RT4.4 ExternalAuth & LDAPImport Issues (Solved)

RT Users
1

The problem ended up being with the field ExternalAuthID which I didn’t
realize was removed in 4.4.1.

Removing it from the script corrected the issue and allowed both LDAP
Import and Authentication to work beyond where I was getting stuck.

I’ve included my SiteConfig with the working changes below in case anyone
runs into the same issue. I’ve now moved onto an issue where internal users
aren’t created when ExternalAuth LDAP fails, and LDAP users aren’t created
with Privileged. I have some legwork to do before requesting help with
these new issues though.

Configuration

Set($rtname, ‘test.com’);
Set($Organization, ‘rt.test.com’);
Set($Timezone, ‘US/Pacific’);
Set($WebDomain, ‘rt.test.com’);
Set($WebPort, 443);
Set($WebPath, ‘’);

Set Ticket Database User

Set($DatabaseHost, ‘’);
Set($DatabaseUser, “rt_user”);
#Set($DatabaseUser, “root”);
Set($DatabasePassword, ‘password’);
#Set($DatabasePassword, ‘password’);
Set($DatabaseName, ‘rt4’);
Set($OwnerEmail, ‘rt@test.com’);
Set($DatabaseAdmin, “root”);

Logging

Set($LogToSTDERR, ‘debug’);
Set($LogToFile, ‘debug’);
Set($LogDir, ‘/opt/rt4/var/log/’);
Set($LogToFileNamed, ‘rt.log’);
Set($LogToSyslog, ‘debug’);
Set($LogToScreen, “error”);

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them:

Plugin( “RT::Authen::ExternalAuth” );

#Set( $WebRemoteUserAutocreate, 1);
#Set( $UserAutocreateDefaultsOnLogin, {Privileged => 0}); No way to
differentiate between use for external users and LDAP users, or i’m not
seeing it (Documentation indicates same core config var for both packages
LDAPImport & RemoteWebUser )
#Set( $AutoCreateNonExternalUsers, 1); Isn’t working for Non-LDAP users.

Depreciated:

Set($ExternalAuth, 1); No Longer Needed as ExternalAuth is now set when

External Settings defined.

Set($ExternalAuthPriority, [‘LDAP’]);
Set($ExternalInfoPriority, [‘LDAP’]);

Set($ExternalServiceUsesSSLorTLS, 0);

Set($ExternalSettings, {
‘LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘10.0.2.6’,
‘user’ => ‘ldapreader’,
‘pass’ => ‘password’,
‘base’ => ‘ou=branch,dc=test,dc=local’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’, ‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,
#‘ExternalAuthID’ => ‘sAMAccountName’ - Deprecated 4.4.1
},
#‘group’ => ‘cn=RTUsers’,
‘group_scope’ => ‘sub’,
#‘group_attr’ => ‘memberOf’,
#‘group_attr_value’ => ‘cn=RTUsers,ou=Security
Groups,ou=branch,dc=test,dc=local’

},
} );

##LDAP Configurations
#LDAP Authentication
##LDAP USER IMPORT
Set($LDAPHost, ‘ldap://10.0.2.6’);
Set($LDAPUser, ‘ldapreader’);
Set($LDAPPassword, ‘password’);
Set($LDAPFilter, ‘(&(cn = users))’);

Set($LDAPUpdateUsers, 1);
Set($LDAPCreatePrivileged, 1);

Set($LDAPMapping, {Name => ‘sAMAccountName’, # required
EmailAddress => ‘mail’,
RealName => ‘cn’,
WorkPhone => ‘telephoneNumber’,
Organization => ‘physicalDeliveryOfficeName’,
});

Set($LDAPBase, “ou=branch,dc=test,dc=local”);
Set($LDAPSizeLimit, 1000);

1;