How to mix Internal method just for admin user and ldap method for all other users

Hi,

I am a problem :frowning:
I succeed to configure RT to auth users by the classical method. And in
another configuration, with the documentation on-line, I succeed to
configure RT to auth users with my ldap (using User_Local.pm, and
changing RT_SiteConfig.pm and RT_Config)

But I would like to configure RT to authenticate my admin user (who is
root and is not my LDAP, and I doesn’t want this user in my ldap) by
Internal method, and authenticate my others users by LDAP method.
Because when I try, just LDAP users can be authenticate, but I can’t be
authenticate with my admin user (root).

Is it possible to mixed the authentification methods just internal
method for root and ldap method for all other users ? I think that yes,
and is what somebody would have the kindness to say to me what are the
parameters to set … ?

thank you in advance for yours answers

PS: I am so sorry for my English, I am very bad but I try to improve it :wink:
But I hope that I have nevertheless succeeds in rendering comprehensible
me.

K�vin

[Sat Oct 28 06:58:16 2006] [debug]: RT::User::IsPassword auth method
IsInternalPassword FAILED
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:291)
[Sat Oct 28 06:58:16 2006] [debug]: Trying LDAP authentication
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:153)
[Sat Oct 28 06:58:17 2006] [info]: RT::User::IsLDAPPassword AUTH FAILED:
root <== normal root is not in LDAP
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:182)
[Sat Oct 28 06:58:17 2006] [debug]: RT::User::IsPassword auth method
IsLDAPPassword FAILED
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:291)
[Sat Oct 28 06:58:17 2006] [error]: FAILED LOGIN for root from 127.0.0.1
(/usr/share/request-tracker3.4/html/autohandler:191

Hi,

I am a problem :frowning:
I succeed to configure RT to auth users by the classical method. And in
another configuration, with the documentation on-line, I succeed to
configure RT to auth users with my ldap (using User_Local.pm, and
changing RT_SiteConfig.pm and RT_Config)

But I would like to configure RT to authenticate my admin user (who is
root and is not my LDAP, and I doesn’t want this user in my ldap) by
Internal method, and authenticate my others users by LDAP method.
Because when I try, just LDAP users can be authenticate, but I can’t be
authenticate with my admin user (root).

Is it possible to mixed the authentification methods just internal
method for root and ldap method for all other users ? I think that yes,
and is what somebody would have the kindness to say to me what are the
parameters to set … ?

thank you in advance for yours answers

PS: I am so sorry for my English, I am very bad but I try to improve it :wink:
But I hope that I have nevertheless succeeds in rendering comprehensible
me.
And Just for information, I use Debian Sarge with RT-3.4

K�vin

[Sat Oct 28 06:58:16 2006] [debug]: RT::User::IsPassword auth method
IsInternalPassword FAILED
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:291)
[Sat Oct 28 06:58:16 2006] [debug]: Trying LDAP authentication
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:153)
[Sat Oct 28 06:58:17 2006] [info]: RT::User::IsLDAPPassword AUTH FAILED:
root <== normal root is not in LDAP
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:182)
[Sat Oct 28 06:58:17 2006] [debug]: RT::User::IsPassword auth method
IsLDAPPassword FAILED
(/usr/share/request-tracker3.4/lib/RT/User_Local.pm:291)
[Sat Oct 28 06:58:17 2006] [error]: FAILED LOGIN for root from 127.0.0.1
(/usr/share/request-tracker3.4/html/autohandler:191

Hi,

I am a problem :frowning:
I succeed to configure RT to auth users by the classical method. And in
another configuration, with the documentation on-line, I succeed to
configure RT to auth users with my ldap (using User_Local.pm, and
changing RT_SiteConfig.pm and RT_Config)

But I would like to configure RT to authenticate my admin user (who is
root and is not my LDAP, and I doesn’t want this user in my ldap) by
Internal method, and authenticate my others users by LDAP method.
Because when I try, just LDAP users can be authenticate, but I can’t be
authenticate with my admin user (root).

Is it possible to mixed the authentification methods just internal
method for root and ldap method for all other users ? I think that yes,
and is what somebody would have the kindness to say to me what are the
parameters to set … ?

I’ve done something quite similar by accident. Note this in your RT_Siteconfig.pm
Set($WebFallbackToInternalAuth , 1);

This means that when RT executes, if $ENV{REMOTE_USER} is already set
(via mod_ldap), use that. But if it is not set, then fall back to
RT’s internal authentication.

So, the trick is to have two different urls, one of which invokes
mod_ldap, and the other doesn’t.

In my particular case, UIC Bluestem ID Server uses
mod_bluestem (very similar to mod_ldap from an apache point of view),
and http://helpdesk.uic.edu/accc/ does not, and therefore falls back
to RT internal authentication. You don’t have to use the ssl/no-ssl distinction,
of course, I just happened to. (And I’m careful about when I use the non-ssl logon.)


ScriptAlias /accc /usr/local/rt/production/bin/mason_handler.fcgi

SetHandler ldap-status Require valid-user

Hope that helps.
bobg