Initial commit 4.0.5-3
[usit-rt.git] / local / plugins / RT-Authen-ExternalAuth.multiple-emails / etc / RT_SiteConfig.pm
1 # The order in which the services defined in ExternalSettings
2 # should be used to authenticate users. User is authenticated
3 # if successfully confirmed by any service - no more services
4 # are checked.
5 Set($ExternalAuthPriority,  [   'My_LDAP',
6                                 'My_MySQL',
7                                 'My_SSO_Cookie'
8                             ]
9 );
10
11 # The order in which the services defined in ExternalSettings
12 # should be used to get information about users. This includes
13 # RealName, Tel numbers etc, but also whether or not the user
14 # should be considered disabled. 
15 #
16 # Once user info is found, no more services are checked.
17 #
18 # You CANNOT use a SSO cookie for authentication.
19 Set($ExternalInfoPriority,  [   'My_MySQL',
20                                 'My_LDAP'
21                             ]
22 );
23
24 # If this is set to true, then the relevant packages will
25 # be loaded to use SSL/TLS connections. At the moment,
26 # this just means "use Net::SSLeay;"
27 Set($ExternalServiceUsesSSLorTLS,    0);
28
29 # If this is set to 1, then users should be autocreated by RT
30 # as internal users if they fail to authenticate from an
31 # external service.
32 Set($AutoCreateNonExternalUsers,    0);
33
34 # These are the full settings for each external service as a HashOfHashes
35 # Note that you may have as many external services as you wish. They will
36 # be checked in the order specified in the Priority directives above.
37 # e.g. 
38 #   Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']);
39 #
40 Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
41                                 'My_MySQL'   =>  {      ## GENERIC SECTION
42                                                         # The type of service (db/ldap/cookie) 
43                                                         'type'                      =>  'db',
44                                                         # The server hosting the service
45                                                         'server'                    =>  'server.domain.tld',
46                                                         ## SERVICE-SPECIFIC SECTION
47                                                         # The database name
48                                                         'database'                  =>  'DB_NAME',
49                                                         # The database table
50                                                         'table'                     =>  'USERS_TABLE',
51                                                         # The user to connect to the database as
52                                                         'user'                      =>  'DB_USER',
53                                                         # The password to use to connect with
54                                                         'pass'                      =>  'DB_PASS',
55                                                         # The port to use to connect with (e.g. 3306)
56                                                         'port'                      =>  'DB_PORT',
57                                                         # The name of the Perl DBI driver to use (e.g. mysql)
58                                                         'dbi_driver'                =>  'DBI_DRIVER',
59                                                         # The field in the table that holds usernames
60                                                         'u_field'                   =>  'username',
61                                                         # The field in the table that holds passwords
62                                                         'p_field'                   =>  'password',
63                                                         # The Perl package & subroutine used to encrypt passwords
64                                                         # e.g. if the passwords are stored using the MySQL v3.23 "PASSWORD"
65                                                         # function, then you will need Crypt::MySQL::password, but for the
66                                                         # MySQL4+ password function you will need Crypt::MySQL::password41
67                                                         # Alternatively, you could use Digest::MD5::md5_hex or any other
68                                                         # encryption subroutine you can load in your perl installation
69                                                         'p_enc_pkg'                 =>  'Crypt::MySQL',
70                                                         'p_enc_sub'                 =>  'password',
71                                                         # If your p_enc_sub takes a salt as a second parameter, 
72                                                         # uncomment this line to add your salt
73                                                         #'p_salt'                    =>  'SALT',
74                                                         #
75                                                         # The field and values in the table that determines if a user should
76                                                         # be disabled. For example, if the field is 'user_status' and the values
77                                                         # are ['0','1','2','disabled'] then the user will be disabled if their
78                                                         # user_status is set to '0','1','2' or the string 'disabled'.
79                                                         # Otherwise, they will be considered enabled.
80                                                         'd_field'                   =>  'disabled',
81                                                         'd_values'                  =>  ['0'],
82                                                         ## RT ATTRIBUTE MATCHING SECTION
83                                                         # The list of RT attributes that uniquely identify a user
84                                                         'attr_match_list'           =>  [   'Gecos',
85                                                                                             'Name'
86                                                                                         ],
87                                                         # The mapping of RT attributes on to field names
88                                                         'attr_map'                  =>  {   'Name' => 'username',
89                                                                                             'EmailAddress' => 'email',
90                                                                                             'ExternalAuthId' => 'username',
91                                                                                             'Gecos' => 'userID'
92                                                                                         }
93                                                     },
94                                 # AN EXAMPLE LDAP SERVICE
95                                 'My_LDAP'       =>  {   ## GENERIC SECTION
96                                                         # The type of service (db/ldap/cookie) 
97                                                         'type'                      =>  'ldap',
98                                                         # The server hosting the service
99                                                         'server'                    =>  'server.domain.tld',
100                                                         ## SERVICE-SPECIFIC SECTION
101                                                         # If you can bind to your LDAP server anonymously you should 
102                                                         # remove the user and pass config lines, otherwise specify them here:
103                                                         # 
104                                                         # The username RT should use to connect to the LDAP server 
105                                                         'user'                      =>  'rt_ldap_username',
106                                                         # The password RT should use to connect to the LDAP server
107                                                         'pass'                    =>  'rt_ldap_password',
108                                                         #
109                                                         # The LDAP search base
110                                                         'base'                      =>  'ou=Organisational Unit,dc=domain,dc=TLD',
111                                                         #
112                                                         # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
113                                                         # YOU **MUST** SPECIFY A filter AND A d_filter!!
114                                                         #
115                                                         # The filter to use to match RT-Users
116                                                         'filter'                    =>  '(FILTER_STRING)',
117                                                         # A catch-all example filter: '(objectClass=*)'
118                                                         #
119                                                         # The filter that will only match disabled users
120                                                         'd_filter'                  =>  '(FILTER_STRING)',
121                                                         # A catch-none example d_filter: '(objectClass=FooBarBaz)'
122                                                         #
123                                                         # Should we try to use TLS to encrypt connections?
124                                                         'tls'                       =>  0,
125                                                         # SSL Version to provide to Net::SSLeay *if* using SSL
126                                                         'ssl_version'               =>  3,
127                                                         # What other args should I pass to Net::LDAP->new($host,@args)?
128                                                         'net_ldap_args'             => [    version =>  3   ],
129                                                         # Does authentication depend on group membership? What group name?
130                                                         'group'                     =>  'GROUP_NAME',
131                                                         # What is the attribute for the group object that determines membership?
132                                                         'group_attr'                =>  'GROUP_ATTR',
133                                                         ## RT ATTRIBUTE MATCHING SECTION
134                                                         # The list of RT attributes that uniquely identify a user
135                                                         # This example shows what you *can* specify.. I recommend reducing this
136                                                         # to just the Name and EmailAddress to save encountering problems later.
137                                                         'attr_match_list'           => [    'Name',
138                                                                                             'EmailAddress', 
139                                                                                             'RealName',
140                                                                                             'WorkPhone', 
141                                                                                             'Address2'
142                                                                                         ],
143                                                         # The mapping of RT attributes on to LDAP attributes
144                                                         'attr_map'                  =>  {   'Name' => 'sAMAccountName',
145                                                                                             'EmailAddress' => 'mail',
146                                                                                             'Organization' => 'physicalDeliveryOfficeName',
147                                                                                             'RealName' => 'cn',
148                                                                                             'ExternalAuthId' => 'sAMAccountName',
149                                                                                             'Gecos' => 'sAMAccountName',
150                                                                                             'WorkPhone' => 'telephoneNumber',
151                                                                                             'Address1' => 'streetAddress',
152                                                                                             'City' => 'l',
153                                                                                             'State' => 'st',
154                                                                                             'Zip' => 'postalCode',
155                                                                                             'Country' => 'co'
156                                                                                         }
157                                                     },
158                                 # An example SSO cookie service
159                                 'My_SSO_Cookie'  => {   # # The type of service (db/ldap/cookie)
160                                                         'type'                      =>  'cookie',
161                                                         # The name of the cookie to be used
162                                                         'name'                      =>  'loginCookieValue',
163                                                         # The users table
164                                                         'u_table'                   =>  'users',
165                                                         # The username field in the users table
166                                                         'u_field'                   =>  'username',
167                                                         # The field in the users table that uniquely identifies a user
168                                                         # and also exists in the cookies table
169                                                         'u_match_key'               =>  'userID',
170                                                         # The cookies table
171                                                         'c_table'                   =>  'login_cookie',
172                                                         # The field that stores cookie values
173                                                         'c_field'                   =>  'loginCookieValue',
174                                                         # The field in the cookies table that uniquely identifies a user
175                                                         # and also exists in the users table
176                                                         'c_match_key'               =>  'loginCookieUserID',
177                                                         # The DB service in this configuration to use to lookup the cookie information
178                                                         'db_service_name'           =>  'My_MySQL'
179                                                     }
180                                 }
181 );
182
183 1;