LDAP_Overlay Questions

RT Users
1

Hi All,

I have a brand spanking new install of RT 3.4.2 and have the ldap_overlay authenticating against my AD controllers and can log into RT’s web interface just fine (using my AD creds). I do,however, have a couple of issues to nut out:

  1. When the account is auto-created (from the user logging in via the web interface), the email address of the AD user is not populated into RT. Is there a way to do this automatically? The next step is to use the mailgate to enable email, but I wanted to make sure the web side was working first.

  2. If a user is auto-created using the web interface and I check the box in their account that “Lets this user be granted rights”, when the user logs in, they don’t have super-user rights like the root user does. Like they can’t see the queue (just the default general one that’s created), nor can they see the configuration tab. Is there a way to make that user a super-user like the root account?

Thanks for your help

-Stevo

2

Perfect - thanks Iris…

Now onto the harder question below (#1). Does anyone have experience with
this?? I checked my RT_SiteConfig file and I have the following mappings in
place:

$LdapMap = { # map LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

'Name'                => $RT::LdapUidAttr,
'EmailAddress'        => 'mail',
'RealName'            => 'cn',

};

But I’m not getting the EmailAddress or RealName mapping over… just the
username!

Any ideas?

-Steve----- Original Message -----
From: Brookes, Iris
To: Stevo
Sent: Thursday, May 26, 2005 1:51 PM
Subject: RE: [rt-users] LDAP_Overlay Questions

You can set the user to super user thur

Configuration ==> Global ==> User Rights

Regards,

Iris Brookes

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com]On Behalf Of Stevo
Sent: Thursday, May 26, 2005 4:24 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP_Overlay Questions

Hi All,

I have a brand spanking new install of RT 3.4.2 and have the ldap_overlay
authenticating against my AD controllers and can log into RT’s web interface
just fine (using my AD creds). I do,however, have a couple of issues to nut
out:

  1. When the account is auto-created (from the user logging in via the web
    interface), the email address of the AD user is not populated into RT. Is
    there a way to do this automatically? The next step is to use the mailgate
    to enable email, but I wanted to make sure the web side was working first.

  2. If a user is auto-created using the web interface and I check the box in
    their account that “Lets this user be granted rights”, when the user logs
    in, they don’t have super-user rights like the root user does. Like they
    can’t see the queue (just the default general one that’s created), nor can
    they see the configuration tab. Is there a way to make that user a
    super-user like the root account?

Thanks for your help

-Stevo

3

a message of 103 lines which said:

  1. When the account is auto-created (from the user logging in via
    the web interface), the email address of the AD user is not
    populated into RT.

I believe that the LDAP overlay only takes care of authentication and
therefore creates only the minimum attributes.

I copy the LDAP database in the RT base every night to get the other
attributes. (With rtimportldap, that we maintain locally, the original
seems no longer maintained.)

4

Hello Stevo,

For Active Directory, have you tried setting…?
‘RealName’ => ‘displayName’,

I am having problems getting the LDAP Overlay from Mosemann to work
with AD on Windows 2003. I am able to get ldapsearch working with
these settings. I can also get the sample script in Authen::Smb’s man
page working. Unfortunately, RT will not authenticate with LDAP or
SMB.

Since I prefer to get LDAP working, here are those settings…

$LdapServer=“foobar.mydomain.com”; # replaced real domain with mydomain
$LdapUser=“Bind LDAP”; # works w/ ldapsearch command
$LdapPass=“secret”;
$LdapBase=“cn=Users,dc=mydomain,dc=com”;
$LdapUidAttr=“sAMAccountName”; # is this right?
$LdapFilter=“(objectclass=user)”; # works with ldapsearch
$LdapMap = {
‘Name’ => $RT::LdapUidAttr,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘displayName’, # works?
};----- Original Message -----
List: rt-users
Subject: Re: [rt-users] LDAP_Overlay Questions
From: “Stevo” <checkpoint () ozbergs ! com>
Date: 2005-05-26 20:56:36
Message-ID: <00f101c56235$6835c430$6750230a () omneon ! local>
[Download message RAW]

Perfect - thanks Iris…

Now onto the harder question below (#1). Does anyone have experience with
this?? I checked my RT_SiteConfig file and I have the following mappings in
place:

$LdapMap = { # map LDAP attributes to RT3

‘RT user paramater’ => ‘LDAP entry’,

'Name'                => $RT::LdapUidAttr,
'EmailAddress'        => 'mail',
'RealName'            => 'cn',

};

But I’m not getting the EmailAddress or RealName mapping over… just the
username!

Any ideas?

-Steve

----- Original Message -----
From: Brookes, Iris
To: Stevo
Sent: Thursday, May 26, 2005 1:51 PM
Subject: RE: [rt-users] LDAP_Overlay Questions

You can set the user to super user thur

Configuration ==> Global ==> User Rights

Regards,

Iris Brookes

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com]On Behalf Of Stevo
Sent: Thursday, May 26, 2005 4:24 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP_Overlay Questions

Hi All,

I have a brand spanking new install of RT 3.4.2 and have the ldap_overlay
authenticating against my AD controllers and can log into RT’s web interface
just fine (using my AD creds). I do,however, have a couple of issues to nut
out:

  1. When the account is auto-created (from the user logging in via the web
    interface), the email address of the AD user is not populated into RT. Is
    there a way to do this automatically? The next step is to use the mailgate
    to enable email, but I wanted to make sure the web side was working first.

  2. If a user is auto-created using the web interface and I check the box in
    their account that “Lets this user be granted rights”, when the user logs
    in, they don’t have super-user rights like the root user does. Like they
    can’t see the queue (just the default general one that’s created), nor can
    they see the configuration tab. Is there a way to make that user a
    super-user like the root account?

Thanks for your help

-Stevo