RT::Authen::ExternalAuth cannot find LDAP users if they haven't logged in at least once

Camron_W_Fox1 · January 30, 2012, 1:16am

Alle,

So we've installed RT::Authen::ExternalAuth, but when we try to search

for users to create groups and such, if the user hasn’t logged in to RT
at least once, they cannot be found. Here is the LDAP excerpt from
RT_SiteConfig.PM:

Set(@Plugins, (qw(RT::Authen::ExternalAuth)));
Set($ExternalAuthPriority, [ ‘My_LDAP’
]
);
Set($ExternalInfoPriority, [ ‘My_LDAP’
]
);
Set($ExternalAuthPriority,[‘My_LDAP’]);
Set($ExternalSettings, {
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘admin.subaru.nao.ac.jp’,
‘user’ => ‘cn=Manager,dc=subaru,dc=nao,dc=ac,dc=jp’,
‘pass’ => ‘XXXXX’,
‘base’ => ‘ou=people,dc=subaru,dc=nao,dc=ac,dc=jp’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘(employeeType=locked)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
# ‘group’ => ‘GROUP_NAME’,
# ‘group_attr’ => ‘GROUP_ATTR’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
# ‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘uid’,
‘Gecos’ => ‘gecos’
# ‘WorkPhone’ => ‘telephoneNumber’,
# ‘Address1’ => ‘streetAddress’,
# ‘City’ => ‘l’,
# ‘State’ => ‘st’,
# ‘Zip’ => ‘postalCode’,

				# 'Country' => 'co'
			}
		}

);

We've obviously missed something here, but we've spent the last couple

days searching the docs/wiki/web and playing with RT_SiteConfig.pm but
with no luck.

Best Regards,
Camron

Camron W. Fox
Hilo Office
High Performance Computing Group
Fujitsu Management Services of America, Inc.
E-mail: cwfox@us.fujitsu.com

Bart · January 30, 2012, 10:24am

Hi,

Not sure if that’s possible with ExternalAuth, it automatically creates a
user during login but doesn’t sync the LDAP. (at least, like you I can’t
find an option for it)

You’ll probably need to run something separate from ExternalAuth to import
those users, this plugin might help with that:

RT::Extension::LDAPImport - Import Users from an LDAP store - metacpan.org

– Bart

Op 30 januari 2012 02:16 schreef Camron W. Fox cwfox@us.fujitsu.com het
volgende:

Jim_Lesinski · January 30, 2012, 12:40pm

I have the ldap import plugin running and it does import new users and update existing information based on the options you set in config. You must set up a cron job for this.

Thanks,
Jim LesinskiOn Jan 30, 2012, at 11:24 AM, Bart bart@pleh.info wrote:

Hi,

Not sure if that’s possible with ExternalAuth, it automatically creates a user during login but doesn’t sync the LDAP. (at least, like you I can’t find an option for it)

You’ll probably need to run something separate from ExternalAuth to import those users, this plugin might help with that:
RT::Extension::LDAPImport - Import Users from an LDAP store - metacpan.org

– Bart

Op 30 januari 2012 02:16 schreef Camron W. Fox cwfox@us.fujitsu.com het volgende:
Alle,
   So we've installed RT::Authen::ExternalAuth, but when we try to search
for users to create groups and such, if the user hasn’t logged in to RT
at least once, they cannot be found. Here is the LDAP excerpt from
RT_SiteConfig.PM:

Set(@Plugins, (qw(RT::Authen::ExternalAuth)));
Set($ExternalAuthPriority, [ ‘My_LDAP’
]
);
Set($ExternalInfoPriority, [ ‘My_LDAP’
]
);
Set($ExternalAuthPriority,[‘My_LDAP’]);
Set($ExternalSettings, {
Set($ExternalSettings, {
‘My_LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘admin.subaru.nao.ac.jp’,
‘user’ => ‘cn=Manager,dc=subaru,dc=nao,dc=ac,dc=jp’,
‘pass’ => ‘XXXXX’,
‘base’ => ‘ou=people,dc=subaru,dc=nao,dc=ac,dc=jp’,
‘filter’ => ‘(objectClass=person)’,
‘d_filter’ => ‘(employeeType=locked)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
# ‘group’ => ‘GROUP_NAME’,
# ‘group_attr’ => ‘GROUP_ATTR’,
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’
],
‘attr_map’ => { ‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
# ‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘uid’,
‘Gecos’ => ‘gecos’
# ‘WorkPhone’ => ‘telephoneNumber’,
# ‘Address1’ => ‘streetAddress’,
# ‘City’ => ‘l’,
# ‘State’ => ‘st’,
# ‘Zip’ => ‘postalCode’,
                                   # 'Country' => 'co'
                           }
                   }
);
   We've obviously missed something here, but we've spent the last couple
days searching the docs/wiki/web and playing with RT_SiteConfig.pm but
with no luck.

Best Regards,
Camron

–
Camron W. Fox
Hilo Office
High Performance Computing Group
Fujitsu Management Services of America, Inc.
E-mail: cwfox@us.fujitsu.com

RT Training Sessions (http://bestpractical.com/services/training.html)

Boston March 5 & 6, 2012

RT Training Sessions (http://bestpractical.com/services/training.html)

Boston � March 5 & 6, 2012