Hi Malcolm,
The output from rt-ldapimport is normal if no changes are required, as
I've just tried it here in my lab and it is working.
Incidentally LDAPImport doesn't currently support TLS, I've written a
patch which
you are welcome to have if you would like it. I'm afraid I haven't
submitted it to BP
yet, but intend too when I get some time.
Best Regards
Martin
On 2016-10-19 14:21, Malcolm Galland wrote:
Ah, yes. It looks like I had commented it out during testing, and
that's what was causing the PeerHost error. Below is the section of
SiteConfig dedicated to LDAPImport:
Set($LDAPHost,'ggdc1.domain.int');
Set($LDAPUser,'LDAP_ACCOUNT');
Set($LDAPPassword,'LDAP_ACCOUNT_PASS');
Set($LDAPBase, 'dc=domain,dc=int');
Set($LDAPFilter, '(&(cn = users))');
Set($LDAPMapping, {Name => 'uid', # required
EmailAddress => 'mail',
RealName => 'cn',
WorkPhone => 'telephoneNumber',
Organization => 'departmentName'});
# If you want to sync Groups from LDAP into RT
Set($LDAPGroupBase, 'dc=domain,dc=int');
Set($LDAPGroupFilter, '(&(cn = Groups))');
Set($LDAPGroupMapping, {Name => 'cn',
Member_Attr => 'member',
Member_Attr_Value => 'dn' });
Interesting follow up question though, when I run rt-ldapimport I don't
get any errors, but the output doesn't exactly instill a feeling of
sucess either:
/opt/rt4/sbin/rt-ldapimport --debug
Running test import, no data will be changed
Rerun command with --import to perform the import
Rerun command with --debug for more information
Testing group import
Finished test
On Wed, 2016-10-19 at 14:09 +0000, Martin Wheldon wrote:
Hi Malcolm,
You are missing the LDAP import configuration, which is separate
from
the External auth config.
The following will help:
https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html
Best Regards
Martin
On 2016-10-19 13:37, Malcolm Galland wrote:
>
> I've set up RT, and am testing it with rt-server. Everything seems
> to
> be going smoothly except LDAP with RT::Authen::ExternalAuth. I
> read
> the docs and have implemented the suggested changes in
> /opt/rt4/etc/RT_SiteConfig.pm like so:
>
> Set( $ExternalAuthPriority, ["My_LDAP"] );
> Set( $ExternalInfoPriority, ["My_LDAP"] );
> Set($ExternalAuth, 1);
> Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings, {
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'server' => 'ggdc1.domain.int',
> 'user' => 'LDAP_ACCOUNT',
> 'pass' => 'LDAP_ACCOUNT_PASS',
> 'base' => 'ou=Production,dc=domain,dc=int',
> 'filter' => '(objectClass=inetOrgPerson)',
> 'attr_match_list' => [
> 'Name',
> 'EmailAddress',
> ],
> 'attr_map' => {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co',
> },
> },
> } );
>
> The issue is when I try to login the users aren't allowed access,
> and I
> get the following error from rt-server:
>
> [error]: FAILED LOGIN for username_redacted from IP_REDACTED
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
>
> Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug
> I get:
> [critical]: Expected 'PeerHost' at
> /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164.
> (/opt/rt4/sbin/../lib/RT.pm:390)
>
> Any ideas? I read every document I could find, but it's hard to
> know
> which non-official ones you can trust since RT has been around so
> long
> and ExternalAuth was just added to the core. Also, the official
> docs
> are a bit terse.
> ---------
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Boston - October 24-26
> * Los Angeles - Q1 2017
---------
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017