RT4.4 ExternalAuth & LDAPImport Issues

Hi there,

I’ve been attempting to get RT4.4 up and running with LDAP Authentication
and have run across a number of problems trying to isolate the issue. I’m
hoping someone can help me in the right direction to get authentication
working with import. I’ve been approaching the setup in stages, the plan
being Basic Setup first(local root login) -> LDAP Setup -> Mailgate Setup.

I’ll include the SiteConfig below at the bottom, and here’s the problem:

Set($ExternalAuthPriority, [‘LDAP’]);
Set($ExternalInfoPriority, [‘LDAP’]);

*Case (1) *Authentication Fails, User cannot be created, hard internal
error.

Set($ExternalAuthPriority, [‘LDAP’]);
#Set($ExternalInfoPriority, [‘LDAP’]);

Case (2) Authentication Succeeds, User created as Privileged=0, obviously
no Import with Info Commented.

External Settings are set up as such:

Set($ExternalSettings, {
‘LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘192.168.2.6’,
‘user’ => ‘ldapreader’,
‘pass’ => ‘password’,
‘base’ => ‘ou=branch,dc=test,dc=local’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’, ‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
},
#‘group’ => ‘CN=RTUsers,OU=Security
Groups,branch,DC=test,DC=local’,
‘group_scope’ => ‘sub’,
#‘group_attr’ => ‘memberOf’,
#‘group_attr_value’ => ‘cn=RTUsers,ou=Security
Groups,ou=branch,dc=test,dc=local’

},
} );

The log (1)

[26664] [Wed Jul 27 18:02:06 2016] [debug]: Using internal Perl HTML ->
text conversion (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:1454)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: The RTAddressRegexp option is
not set in the config. Not setting this option results in additional SQL
queries to check whether each address belongs to RT or not. It is
especially important to set this option if RT receives emails on addresses
that are not in the database or config.
(/opt/rt4/sbin/…/lib/RT/Config.pm:531)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: Attempting to use external auth
service: LDAP (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: Calling UserExists with
$username (tuser) and $service (LDAP)
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:329)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: UserExists params:
username: tuser , service: LDAP
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:486)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: LDAP Search === Base:
ou=branch,dc=test,dc=local == Filter:
(&(objectClass=)(sAMAccountName=tuser)) == Attrs:
telephoneNumber,sAMAccountName,streetAddress,postalCode,sAMAccountName,cn,co,st,mail,physicalDeliveryOfficeName,sAMAccountName,l
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:516)
[26664] [Wed Jul 27 18:02:06 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/…/lib/RT/User.pm 699 with: Disabled: , EmailAddress: ,
Gecos: tuser, Name: tuser, Privileged:
(/opt/rt4/sbin/…/lib/RT/User.pm:735)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: Attempting to get user info
using this external service: LDAP (/opt/rt4/sbin/…/lib/RT/User.pm:743)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/…/lib/RT/User.pm:752)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: LDAP Search === Base:
ou=branch,dc=test,dc=local == Filter:
(&(objectClass=
)(sAMAccountName=tuser)) == Attrs:
telephoneNumber,sAMAccountName,streetAddress,postalCode,sAMAccountName,cn,co,st,mail,physicalDeliveryOfficeName,sAMAccountName,l
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:404)
[26664] [Wed Jul 27 18:02:06 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Address1: , City:
Geronimo, Country: United States, Disabled: , EmailAddress: tuser@test.com,
ExternalAuthId: tuser, Gecos: tuser, Name: tuser, Organization: ,
Privileged: , RealName: Test User, State: CA, WorkPhone: 111-222-3333 x10,
Zip: 01234 (/opt/rt4/sbin/…/lib/RT/User.pm:811)
[26664] [Wed Jul 27 18:02:06 2016] [warning]: DBD::mysql::st execute
failed: Unknown column ‘ExternalAuthId’ in ‘field list’ at
/usr/local/share/perl/5.18.2/DBIx/SearchBuilder/Handle.pm line 586,
line 755. (/usr/local/share/perl/5.18.2/DBIx/SearchBuilder/Handle.pm:586)
[26664] [Wed Jul 27 18:02:06 2016] [warning]: RT::Handle=HASH(0x9b09a48)
couldn’t execute the query 'INSERT INTO Users (City, Organization,
EmailAddress, Gecos, Created, ExternalAuthId, Creator, LastUpdatedBy,
State, RealName, id, Country, Zip, Address1, Name, Password, WorkPhone,
LastUpdated) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
at /usr/local/share/perl/5.18.2/DBIx/SearchBuilder/Handle.pm line 599,
line 755.
DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0x9b09a48),
“INSERT INTO Users (City, Organization, EmailAddress, Gecos, C”…,
“Geronimo”, undef, "tuser@test.com", “tuser”, “2016-07-27 18:02:06”,
“tuser”, …) called at
/usr/local/share/perl/5.18.2/DBIx/SearchBuilder/Handle.pm line 352
DBIx::SearchBuilder::Handle::Insert(RT::Handle=HASH(0x9b09a48),
“Users”, “City”, “Geronimo”, “Organization”, undef, “EmailAddress”, “tuser@
test.com”, …) called at
/usr/local/share/perl/5.18.2/DBIx/SearchBuilder/Handle/mysql.pm line 36
DBIx::SearchBuilder::Handle::mysql::Insert(RT::Handle=HASH(0x9b09a48),
“Users”, “City”, “Geronimo”, “Organization”, undef, “EmailAddress”, “tuser@
test.com”, …) called at
/usr/local/share/perl/5.18.2/DBIx/SearchBuilder/Record.pm line 1320
DBIx::SearchBuilder::Record::Create(RT::User=HASH(0x9b998c0),
“Organization”, undef, “EmailAddress”, "tuser@test.com", “City”,
“Geronimo”, “Created”, …) called at /opt/rt4/sbin/…/lib/RT/Record.pm
line 317
RT::Record::Create(RT::User=HASH(0x9b998c0), “id”, 65, “State”, “LP”,
“ExternalAuthId”, “tuser”, “Organization”, …) called at
/opt/rt4/sbin/…/lib/RT/User.pm line 187
RT::User::Create(RT::User=HASH(0x9b998c0), “Privileged”, 0, “Name”,
“tuser”, “Gecos”, “tuser”) called at
/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm line 350
RT::Authen::ExternalAuth::DoAuth(HASH(0x9b04988), “tuser”, “password”)
called at /opt/rt4/share/html/Elements/DoAuth line 57
HTML::Mason::Commands::ANON(“pass”, “password”, “next”,
“f32dc9ca801c9ee4f0d23a977b48b74b”, “user”, “tuser”) called at
/usr/local/share/perl/5.18.2/HTML/Mason/Component.pm line 135

HTML::Mason::Component::run(HTML::Mason::Component::FileBased=HASH(0x9b99938),
“pass”, “password”, “next”, “f32dc9ca801c9ee4f0d23a977b48b74b”, “user”,
“tuser”) called at /usr/local/share/perl/5.18.2/HTML/Mason/Request.pm line
1302
eval {…} called at /usr/local/share/perl/5.18.2/HTML/Mason/Request.pm
line 1292
HTML::Mason::Request::comp(undef, undef, “pass”, “password”, “next”,
“f32dc9ca801c9ee4f0d23a977b48b74b”, “user”, “tuser”) called at
/opt/rt4/sbin/…/lib/RT/Interface/Web.pm line 308
RT::Interface::Web::HandleRequest(HASH(0x9b65a78)) called at
/opt/rt4/share/html/autohandler line 53
HTML::Mason::Commands::ANON(“next”,
“f32dc9ca801c9ee4f0d23a977b48b74b”, “user”, “tuser”, “pass”, “password”)
called at /usr/local/share/perl/5.18.2/HTML/Mason/Component.pm line 135

HTML::Mason::Component::run(HTML::Mason::Component::FileBased=HASH(0x9bc4930),
“next”, “f32dc9ca801c9ee4f0d23a977b48b74b”, “user”, “tuser”, “pass”,
“password”) called at /usr/local/share/perl/5.18.2/HTML/Mason/Request.pm
line 1297
eval {…} called at /usr/local/share/perl/5.18.2/HTML/Mason/Request.pm
line 1292
HTML::Mason::Request::comp(undef, undef, undef, “next”,
“f32dc9ca801c9ee4f0d23a977b48b74b”, “user”, “tuser”, “pass”, …) called at
/usr/local/share/perl/5.18.2/HTML/Mason/Request.pm line 481
eval {…} called at /usr/local/share/perl/5.18.2/HTML/Mason/Request.pm
line 481
eval {…} called at /usr/local/share/perl/5.18.2/HTML/Mason/Request.pm
line 433
HTML::Mason::Request::exec(RT::Interface::Web::Request=HASH(0x991af70))
called at /usr/local/share/perl/5.18.2/HTML/Mason/PSGIHandler.pm line 96
eval {…} called at
/usr/local/share/perl/5.18.2/HTML/Mason/PSGIHandler.pm line 96

HTML::Mason::Request::PSGI::exec(RT::Interface::Web::Request=HASH(0x991af70))
called at /usr/local/share/perl/5.18.2/HTML/Mason/Interp.pm line 342
HTML::Mason::Interp::exec(undef, undef, “next”,
“f32dc9ca801c9ee4f0d23a977b48b74b”, “user”, “tuser”, “pass”, “password”)
called at /usr/local/share/perl/5.18.2/HTML/Mason/PSGIHandler.pm line 59
eval {…} called at
/usr/local/share/perl/5.18.2/HTML/Mason/PSGIHandler.pm line 59

HTML::Mason::PSGIHandler::invoke_mason(HTML::Mason::PSGIHandler::Streamy=HASH(0x99176d0),
HASH(0x990c3b0), HASH(0x92290f8)) called at
/usr/local/share/perl/5.18.2/HTML/Mason/PSGIHandler/Streamy.pm line 52
HTML::Mason::PSGIHandler::Streamy::ANON(CODE(0x9bb3940)) called at
/usr/local/share/perl/5.18.2/Plack/Util.pm line 339
Plack::Util::ANON(CODE(0x9b57078)) called at
/usr/local/share/perl/5.18.2/Plack/Handler/FCGI.pm line 147
Plack::Handler::FCGI::run(Plack::Handler::FCGI=HASH(0x9ac96a0),
CODE(0x9a8c870)) called at /usr/local/share/perl/5.18.2/Plack/Loader.pm
line 84
Plack::Loader::run(Plack::Loader=HASH(0x92092c0),
Plack::Handler::FCGI=HASH(0x9ac96a0)) called at
/usr/local/share/perl/5.18.2/Plack/Runner.pm line 277
Plack::runner::run(RT::PlackRunner=HASH(0x287c458)) called at
/opt/rt4/sbin/…/lib/RT/PlackRunner.pm line 141
eval {…} called at /opt/rt4/sbin/…/lib/RT/PlackRunner.pm line 141
RT::PlackRunner::run(RT::PlackRunner=HASH(0x287c458)) called at
/opt/rt4/sbin/rt-server.fcgi line 162
(/usr/local/share/perl/5.18.2/Carp.pm:170)
[26664] [Wed Jul 27 18:02:06 2016] [warning]: Use of uninitialized value
$args{“Organization”} in join or string at /opt/rt4/sbin/…/lib/RT/User.pm
line 193, line 755. (/opt/rt4/sbin/…/lib/RT/User.pm:193)
[26664] [Wed Jul 27 18:02:06 2016] [warning]: Use of uninitialized value
$args{“Address1”} in join or string at /opt/rt4/sbin/…/lib/RT/User.pm line
193, line 755. (/opt/rt4/sbin/…/lib/RT/User.pm:193)
[26664] [Wed Jul 27 18:02:06 2016] [error]: Could not create a new user -
State-CA-ExternalAuthId-tuser-Organization–EmailAddress-tuser@test.com-City-Geronimo-WorkPhone-111-222-3333
x10-Password-NO-PASSWORD-Name-tuser-Address1–Zip-01234-Gecos-tuser-Country-United
States-RealName-Test User (/opt/rt4/sbin/…/lib/RT/User.pm:193)
[26664] [Wed Jul 27 18:02:06 2016] [error]: Couldn’t create user tuser:
Could not create user (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:355)
[26664] [Wed Jul 27 18:02:06 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[26664] [Wed Jul 27 18:02:06 2016] [error]: FAILED LOGIN for tuser from
10.0.0.50 (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:826)

The log (2)

[26431] [Wed Jul 27 17:50:13 2016] [debug]: ExternalInfoPriority not
defined. User information (including user enabled/disabled) cannot be
externally-sourced (/opt/rt4/sbin/…/lib/RT/Config.pm:1112)
[26431] [Wed Jul 27 17:50:13 2016] [debug]: Using internal Perl HTML ->
text conversion (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:1454)
[26431] [Wed Jul 27 17:50:13 2016] [debug]: The RTAddressRegexp option is
not set in the config. Not setting this option results in additional SQL
queries to check whether each address belongs to RT or not. It is
especially important to set this option if RT receives emails on addresses
that are not in the database or config.
(/opt/rt4/sbin/…/lib/RT/Config.pm:531)
[26431] [Wed Jul 27 17:50:14 2016] [debug]: Attempting to use external auth
service: LDAP (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[26431] [Wed Jul 27 17:50:14 2016] [debug]: SSO Failed and no user to test
with. Nexting (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[26431] [Wed Jul 27 17:50:14 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[26431] [Wed Jul 27 17:50:14 2016] [debug]: Attempting to use external auth
service: LDAP (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[26431] [Wed Jul 27 17:50:14 2016] [debug]: SSO Failed and no user to test
with. Nexting (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:316)
[26431] [Wed Jul 27 17:50:14 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Attempting to use external auth
service: LDAP (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:288)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Calling UserExists with
$username (nsinger) and $service (LDAP)
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:329)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: UserExists params:
username: tuser , service: LDAP
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:486)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: LDAP Search === Base:
ou=branch,dc=test,dc=local == Filter:
(&(objectClass=)(sAMAccountName=tuser)) == Attrs:
telephoneNumber,physicalDeliveryOfficeName,mail,co,l,postalCode,cn,sAMAccountName,streetAddress,sAMAccountName,st,sAMAccountName
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:516)
[26431] [Wed Jul 27 17:50:22 2016] [info]: Autocreated external user tuser
( 63 ) (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:358)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Loading new user ( tuser ) into
current session (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:364)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Password validation required
for service - Executing…
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:381)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Trying external auth service:
LDAP (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:200)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: LDAP Search === Base:
ou=branch,dc=test,dc=local == Filter:
(&(sAMAccountName=tuser)(objectClass=
)) == Attrs: dn
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:233)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Found LDAP DN: CN=Test
User,OU=Test,OU=Users,OU=branch,DC=test,DC=local
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:267)
[26431] [Wed Jul 27 17:50:22 2016] [info]:
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( LDAP ): tuser
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:348)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: LDAP password validation
result: 1 (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:560)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Password Validation Check
Result: 1 (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:385)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Authentication successful. Now
updating user information and attempting login.
(/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:405)
[26431] [Wed Jul 27 17:50:22 2016] [info]: Successful login for tuser from
UNKNOWN (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth.pm:445)
[26431] [Wed Jul 27 17:50:22 2016] [debug]: Autohandler called
ExternalAuth. Response: (1, Successful login)
(/opt/rt4/share/html/Elements/DoAuth:58)

SiteConfig.PMuse utf8;

perl -c /path/to/your/etc/RT_SiteConfig.pm

You must restart your webserver after making changes to this file.

You may also split settings into separate files under the

etc/RT_SiteConfig.d/

directory. All files ending in “.pm” will be parsed, in alphabetical

order,

after this file is loaded.

Configuration

Set($rtname, ‘test.com’);
Set($Organization, ‘rt.test.com’);
Set($Timezone, ‘US/Pacific’);
Set($WebDomain, ‘rt.test.com’);
Set($WebPort, 443);
Set($WebPath, ‘’);

Set Ticket Database User

Set($DatabaseHost, “localhost”);
Set($DatabaseUser, “rt_user”);
#Set($DatabaseUser, “root”);
#Set($DatabasePassword, ‘password’);
Set($DatabasePassword, ‘password’);
Set($DatabaseName, ‘rt4’);
Set($OwnerEmail, ‘rt@test.com’);
#Set($DatabaseAdmin, “root”);

Logging

Set($LogToSTDERR, ‘debug’);
Set($LogToFile, ‘debug’);
Set($LogDir, ‘/opt/rt4/var/log/’);
Set($LogToFileNamed, ‘rt.log’);
Set($LogToSyslog, ‘debug’);
Set($LogToScreen, “error”);

Web Fallback

#Set($WebFallbackToInternalAuth, 1);

You must install Plugins on your own, this is only an example

of the correct syntax to use when activating them:

Plugin( “RT::Authen::ExternalAuth” );

#Set( $WebRemoteUserAutocreate, 1);
Set( $UserAutocreateDefaultsOnLogin, {Privileged => 0});

LDAP Authentication & Import

Needed for local login of root

Set($ExternalAuth, 1); No Longer Needed as ExternalAuth is now set when

External Settings defined. Notes: Difficult to toggle execution of External
Auth during troubleshooting without comment block quotes.

Set($ExternalAuthPriority, [‘LDAP’]);
#Set($ExternalInfoPriority, [‘LDAP’]);

Set($AutoCreateDefaultsOnLogin, { Privileged => 0 } );

Set($ExternalServiceUsesSSLorTLS, 0);

Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
‘LDAP’ => {
‘type’ => ‘ldap’,
‘server’ => ‘192.168.2.6’,
‘user’ => ‘ldapreader’,
‘pass’ => ‘password’,
‘base’ => ‘ou=branch,dc=test,dc=local’,
‘filter’ => ‘(objectClass=*)’,
‘d_filter’ => ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’,
‘tls’ => 0,
‘ssl_version’ => 3,
‘net_ldap_args’ => [ version => 3 ],
‘attr_match_list’ => [
‘Name’, ‘EmailAddress’,
],
‘attr_map’ => {
‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘physicalDeliveryOfficeName’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’
},
#‘group’ => ‘CN=RTUsers,OU=Security
Groups,branch,DC=test,DC=local’,
‘group_scope’ => ‘sub’,
#‘group_attr’ => ‘member’,
#‘group_attr_value’ => ‘cn=RTUsers,ou=Security
Groups,ou=branch,dc=test,dc=local’

},
} );

##LDAP Configurations
#LDAP Authentication
##LDAP USER IMPORT
#Set($LDAPHost, ‘192.168.2.6’);
#Set($LDAPUser, ‘ldapreader’);
#Set($LDAPPassword, ‘password’);
#Set($LDAPFilter, ‘(&(cn = users))’);

Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);
#Set($LDAPMapping, {Name => ‘sAMAccountName’, # required

EmailAddress => ‘mail’,

RealName => ‘cn’,

WorkPhone => ‘telephoneNumber’,

Organization => ‘physicalDeliveryOfficeName’});

Set($LDAPBase, “ou=branch,dc=test,dc=local”);

Set($LDAPGroup, "cn=RTUsers,ou=Security

Groups,ou=branch,dc=test,dc=local");

1;

Ideally I would like to have it check a group for membership and then allow
privileged login if a member.
The documentation wasn’t very clear on how the commented external settings
(group, group, group_attr, and group_attr_value) interact.

The only minor success was with case (2) which is the SiteConfig I
included. The only deviation from the README during the base installation
is the use of www-data instead of www for groups and file permissions.

I went through the archive completely before reaching out.

Any help is much appreciated. - Nathan