Last active
December 1, 2023 10:50
-
-
Save trev71/5230c3b7cf44165b731e to your computer and use it in GitHub Desktop.
Best Practical Request Tracker (RT) LDAP User Import and Authentication RT_SiteConfig.pm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Any configuration directives you include here will override | |
# RT's default configuration file, RT_Config.pm | |
# | |
# To include a directive here, just copy the equivalent statement | |
# from RT_Config.pm and change the value. We've included a single | |
# sample value below. | |
# | |
# This file is actually a perl module, so you can include valid | |
# perl code, as well. | |
# | |
# The converse is also true, if this file isn't valid perl, you're | |
# going to run into trouble. To check your SiteConfig file, use | |
# this command: | |
# | |
# perl -c /path/to/your/etc/RT_SiteConfig.pm | |
# | |
# You must restart your webserver after making changes to this file. | |
# You must install Plugins on your own, this is only an example | |
# of the correct syntax to use when activating them. | |
# Plugin( "RT::Extension::QuickDelete" ); | |
# Plugin( "RT::Extension::CommandByMail" ); | |
Plugin( "RT::Extension::LDAPImport" ); | |
# Uncomment for debug | |
#Set($LogToSyslog, 'debug'); | |
Set( $DatabaseRequireSSL, '' ); | |
Set( $DatabaseType, 'mysql' ); | |
Set( $WebDomain, 'rt.domain_name.com' ); | |
Set( $WebPort, '80' ); | |
Set( $rtname, 'DOMAIN_NAME' ); # or whatever you plan to name the site | |
Set( $CommentAddress, 'rt-comments@domain_name.com' ); | |
Set( $CorrespondAddress, 'rt-correspondance@domain_name.com' ); | |
## DB config | |
Set( $DatabaseHost, 'localhost' ); | |
Set( $DatabaseName, 'rt4' ); | |
Set( $DatabasePassword, 'password' ); | |
Set( $DatabasePort, '' ); | |
Set( $DatabaseUser, 'db_user_name' ); | |
Set( $Organization, '' ); | |
Set( $OwnerEmail, 'email_address@domain_name.com' ); | |
Set( $SendmailPath, '/usr/sbin/sendmail' ); | |
# My server is running on port 443, leaving the port 80 lines as reference | |
# servername in my instance is 'jamie' with a cname of 'rt' | |
#Set(@ReferrerWhitelist, qw(rt:80 rt.domain_name.com:80)); | |
Set(@ReferrerWhitelist, qw(rt.domain_name.com:443)); | |
## LDAP Configurations | |
# LDAP Authentication | |
Set( @Plugins, qw(RT::Authen::ExternalAuth RT::Extension::LDAPImport)); | |
## LDAP USER IMPORT | |
Set($LDAPCreatePrivileged, 1); | |
Set($LDAPUpdateUsers, 1); | |
Set($LDAPHost,'domain_name.com'); | |
Set($LDAPUser,'domain_name\ldapreader'); | |
Set($LDAPPassword,'your_ldapreader_password_here'); | |
#my base OU for users, yours will probably differ | |
Set($LDAPBase,'ou=users,ou=services,dc=domain_name,dc=com'); | |
Set($LDAPFilter, '(&(objectClass=person))'); | |
Set($LDAPMapping, { | |
Name => 'sAMAccountName', | |
EmailAddress => 'mail', | |
Organization => 'department', | |
RealName => 'cn', | |
NickName => 'givenName', | |
ExternalAuthId => 'sAMAccountName', | |
Gecos => 'sAMAccountName', | |
WorkPhone => 'telephoneNumber', | |
MobilePhone => 'mobile', | |
Address1 => 'streetAddress', | |
City => 'l', | |
State => 'st', | |
Zip => 'postalCode', | |
Country => 'co' | |
}); | |
## LDAP GROUP IMPORT AND MAPPINGS | |
Set($LDAPGroupMapping, {Name => 'cn', | |
Member_Attr => 'member', | |
Member_Attr_Value => 'dn'}); | |
#OU/basedn location of groups | |
Set($LDAPGroupBase, 'ou=groups,dc=domain_name,dc=com'); | |
# LDAP GROUP FILTERING, Below are 2 examples | |
#Set($LDAPGroupFilter, 'cn=Information Technology'); | |
# 2 group import example | |
Set($LDAPGroupFilter, '(|(cn=Information Technology)(cn=Facilities))'); | |
## LDAP Authentication | |
Set($ExternalAuthPriority, [ 'My_LDAP', | |
] | |
); | |
Set($ExternalInfoPriority, [ 'My_LDAP', | |
] | |
); | |
Set($ExternalSettings, { | |
'My_LDAP' => { | |
'type' => 'ldap', | |
'server' => 'ldap://domain_name.com', | |
'user' => 'domain_name\ldapreader', | |
'pass' => 'ldapreader_password', | |
'base' => 'ou=users,ou=services,dc=domain_name,dc=com', | |
'filter' => '(objectClass=person)', | |
'tls' => 0, | |
'attr_match_list' => [ | |
'Name', | |
'EmailAddress', | |
'RealName', | |
], | |
'attr_map' => { | |
'Name' => 'sAMAccountName', | |
'EmailAddress' => 'mail', | |
'Organization' => 'department', | |
'RealName' => 'cn', | |
'NickName' => 'givenName', | |
'ExternalAuthId'=> 'sAMAccountName', | |
'Gecos' => 'sAMAccountName', | |
'WorkPhone' => 'telephoneNumber', | |
'MobilePhone' => 'mobile', | |
'Address1' => 'streetAddress', | |
'City' => 'l', | |
'State' => 'st', | |
'Zip' => 'postalCode', | |
'Country' => 'co' | |
}, | |
}, | |
} ); | |
1; | |
1; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment