Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

This branch is 2 commits ahead, 88 commits behind master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
inc/Module
lib/RT/Extension
t
.gitignore
Changes
INSTALL.SKIP
MANIFEST
MANIFEST.SKIP
META.yml
Makefile.PL
README

README

RT-Extension-LDAPImport

INSTALLATION

How to install:

1. perl Makefile.PL
2. make
3. make install (may need root permissions)
4. Edit your /opt/rt3/etc/RT_SiteConfig.pm 
    Set(@Plugins, qw(RT::Extension::LDAPImport));
    or add RT::Extension::LDAPImport to your existing @Plugins line
5. Clear your mason cache
     rm -rf /opt/rt3/var/mason_data/obj
6. Restart your webserver


This will install an rtldapimport script and the RT::Extension::LDAPImport
module.

CONFIGURATION

There are several config variables which must be set in
your RT_SiteConfig file

Hostname or ldap(s):// uri
 Set($LDAPHost,'our.ldap.host');

Your LDAP username or DN
Leaving this unset will cause us to use an anonymous bind
 Set($LDAPUser, 'uid=foo,ou=users,dc=example,dc=com');

Your LDAP Password
 Set($LDAPPassword, 'ldap pass');

Where to search
 Set($LDAPBase, 'ou=People,o=Our Place');

The search filter to apply (in this case, find all the bobs)
 Set($LDAPFilter, '(&(cn = bob*))');

A mapping of 
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
 Set($LDAPMapping, {Name         => 'uid',
                    EmailAddress => 'mail',
                    RealName     => 'cn',
                    WorkPhone    => 'telephoneNumber',
                    Organization => 'departmentName'});

The LDAP attributes can also be an arrayref of LDAP fields
WorkPhone => [qw/CompanyPhone Extension/] 
which will be concatenated together with a space

The LDAP attribute can also be a subroutine reference
that returns either an arrayref or a list of attributes

By default users are created as Unprivileged, but you can change this by
setting $LDAPCreatePrivileged to 1.

RT will make existing RT users found in LDAP Privileged if you set
$LDAPUpdateSetsPrivileged to 1.

For more information on these see the import_users documentation
in RT::Extension::LDAPImport

The Group new users belong to (optional)
All new users will belong to the 'Imported from LDAP' group
You can change the name of this group using the $LDAPGroupName
variable
 Set($LDAPGroupName,'Imported Users');
If you would like to prevent users from being added to this
group, you can set this to true:
 Set($LDAPSkipAutogeneratedGroup, 1);

Should we update existing users (optional)
By default, existing users are skipped.  If you
turn on LDAPUpdateUsers, we will clobber existing
data with data from LDAP.
 Set($LDAPUpdateUsers,1);

Should we import new users or just update existing ones?
By default, we create users who don't exist in RT but do
match your LDAP filter and obey $LDAPUpdateUsers for existing
users.  This setting overrides $LDAPUpdateUsers but won't create
users who are found in LDAP but not in RT.
 Set($LDAPUpdateOnly,1);

Where to search for groups to import
 Set($LDAPGroupBase, 'ou=Groups,o=Our Place');

The search filter to apply (in this case, find all the bobs)
 Set($LDAPGroupFilter, '(&(cn = bob*))');

A mapping of
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
 Set($LDAPGroupMapping, {Name         => 'cn',
                         Member_Attr  => 'member'});

The mapping logic is the same as the LDAPMapping.
There is one important special-case variable, Member_Attr
Use this to tell the importer which attribute will contain DNs of group members
If you do not specify a Description attribute, it will be filled with
'Imported from LDAP'

RUNNING THE IMPORT

If RT is not installed in /opt/rt3, you will need to change the 
use lib '/opt/rt3/lib';
line in rtldapimport to point to the directory where RT.pm can be found

executing rtldapimport will run a test that connects to your LDAP server
and prints out a list of the users found.  To see more about these users,
include the --debug flag.

executing rtldapimport with the --import flag will cause it to import
users into your RT database.  It is recommended that you make a database
backup before doing this.

rtldapimport can be run with a --debug flag that will make it 
print a lot of information to the screen.

That debug information is also sent to the RT log with the debug level.
Errors are logged to the screen and to the RT log 

DEPENDENCIES

  Class::Accessor
  Net::LDAP
  RT: 3.6.x


COPYRIGHT AND LICENCE

Copyright (C) 2007-2009, Best Practical Solutions LLC.

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
Something went wrong with that request. Please try again.