Hi there!
We’ve been running RT for some months now with a local user database for
our agents and also for the auto-created users when they submit tickets.
Now we want to start using RT system-wide and we’d like to exploit LDAP
authentication (towards our corporate Active Directory). So the question
is basically if it’s possible to convert/migrate to using LDAP and still
keep the history for the tickets already in the system (currently around
1500). We’ve made sure to use the same username in the local database as
the one present in Active Directory, so it should be easy to just
migrate/convert, but I’m not at all sure how to do this. Can someone
give me some pointers?
And what about groups in LDAP? Can these be exploited as well?
is basically if it’s possible to convert/migrate to using LDAP and still
keep the history for the tickets already in the system (currently around
1500). We’ve made sure to use the same username in the local database as
the one present in Active Directory, so it should be easy to just
migrate/convert, but I’m not at all sure how to do this. Can someone
give me some pointers?
Since your usernames match LDAP, all you have to do is install and
configure RT-Authen-ExternalAuth.
And what about groups in LDAP? Can these be exploited as well?
RT-Extension-LDAPImport’s documentation covers how to import groups.
-kevin
is basically if it’s possible to convert/migrate to using LDAP and still
keep the history for the tickets already in the system (currently around
1500). We’ve made sure to use the same username in the local database as
the one present in Active Directory, so it should be easy to just
migrate/convert, but I’m not at all sure how to do this. Can someone
give me some pointers?
Since your usernames match LDAP, all you have to do is install and
configure RT-Authen-ExternalAuth.
Ok, but I still have to create a local corresponding user for these
users to be able to be privileged and able to use RT as agents, right?
This module is just for authenticating against LDAP? And I guess I have
to use RT-Extension-LDAPImport for this? But there’s no way to sync all
these details without having to use import jobs?
Hi.
I’ve never switched from an existing local database to LDAP so I don’t know anything about that.
However, we have used the RT-Authen-ExternalAuth module (slightly modified) with great success here.
With that extension (and the accompanying autocreate user settings in RT_SiteConfig.pm), the users get created as they connect with RT (via email and/or BBI).
Yes, I do run the LDAPImport (modified) daily but that is more to update existing user fields and group memberships than it is to import users and groups initially.
In other words, it means less work for me maintaining the user database and current group memberships!
We like it here also because we then use Kerberos on Apache to auto-authenticate the users with their current domain login credentials (e.g. SSO).
On 01/30/2014 04:53 PM, Kevin Falcone wrote:
On Thu, Jan 30, 2014 at 09:44:51AM +0100, Marius Flage wrote:
is basically if it’s possible to convert/migrate to using LDAP and
still keep the history for the tickets already in the system
(currently around 1500). We’ve made sure to use the same username in
the local database as the one present in Active Directory, so it
should be easy to just migrate/convert, but I’m not at all sure how
to do this. Can someone give me some pointers?
Since your usernames match LDAP, all you have to do is install and
configure RT-Authen-ExternalAuth.
Ok, but I still have to create a local corresponding user for these users to be able to be privileged and able to use RT as agents, right?
This module is just for authenticating against LDAP? And I guess I have to use RT-Extension-LDAPImport for this? But there’s no way to sync all these details without having to use import jobs?