KenBrush

From Request Tracker Wiki
Jump to navigation Jump to search

Microsoft Active Directory working with RT (email creation works with this as well):

@RT::MailPlugins = ("RT::Authen::ExternalAuth");
Set(@Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority,  [   'Active_Directory'
                            ]
);
Set($ExternalInfoPriority,  [ 'Active_Directory'
                            ]
);
Set($AutoCreateNonExternalUsers,    0);

Set($ExternalSettings,      {   'Active_Directory'       =>  {   'type'                      =>  'ldap',
                                                        'auth'                      =>  1,
                                                        'info'                      =>  1,
                                                        'server'                    =>  'mail-1.rf.lan',
                                                        'base'                      =>  'OU=MyBusiness,DC=RF,DC=LAN',
                                                        # The filter to use to match RT-Users
                                                        'filter'                    =>  '(objectclass=person)',
                                                        # The filter that will only match disabled users
                                                        'd_filter'                  =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                                        # Should we try to use TLS to encrypt connections?
                                                        'tls'                       =>  0,
                                                        # What other args should I pass to Net::LDAP->new($host,@args)?
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        # Does authentication depend on group membership? What group name?
                                                        #'group'                     =>  'GROUP_NAME',
                                                        # What is the attribute for the group object that determines membership?
                                                        #'group_attr'                =>  'GROUP_ATTR',
                                                        ## RT ATTRIBUTE MATCHING SECTION
                                                        # The list of RT attributes that uniquely identify a user
                                                        'attr_match_list'           => [   'ExternalAuthId','EmailAddress' ],
                                                        # The mapping of RT attributes on to LDAP attributes
                                                        'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'physicalDeliveryOfficeName',
                                                                                            'RealName' => 'displayName',
                                                                                            'ExternalAuthId' => 'sAMAccountName',
                                                                                            'Gecos' => 'sAMAccountName',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    }
                                }
);