I am trying desparately to get this goingnd am not seeing that my externalauth
is even being called. I am attaching my RT_SiteConfig.pm for review. I am a
newbie and don't know much about anything RT as yet. I see very little in my
/var/log/messages other tham LOGIN failed for xxxxx from web.pm, so I don't
really think my externalauth is really in play as of yet. Any assistance in
getting this going would be greatly appreciated.
Thanks.
Brian Murphy
Eastern Illinois University
# Any configuration directives you include here will override
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
# perl -c /path/to/your/etc/RT_SiteConfig.pm
#
# You must restart your webserver after making changes to this file.
# You must install Plugins on your own, this is only an example
# of the correct syntax to use when activating them.
# There should only be one @Plugins declaration in your config file.
#Set(@Plugins,(qw(RT::Extension::QuickDelete RT::Extension::CommandByMail
RT::Extension::ActivityReports)));
#Set(@Plugins,(qw(RT::Extension::ActivityReports)));
Set(@Plugins,(qw(RT::Extension::ActivityReports RT::Authen::ExternalAuth)));
Set( $CorrespondAddress, '' );
Set( $rtname, 'EIU ITS Campus Technology' );
Set( $DatabaseRequireSSL, '' );
Set( $WebPort, '8080' );
Set( $DatabaseType, 'mysql' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'localhost' );
Set( $CommentAddress, '' );
Set($Timezone, "US/Central");
Set($UnsafeEmailCommands, 1);
Set($ParseNewMessageForTicketCcs, 1);
Set($NotifyActor, 1);
Set( $OwnerEmail, '' );
Set( $DatabaseUser, 'rt_user' );
Set( $DatabasePort, '' );
Set( $DatabasePassword, 'RT_pass1-' );
Set( $DatabaseAdmin, 'root' );
Set( $DatabaseAdminPassword, 'Mtfbwu+1' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $Organization, 'ITS' );
1;
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority, [ 'EIUAD'
]
);
# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority, [ 'EIUAD'
]
);
# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS, 0);
# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers, 0);
# These are the full settings for each external service as a HashOfHashes
# Note that you may have as many external services as you wish. They will
# be checked in the order specified in the Priority directives above.
# e.g.
#
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
#
Set($ExternalSettings, {
# EIUAD Active Directory
'EIUAD' => { ## GENERIC SECTION
# The type of service
(db/ldap/cookie)
'type'
=> 'ldap',
# The server hosting
the service
'server'
=> 'xxxxx.xxx.edu',
## SERVICE-SPECIFIC
SECTION
# If you can bind to
your LDAP server anonymously you should
# remove the user and
pass config lines, otherwise specify them here:
#
# The username RT
should use to connect to the LDAP server
'user'
=> 'rtauth',
# The password RT
should use to connect to the LDAP server
'pass'
=> 'xxxxxxx,
#
# The LDAP search base
'base'
=> 'dc=xxxxx,dc=xxx,dc=edu',
#
# ALL FILTERS MUST BE
VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY
A filter AND A d_filter!!
#
# The filter to use to
match RT-Users
'filter'
=> '(objectclass=person)',
# A catch-all example
filter: '(objectClass=*)'
#
# The filter that will
only match disabled users
'd_filter'
=> '(objectclass=Foo)',
# A catch-none example
d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use
TLS to encrypt connections?
'tls'
=> 0,
# SSL Version to
provide to Net::SSLeay *if* using SSL
'ssl_version'
=> 3,
# What other args
should I pass to Net::LDAP->new($host,@args)?
'net_ldap_args'
=> [ version => 3 ],
# Does authentication
depend on group membership? What group name?
'group'
=> 'rt_access',
# What is the attribute
for the group object that determines membership?
'group_attr'
=> 'memberOf',
## RT ATTRIBUTE
MATCHING SECTION
# The list of RT
attributes that uniquely identify a user
# This example shows
what you *can* specify.. I recommend reducing this
# to just the Name and
EmailAddress to save encountering problems later.
'attr_match_list'
=> [ 'Name'
],
# The mapping of RT
attributes on to LDAP attributes
'attr_map'
=> { 'Name' => 'sAMAccountName'
}
}
}
);
1;
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Chicago, IL, USA September 26 & 27, 2011
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Melbourne VIC, Australia November 28 & 29, 2011
* Barcelona, Spain November 28 & 29, 2011
