RT::Authen::ExternalAuUserLContributed Perl DRT::Authen::ExternalAuth::LDAP(3)NAMERT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication
DESCRIPTION
Provides the LDAP implementation for RT::Authen::ExternalAuth.
SYNOPSIS
Set($ExternalSettings, {
# AN EXAMPLE LDAP SERVICE
'My_LDAP' => {
'type' => 'ldap',
'server' => 'server.domain.tld',
'user' => 'rt_ldap_username',
'pass' => 'rt_ldap_password',
'base' => 'ou=Organisational Unit,dc=domain,dc=TLD',
'filter' => '(FILTER_STRING)',
'd_filter' => '(FILTER_STRING)',
'group' => 'GROUP_NAME',
'group_attr' => 'GROUP_ATTR',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [
'Name',
'EmailAddress',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
} );
CONFIGURATION
LDAP-specific options are described here. Shared options are described
in the etc/RT_SiteConfig.pm file included in this distribution.
The example in the "SYNOPSIS" lists all available options and they are
described below. Note that many of these values are specific to LDAP,
so you should consult your LDAP documentation for details.
server
The server hosting the LDAP or AD service.
user, pass
The username and password RT should use to connect to the LDAP
server.
If you can bind to your LDAP server anonymously you shouldn't set
these options.
base
The LDAP search base.
filter
The filter to use to match RT users. You must specify it and it
must be a valid LDAP filter encased in parentheses.
For example:
filter => '(objectClass=*)',
d_filter
The filter that will only match disabled users. Optional. Must be
a valid LDAP filter encased in parentheses.
For example with Active Directory the following can be used:
d_filter => '(userAccountControl:1.2.840.113556.1.4.803:=2)'
group
Does authentication depend on group membership? What group name?
group_attr
What is the attribute for the group object that determines
membership?
group_scope
What is the scope of the group search? "base", "one" or "sub".
Optional; defaults to "base", which is good enough for most cases.
"sub" is appropriate when you have nested groups.
group_attr_value
What is the attribute of the user entry that should be matched
against group_attr above? Optional; defaults to "dn".
tls Should we try to use TLS to encrypt connections?
ssl_version
SSL Version to provide to Net::SSLeay *if* using SSL.
net_ldap_args
What other args should be passed to Net::LDAP->new($host,@args)?
perl v5.18.2 2014-04-09 RT::Authen::ExternalAuth::LDAP(3)