All,
I’m having some LDAP woes with RT. I’ve followed the instructions from
- New Installs - This is a new installation of rt-3.6.3
Here are the instructions I’ve followed:
Installation is very straightforward if you haven’t installed any
previous LDAP auth/info implementations and don’t currently have a
User_Local.pm.
-
Copy the code from LdapUserLocalOverlay
http://wiki.bestpractical.com/index.cgi?LdapUserLocalOverlay into
${RTHOME}/local/lib/RT/User_Local.pm (if it doesn’t exist, create it) -
Copy the config settings from LdapSiteConfigSettings
http://wiki.bestpractical.com/index.cgi?LdapSiteConfigSettings into
${RTHOME}/etc/RT_SiteConfig.pm (I’d put it at the end, but it shouldn’t
matter) -
Customize the configuration settings; pay careful attention to
LdapAttrMap http://wiki.bestpractical.com/index.cgi?LdapAttrMap, which
is a hash reference to map RT’s attributes to the appropriate fields of
your LDAP schema. It’s very unlikely that the LdapAttrMap
http://wiki.bestpractical.com/index.cgi?LdapAttrMap shown in
LdapSiteConfigSettings
http://wiki.bestpractical.com/index.cgi?LdapSiteConfigSettings will
work for you without customization! In particular, ActiveDirectory
http://wiki.bestpractical.com/index.cgi?ActiveDirectory users should
map:
Name => ‘sAMAccountName’
If your LDAP server does not allow anonymous binding, $LdapUser
http://wiki.bestpractical.com/index.cgi?LdapUser and $LdapPass
http://wiki.bestpractical.com/index.cgi?LdapPass should be set to the
appropriate DN and password for intial connection.
-
Optionally, copy the code from LdapAutocreateAuthCallback
http://wiki.bestpractical.com/index.cgi?LdapAutocreateAuthCallback
into ${RTHOME}/local/html/Callbacks/LDAP/autohandler/Auth (most likely
this doesn’t exist, so create it) -
If you haven’t already done so, you will need to install the Perl
Net::LDAP module from CPAN. ( perl -MCPAN -eshell ; install Net::LDAP ). -
Stop your RT instance (e.g., /sbin/service httpd stop ) and
CleanMasonCache
http://wiki.bestpractical.com/index.cgi?CleanMasonCache then start the
web server back up.
Here’s what I’ve done, so far:
I’ve installed Net::LDAP module, set the $AuthMethod for LDAP only -
Internal is disabled. Existing internal users still authenticate.
Added the relevant pieces to /opt/rt3/etc/RT_SiteConfig.pm for LDAP
support from Request Tracker Wiki
Configured the parameters for $LdapServer, $LdapBase, $LdapFilter
Enabled debugging (aware of the passwords getting logged - using a test
account), but that only tells me that it didn’t work. Any way to set
this for more output?
Copied User_Local.pm into /opt/rt3/local/lib
Stopped and restarted Apache after making changes and cleared the
/opt/rt3/var/mason_data/obj/*, as needed.
Sample from rt.log contains:
[Thu Apr 26 22:12:23 2007] [error]: FAILED LOGIN for jsamples from
(/opt/rt3/share/html/autohandler:249)
I can’t see anything from the RT side or the LDAP side;
/var/log/ldap.log shows nothing out of the ordinary; they’re not even
talking to each other from what I can tell.
Relevant software
Web server: Apache 2.0.54
RT version: 3.6.3
Perl version: 5.8.7
OS: Linux
LDAP: OpenLDAP 2.2.28
I’ve been through some of the archives (it’s late in the day), but
haven’t had any luck. Any help or advice is greatly appreciated!
Best regards,
Randy Thompson