GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  RT::AUTHEN::EXTERNALAUTH::LDAP (3)

.ds Aq ’

NAME

RT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication

CONTENTS

DESCRIPTION

Provides the LDAP implementation for RT::Authen::ExternalAuth.

SYNOPSIS



    Set($ExternalSettings, {
        # AN EXAMPLE LDAP SERVICE
        My_LDAP       =>  {
            type                      =>  ldap,

            server                    =>  server.domain.tld,
            user                      =>  rt_ldap_username,
            pass                      =>  rt_ldap_password,

            base                      =>  ou=Organisational Unit,dc=domain,dc=TLD,
            filter                    =>  (FILTER_STRING),
            d_filter                  =>  (FILTER_STRING),

            group                     =>  GROUP_NAME,
            group_attr                =>  GROUP_ATTR,

            tls                       =>  { verify => "require", capath => "/path/to/ca.pem" },

            net_ldap_args             => [    version =>  3   ],

            attr_match_list => [
                Name,
                EmailAddress,
            ],
            attr_map => {
                Name => sAMAccountName,
                EmailAddress => mail,
                Organization => physicalDeliveryOfficeName,
                RealName => cn,
                ExternalAuthId => sAMAccountName,
                Gecos => sAMAccountName,
                WorkPhone => telephoneNumber,
                Address1 => streetAddress,
                City => l,
                State => st,
                Zip => postalCode,
                Country => co
            },
        },
    } );



CONFIGURATION

LDAP-specific options are described here. Shared options are described in the etc/RT_SiteConfig.pm file included in this distribution.

The example in the SYNOPSIS lists all available options and they are described below. Note that many of these values are specific to LDAP, so you should consult your LDAP documentation for details.
server The server hosting the LDAP or AD service.
user, pass The username and password RT should use to connect to the LDAP server.

If you can bind to your LDAP server anonymously you may be able to omit these options. Many servers do not allow anonymous binds, or restrict what information they can see or how much information they can retrieve. If your server does not allow anonymous binds then you must have a service account created for this extension to function.

base The LDAP search base.
filter The filter to use to match RT users. You must specify it and it must be a valid LDAP filter encased in parentheses.

For example:



    filter => (objectClass=*),



d_filter The filter that will only match disabled users. Optional. Must be a valid LDAP filter encased in parentheses.

For example with Active Directory the following can be used:



    d_filter => (userAccountControl:1.2.840.113556.1.4.803:=2)



group Does authentication depend on group membership? What group name?
group_attr What is the attribute for the group object that determines membership?
group_scope What is the scope of the group search? base, one or sub. Optional; defaults to base, which is good enough for most cases. sub is appropriate when you have nested groups.
group_attr_value What is the attribute of the user entry that should be matched against group_attr above? Optional; defaults to dn.
tls Should we try to use TLS to encrypt connections? Either a scalar, for simple enabling, or a hash of values to pass to start_tls in Net::LDAP. By default, Net::LDAP does no certificate validation! To validate certificates, pass:



    tls => { verify => require,
             cafile => "/etc/ssl/certs/ca.pem",  # Path CA file
           },



net_ldap_args What other args should be passed to Net::LDAP->new($host,@args)?

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 RT::AUTHEN::EXTERNALAUTH::LDAP (3) 2014-10-16

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.