RT-Extension-LDAPImport INSTALLATION How to install: 1. perl Makefile.PL 2. make 3. make install (may need root permissions) 4. Edit your /opt/rt3/etc/RT_SiteConfig.pm Set(@Plugins, qw(RT::Extension::LDAPImport)); or add RT::Extension::LDAPImport to your existing @Plugins line 5. Clear your mason cache rm -rf /opt/rt3/var/mason_data/obj 6. Restart your webserver This will install an rtldapimport script and the RT::Extension::LDAPImport module. CONFIGURATION There are several config variables which must be set in your RT_SiteConfig file Hostname or ldap(s):// uri Set($LDAPHost,'our.ldap.host'); Your LDAP username or DN Leaving this unset will cause us to use an anonymous bind Set($LDAPUser, 'uid=foo,ou=users,dc=example,dc=com'); Your LDAP Password Set($LDAPPassword, 'ldap pass'); Where to search Set($LDAPBase, 'ou=People,o=Our Place'); The search filter to apply (in this case, find all the bobs) Set($LDAPFilter, '(&(cn = bob*))'); A mapping of Attribute in RT => Attribute in LDAP (this has changed since version 1, which was the other way around) Set($LDAPMapping, {Name => 'uid', EmailAddress => 'mail', RealName => 'cn', WorkPhone => 'telephoneNumber', Organization => 'departmentName'}); The LDAP attributes can also be an arrayref of LDAP fields WorkPhone => [qw/CompanyPhone Extension/] which will be concatenated together with a space The LDAP attribute can also be a subroutine reference that returns either an arrayref or a list of attributes By default users are created as Unprivileged, but you can change this by setting $LDAPCreatePrivileged to 1. For more information on these see the import_users documentation in RT::Extension::LDAPImport The Group new users belong to (optional) All new users will belong to the 'Imported from LDAP' group You can change the name of this group using the $LDAPGroupName variable Set($LDAPGroupName,'Imported Users'); If you would like to prevent users from being added to any additional groups, you can set this to true: Set($LDAPSkipAutogeneratedGroup, 1); Should we update existing users (optional) By default, existing users are skipped. If you turn on LDAPUpdateUsers, we will clobber existing data with data from LDAP. Set($LDAPUpdateUsers,1); Should we import new users or just update existing ones? By default, we create users who don't exist in RT but do match your LDAP filter and obey $LDAPUpdateUsers for existing users. This setting overrides $LDAPUpdateUsers but won't create users who are found in LDAP but not in RT. Set($LDAPUpdateOnly,1); Where to search for groups to import Set($LDAPGroupBase, 'ou=Groups,o=Our Place'); The search filter to apply (in this case, find all the bobs) Set($LDAPGroupFilter, '(&(cn = bob*))'); A mapping of Attribute in RT => Attribute in LDAP (this has changed since version 1, which was the other way around) Set($LDAPGroupMapping, {Name => 'cn', Member_Attr => 'member'}); The mapping logic is the same as the LDAPMapping. There is one important special-case variable, Member_Attr Use this to tell the importer which attribute will contain DNs of group members If you do not specify a Description attribute, it will be filled with 'Imported from LDAP' RUNNING THE IMPORT If RT is not installed in /opt/rt3, you will need to change the use lib '/opt/rt3/lib'; line in rtldapimport to point to the directory where RT.pm can be found executing rtldapimport will run a test that connects to your LDAP server and prints out a list of the users found. To see more about these users, include the --debug flag. executing rtldapimport with the --import flag will cause it to import users into your RT database. It is recommended that you make a database backup before doing this. rtldapimport can be run with a --debug flag that will make it print a lot of information to the screen. That debug information is also sent to the RT log with the debug level. Errors are logged to the screen and to the RT log DEPENDENCIES Class::Accessor Net::LDAP RT: 3.6.x COPYRIGHT AND LICENCE Copyright (C) 2007-2009, Best Practical Solutions LLC. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.