AD Integration

Quark_IT_Hilton_Trav · January 14, 2005, 7:17am

Hi All,

Laugh as you may (go on, we all need a good laugh from time to time), we
run our business here on a Microsoft Windows SBS 2003 box. As many
(actually, pretty much all) of our clients are purely Microsoft or
MS/Apple shops, this is ideal as it means that we use daily what we
sell, recommend, install and support for our clients.

Anyway, what would be really nice for us is to have RT utilize AD
for its client database - all of our client contact details are stored
in AD (Exchange 2003) and we don’t really relish the thought that if we
implement RT here (and it looks REALLY likely) we’ll then have 2 totally
unrelated client databases that will have the tendency to get out of
sync.

Anyone done/doing this? My Linux knowledge is getting less and less
with each passing day. However some decent pointers will allow me to
pester people I know if I start getting lost.

Hhmmm, I really should start playing a bit more with Linux. I’m
starting to miss it here - back onto a Win XP desktop myself after nigh
on 3 years of a Linux desktop.

Regards,

Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark AudioVisual http://www.quarkav.net

http://www.threatcode.com/ ← its now time to shame poor coders
into writing code that is acceptable for use on today’s networks

War doesn’t determine who is right. War determines who is left.

This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.

Matthew_Watson3 · January 14, 2005, 7:29am

We have done this to some extend, not so much with our clients, but
certainly with our staff.

We get all our staff auth from AD, using a custom apache auth handler
and turning on RTs external auth.

We also manage all group membership in AD and use a perl script to sync
that with RT3’s groups, this script also adds new staff (or will very
soon) and disables old staff as needed.

Probably not exactly what you are after, but you can get at pretty much
everything in AD using Net::LDAP, although it is a little slow, I’d
imagine it wouldn’t be a massive chore to either sync the user details
with AD, or even to pull it directly from AD when appropriate.

Any just to see if we can start a flame war… Stick with XP… Linux on
the desktop is a joke, for a server, its great.

Regards,
Matt.

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-
bounces@lists.bestpractical.com] On Behalf Of Quark IT - Hilton Travis
Sent: Friday, January 14, 2005 3:17 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] AD Integration

Hi All,

Laugh as you may (go on, we all need a good laugh from time to time),
we
run our business here on a Microsoft Windows SBS 2003 box. As many
(actually, pretty much all) of our clients are purely Microsoft or
MS/Apple shops, this is ideal as it means that we use daily what we
sell, recommend, install and support for our clients.

Anyway, what would be really nice for us is to have RT utilize AD
for its client database - all of our client contact details are stored
in AD (Exchange 2003) and we don’t really relish the thought that if
we
implement RT here (and it looks REALLY likely) we’ll then have 2
totally
unrelated client databases that will have the tendency to get out of
sync.

Anyone done/doing this? My Linux knowledge is getting less and less
with each passing day. However some decent pointers will allow me to
pester people I know if I start getting lost.

Hhmmm, I really should start playing a bit more with Linux. I’m
starting to miss it here - back onto a Win XP desktop myself after
nigh
on 3 years of a Linux desktop.

–

Regards,

This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. Please notify the sender
immediately by email if you have received this email by mistake and delete this email
from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for the presence of
viruses. The organisation accepts no liability for any damage caused by any virus
transmitted by this email.

seph1 · January 17, 2005, 12:52am

Anyway, what would be really nice for us is to have RT utilize AD
for its client database - all of our client contact details are stored
in AD (Exchange 2003) and we don’t really relish the thought that if we
implement RT here (and it looks REALLY likely) we’ll then have 2 totally
unrelated client databases that will have the tendency to get out of
sync.

2 ways to do this, you can look at the big ldap user patch, which
moves uses an external ldap store for the user info (and AD is just
ldap). Or, you could write some sort of export and sync tool to sync
the RT accounts to the AD masters.

You’ll probably also want to look at using RT’s external auth, and
having apache auth against AD. Either by ldap, or with mod_auth_kerb
if you’re feeling slick.

seph