing email addresses,
No virus found in this outgoing message.
Checked by ClamAV 0.88/2035/Mon Oct 16 02:12:30 2006
WARNING: Version mismatch. See http://www.clamav.net/faq.html
Tool version: 0.88, Engine version: 0.88.5
Build time: 16 Aug 2006 20-46 +0200
of signatures: 64138