Hi Brian, Thanks for the reply. I have got this working on OpenLDAP. Some comments for others:
I used: 'user' => 'cn=manager,dc=mydomain,dc=ie'It is not clear from documentation that this needs to be a full distinguished name (DN), which I see you use. Above is an example of the standard openldap admin user, or perhaps better to create a special user for this in OpenLDAP.
ldapsearch -LLL -x -D "cn=manager,dc=mydomain,dc=ie" -W -h myldap.mydomain.ie "(&(sn=Doran)(objectClass=posixAccount))"
This worked after I installed 'yum install openldap-clients'. I also installed perl-LDAP as you suggested, Good for testing.
My final comment. I was assuming that users were automatically created from the external data source when they tried to log on. So when I tried user 'jbloggs' I got the 'Your username or password is incorrect' error. However, when I simply added a user (just the user id) from the RT web interface up pops all the mapped attributes in the add user form, and the authentication is then successful.
I stupidly assumed that external sourced users were automatically created after authentication from
the external source. I mis-read: # If this is set to 1, then users should be autocreated by RT # as internal users if they fail to authenticate from an # external service. Set($AutoCreateNonExternalUsers, 1); as something like, AutoCreateExternalUsers. Ah well! Thanks again, Jason On 25 Jul 2008, at 16:11, Brian Buchanan wrote:
I can say it works with Active Directory. I had to install perl-LDAP though, on my CentOS5 machine. yum install perl-LDAP I had just got the plugin working under 3.6.6 when 3.8.0 came out. Imoved my 3.6.6 directory out of the way, did it's install, and then ranthe ExternalAuth install. I noticed the path changed too when I copied over the plugin's RT_SiteConfig.pm file and had to fix the require line in my main RT_SiteConfig.pm. In case this can help, here's a stripped and manually redacted versionof my RT_SiteConfig.pm in the Plugin's etc/ directory which works in my Windows 2000 Active Directory environment: (It's included via the mainRT_SiteConfig.pm with a 'require "/opt/rt3/local/plugins/RT-AuthenExternalAuth/etc/RT_SiteConfig.pm";' line)
>>typo for people copying above location (dash missing!) /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Set($ExternalAuthPriority, [ 'My_LDAP' ] ); Set($ExternalInfoPriority, [ 'My_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'auth' => 1, 'info' => 1, 'server' => 'adomaincontroller.example.com', 'user' => 'CN=RTLDAPLookupUser,OU=someou,DC=example,DC=com', 'pass' => 'passwordofrtlookupuser', 'base' => 'DC=example,DC=com', 'filter' => '(objectClass=Person)', 'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'tls' => 0, 'net_ldap_args' => [ version => 3 ], 'group' => '', 'group_attr' => '', 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2' ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'physicalDeliveryOfficeName', 'RealName' => 'cn', 'ExternalAuthId' => 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' } ], } } ); 1;I also used ldapdisplay to test the ldap query of the Active Directory:ldapsearch -LLL -x -D "CN=RTLDAPLookupUser,OU=someou,DC=example,DC=com"-w passwordofrtlookupuser -h adomaincontroller.example.com "(&(sAMAccountName=BRIAN)(objectClass=Person))" BTW, for about an hour I found I was changing the left side of thepassword of the RT lookup user in RT_SiteConfig.pm, (The parameter name)rather than the right side, the value. I don't know why, I was just replacing `user` with the user and `pass` with the password I guess,even though I did the correct right-side replacement on everything else.HTH. Brian On Fri, 2008-07-25 at 11:29 +0100, Jason Doran wrote:Hi, I have just installed RT 3.8.0 and RT-Authen-ExternalAuth-0.05. *Before* I post a more detailed report, I just would like to know if this is known to work with the new RT._______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
