Thomas Sibley > RT-Authen-ExternalAuth-0.15 > RT::Authen::ExternalAuth::LDAP

Download:
RT-Authen-ExternalAuth-0.15.tar.gz

Dependencies

Annotate this POD

CPAN RT

New  16
Open  7
View/Report Bugs
Source   Latest Release: RT-Authen-ExternalAuth-0.25

NAME ^

RT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication

DESCRIPTION ^

Provides the LDAP implementation for RT::Authen::ExternalAuth.

SYNOPSIS ^

    Set($ExternalSettings, {
        # AN EXAMPLE LDAP SERVICE
        'My_LDAP'       =>  {
            'type'                      =>  'ldap',

            'server'                    =>  'server.domain.tld',
            'user'                      =>  'rt_ldap_username',
            'pass'                      =>  'rt_ldap_password',

            'base'                      =>  'ou=Organisational Unit,dc=domain,dc=TLD',
            'filter'                    =>  '(FILTER_STRING)',
            'd_filter'                  =>  '(FILTER_STRING)',

            'group'                     =>  'GROUP_NAME',
            'group_attr'                =>  'GROUP_ATTR',

            'tls'                       =>  0,
            'ssl_version'               =>  3,

            'net_ldap_args'             => [    version =>  3   ],

            'attr_match_list' => [
                'Name',
                'EmailAddress',
                'RealName',
                'WorkPhone',
                'Address2'
            ],
            'attr_map' => {
                'Name' => 'sAMAccountName',
                'EmailAddress' => 'mail',
                'Organization' => 'physicalDeliveryOfficeName',
                'RealName' => 'cn',
                'ExternalAuthId' => 'sAMAccountName',
                'Gecos' => 'sAMAccountName',
                'WorkPhone' => 'telephoneNumber',
                'Address1' => 'streetAddress',
                'City' => 'l',
                'State' => 'st',
                'Zip' => 'postalCode',
                'Country' => 'co'
            },
        },
    } );

CONFIGURATION ^

LDAP-specific options are described here. Shared options are described in the etc/RT_SiteConfig.pm file included in this distribution.

The example in the "SYNOPSIS" lists all available options and they are described below. Note that many of these values are specific to LDAP, so you should consult your LDAP documentation for details.

server

The server hosting the LDAP or AD service.

user, pass

The username and password RT should use to connect to the LDAP server.

If you can bind to your LDAP server anonymously you shouldn't set these options.

base

The LDAP search base.

filter

The filter to use to match RT users. You must specify it and it must be a valid LDAP filter encased in parentheses.

For example:

    filter => '(objectClass=*)',
d_filter

The filter that will only match disabled users. Optional. Must be a valid LDAP filter encased in parentheses.

For example with Active Directory the following can be used:

    d_filter => '(userAccountControl:1.2.840.113556.1.4.803:=2)'
group

Does authentication depend on group membership? What group name?

group_attr

What is the attribute for the group object that determines membership?

group_scope

What is the scope of the group search? base, one or sub. Optional; defaults to base, which is good enough for most cases. sub is appropriate when you have nested groups.

group_attr_value

What is the attribute of the user entry that should be matched against group_attr above? Optional; defaults to dn.

tls

Should we try to use TLS to encrypt connections?

ssl_version

SSL Version to provide to Net::SSLeay *if* using SSL.

net_ldap_args

What other args should be passed to Net::LDAP->new($host,@args)?

syntax highlighting: