External Authentication in RT?

Is is possible to authenticate users that logon to the RT3 WebUI against an
AD domain?? Or even an LDAP server?? Right now I’m maintaining a number of
user databases (RT website, Support website etc) and I’d like to integrate
them all using a single authentication protocol.

Thanks

Stevo

Stevo wrote:

Is is possible to authenticate users that logon to the RT3 WebUI against an
AD domain?? Or even an LDAP server?? Right now I’m maintaining a number of
user databases (RT website, Support website etc) and I’d like to integrate
them all using a single authentication protocol.
LDAP is possible as remember. Look in archive for last two months.

In short, yes. Various ways, mine is:
Searching through the archives will find other methods.

(httpd.conf below is for Apache 1.3.28 , modperl1)

<VirtualHost 10.1.1.3>
ServerName rt.xxxx.com
DocumentRoot /usr/local/www/data/rt3/share/html
AddDefaultCharset UTF-8

PerlModule Apache::DBI
PerlRequire /usr/local/www/data/rt3/bin/webmux.pl

RewriteEngine On RewriteLog /var/log/apache/rewrite.log RewriteLogLevel 0 RewriteRule ^/([0-9]+)$ /Ticket/Display.html?id=$1 [R] [L] RewriteRule ^/([^/.]+)$ /Search/Listing.html?ShowQueue=$1 [R] [L] AuthName "RT Authentication" AuthType Basic PerlSetVar LDAPServer nts009.xxx.com PerlSetVar LDAPPort 389 PerlAuthenHandler Apache::AuthNetLDAP require valid-user Satisfy any order deny,allow allow from 127.0.0.1 deny from all SetHandler perl-script PerlHandler RT::Mason

Is is possible to authenticate users that logon to the RT3 WebUI against an
AD domain?? Or even an LDAP server?? Right now I’m maintaining a number of
user databases (RT website, Support website etc) and I’d like to integrate
them all using a single authentication protocol.

this gets answered a couple times a month on rt-users. read the
archives, or search them.

seph

Is is possible to authenticate users that logon to the RT3 WebUI against an
AD domain?? Or even an LDAP server?? Right now I’m maintaining a number of
user databases (RT website, Support website etc) and I’d like to integrate
them all using a single authentication protocol.

If you are using a platform that supports PAM you can
configure PAM for system-level authentication, then use
mod_auth_pam for apache authentication. I’m using that
against an NT domain controller with pam configured to
use SMB (on RedHat you can set this up with authconfig).

For system logins to work you still have to create the
user accounts, but for http you can specify:
account required pam_permit.so
for the account section to allow any user that
can authenticate.

This should keep working even if the PAM layer changes
to LDAP or some other authentication method.

Les Mikesell
les@futuresource.com