Provided by: rt4-extension-authenexternalauth_0.17-1_all bug

NAME

       RT::Authen::ExternalAuth::LDAP - LDAP source for RT authentication

DESCRIPTION

       Provides the LDAP implementation for RT::Authen::ExternalAuth.

SYNOPSIS

           Set($ExternalSettings, {
               # AN EXAMPLE LDAP SERVICE
               'My_LDAP'       =>  {
                   'type'                      =>  'ldap',

                   'server'                    =>  'server.domain.tld',
                   'user'                      =>  'rt_ldap_username',
                   'pass'                      =>  'rt_ldap_password',

                   'base'                      =>  'ou=Organisational Unit,dc=domain,dc=TLD',
                   'filter'                    =>  '(FILTER_STRING)',
                   'd_filter'                  =>  '(FILTER_STRING)',

                   'group'                     =>  'GROUP_NAME',
                   'group_attr'                =>  'GROUP_ATTR',

                   'tls'                       =>  0,
                   'ssl_version'               =>  3,

                   'net_ldap_args'             => [    version =>  3   ],

                   'attr_match_list' => [
                       'Name',
                       'EmailAddress',
                       'RealName',
                       'WorkPhone',
                       'Address2'
                   ],
                   'attr_map' => {
                       'Name' => 'sAMAccountName',
                       'EmailAddress' => 'mail',
                       'Organization' => 'physicalDeliveryOfficeName',
                       'RealName' => 'cn',
                       'ExternalAuthId' => 'sAMAccountName',
                       'Gecos' => 'sAMAccountName',
                       'WorkPhone' => 'telephoneNumber',
                       'Address1' => 'streetAddress',
                       'City' => 'l',
                       'State' => 'st',
                       'Zip' => 'postalCode',
                       'Country' => 'co'
                   },
               },
           } );

CONFIGURATION

       LDAP-specific options are described here. Shared options are described in the
       etc/RT_SiteConfig.pm file included in this distribution.

       The example in the "SYNOPSIS" lists all available options and they are described below.
       Note that many of these values are specific to LDAP, so you should consult your LDAP
       documentation for details.

       server
           The server hosting the LDAP or AD service.

       user, pass
           The username and password RT should use to connect to the LDAP server.

           If you can bind to your LDAP server anonymously you shouldn't set these options.

       base
           The LDAP search base.

       filter
           The filter to use to match RT users. You must specify it and it must be a valid LDAP
           filter encased in parentheses.

           For example:

               filter => '(objectClass=*)',

       d_filter
           The filter that will only match disabled users. Optional.  Must be a valid LDAP filter
           encased in parentheses.

           For example with Active Directory the following can be used:

               d_filter => '(userAccountControl:1.2.840.113556.1.4.803:=2)'

       group
           Does authentication depend on group membership? What group name?

       group_attr
           What is the attribute for the group object that determines membership?

       group_scope
           What is the scope of the group search? "base", "one" or "sub".  Optional; defaults to
           "base", which is good enough for most cases.  "sub" is appropriate when you have
           nested groups.

       group_attr_value
           What is the attribute of the user entry that should be matched against group_attr
           above? Optional; defaults to "dn".

       tls Should we try to use TLS to encrypt connections?

       ssl_version
           SSL Version to provide to Net::SSLeay *if* using SSL.

       net_ldap_args
           What other args should be passed to Net::LDAP->new($host,@args)?