RT External Authen/LDAP import with AD user names as numeric

RT Users
1

Hi,
I am new to RT and installed RT4.05 in Ubuntu 11.10 with RT External
authentication.Active Directory users whose login ID is numeric(say
0001234 which will be their employee id ) cannot log in in RT(user names
not created in RT).
All others whose AD Login ID are alphabet/alphanumeric(like b001) can log
in (user name created in RT).
I tried LDAP import also and it fails fails with messages like
[warning]: Skipping user ‘0003503’, as it is numeric
(/opt/rt4/local/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:969)

Is there any way to authenticate or import users from LDAP without changing
AD user names?

This is my RT External Auth Config file

Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {

                    'type'                  =>  'ldap',
                    'server'                =>  'serverr.domain.com',
                    'user'                  =>

‘cn=RT,ou=ouname,dc=example,dc=com’,
‘pass’ => ‘Welcome123’,
‘base’ => ‘dc=example,dc=com’,

                    'filter'                =>

‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ =>
‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

                    'tls'                   =>  0,

‘ssl_version’ => 3,

                    'net_ldap_args'         => [    version =>  3
],
                   # 'group'                 =>  'cn=RT

Users,dc=sps,dc=co,dc=in’,
# ‘group_attr’ => ‘member’,

                    'attr_match_list'       => [

‘Name’,‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ =>
‘sAMAccountName’,
‘EmailAddress’ =>
‘mail’,
‘Organization’ =>
‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ =>
‘AMAccountName’,
‘Gecos’ =>
‘sAMAccountName’,
‘WorkPhone’ =>
‘telephoneNumber’,
‘Address1’ =>
‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ =>
‘postalCode’,
‘Country’ => ‘co’
}

In RT_Site Config.PM

Set(@Plugins, qw(RT::Authen::ExternalAuth
RTx::Calendar
RT::Extension::JSGantt
RT::Extension::QuickCalls
RT::Extension::SLA
RTx::TicketlistTransactions
RT::Extension::Utils
RTx::WorkflowBuilder
RT::Extension::NotifyOwners));

require
“/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm”;
Set($AutoCreate, {Privileged => 1});

Am i missing something ?

Regards
Murugan

2

I am new to RT and installed RT4.05 in Ubuntu 11.10 with RT External authentication.Active
Directory users whose login ID is numeric(say 0001234 which will be their employee id ) cannot
log in in RT(user names not created in RT).
All others whose AD Login ID are alphabet/alphanumeric(like b001) can log in (user name
created in RT).
I tried LDAP import also and it fails fails with messages like
[warning]: Skipping user ‘0003503’, as it is numeric
(/opt/rt4/local/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:969)

Is there any way to authenticate or import users from LDAP without changing AD user names?

If you search the list archives, you’ll find people who’ve hacked up
RT-Authen-ExternalAuth or LDAPImporter to handle number usernames by
prefixing a string. RT does not allow numeric usernames, so this is a
required workaround. I don’t think we’ve received a patch to make
that feature core in RT-Authen-ExternalAuth or the LDAPImporter.

-kevin

3

Kevin,

If i could Prefix a string,can i use AD authentication ?Can you guide me
with that hack ?thanks in advance

MuruganOn Mon, Mar 26, 2012 at 7:15 PM, Kevin Falcone falcone@bestpractical.comwrote:

On Sat, Mar 24, 2012 at 03:59:27PM +0530, Murugan wrote:

I am new to RT and installed RT4.05 in Ubuntu 11.10 with RT External
authentication.Active
Directory users whose login ID is numeric(say 0001234 which will be
their employee id ) cannot
log in in RT(user names not created in RT).
All others whose AD Login ID are alphabet/alphanumeric(like b001) can
log in (user name
created in RT).
I tried LDAP import also and it fails fails with messages like
[warning]: Skipping user ‘0003503’, as it is numeric

(/opt/rt4/local/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:969)

Is there any way to authenticate or import users from LDAP without
changing AD user names?

If you search the list archives, you’ll find people who’ve hacked up
RT-Authen-ExternalAuth or LDAPImporter to handle number usernames by
prefixing a string. RT does not allow numeric usernames, so this is a
required workaround. I don’t think we’ve received a patch to make
that feature core in RT-Authen-ExternalAuth or the LDAPImporter.

-kevin

This is my RT External Auth Config file

Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {

‘type’ => ‘ldap’,
‘server’ => ‘[1]serverr.domain.com’,
‘user’ => ‘cn=RT,ou=ouname,dc=example,dc=com’,
‘pass’ => ‘Welcome123’,
‘base’ => ‘dc=example,dc=com’,

‘filter’ => ‘(&(ObjectCategory=User)(ObjectClass=Person))’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,

‘tls’ => 0,

‘ssl_version’ => 3,

‘net_ldap_args’ => [ version => 3 ],

‘group’ => ‘cn=RT Users,dc=sps,dc=co,dc=in’,

‘group_attr’ => ‘member’,

‘attr_match_list’ => [ ‘Name’,‘EmailAddress’ ],
‘attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘AMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
}

In RT_Site Config.PM

Set(@Plugins, qw(RT::Authen::ExternalAuth
RTx::Calendar
RT::Extension::JSGantt
RT::Extension::QuickCalls
RT::Extension::SLA
RTx::TicketlistTransactions
RT::Extension::Utils
RTx::WorkflowBuilder
RT::Extension::NotifyOwners));

require
“/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm”;
Set($AutoCreate, {Privileged => 1});

Am i missing something ?

Regards
Murugan

References

Visible links

  1. http://serverr.domain.com/
4

If i could Prefix a string,can i use AD authentication ?Can you guide me with that hack
?thanks in advance

You’ll need to search the mailing list archives, I’ve not configured
RT like this so I’m not sure what you’ll need to do.

-kevin> On Mon, Mar 26, 2012 at 7:15 PM, Kevin Falcone <[1]falcone@bestpractical.com> wrote:

 On Sat, Mar 24, 2012 at 03:59:27PM +0530, Murugan wrote:
 > I am new to RT and installed RT4.05 in Ubuntu 11.10 with RT External authentication.Active
 > Directory users whose login ID is numeric(say 0001234 which will be their employee id )
 cannot
 > log in in RT(user names not created in RT).
 > All others whose AD Login ID are alphabet/alphanumeric(like b001) can log in (user name
 > created in RT).
 > I tried LDAP import also and it fails fails with messages like
 > [warning]: Skipping user '0003503', as it is numeric
 > (/opt/rt4/local/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:969)
 >
 > Is there any way to authenticate or import users from LDAP without changing AD user names?

 If you search the list archives, you'll find people who've hacked up
 RT-Authen-ExternalAuth or LDAPImporter to handle number usernames by
 prefixing a string. RT does not allow numeric usernames, so this is a
 required workaround. I don't think we've received a patch to make
 that feature core in RT-Authen-ExternalAuth or the LDAPImporter.

 -kevin

 > This is my RT External Auth Config file
 >
 > Set($ExternalAuthPriority, [ 'My_LDAP' ] );
 > Set($ExternalInfoPriority, [ 'My_LDAP' ] );
 > Set($ExternalServiceUsesSSLorTLS, 0);
 > Set($AutoCreateNonExternalUsers, 0);
 >
 > Set($ExternalSettings, {
 > 'My_LDAP' => {
 >
 > 'type' => 'ldap',
 > 'server' => '[1][2]serverr.domain.com',
 > 'user' => 'cn=RT,ou=ouname,dc=example,dc=com',
 > 'pass' => 'Welcome123',
 > 'base' => 'dc=example,dc=com',
 >
 > 'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))',
 > 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
 >
 > 'tls' => 0,
 > # 'ssl_version' => 3,
 >
 > 'net_ldap_args' => [ version => 3 ],
 > # 'group' => 'cn=RT Users,dc=sps,dc=co,dc=in',
 > # 'group_attr' => 'member',
 >
 > 'attr_match_list' => [ 'Name','EmailAddress' ],
 > 'attr_map' => { 'Name' => 'sAMAccountName',
 > 'EmailAddress' => 'mail',
 > 'Organization' => 'physicalDeliveryOfficeName',
 > 'RealName' => 'cn',
 > 'ExternalAuthId' => 'AMAccountName',
 > 'Gecos' => 'sAMAccountName',
 > 'WorkPhone' => 'telephoneNumber',
 > 'Address1' => 'streetAddress',
 > 'City' => 'l',
 > 'State' => 'st',
 > 'Zip' => 'postalCode',
 > 'Country' => 'co'
 > }
 >
 > In RT_Site Config.PM
 >
 > Set(@Plugins, qw(RT::Authen::ExternalAuth
 > RTx::Calendar
 > RT::Extension::JSGantt
 > RT::Extension::QuickCalls
 > RT::Extension::SLA
 > RTx::TicketlistTransactions
 > RT::Extension::Utils
 > RTx::WorkflowBuilder
 > RT::Extension::NotifyOwners));
 >
 > require "/opt/rt4/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
 > Set($AutoCreate, {Privileged => 1});
 >
 > Am i missing something ?
 >
 > Regards
 > Murugan
 >
 > References