I’ll try Ken’s tip and let you know the results.
Gary,
Thanks. I’ll look that over. We use LDAP as well, so this might make it all
easier. Thanks.
Kenn
LBNL
On 1/14/2010 12:17 PM, Gary Greene wrote:
Why bother with that, when you just need to change the attribute you’re
using for the account name. Here’s a sanitized version of my
RT_SiteConfig.pm
Any configuration directives you include here will override
RT’s default configuration file, RT_Config.pm
To include a directive here, just copy the equivalent statement
from RT_Config.pm and change the value. We’ve included a single
sample value below.
This file is actually a Perl module, so you can include valid
Perl code, as well.
The converse is also true, if this file isn’t valid Perl, you’re
going to run into trouble. To check your SiteConfig file, use
this command:
perl -c /path/to/your/etc/RT_SiteConfig.pm
Set($rtname, ‘minervanetworks.com’);
Set($Organization, “minervanetworks.com”);
Set($Timezone, ‘US/Pacific’);
Set($WebPath, “/rt3”);
Set($WebPort, 443);
Set($WebDomain, ‘rt.minervanetworks.com’);
Set($WebBaseURL, ‘https://’ . RT->Config->Get(‘WebDomain’) . ‘:’ .
RT->Config->Get(‘WebPort’));
Set($WebURL, RT->Config->Get(‘WebBaseURL’) . RT->Config->Get(‘WebPath’) .
“/”);
Set($WebImagesURL, RT->Config->Get(‘WebPath’) . “/NoAuth/images/”);
Set($WebImagesURL , $WebPath . “/images/”); # need this for below
Set($LogoURL, “https://rt.minervanetworks.com/Home_Logo.jpg”);
Set($LogoLinkURL, ‘https://www.minervanetworks.com/’);
Set($LogoAltText, “Minerva Networks”);
Set($AutoLogoff, 30);
Set($EnableReminders,1);
Set($LogToSyslog, ‘info’);
Set($LogDir, ‘/var/log’);
Set($LogToFileNamed, “rt.log”);
Set($LogToFile, ‘info’);
Set($NotifyActor, 1);
Set($OwnerEmail , ‘XXXXXXXX@minervanetworks.com’);
Set(@Plugins, qw(RT::Authen::ExternalAuth RT::FM));
Set($LDAPHost, ‘HOSTNAME.DOMAIN.TLD’);
Set($LDAPUser, ‘cn=BINDUSER,dc=DOMAIN,dc=TLD’);
Set($LDAPPassword, ‘PASSWORD’);
Set($LDAPBase, ‘dc=minervanetworks,dc=com’);
Set($LDAPFilter, ‘(&(objectClass=user))’);
Set($LDAPMapping, {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
);
Set($LDAPGroupName,‘Employees’);
Set($LDAPUpdateUsers,1);
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [‘My_LDAP’]);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set(
$ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘auth’ => 1,
‘info’ => 1,
‘server’ => ‘HOSTNAME.DOMAIN.TLD’,
‘user’ => ‘cn=BINDUSER,dc=DOMAIN,dc=TLD’,
‘pass’ => ‘PASSWORD’,
‘base’ => ‘dc=DOMAIN,dc=TLD’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [ ‘Name’, ‘EmailAddress’, ‘RealName’ ],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}
}
}
);
1;
On 1/14/10 11:49 AM, “Ken Crocker” kfcrocker@lbl.gov wrote:
LB,
This would be REALLY help for me. I’ve been doing this one user at a
time whenever I get some frre time (which isn’t ofetn). I’d love a copy
of your code. Thanks.
Kenn
LBNL
On 1/14/2010 10:34 AM, L B wrote:
I’m going to think about it, but the problem I see it that email
addresses might not be unique (I mean we can have two AD accounts with
the same email address).
I have already done a script to mass-rename email addresses to AD
logins, because we use AD authentication for a long time and we wanted
to make the users use their AD login instead of their email address.
This script is not linked to the plugin, but I think it might be
useful for some admins. I can upload it on the wiki or maybe it can be
part of an “extras” directory in the plugin package. I have to cleanup
my code and make it generic, but it does the job, I already applied it
successfully on many RT instances.
Don’t you think
http://www.zanfur.com/rt3-contrib/AutoCreateFromExternalUserInfo/CurrentUser_
Local.pm
but using RT-Authen-ExternalAuth variables could do the on-the-fly job
? Maybe with some stuff to check duplicates etc…
If you think it doesn’t, can you or Mike point me into the good
direction to (try to) develop it ?
Thanks !
The rt-users Archives
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com
2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 & 23
Dublin, Ireland - Mar 15 & 16
Boston, MA, USA - April 5 & 6
Washington DC, USA - Oct 25 & 26
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
L.B.