I’m using ExternalAuth, it works well and I would recommend it.
I ran into a couple of implementation issues because 1) my AD User
Objects lacked an E-mail address, and 2) many of my users had submitted
tickets via E-mail and had rt accounts autocreated with their RT
username being their E-mail address.
The empty E-mail Addresses in the AD User object causes problems when a
new user sends an E-mail to RT. A user account gets created with
information from AD, but then mailgateway fails to find that user
because the account has a null E-mail address.
This meant that I had to update all my AD user objects, adding in their
E-mail address, and update my procedures for “Adding a User”, but it all
seems good now.
The existing RT autocreated users needed to have their RT Username
updated to match their AD account name (specifically the sAMAccountName)
so that they could login to the RT web interface with the AD account
name and password.
BrianOn Tue, 2008-08-26 at 08:20 +0200, Gerrit Kilian wrote:
I need to let RT authenticate users through AD. We have a number of
levels in our AD structure to separate users on geographical and
departmental reasons. On the best practice website I have read that
there are three ways:
Mike Peachey’s RT:Authen::ExternalAuth extension
Jim Meyer’s User_Local Overlay(Deprecated)
Which of the three ways had work for you well and would you recommend?
DGB (Pty) Ltd
IT Support supervisor
Community help: http://wiki.bestpractical.com
Commercial support: firstname.lastname@example.org
Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com