I’m trying to set up a basic LDAP auth using RT::Authen::ExternalAuth in RT 4.4.3.
I have used the documentation as a guide, and also added Plugin( "RT::Authen::ExternalAuth" ); to enable the extension.
But it just doesnt work, just saying invalid creds. Is there some way I can enable logging to see what the ldap error is?
For what its worth, i tried using the rt-ldapimport test with the ldapimport code and this worked perfectly. I just cant get the externalauth to work.
RT::Authen::ExternalAuth was cored RT 4.4 so you shouldn’t have the Plugin line in your RT_SiteConfig file:
https://docs.bestpractical.com/rt/4.4.0/UPGRADING-4.4.html
Users of the existing RT::Authen::ExternalAuth extension should remove
RT::Authen::ExternalAuthfrom the plugins list, and addSet($ExternalAuth, 1);to the RT_SiteConfig.pm file. Please also remove local/plugins/RT-Authen-ExternalAuth from your RT installation.
Awesome! thanks heaps. That was my problem.
This was a fresh install, so I hadnt read the upgrade documentation you pointed out. Would be great if the RT:Authen::ExternalAuth documentation could be updated to include the step for enabling external auth using the $ExternalAuth, 1 setting.
Heres another question -
Is it possible to do LDAPS over port 636 using RT::Authen::ExternalAuth?
I see theres an option for specifying TLS certificate, but is that TLS over 389? Can you specify the port somehow?
RT uses Net::LDAP to connect to LDAP:
You can provide the port value in the RT net_ldap_args values.
legend, thanks again!
Got it to work with ldaps, but it took me a while of reading the net::ldap cpan help to work it out. Would be excellent if you could include the scheme and port options in the RT documentation as it would have saved me a bit of time. You also need to install the Net::LDAP cpan dependency as it is not included by default. Install with cpan -i Net::LDAP (Case sensitive)
Heres my config incase someone else needs it -
Set( $ExternalAuth, 1);
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set( $ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldap hostname.com',
'user' => 'ldap auth username',
'pass' => 'ldap auth password',
'base' => 'CN=Users,DC=domain,DC=com',
'filter' => '(objectClass=*)',
'tls' => { verify => "require", capath => "/path/to/cert" },
'net_ldap_args' => [ version => 3,
scheme => ldaps,
port => 636
],
'attr_match_list' => [
'Name',
'EmailAddress',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
} );