LDAP Configuration

Travis_Slusher · April 20, 2016, 12:28pm

Having lots of trouble getting Request Tracker (4.2) hooked up with ExternalAuth for LDAP. I have nginx (1.8.0) working with LDAP so it successfully authenticates to the login page using Active Directory, but it is not passing the username and password to the login page, so the user ends up having to login twice.

Please take a look, this is a huge headache!

Here is my nginx config and my RT_SiteConfig:

nginx config:

For more information on configuration, see:

* Official English Documentation: nginx documentation

* Official Russian Documentation: nginx: документация

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

  auth_ldap_cache_enabled on;
  auth_ldap_cache_expiration_time 10000;
  auth_ldap_cache_size 1000;

  ldap_server acmeLDAP {

    url "ldap://ldapserver:389/OU=Corp,OU=Users,OU=acme,DC=corp,DC=acme,DC=net?sAMAccountName?sub?(objectClass=person)";
    binddn "acme\\appaccount";
    binddn_passwd "password";
    group_attribute member;
    group_attribute_is_dn on;
    satisfy any;
    require valid_user;
}





access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

location ^~ /phpmyadmin/ {
alias /usr/share/phpmyadmin/;

  location ~ \.php$ {
   include fastcgi_params;
   fastcgi_param SCRIPT_FILENAME $request_filename;
   fastcgi_pass  localhost:9000;
  }

index index.php;
}

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
    error_page 403 = @login;
    location @login {
      rewrite ^.* https://secure.example.com/login;
    }
}

server {
listen 80;
auth_ldap “Please enter your ldap user”;
auth_ldap_servers acmeLDAP;

server_name rt.servername.acme.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/rt debug;

location / {

alias /opt/rt4/share/html/;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME ‘’;
fastcgi_param PATH_INFO $uri;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

fastcgi_pass 127.0.0.1:8090;

}

location = /auth {
proxy_pass http://servername/phpmyadmin/phpTest.php;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Origin-URI $request_uri;
proxy_set_header Content-Length ‘0’;
}

}

RT_SiteConfig.pm:

Any configuration directives you include here will override

RT’s default configuration file, RT_Config.pm

To include a directive here, just copy the equivalent statement

from RT_Config.pm and change the value. We’ve included a single

sample value below.

This file is actually a perl module, so you can include valid

perl code, as well.

The converse is also true, if this file isn’t valid perl, you’re

going to run into trouble. To check your SiteConfig file, use

this command:

perl -c /path/to/your/etc/RT_SiteConfig.pm

You must restart your webserver after making changes to this file.

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );

Plugin( “RT::Authen::ExternalAuth” );

You must install Plug/ins on your own, this is only an example, 'Request Tracker Support);

Set($WebPath , “”);
Set($WebBaseURL, “http://rt.servername.acme.com”);
Set($RestrictReferrer, ‘0’);

Set($DatabaseAdmin, ‘root’);

Set($LogoURL, ‘https://bestpractical.com/images/bpslogo.png’);
Set($WebDefaultStylesheet, ‘rudder’);

Set($LogToFile, ‘error’);

Set($SetOutgoingMailFrom, “RT_Tracker@acme.com”);
Set($SMTPFrom, “mail-out.smtp.acme.com”);
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1);

Set($SendmailArguments, “-t”);
Set($MailCommand, “sendmail”);

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );

 Plugin( "RT::Authen::ExternalAuth" );

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [‘acmeLDAP’]);
Set($ExternalInfoPriority, [‘acmeLDAP’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
‘acmeLDAP’ => {
type => ‘ldap’,
server => ‘ldapservername:389’,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘base’ => ‘OU=Corp,OU=Users,OU=acme,DC=corp,DC=acme,DC=net’,
‘filter’ => ‘(objectClass=person)’,
‘user’ => ‘username123’,
‘pass’ => ‘password123’,
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,
},
},
});

Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, ‘acme RT’ );
Set( $CommentAddress, ‘’ );
Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt_database’ );
Set( $DatabasePassword, ‘acme123’ );
Set( $DatabasePort, ‘3306’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘root’ );
Set( $Organization, ‘acme.com’ );
Set( $OwnerEmail, ‘owner@acme.com’ );
Set( $SendmailPath, ‘usr/lib/sendmail’ );
Set( $SendmailArguments, “-t”);
Set( $MailCommand, “sendmail”);
Set( $WebDomain, ‘rt.servername.acme.com’ );
Set( $WebPort, ‘443’ );
Set( $rtname, ‘acme RT’ );

Set(%CustomFieldGroupings,
‘RT::Ticket’ => [
‘Basics’ => [‘Trigger Code’]
]
);
Set($CanonicalizeRedirectURLs, 0);
1;

Lush_Aaron · April 20, 2016, 12:45pm

Set your log to “debug” and then run rt-ldapimport. Please post what your
syslog says concerning RT.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111On Wed, Apr 20, 2016 at 7:28 AM, Travis Slusher zzzz67@hotmail.com wrote:

Having lots of trouble getting Request Tracker (4.2) hooked up with
ExternalAuth for LDAP. I have nginx (1.8.0) working with LDAP so it
successfully authenticates to the login page using Active Directory, but it
is not passing the username and password to the login page, so the user
ends up having to login twice.

Please take a look, this is a huge headache!

Here is my nginx config and my RT_SiteConfig:

nginx config:

For more information on configuration, see:

* Official English Documentation: nginx documentation

* Official Russian Documentation: nginx: документация

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local]
“$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;
  auth_ldap_cache_enabled on;
  auth_ldap_cache_expiration_time 10000;
  auth_ldap_cache_size 1000;

  ldap_server acmeLDAP {

    url
“ldap://ldapserver:389/OU=Corp,OU=Users,OU=acme,DC=corp,DC=acme,DC=net?sAMAccountName?sub?(objectClass=person)”;
binddn “acme\appaccount”;
binddn_passwd “password”;
group_attribute member;
group_attribute_is_dn on;
satisfy any;
require valid_user;
}
access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d
directory.
# See Core functionality
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }
location ^~ /phpmyadmin/ {
alias /usr/share/phpmyadmin/;
  location ~ \.php$ {
   include fastcgi_params;
   fastcgi_param SCRIPT_FILENAME $request_filename;
   fastcgi_pass  localhost:9000;
  }
index index.php;
}
    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
    error_page 403 = @login;
    location @login {
      rewrite ^.* https://secure.example.com/login;
    }
}
server {
listen 80;
auth_ldap “Please enter your ldap user”;
auth_ldap_servers acmeLDAP;

server_name rt.servername.acme.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/rt debug;

location / {

alias /opt/rt4/share/html/;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME ‘’;
fastcgi_param PATH_INFO $uri;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

fastcgi_pass 127.0.0.1:8090;

}

location = /auth {
proxy_pass http://servername/phpmyadmin/phpTest.php;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Origin-URI $request_uri;
proxy_set_header Content-Length ‘0’;
}

}

RT_SiteConfig.pm:

Any configuration directives you include here will override

RT’s default configuration file, RT_Config.pm

To include a directive here, just copy the equivalent statement

from RT_Config.pm and change the value. We’ve included a single

sample value below.

This file is actually a perl module, so you can include valid

perl code, as well.

The converse is also true, if this file isn’t valid perl, you’re

going to run into trouble. To check your SiteConfig file, use

this command:

perl -c /path/to/your/etc/RT_SiteConfig.pm

You must restart your webserver after making changes to this file.

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );

Plugin( “RT::Authen::ExternalAuth” );

You must install Plug/ins on your own, this is only an example, 'Request

Tracker Support);

Set($WebPath , “”);
Set($WebBaseURL, “http://rt.servername.acme.com”);
Set($RestrictReferrer, ‘0’);

Set($DatabaseAdmin, ‘root’);

Set($LogoURL, ‘https://bestpractical.com/images/bpslogo.png’);
Set($WebDefaultStylesheet, ‘rudder’);

Set($LogToFile, ‘error’);

Set($SetOutgoingMailFrom, “RT_Tracker@acme.com”);
Set($SMTPFrom, “mail-out.smtp.acme.com”);
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1);

Set($SendmailArguments, “-t”);
Set($MailCommand, “sendmail”);

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );
 Plugin( "RT::Authen::ExternalAuth" );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [‘acmeLDAP’]);
Set($ExternalInfoPriority, [‘acmeLDAP’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
‘acmeLDAP’ => {
type => ‘ldap’,
server => ‘ldapservername:389’,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘base’ =>
‘OU=Corp,OU=Users,OU=acme,DC=corp,DC=acme,DC=net’,
‘filter’ => ‘(objectClass=person)’,
‘user’ => ‘username123’,
‘pass’ => ‘password123’,
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,
},
},
});

Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, ‘acme RT’ );
Set( $CommentAddress, ‘’ );
Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt_database’ );
Set( $DatabasePassword, ‘acme123’ );
Set( $DatabasePort, ‘3306’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘root’ );
Set( $Organization, ‘acme.com’ );
Set( $OwnerEmail, ‘owner@acme.com’ );
Set( $SendmailPath, ‘usr/lib/sendmail’ );
Set( $SendmailArguments, “-t”);
Set( $MailCommand, “sendmail”);
Set( $WebDomain, ‘rt.servername.acme.com’ );
Set( $WebPort, ‘443’ );
Set( $rtname, ‘acme RT’ );

Set(%CustomFieldGroupings,
‘RT::Ticket’ => [
‘Basics’ => [‘Trigger Code’]
]
);
Set($CanonicalizeRedirectURLs, 0);
1;

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

Washington DC - May 23 & 24, 2016

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Travis_Slusher · April 20, 2016, 3:18pm

Debug mode was successful. What’s my next step?From: Lush, Aaron alush@scentral.k12.in.us
Sent: Wednesday, April 20, 2016 8:45 AM
To: Travis Slusher
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP Configuration

Set your log to “debug” and then run rt-ldapimport. Please post what your syslog says concerning RT.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

Lush_Aaron · April 20, 2016, 3:29pm

Please post all of the recent RT entries in your SYSLOG, after running
rt-ldapimport. This should provide some insight into where your
ExternalAuth is failing.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111On Wed, Apr 20, 2016 at 10:18 AM, t s zzzz67@hotmail.com wrote:

Debug mode was successful. What’s my next step?

From: Lush, Aaron alush@scentral.k12.in.us
Sent: Wednesday, April 20, 2016 8:45 AM
To: Travis Slusher
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP Configuration

Set your log to “debug” and then run rt-ldapimport. Please post what your
syslog says concerning RT.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111

On Wed, Apr 20, 2016 at 7:28 AM, Travis Slusher zzzz67@hotmail.com wrote:
Having lots of trouble getting Request Tracker (4.2) hooked up with
ExternalAuth for LDAP. I have nginx (1.8.0) working with LDAP so it
successfully authenticates to the login page using Active Directory, but it
is not passing the username and password to the login page, so the user
ends up having to login twice.

Please take a look, this is a huge headache!

Here is my nginx config and my RT_SiteConfig:

nginx config:

For more information on configuration, see:

* Official English Documentation: nginx documentation

* Official Russian Documentation: nginx: документация

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local]
“$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;
  auth_ldap_cache_enabled on;
  auth_ldap_cache_expiration_time 10000;
  auth_ldap_cache_size 1000;

  ldap_server acmeLDAP {

    url
“ldap://ldapserver:389/OU=Corp,OU=Users,OU=acme,DC=corp,DC=acme,DC=net?sAMAccountName?sub?(objectClass=person)”;
binddn “acme\appaccount”;
binddn_passwd “password”;
group_attribute member;
group_attribute_is_dn on;
satisfy any;
require valid_user;
}
access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d
directory.
# See Core functionality
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }
location ^~ /phpmyadmin/ {
alias /usr/share/phpmyadmin/;
  location ~ \.php$ {
   include fastcgi_params;
   fastcgi_param SCRIPT_FILENAME $request_filename;
   fastcgi_pass  localhost:9000;
  }
index index.php;
}
    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
    error_page 403 = @login;
    location @login {
      rewrite ^.* https://secure.example.com/login;
    }
}
server {
listen 80;
auth_ldap “Please enter your ldap user”;
auth_ldap_servers acmeLDAP;

server_name rt.servername.acme.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/rt debug;

location / {

alias /opt/rt4/share/html/;

fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;

fastcgi_param SCRIPT_NAME ‘’;
fastcgi_param PATH_INFO $uri;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;

fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;

fastcgi_pass 127.0.0.1:8090;

}

location = /auth {
proxy_pass http://servername/phpmyadmin/phpTest.php;
proxy_pass_request_body off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Origin-URI $request_uri;
proxy_set_header Content-Length ‘0’;
}

}

RT_SiteConfig.pm:

Any configuration directives you include here will override

RT’s default configuration file, RT_Config.pm

To include a directive here, just copy the equivalent statement

from RT_Config.pm and change the value. We’ve included a single

sample value below.

This file is actually a perl module, so you can include valid

perl code, as well.

The converse is also true, if this file isn’t valid perl, you’re

going to run into trouble. To check your SiteConfig file, use

this command:

perl -c /path/to/your/etc/RT_SiteConfig.pm

You must restart your webserver after making changes to this file.

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );

Plugin( “RT::Authen::ExternalAuth” );

You must install Plug/ins on your own, this is only an example,

'Request Tracker Support);

Set($WebPath , “”);
Set($WebBaseURL, “http://rt.servername.acme.com”);
Set($RestrictReferrer, ‘0’);

Set($DatabaseAdmin, ‘root’);

Set($LogoURL, ‘https://bestpractical.com/images/bpslogo.png’);
Set($WebDefaultStylesheet, ‘rudder’);

Set($LogToFile, ‘error’);

Set($SetOutgoingMailFrom, “RT_Tracker@acme.com”);
Set($SMTPFrom, “mail-out.smtp.acme.com”);
Set($ParseNewMessageForTicketCcs, 1);
Set($HomePageRefreshInterval, 120);
Set($NotifyActor,1);

Set($SendmailArguments, “-t”);
Set($MailCommand, “sendmail”);

of the correct syntax to use when activating them:

Plugin( “RT::Extension::SLA” );
 Plugin( "RT::Authen::ExternalAuth" );
Set( @Plugins, qw(RT::Authen::ExternalAuth) );

Set($ExternalAuthPriority, [‘acmeLDAP’]);
Set($ExternalInfoPriority, [‘acmeLDAP’]);
Set($UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
‘acmeLDAP’ => {
type => ‘ldap’,
server => ‘ldapservername:389’,
‘attr_match_list’ => [
‘Name’,
‘EmailAddress’,
],
‘base’ =>
‘OU=Corp,OU=Users,OU=acme,DC=corp,DC=acme,DC=net’,
‘filter’ => ‘(objectClass=person)’,
‘user’ => ‘username123’,
‘pass’ => ‘password123’,
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,
},
},
});

Set($WebRemoteuserAuth,1);
Set($WebRemoteUserContinuous,1);
Set($WebFallbackToRTLogin, undef);
Set($WebRemoteUserGecos,1);
Set($WebRemoteUserAutocreate,1);

Set( $rtname, ‘acme RT’ );
Set( $CommentAddress, ‘’ );
Set( $CorrespondAddress, ‘’ );
Set( $DatabaseHost, ‘localhost’ );
Set( $DatabaseName, ‘rt_database’ );
Set( $DatabasePassword, ‘acme123’ );
Set( $DatabasePort, ‘3306’ );
Set( $DatabaseType, ‘mysql’ );
Set( $DatabaseUser, ‘root’ );
Set( $Organization, ‘acme.com’ );
Set( $OwnerEmail, ‘owner@acme.com’ );
Set( $SendmailPath, ‘usr/lib/sendmail’ );
Set( $SendmailArguments, “-t”);
Set( $MailCommand, “sendmail”);
Set( $WebDomain, ‘rt.servername.acme.com’ );
Set( $WebPort, ‘443’ );
Set( $rtname, ‘acme RT’ );

Set(%CustomFieldGroupings,
‘RT::Ticket’ => [
‘Basics’ => [‘Trigger Code’]
]
);
Set($CanonicalizeRedirectURLs, 0);
1;

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

Washington DC - May 23 & 24, 2016
Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Email Confidentiality Notice: This email message, including all
attachments, is for the sole use of the intended recipient(s) and contains
confidential information. If you are not the intended recipient, you may
not use, disclose, print, copy or disseminate this information. Please
reply and notify the sender, delete the message and any attachments and
destroy all copies.

Travis_Slusher · April 20, 2016, 4:05pm

Thanks for your help. I changed my ExternalAuth SiteConfig settings to match the LDAPImport settings, and that worked!

Now I’m logging the regular RT login page using my Windows Login. Is there any way to read the login in from IE (or nginx) and bypass the login screen, or is that an IIS feature?From: Lush, Aaron alush@scentral.k12.in.us
Sent: Wednesday, April 20, 2016 11:29 AM
To: t s
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] LDAP Configuration

Please post all of the recent RT entries in your SYSLOG, after running rt-ldapimport. This should provide some insight into where your ExternalAuth is failing.

Sincerely,

Aaron Lush
Network Administrator
South Central Community School Corporation
(219) 767-2266 ext. 1111