Good Afternoon,
I have been working to figure this out for a while and I am just not sure
what I am not doing wrong and I am unable to find much information on this
on the web. I am running Request Tracker 3.8.7 on Ubuntu 10.04 with MySQL
5.0.92 and Apache 2.2.14 with mod perl 2.0.4. I have
RT::Authen::ExternalAuth configured and I am able to send an email as a user
and they are then able to log in and view their ticket. However, I would
like to set up some of the users as privileged users as they are the queue
managers but they are not showing in the Configuration/Users screen. I have
Set($AutoCreate, {Privileged => 1}); so I thought I would be able to at
least edit my users, but they are not showing up. My RTSiteConfig.pm is
below with the personal info obscured. If anyone can help that would be
greatly appreciated. Thanks!
April
This file was generated by running “update-rt-siteconfig-3.8”.
While local modifications will not be overwritten without permission,
it is recommended the they are instead placed in
/etc/request-tracker3.8/RT_SiteConfig.d
Note that modifications to the RT_SiteConfig.d directory won’t
take effect until the update command mentioned above is run again.
start /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone
dynamically find out the current timezone
my $zone = “UTC”;
$zone=/bin/cat /etc/timezone
if -f "/etc/timezone";
chomp $zone;
Set($Timezone, $zone);
end /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone
start /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf
THE BASICS:
Set($rtname, ‘tickets’);
Set($Organization, ’ XXXXXX ');
Set($CorrespondAddress , ’ XXXXXX ');
Set($CommentAddress , ’ XXXXXX ');
Set($WebExternalAuth , ‘1’);
Set($WebFallbackToInternalAuth , ‘1’);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , ‘1’);
Set($MaxAttachmentSize , 10000000);
Set($FriendlyFromLineFormat, “"%s" <%s>”);
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
THE WEBSERVER:
Set($WebPath , “/rt”);
Set($WebBaseURL , "http:// XXXXXX ");
end /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf
start /etc/request-tracker3.8/RT_SiteConfig.d/51-dbconfig-common
THE DATABASE:
generated by dbconfig-common
map from dbconfig-common database types to their names as known by RT
my %typemap = (
mysql => 'mysql',
pgsql => 'Pg',
sqlite3 => 'SQLite',
);
Set($DatabaseType, $typemap{mysql} || “UNKNOWN”);
Set($DatabaseHost, ‘localhost’);
Set($DatabasePort, ‘’);
Set($DatabaseUser , ’ XXXXXX ');
Set($DatabasePassword , ’ XXXXXX ');
SQLite needs a special case, since $DatabaseName must be a full pathname
my $dbc_dbname = ‘rtdb’; if ( “mysql” eq “sqlite3” ) { Set ($DatabaseName,
‘’ . ‘/’ . $dbc_dbname); } else { Set ($DatabaseName, $dbc_dbname); }
end /etc/request-tracker3.8/RT_SiteConfig.d/51-dbconfig-common
1;
The order in which the services defined in ExternalSettings
should be used to authenticate users. User is authenticated
if successfully confirmed by any service - no more services
are checked.
Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
The order in which the services defined in ExternalSettings
should be used to get information about users. This includes
RealName, Tel numbers etc, but also whether or not the user
should be considered disabled.
Once user info is found, no more services are checked.
You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
If this is set to true, then the relevant packages will
be loaded to use SSL/TLS connections. At the moment,
this just means “use Net::SSLeay;”
Set($ExternalServiceUsesSSLorTLS, 0);
If this is set to 1, then users should be autocreated by RT
as internal users if they fail to authenticate from an
external service.
Set($AutoCreateNonExternalUsers, 0);
Set($AutoCreate, {Privileged => 1});
These are the full settings for each external service as a HashOfHashes
Note that you may have as many external services as you wish. They will
be checked in the order specified in the Priority directives above.
e.g.
#Set(ExternalAuthPriority,[‘My_LDAP’]);
Set($ExternalSettings, { # AN EXAMPLE LDAP SERVICE
'My_LDAP' => {
‘type’ => ‘ldap’,
‘server’ => ’ XXXXXX ',
‘user’ => ’ XXXXXX ',
‘pass’ => ’ XXXXXX ',
‘base’ => ’ XXXXXX ',
# ALL FILTERS MUST
BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST**
SPECIFY A filter AND A d_filter!!
# The filter to use
to match RT-Users
'filter' =>
‘(&(ObjectCategory=User)(ObjectClass=Person))’,
# The filter that
will only match disabled users
'd_filter'
=> ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
# Does
authentication depend on group membership? What group name?
#‘group’ => ‘cn=Domain
Users,cn=Users,dc=ad,dc=yelpcorp,dc=com’,
# What is the
attribute for the group object that determines membership?
#‘group_attr’ => ‘member’,
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
# This example shows
what you can specify… I recommend reducing this
# to just the Name
and EmailAddress to save encountering problems later.
‘attr_match_list’ => [ ‘EmailAddress’ ],
# The mapping of RT
attributes on to LDAP attributes
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
'Gecos'
=> ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
'Address1'
=> ‘streetAddress’,
‘City’ => ‘l’,
'State' => 'st',
‘Zip’ => ‘postalCode’,
'Country' => 'co'
}
}
}
);
1;