Re: [rt-users] eDirectory authentication and groups question
On Thu, Dec 10, 2009 at 04:49:24PM -0800, Scott Melot wrote: This helped with part of my problem, and for that I am very grateful (it showed me the LDAP authenticated users were being created and I could convert them to privileged users). However, I am still having trouble getting LDAP to work based on a group. In my original mailing I may have been unclear, and for that I apologize. I can authenticate with the group attributes disabled but when I try to restrict logins to only members of an eDirectory group called RT_Users I cannot log in through LDAP. I am only told the user couldn't authenticate. The only member of the group is my account (which works without the group attribute). Has anyone running a Novell eDirectory environment been able to get ExternalAuth to work with the groups attribute? If so I would appreciate any configuration guidance as I am a bit of a newbie when it comes to eDirectory and LDAP. If you turn your logging up to debug, RT-Authen-ExternalAuth will log the LDAP queries it is running and then you should be able to inspect or run them manually against your server until you get the syntax correct. -kevin change+lists...@nightwind.net 12/4/2009 4:46 PM On Fri, 04 Dec 2009 16:35:57 -0800, Scott Melot sme...@lmusd.org said: What I would like to do is have general staff be able to log in and have an account created, then for a support staff to be able to manually (automatically would be better but I'll take manual) add them to a custom group within RT if they need more permissions than to submit a trouble ticket to the support queue. All that needs to be done is for an admin to go to Configuration, Users, and search for the username of the person you want to set up (be sure to change the search type to Name, defaults to User ID). Click their user and check the box that says Let this person be granted rights and make them a member of the appropriate group. You can also get a list of all privileged and non-privileged users in RT by entering % in the search box. . ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com pgpudwFyaNlS9.pgp Description: PGP signature ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] eDirectory authentication and groups question
This helped with part of my problem, and for that I am very grateful (it showed me the LDAP authenticated users were being created and I could convert them to privileged users). However, I am still having trouble getting LDAP to work based on a group. In my original mailing I may have been unclear, and for that I apologize. I can authenticate with the group attributes disabled but when I try to restrict logins to only members of an eDirectory group called RT_Users I cannot log in through LDAP. I am only told the user couldn't authenticate. The only member of the group is my account (which works without the group attribute). Has anyone running a Novell eDirectory environment been able to get ExternalAuth to work with the groups attribute? If so I would appreciate any configuration guidance as I am a bit of a newbie when it comes to eDirectory and LDAP. Thank you again for the advice on the % search, that was very helpful. change+lists...@nightwind.net 12/4/2009 4:46 PM On Fri, 04 Dec 2009 16:35:57 -0800, Scott Melot sme...@lmusd.org said: What I would like to do is have general staff be able to log in and have an account created, then for a support staff to be able to manually (automatically would be better but I'll take manual) add them to a custom group within RT if they need more permissions than to submit a trouble ticket to the support queue. All that needs to be done is for an admin to go to Configuration, Users, and search for the username of the person you want to set up (be sure to change the search type to Name, defaults to User ID). Click their user and check the box that says Let this person be granted rights and make them a member of the appropriate group. You can also get a list of all privileged and non-privileged users in RT by entering % in the search box. . ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] eDirectory authentication and groups question
Hello: I've been working on migrating my school district from an MS Access based work order system to RT. I have been able to get it up and running with Ubuntu 8.04, MySQL 5, RT 3.8.6, ExternalAuth 0.08 and RTFM 2.4.2. But I am having some problems What I would like to do is have general staff be able to log in and have an account created, then for a support staff to be able to manually (automatically would be better but I'll take manual) add them to a custom group within RT if they need more permissions than to submit a trouble ticket to the support queue. Currently I am able to authenticate to my eDirectory through LDAP and ExternalAuth as an unpriveleged user but I haven't been able to figure out the rest. Any help or suggestions would be appreciated. I am including my RT_SiteConfig (modified to protect some information) below. # THE BASICS: Set($rtname, 'server.name'); Set($Organization, 'LMUSD'); Set($CorrespondAddress , 'removed'); Set($CommentAddress , 'removed'); Set($Timezone , 'US/PACIFIC'); # obviously choose what suits you # THE DATABASE: Set($DatabaseType, 'mysql'); # e.g. Pg or mysql # These are the settings we used above when creating the RT database, # you MUST set these to what you chose in the section above. Set($DatabaseUser , 'removed'); Set($DatabasePassword , 'removed'); Set($DatabaseName , 'removed'); # THE WEBSERVER: Set($WebDomain, 'localhost' ); Set($WebPath , ); Set($WebBaseURL , http://removed;); # THE PLUGINS Set(@Plugins,qw( RT::FM RT::Authen::ExternalAuth )); # LDAP Authentication Set($ExternalAuthPriority, [ 'My_LDAP', ] ); Set($ExternalInfoPriority, [ 'My_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS,0); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'removed', 'base' = 'o=context', 'filter' = '(objectClass=Person)', 'd_filter' = '(objectClass=Computer)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3 ], #'group' = 'RT_Users', #'group_attr' = 'groupmembersattribute', # 'attr_match_list' = [ 'Name', 'EmailAddress', ], # 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', } }, } ); 1; Scott Melot Personal Computer Network Specialist III, Information Technology Services Lucia Mar Unified School District Phone: (805) 474-3000 ext 1016 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] eDirectory authentication and groups question
On Fri, 04 Dec 2009 16:35:57 -0800, Scott Melot sme...@lmusd.org said: What I would like to do is have general staff be able to log in and have an account created, then for a support staff to be able to manually (automatically would be better but I'll take manual) add them to a custom group within RT if they need more permissions than to submit a trouble ticket to the support queue. All that needs to be done is for an admin to go to Configuration, Users, and search for the username of the person you want to set up (be sure to change the search type to Name, defaults to User ID). Click their user and check the box that says Let this person be granted rights and make them a member of the appropriate group. You can also get a list of all privileged and non-privileged users in RT by entering % in the search box. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com