So I have a shiny new installation of 3.0.3. We want to use our
existing user database for most of the obvious reasons.
I have seen the $LookupSenderInExternalDatabase option but I can not
find any docs that explain how to make it work. From the contrib dir on
the ftp site I found some code for LDAP authentication but no help in
integrating it.
Also, from reading the docs it is not clear to me how users are
authenticated from the web login. Does it use the same method as the
e-mail interface? Can it?
I haven’t done this with LDAP but I have with Samba. What you’re going
to want to do is tell RT to let apache handle authentication, and
configure apache to do what you want. In RT2 you add a line
$WebExternalAuth = 1;
and you’re golden. Can’t speak for 3 yet.
rickOn Wed, 25 Jun 2003, Sean Perry wrote:
So I have a shiny new installation of 3.0.3. We want to use our
existing user database for most of the obvious reasons.
I have seen the $LookupSenderInExternalDatabase option but I can not
find any docs that explain how to make it work. From the contrib dir on
the ftp site I found some code for LDAP authentication but no help in
integrating it.
Also, from reading the docs it is not clear to me how users are
authenticated from the web login. Does it use the same method as the
e-mail interface? Can it?
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
Rick Rezinas 503-889-7091
Unix Systems Administrator
Qsent, Inc.
When Gladstone was British Prime Minister he visited Michael Faraday’s
laboratory and asked if some esoteric substance called `Electricity’
would ever have practical significance.
“One day, sir, you will tax it,” was the answer.
– Science, 1994
Sean,
$LookupSender is a relic of RT2 and is ignored in RT3. What you need to do
is the following:
-
Place attached LDAP.pm (after your own local modifications) into
/opt/rt3/local/lib/RT/Interface/Email/Auth (you may need to create this
directory tree). Create a symbolic link from
/op/rt3/lib/RT/Interface/Email/Auth/LDAP.pm to
/opt/rt3/local/lib/RT/Interface/Email/Auth/LDAP.pm.
-
Alter /opt/rt3/etc/RT_SiteConfig.pm to include the following
@RT::MailPlugins =
(
"Auth::LDAP"
);
You may wish to include other plugins. More information on this topic can
be found within the rt-mailgate POD.
Thanks,
Christian
Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group
Sean Perry sean.perry@intransa.com
Sent by: rt-users-admin@lists.fsck.com
06/25/03 03:11 PMTo: rt-users@lists.fsck.com
cc:
Subject: [rt-users] integration with LDAP / Active Directory
So I have a shiny new installation of 3.0.3. We want to use our
existing user database for most of the obvious reasons.
I have seen the $LookupSenderInExternalDatabase option but I can not
find any docs that explain how to make it work. From the contrib dir on
the ftp site I found some code for LDAP authentication but no help in
integrating it.
Also, from reading the docs it is not clear to me how users are
authenticated from the web login. Does it use the same method as the
e-mail interface? Can it?
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
LDAP.pm (7.33 KB)
Christian Gilmore wrote:
Sean,
$LookupSender is a relic of RT2 and is ignored in RT3. What you need to
do is the following:
thanks for the info, will read the code and play around with it.
Based on this, it seems that the web login and the mail authentication
are two very different entities. Is there a way to join them? It’s the
same pool of users so why have to authentication styles? (for me
anyways, obviously other installs may be different)
Since I use external authentication (ie, apache authenticates instead of
RT), I’ve never been concerned with closer integration. I purposely want
to separate authentication systems from the applications. To use external
authentication, you’ll need to configure RT_SiteConfig.pm to have
Set($WebExternalAuth, 1) and apache to authenticate against an LDAP. There
are multiple options here. I personally use Apache::AuthenLDAP and
Apache::AuthzLDAP with Apache::AuthenCache and Apache::AuthzCache wrapped
around for efficiency.
Thanks,
Christian
Christian Gilmore
Technology Leader
GeT Support Application Development
IBM Software Group
Sean Perry sean.perry@intransa.com
Sent by: rt-users-admin@lists.fsck.com
06/25/03 03:51 PMTo: rt-users@lists.fsck.com
cc:
Subject: Re: [rt-users] integration with LDAP / Active Directory
Christian Gilmore wrote:
Sean,
$LookupSender is a relic of RT2 and is ignored in RT3. What you need to
do is the following:
thanks for the info, will read the code and play around with it.
Based on this, it seems that the web login and the mail authentication
are two very different entities. Is there a way to join them? It’s the
same pool of users so why have to authentication styles? (for me
anyways, obviously other installs may be different)
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
Christian Gilmore wrote:
Since I use external authentication (ie, apache authenticates instead of
RT), I’ve never been concerned with closer integration. I purposely want
to separate authentication systems from the applications. To use
external authentication, you’ll need to configure RT_SiteConfig.pm to
have Set($WebExternalAuth, 1) and apache to authenticate against an
LDAP. There are multiple options here. I personally use
Apache::AuthenLDAP and Apache::AuthzLDAP with Apache::AuthenCache and
Apache::AuthzCache wrapped around for efficiency.
Unfortunately, I am using Apache 2.0 so your nifty perl module won’t
work for me.
Will keep looking, the answers here are getting me closer to my goal.
Wish it was easier though, seems like many, many groups would want LDAP
integration.