Patch to lib/RT/User.pm to use LDAP Authentication. (for rt 2.0.15)

RT Developers
1

Hello,
i was looking at the mailing list and couldn’t find a patch
that just do autehntication, all do authentication plus
information fetch from ldap, so i write my own.

This patch allow to autenticate users using Net::LDAP to
autenticate against ldap using normal auth (not external)

for user information i use the script from contrib called
rtimportldap.pl from Stanislav Sinyagin <ssinyagin_[at]yahoo[dot]_com>
so user information is pushed into RT from crontab every 5 minutes, and
authentication is performed online thanks to this patch. i hope it can
be from use to other people.

you musty add this variables to etc/config.pm inside the RT Package

$LDAPExternalAuth = 1;
$LdapServer=“ldap.domian.com”;
$LdapUser=“CN=ldapuser,CN=Users,DC=domain,DC=com”;
$LdapPass=“ldapasswd”;
$LdapBase=“DC=domain,DC=com”;
$LdapUidAttr=“uid”;
$LdapFilter=“(|(memberOf=CN=WebRT,OU=ACLS,DC=domain,DC=com)(memberOf=CN=WebRT-admin,OU=ACLS,DC=domain,DC=com))”;

please note, this is an ldap from Windows2000 Active Directory.
what i do to control access is:

create a new OU called ACLS, then i create groups called WebRT
,WebRT-admin and some other for authentication then i add the
users to those groups, and using filter i can check if someone had
access to some areas or not, so the ldap schema is something like

dn: CN=Name LastName,OU=Support 1,OU=Main OU,DC=domain,DC=com
memberOf: CN=webrt-admin,OU=ACLS,DC=domain,DC=com
memberOf: CN=other-access-group,OU=ACLS,DC=domain,DC=com
accountExpires: 9223372036854775807
badPasswordTime: 126841869968308180
badPwdCount: 0
codePage: 0
cn: Name LastName
[more lines of AD ldap stuff]

so “memberOf” makes the trick, the only thing will not work (i mean
i had not tested so if didn’t work, don’t blame me) is that the user is
member of a group wich
is member of webrt for example)

the filter used for query ldap is:

(&(&(objectclass=user)(=)))

i had’t tested with an empty LdapFilter.

Please not i wrote this patch in some 2 hours, so bugs must
be there.

P.D.: is there any way to overwrite a built in function with an
external on, so i can write a module to replace IsPassword ?
P.D.2: i’m a new perl programmer so there must be bugs on the code
or line bad writen, this patch also has not been intensive tested.

Marcelo Bartsch
mbartsch@netglobalis.net
www.netglobalis.net

PGP Fingerprint :
877E 3A56 F523 B44A 3260 8F83 8916 E158 6100 F721

User-With-Ldap.diff (2.25 KB)