Skip to content
Perl Perl6
Pull request Compare This branch is 1 commit ahead, 73 commits behind master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.




How to install:

1. perl Makefile.PL
2. make
3. make install (may need root permissions)
4. Edit your /opt/rt3/etc/ 
    Set(@Plugins, qw(RT::Extension::LDAPImport));
    or add RT::Extension::LDAPImport to your existing @Plugins line
5. Clear your mason cache
     rm -rf /opt/rt3/var/mason_data/obj
6. Restart your webserver

This will install an rtldapimport script and the RT::Extension::LDAPImport


There are several config variables which must be set in
your RT_SiteConfig file

Hostname or ldap(s):// uri

Your LDAP username or DN
Leaving this unset will cause us to use an anonymous bind
 Set($LDAPUser, 'uid=foo,ou=users,dc=example,dc=com');

Your LDAP Password
 Set($LDAPPassword, 'ldap pass');

Where to search
 Set($LDAPBase, 'ou=People,o=Our Place');

The search filter to apply (in this case, find all the bobs)
 Set($LDAPFilter, '(&(cn = bob*))');

A mapping of 
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
 Set($LDAPMapping, {Name         => 'uid',
                    EmailAddress => 'mail',
                    RealName     => 'cn',
                    WorkPhone    => 'telephoneNumber',
                    Organization => 'departmentName'});

The LDAP attributes can also be an arrayref of LDAP fields
WorkPhone => [qw/CompanyPhone Extension/] 
which will be concatenated together with a space

The LDAP attribute can also be a subroutine reference
that returns either an arrayref or a list of attributes

By default users are created as Unprivileged, but you can change this by
setting $LDAPCreatePrivileged to 1.

For more information on these see the import_users documentation
in RT::Extension::LDAPImport

The Group new users belong to (optional)
All new users will belong to the 'Imported from LDAP' group
You can change the name of this group using the $LDAPGroupName
 Set($LDAPGroupName,'Imported Users');
If you would like to prevent users from being added to this
group, you can set this to true:
 Set($LDAPSkipAutogeneratedGroup, 1);

Should we update existing users (optional)
By default, existing users are skipped.  If you
turn on LDAPUpdateUsers, we will clobber existing
data with data from LDAP.

Should we import new users or just update existing ones?
By default, we create users who don't exist in RT but do
match your LDAP filter and obey $LDAPUpdateUsers for existing
users.  This setting overrides $LDAPUpdateUsers but won't create
users who are found in LDAP but not in RT.

Where to search for groups to import
 Set($LDAPGroupBase, 'ou=Groups,o=Our Place');

The search filter to apply (in this case, find all the bobs)
 Set($LDAPGroupFilter, '(&(cn = bob*))');

A mapping of
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
 Set($LDAPGroupMapping, {Name               => 'cn',
                         Member_Attr        => 'member',
                         Member_Attr_Value  => 'dn' });

The mapping logic is the same as the LDAPMapping.
There are two important special-case keys, Member_Attr and Member_Attr_Value.
Member_Attr tells the importer which attribute contains group members.
Member_Attr_Value, which defaults to 'dn', specifies what kind of user values
are in Member_Attr.  OpenLDAP, for example, often stores uid instead of dn in

If you do not specify a Description attribute, it will be filled with
'Imported from LDAP'

Your LDAP server may have result size limits.  If it does, you should set
$LDAPSizeLimit appropriately:
 Set($LDAPSizeLimit, 1000);


If RT is not installed in /opt/rt3, you will need to change the 
use lib '/opt/rt3/lib';
line in rtldapimport to point to the directory where can be found

executing rtldapimport will run a test that connects to your LDAP server
and prints out a list of the users found.  To see more about these users,
include the --debug flag.

executing rtldapimport with the --import flag will cause it to import
users into your RT database.  It is recommended that you make a database
backup before doing this.

rtldapimport can be run with a --debug flag that will make it 
print a lot of information to the screen.

That debug information is also sent to the RT log with the debug level.
Errors are logged to the screen and to the RT log 


  RT: 3.6.x


Copyright (C) 2007-2011, Best Practical Solutions LLC.

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
Something went wrong with that request. Please try again.