RT-Extension-LDAPImport
INSTALLATION
How to install:
This will install an rtldapimport script and the RT::Extension::LDAPImport module.
CONFIGURATION
There are several config variables which must be set in your RT_SiteConfig file
Hostname or ldap(s):// uri
Set($LDAPHost,'our.ldap.host');
Your LDAP username or DN
Leaving this unset will cause us to use an anonymous bind
Set($LDAPUser, 'uid=foo,ou=users,dc=example,dc=com');
Your LDAP Password
Set($LDAPPassword, 'ldap pass');
Where to search
Set($LDAPBase, 'ou=People,o=Our Place');
The search filter to apply (in this case, find all the bobs) Set($LDAPFilter, '(&(cn = bob*))');
A mapping of
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
Set($LDAPMapping, {Name => 'uid',
EmailAddress => 'mail',
RealName => 'cn',
WorkPhone => 'telephoneNumber',
Organization => 'departmentName'});
The LDAP attributes can also be an arrayref of LDAP fields WorkPhone => [qw/CompanyPhone Extension/] which will be concatenated together with a space
The LDAP attribute can also be a subroutine reference that returns either an arrayref or a list of attributes
By default users are created as Unprivileged, but you can change this by setting $LDAPCreatePrivileged to 1.
For more information on these see the import_users documentation in RT::Extension::LDAPImport
The Group new users belong to (optional)
All new users will belong to the 'Imported from LDAP' group
You can change the name of this group using the $LDAPGroupName
variable
Set($LDAPGroupName,'Imported Users');
If you would like to prevent users from being added to any
additional groups, you can set this to true:
Set($LDAPSkipAutogeneratedGroup, 1);
Should we update existing users (optional)
By default, existing users are skipped. If you
turn on LDAPUpdateUsers, we will clobber existing
data with data from LDAP.
Set($LDAPUpdateUsers,1);
Should we import new users or just update existing ones? By default, we create users who don't exist in RT but do match your LDAP filter and obey $LDAPUpdateUsers for existing users. This setting overrides $LDAPUpdateUsers but won't create users who are found in LDAP but not in RT. Set($LDAPUpdateOnly,1);
Where to search for groups to import
Set($LDAPGroupBase, 'ou=Groups,o=Our Place');
The search filter to apply (in this case, find all the bobs) Set($LDAPGroupFilter, '(&(cn = bob*))');
A mapping of
Attribute in RT => Attribute in LDAP
(this has changed since version 1, which was the other way around)
Set($LDAPGroupMapping, {Name => 'cn',
Member_Attr => 'member'});
The mapping logic is the same as the LDAPMapping. There is one important special-case variable, Member_Attr Use this to tell the importer which attribute will contain DNs of group members If you do not specify a Description attribute, it will be filled with 'Imported from LDAP'
RUNNING THE IMPORT
If RT is not installed in /opt/rt3, you will need to change the
use lib '/opt/rt3/lib';
line in rtldapimport to point to the directory where RT.pm can be found
executing rtldapimport will run a test that connects to your LDAP server and prints out a list of the users found. To see more about these users, include the --debug flag.
executing rtldapimport with the --import flag will cause it to import users into your RT database. It is recommended that you make a database backup before doing this.
rtldapimport can be run with a --debug flag that will make it print a lot of information to the screen.
That debug information is also sent to the RT log with the debug level. Errors are logged to the screen and to the RT log
DEPENDENCIES
Class::Accessor
Net::LDAP
RT: 3.6.x
COPYRIGHT AND LICENCE
Copyright (C) 2007-2009, Best Practical Solutions LLC.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.