Karsten,
I am also new to RT3. I haven’t quite figured everything out yet, but I’ll
share with everyone what I have done so far incase someone else wants to
use this. To authenticate against LDAP you need to set RT’s
$WebExternalAuth settings (in RT_SiteConfig) and use Apache’s AuthLDAP module.
To autocreate accounts when logging in you have to modify the
LookupExternalUserInfo subroutine to your liking. I’ll paste mine
below. Maybe someone will improve it. I also edited
rt3/var/mason_data/obj/standard/autohandler to add:
$UserObj->SetEmailAddress("$user\@mydomain.com") if defined $user;
under $UserObj->SetRealName($realname) if defined $realname;
Also, if you want users to have unprivileged accounts created automatically
instead of privileged, change line 75 to:
$UserObj->SetPrivileged(0);
Hope that helps you get started.
– Jeff
ps - you WILL have to modify the subroutine for your LDAP setup. This
subroutine was based off either an old email posting or a file in the
contribs, I don’t remember.
sub LookupExternalUserInfo {
my $self = shift;
my $EmailAddress = shift;
my $RealName = shift;
my $FoundInExternalDatabase = 0;
my %params;
#Name is the RT username you want to use for this user.
$params{‘Name’} = $EmailAddress;
$params{‘EmailAddress’} = $EmailAddress;
$params{‘RealName’} = $RealName;
$RT::Logger->debug(“LookupExternalUserInfo: Entered with:\n”,
“\tName = $params{‘Name’}\n”,
“\tEmailAddress = $params{‘EmailAddress’}\n”,
“\tRealName = $params{‘RealName’}\n”,
“\tFound = $FoundInExternalDatabase\n”);
$params{‘RealName’} =~ s/"//g;
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS);
use constant LDAP => q(ldap.yourdomain.com);
use constant LDAP_PORT => q(389);
use constant LDAP_BASE => q(ou=People,dc=yourdomain,dc=com);
use constant LDAP_UID => q(uid);
use constant LDAP_EMAIL => q(mail);
use constant LDAP_ALT_EMAIL => q(mailAlternateAddress);
use constant LDAP_CN => q(cn);
my $ldap = new Net::LDAP(LDAP, port => LDAP_PORT)
or $RT::Logger->critical("LookupExternalUserInfo: Cannot connect to ",
“LDAP’\n”),
return ($FoundInExternalDatabase, %params);
my $mesg = $ldap->bind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Cannot bind anonymously ",
“to LDAP:”, $mesg->code, “\n”);
$params{‘RealName’} = “"$params{‘RealName’}"”;
return ($FoundInExternalDatabase, %params);
}
my $filter = “@{[ LDAP_EMAIL ]}=$params{‘EmailAddress’}”;
$RT::Logger->debug("LookupExternalUserInfo: First search filter ",
“‘$filter’\n”);
$mesg = $ldap->search(base => LDAP_BASE,
filter => $filter,
attrs => [ LDAP_UID, LDAP_EMAIL, LDAP_CN ]);
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Could not search for ",
"$filter: ", $mesg->code, “\n”);
$params{‘RealName’} = “"$params{‘RealName’}"”;
return ($FoundInExternalDatabase, %params);
}
$RT::Logger->debug("LookupExternalUserInfo: First search produced “,
$mesg->count, " results\n”);
E-mail search failed
unless ($mesg->count == 1) {
$filter = “@{[ LDAP_ALT_EMAIL ]}=$params{‘EmailAddress’}”;
$RT::Logger->debug("LookupExternalUserInfo: Second search filter ",
"'$filter'\n");
$mesg = $ldap->search(base => LDAP_BASE,
filter => $filter,
attrs => [ LDAP_UID, LDAP_EMAIL, LDAP_CN ]);
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Could not search for ",
"$filter: ", $mesg->code, "\n");
$params{'RealName'} = "\"$params{'RealName'}\"";
return ($FoundInExternalDatabase, %params);
}
}
$RT::Logger->debug("LookupExternalUserInfo: Second search produced “,
$mesg->count, " results with filter $filter\n”);
One of the two searches succeeded with just one match
if ($mesg->count == 1) {
$params{‘Name’} = ($mesg->first_entry->get_value(LDAP_UID))[0];
$params{‘EmailAddress’} = ($mesg->first_entry->get_value(LDAP_EMAIL))[0];
$params{‘RealName’} = ($mesg->first_entry->get_value(LDAP_CN))[0];
$FoundInExternalDatabase = 1;
}
$mesg = $ldap->unbind();
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical("LookupExternalUserInfo: Could not unbind from ",
"LDAP: ", $mesg->code, “\n”);
}
undef $ldap;
undef $mesg;
$params{‘RealName’} = “"$params{‘RealName’}"”;
$RT::Logger->debug("LookupExternalUserInfo: Leaving LDAP examination ",
“with:\n”,
“\tName = $params{‘Name’}\n”,
“\tEmailAddress = $params{‘EmailAddress’}\n”,
“\tRealName = $params{‘RealName’}\n”,
“\tFound = $FoundInExternalDatabase\n”);
return ($FoundInExternalDatabase, %params) if $FoundInExternalDatabase;
}
At 10:37 AM 4/22/2003, Karsten Konrad wrote: