RT-Extension-LDAPImport
INSTALLATION
How to install:
1. perl Makefile.PL
2. make
3. make install (may need root permissions)
4. Edit your /opt/rt3/etc/RT_SiteConfig.pm
Set(@Plugins, qw(RT::Extension::LDAPImport));
or add RT::Extension::LDAPImport to your existing @Plugins line
5. Clear your mason cache
rm -rf /opt/rt3/var/mason_data/obj
6. Restart your webserver
This will install an rtldapimport script and the RT::Extension::LDAPImport
module.
CONFIGURATION
There are several config variables which must be set in
your RT_SiteConfig file
Hostname or ldap(s):// uri
Set($LDAPHost,'our.ldap.host');
Your LDAP username or DN
Leaving this unset will cause us to use an anonymous bind
Set($LDAPUser, 'uid=foo,ou=users,dc=example,dc=com');
Your LDAP Password
Set($LDAPPassword, 'ldap pass');
Where to search
Set($LDAPBase, 'ou=People,o=Our Place');
The search filter to apply (in this case, find all the bobs)
Set($LDAPFilter, '(&(cn = bob*))');
A mapping of
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
Set($LDAPMapping, {Name => 'uid',
EmailAddress => 'mail',
RealName => 'cn',
WorkPhone => 'telephoneNumber',
Organization => 'departmentName'});
The LDAP attributes can also be an arrayref of LDAP fields
WorkPhone => [qw/CompanyPhone Extension/]
which will be concatenated together with a space
The LDAP attribute can also be a subroutine reference
that returns either an arrayref or a list of attributes
By default users are created as Unprivileged, but you can change this by
setting $LDAPCreatePrivileged to 1.
For more information on these see the import_users documentation
in RT::Extension::LDAPImport
The Group new users belong to (optional)
All new users will belong to the 'Imported from LDAP' group
You can change the name of this group using the $LDAPGroupName
variable
Set($LDAPGroupName,'Imported Users');
If you would like to prevent users from being added to any
additional groups, you can set this to true:
Set($LDAPSkipAutogeneratedGroup, 1);
Should we update existing users (optional)
By default, existing users are skipped. If you
turn on LDAPUpdateUsers, we will clobber existing
data with data from LDAP.
Set($LDAPUpdateUsers,1);
Should we import new users or just update existing ones?
By default, we create users who don't exist in RT but do
match your LDAP filter and obey $LDAPUpdateUsers for existing
users. This setting overrides $LDAPUpdateUsers but won't create
users who are found in LDAP but not in RT.
Set($LDAPUpdateOnly,1);
Where to search for groups to import
Set($LDAPGroupBase, 'ou=Groups,o=Our Place');
The search filter to apply (in this case, find all the bobs)
Set($LDAPGroupFilter, '(&(cn = bob*))');
A mapping of
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
Set($LDAPGroupMapping, {Name => 'cn',
Member_Attr => 'member'});
The mapping logic is the same as the LDAPMapping.
There is one important special-case variable, Member_Attr
Use this to tell the importer which attribute will contain DNs of group members
If you do not specify a Description attribute, it will be filled with
'Imported from LDAP'
RUNNING THE IMPORT
If RT is not installed in /opt/rt3, you will need to change the
use lib '/opt/rt3/lib';
line in rtldapimport to point to the directory where RT.pm can be found
executing rtldapimport will run a test that connects to your LDAP server
and prints out a list of the users found. To see more about these users,
include the --debug flag.
executing rtldapimport with the --import flag will cause it to import
users into your RT database. It is recommended that you make a database
backup before doing this.
rtldapimport can be run with a --debug flag that will make it
print a lot of information to the screen.
That debug information is also sent to the RT log with the debug level.
Errors are logged to the screen and to the RT log
DEPENDENCIES
Class::Accessor
Net::LDAP
RT: 3.6.x
COPYRIGHT AND LICENCE
Copyright (C) 2007-2009, Best Practical Solutions LLC.
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.