Thanks Robert, That's what I was missing. Secondly it had to be u...@domain.tdl for the LDAP to work
Beryl Snyder IT Specialist TMC Design Corporation 4325 Del Rey BLVD Las Cruces, NM 88012 Phone: 575-382-4600 Fax: 575-523-8588 -----Original Message----- From: Robert Nesius [mailto:nes...@gmail.com] Sent: Monday, September 21, 2009 10:16 AM To: Beryl N. Snyder; rt-users@lists.bestpractical.com Subject: Re: [rt-users] LDAP with AD RT:3.8.4 ExternalAuth >> Set(@Plugins,qw(RT::FM)); You need to turn on the extension by adding the RT::Authen::ExternalAuth module to that quoted array. Also, I saw this below: >> # The username RT should use to connect to the LDAP server >> 'user' => 'AD_Info\\LDAP', >> 'pass' => 'pass', That may or may not work. If your user is LDAP, you may actually need to use: l...@domain.yourcompany.com, and you may need to add the @domain.yourcompany.com as an auto-appended suffix so your users can log on with their basic username. -Rob On Mon, Sep 21, 2009 at 10:48 AM, Beryl N. Snyder <bsny...@tmcdesign.com> wrote: > > I am running RT 3.8.4 with the RT::Authen::ExternalAuth plugin. My Request > tracker server does not appear to be accessing the AD server for login. If > I run tcpdump I do not see a connection to the AD server being attempted > and the local logins still work. Is there another config file I need to > change? I would be grateful for any help. > > > > The RT_SiteConfig.pm > > > > Set($LogToSyslog,'debug'); > > # THE BASICS: > > > > Set($rtname, 'support.example.org'); > > Set($Organization, 'example.org'); > > Set($CorrespondAddress , 'bsny...@domain.com'); > > Set($CommentAddress , 'comment-t...@domain.com'); > > Set($Timezone , 'US/Mountan'); # obviously choose what suits you > > > > #LDAP > > Set(@Plugins,qw(RT::Authen::ExternalAuth)); > > > > > > Set($ExternalAuthPriority, ['My_LDAP']); > > Set($ExternalInfoPriority, ['My_LDAP']); > > > > Set($ExternalSettings, {'My_LDAP' => { > > ## GENERIC SECTION > > # The type of service (db/ldap/cookie) > > 'type' => 'ldap', > > # The server hosting the service > > 'server' => '10.x.x.x', #Ip Addy is correct > > ## SERVICE-SPECIFIC SECTION > > # If you can bind to your LDAP server anonymously you should > > # remove the user and pass config lines, otherwise specify them here: > > # > > # The username RT should use to connect to the LDAP server > > 'user' => 'AD_Info\\LDAP', > > 'pass' => 'pass', > > # > > # The LDAP search base > > 'base' => 'ou=*,dc=DCinfo,dc=local', > > # > > # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! > > # YOU **MUST** SPECIFY A filter AND A d_filter!! > > # > > # The filter to use to match RT-Users > > 'filter' => '(objectClass=*)', > > # A catch-all example filter: '(objectClass=*)' > > # > > # The filter that will only match disabled users > > 'd_filter' => '(objectClass=FooBarBaz))', > > # A catch-none example d_filter: '(objectClass=FooBarBaz)' > > # > > # Should we try to use TLS to encrypt connections? > > 'tls' => 0, > > # SSL Version to provide to Net::SSLeay *if* using SSL > > 'ssl_version' => 3, > > # What other args should I pass to Net::LDAP->new($host,@args)? > > 'net_ldap_args' => [ version => 3 ], > > 'attr_match_list' => [ 'Name','EmailAddress'], > > # The mapping of RT attributes on to LDAP attributes > > 'attr_map' => { 'Name' => 'sAMAccountName', > > 'EmailAddress' => 'mail', > > } > > } > > } > > ); > > > > Set($DatabaseType, 'mysql'); # e.g. Pg or mysql > > Set($DatabaseUser , 'rtuser'); > > Set($DatabasePassword , 'password'); > > Set($DatabaseName , 'rt3'); # Ensure this is set to rt3! > > Set($WebPath , "/rt"); > > Set($WebBaseURL , "http://support.example.org";); > > Set(@Plugins,qw(RT::FM)); > > 1; > > > > > > Syslog > > Sep 18 16:03:49 RequstTracker RT: FAILED LOGIN for testuser from 10.50.1.192 > (/opt/rt3/share/html/autohandler:268) > > Sep 18 16:04:17 RequstTracker RT: You've enabled GD, but we couldn't load the > module: Can't locate GD.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib > /opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl > /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 > /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 > /usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm > line 365. > > Sep 18 16:04:17 RequstTracker RT: You've enabled GraphViz, but we couldn't > load the module: Can't locate GraphViz.pm in @INC (@INC contains: > /opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib > /opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0 > /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 > /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . > /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 352. > > Sep 18 16:04:17 RequstTracker RT: RT's GnuPG libraries couldn't successfully > read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP > support has been disabled > > > > > > Beryl Snyder > > > > IT Specialist > > TMC Design Corporation > > 4325 Del Rey BLVD > > Las Cruces, NM 88012 > > Phone: 575-382-4600 > > Fax: 575-523-8588 > > > > _______________________________________________ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: sa...@bestpractical.com > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
