Hi Malcolm, The output from rt-ldapimport is normal if no changes are required, as I've just tried it here in my lab and it is working.
Incidentally LDAPImport doesn't currently support TLS, I've written a patch which you are welcome to have if you would like it. I'm afraid I haven't submitted it to BP
yet, but intend too when I get some time. Best Regards Martin On 2016-10-19 14:21, Malcolm Galland wrote:
Ah, yes. It looks like I had commented it out during testing, and that's what was causing the PeerHost error. Below is the section of SiteConfig dedicated to LDAPImport: Set($LDAPHost,'ggdc1.domain.int'); Set($LDAPUser,'LDAP_ACCOUNT'); Set($LDAPPassword,'LDAP_ACCOUNT_PASS'); Set($LDAPBase, 'dc=domain,dc=int'); Set($LDAPFilter, '(&(cn = users))'); Set($LDAPMapping, {Name => 'uid', # required EmailAddress => 'mail', RealName => 'cn', WorkPhone => 'telephoneNumber', Organization => 'departmentName'}); # If you want to sync Groups from LDAP into RT Set($LDAPGroupBase, 'dc=domain,dc=int'); Set($LDAPGroupFilter, '(&(cn = Groups))'); Set($LDAPGroupMapping, {Name => 'cn', Member_Attr => 'member', Member_Attr_Value => 'dn' }); Interesting follow up question though, when I run rt-ldapimport I don't get any errors, but the output doesn't exactly instill a feeling of sucess either: /opt/rt4/sbin/rt-ldapimport --debug Running test import, no data will be changed Rerun command with --import to perform the import Rerun command with --debug for more information Testing group import Finished test On Wed, 2016-10-19 at 14:09 +0000, Martin Wheldon wrote:Hi Malcolm, You are missing the LDAP import configuration, which is separate from the External auth config. The following will help: https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html Best Regards Martin On 2016-10-19 13:37, Malcolm Galland wrote: > > I've set up RT, and am testing it with rt-server. Everything seems > to > be going smoothly except LDAP with RT::Authen::ExternalAuth. I > read > the docs and have implemented the suggested changes in > /opt/rt4/etc/RT_SiteConfig.pm like so: > > Set( $ExternalAuthPriority, ["My_LDAP"] ); > Set( $ExternalInfoPriority, ["My_LDAP"] ); > Set($ExternalAuth, 1); > Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); > Set($AutoCreateNonExternalUsers, 1); > Set($ExternalSettings, { > 'My_LDAP' => { > 'type' => 'ldap', > 'server' => 'ggdc1.domain.int', > 'user' => 'LDAP_ACCOUNT', > 'pass' => 'LDAP_ACCOUNT_PASS', > 'base' => 'ou=Production,dc=domain,dc=int', > 'filter' => '(objectClass=inetOrgPerson)', > 'attr_match_list' => [ > 'Name', > 'EmailAddress', > ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'RealName' => 'cn', > 'WorkPhone' => 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State' => 'st', > 'Zip' => 'postalCode', > 'Country' => 'co', > }, > }, > } ); > > The issue is when I try to login the users aren't allowed access, > and I > get the following error from rt-server: > > [error]: FAILED LOGIN for username_redacted from IP_REDACTED > (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) > > Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug > I get: > [critical]: Expected 'PeerHost' at > /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164. > (/opt/rt4/sbin/../lib/RT.pm:390) > > Any ideas? I read every document I could find, but it's hard to > know > which non-official ones you can trust since RT has been around so > long > and ExternalAuth was just added to the core. Also, the official > docs > are a bit terse. > --------- > RT 4.4 and RTIR training sessions, and a new workshop day! > https://bestpractical.com/training > * Boston - October 24-26 > * Los Angeles - Q1 2017
--------- RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
