LDAP authentication

Hi,

I’m trying to get some form of LDAP authentication to work. Looked at the various
submitted scripts, etc…

I’m still failing to understand (or find any mention of) how true LDAP authentication
should work? IE Username / Password pair verification. It’s obviously possible, as
many Apache modules do it for you. But how is it actually done - and can it be
done through a Perl script?

Ideas anybody?

Thanks
Yan

Yan Fitterer
IT Manager, Royal Academy of Music
E-mail : y.fitterer@ram.ac.uk
Marylebone Rd, London, NW1 5HT
Phone (+44) 20 7873 7365 Fax (+44) 20 7873 7364

Hi,

I’m trying to get some form of LDAP authentication to work. Looked at the
various
submitted scripts, etc…

I’m still failing to understand (or find any mention of) how true LDAP
authentication
should work? IE Username / Password pair verification. It’s obviously
possible, as
many Apache modules do it for you. But how is it actually done - and can it
be
done through a Perl script?

Ideas anybody?

I am trying the same my self, for time being…I have decided to use
Apache-LDAP or Apache-NIS authentication for the users to get to RT webpage,
there they can get into RT without any passwd or their login as the passwd.

But this is temporary though, I am trying to see how to use LDAP
authentication for RT.

regards
-Prasad

“V S R A, Prasad (Prasad)” wrote:

-----Original Message-----
From: Yan Fitterer [mailto:y.fitterer@ram.ac.uk]
Sent: Tuesday, April 30, 2002 12:17 AM
To: rt-users@lists.fsck.com
Subject: [rt-users] LDAP authentication

Hi,

I’m trying to get some form of LDAP authentication to work. Looked at the
various
submitted scripts, etc…

I’m still failing to understand (or find any mention of) how true LDAP
authentication
should work? IE Username / Password pair verification. It’s obviously
possible, as
many Apache modules do it for you. But how is it actually done - and can it
be
done through a Perl script?

The easiest way is to implement ldap authentication on the web server side and
set $WebExternalAuth to a defined value. Since I answered this question a few
times the last week, I think I am going to write a FAQ.

But, to answer Your question, you could write a perl script using the
Perl::LDAP module and try to shove it into RT itself (or run it as an
extension of the web server via mod_perl - but then You can use mod_auth_ldap
as well), but I think that would be overkill.

Regards,
Harald
Harald WagenerAn der Alster 4220099 Hamburg*http://www.fcb-wilkens.com

Well - thanks, but I think by original question was not quite reflecting what I
meant. I understand (hav have read previous posts) the principles about using
Net::LDAP, or the various mod_ldap modules for Apache. What I didn’t
understand was the low-level mechanics about how to authenticate a user against
the LDAP server.

Basically, do you do a LDAP compare operation against some attributes, or do
you just retrieve them, and do the compare yourself? As well, I wasn’t clear
which attributes to use? Finally, when you get to a password field, how does
the encryption works? Does LDAP use the standard unix crypt() function, or does
LDAP specify its own algorythm (and how do you invoke that)?

I think I’ve got now partial answers - let me know if this is correct:

  • The attributes one uses depend on the implementation / setup of each LDAP
    server. The common attribues are uid or cn for the username, and userPassword
    for the password. (I’m using Novell’s NDS) My problem there was that my version
    of Novell / LDAP doesn’t have any password-type field… :frowning:
  • There is no LDAP - defined “authenticate object” type function, you closest to it
    would be a compare.

I’m still not sure about the crypt() issues. I’ve a funny feeling that’s again
implementation-specific. I still don’t see how you’d do it via Net::LDAP, other than
using the standard crypt function.

Still searching…
Thanks
Yan---- On 30 Apr 2002, at 9:55, Harald Wagener wrote: ----

“V S R A, Prasad (Prasad)” wrote:

-----Original Message-----
From: Yan Fitterer [mailto:y.fitterer@ram.ac.uk]
Sent: Tuesday, April 30, 2002 12:17 AM
To: rt-users@lists.fsck.com
Subject: [rt-users] LDAP authentication

Hi,

I’m trying to get some form of LDAP authentication to work. Looked at the
various
submitted scripts, etc…

I’m still failing to understand (or find any mention of) how true LDAP
authentication
should work? IE Username / Password pair verification. It’s obviously
possible, as
many Apache modules do it for you. But how is it actually done - and can it
be
done through a Perl script?

The easiest way is to implement ldap authentication on the web server side and
set $WebExternalAuth to a defined value. Since I answered this question a few
times the last week, I think I am going to write a FAQ.

But, to answer Your question, you could write a perl script using the
Perl::LDAP module and try to shove it into RT itself (or run it as an
extension of the web server via mod_perl - but then You can use mod_auth_ldap
as well), but I think that would be overkill.

Regards,
Harald

Harald WagenerAn der Alster 4220099 Hamburg*http://www.fcb-wilkens.com


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

Yan Fitterer
IT Manager, Royal Academy of Music
E-mail : y.fitterer@ram.ac.uk
Marylebone Rd, London, NW1 5HT
Phone (+44) 20 7873 7365 Fax (+44) 20 7873 7364

Yan Fitterer wrote:

Well - thanks, but I think by original question was not quite reflecting what I
meant. I understand (hav have read previous posts) the principles about using
Net::LDAP, or the various mod_ldap modules for Apache. What I didn’t
understand was the low-level mechanics about how to authenticate a user against
the LDAP server.

[snip]

I think I’ve got now partial answers - let me know if this is correct:

  • The attributes one uses depend on the implementation / setup of each LDAP
    server. The common attribues are uid or cn for the username, and userPassword
    for the password. (I’m using Novell’s NDS) My problem there was that my version
    of Novell / LDAP doesn’t have any password-type field… :frowning:

The important one is the uid, which has to exist for each entry and has to be
unique ove the set of all entries in a container hierarchy (hence it is the
unique identifier).

We have the same setup (nds below ldap)here in our company. the easiest way is
trying to bind against the ldap directory using a username/password
combination. If that works, the password has to be correct. If not, the
password was incorrect. So You don’t need to show the password via the ldap
directory - it’s automatically tested against the password hidden in the nds
layer.

  • There is no LDAP - defined “authenticate object” type function, you closest to it
    would be a compare.

The closest is the bind. Please regard that this data is sent in cleartext, so
unless You setup an SSL encrypted stream, be sure to only do this in an
isolated network.

Regards,
Harald
Harald WagenerAn der Alster 4220099 Hamburg*http://www.fcb-wilkens.com

I think this is starting to drift outside the scope of rt-users. Being that
each implementation of LDAP is vendor specific, a discussion about Novell’s
implementation choices only applies to a small percentage of RT sites. I
see Novel maintains a lot of doco:
http://www.novell.com/documentation/lg/authserv/index.html . Besides, isn’t
the advantage of paying for a product such as NDS-AS that you get
professional support?

Just my opinion…

GeorgeFrom: Harald Wagener [mailto:hwagener@hamburg.fcb.com]
Sent: Tuesday, April 30, 2002 10:41 AM
To: rt-users@lists.fsck.com
Subject: Re: [rt-users] LDAP authentication

Yan Fitterer wrote:

Well - thanks, but I think by original question was not quite reflecting
what I
meant. I understand (hav have read previous posts) the principles about
using
Net::LDAP, or the various mod_ldap modules for Apache. What I didn’t
understand was the low-level mechanics about how to authenticate a user
against
the LDAP server.

[snip]

I think I’ve got now partial answers - let me know if this is correct:

  • The attributes one uses depend on the implementation / setup of each
    LDAP
    server. The common attribues are uid or cn for the username, and
    userPassword
    for the password. (I’m using Novell’s NDS) My problem there was that my
    version
    of Novell / LDAP doesn’t have any password-type field… :frowning:

The important one is the uid, which has to exist for each entry and has to
be
unique ove the set of all entries in a container hierarchy (hence it is the
unique identifier).

We have the same setup (nds below ldap)here in our company. the easiest way
is
trying to bind against the ldap directory using a username/password
combination. If that works, the password has to be correct. If not, the
password was incorrect. So You don’t need to show the password via the ldap
directory - it’s automatically tested against the password hidden in the nds
layer.

  • There is no LDAP - defined “authenticate object” type function, you
    closest to it
    would be a compare.

The closest is the bind. Please regard that this data is sent in cleartext,
so
unless You setup an SSL encrypted stream, be sure to only do this in an
isolated network.

Regards,
Harald
Harald WagenerAn der Alster 4220099 Hamburg*http://www.fcb-wilkens.com

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

This email message may contain information that is confidential and
proprietary to Babcock & Brown or a third party. If you are not the
intended recipient, please contact the sender and destroy the original and
any copies of the original message. Babcock & Brown takes measures to
protect the content of its communications. However, Babcock & Brown cannot
guarantee that email messages will not be intercepted by third parties or
that email messages will be free of errors or viruses.

Does anyone have any words of wisdom for using LDAP to authenticate for
RT? We use LDAP for our intranet authentication, and I’d like to avoid
having to create an RT user for everybody we have in LDAP and having the
ensuing password synchronization problems. Is it as easy as compiling
auth_ldap into Apache?

Mike Jones

Mike Jones wrote:

Does anyone have any words of wisdom for using LDAP to authenticate for
RT? We use LDAP for our intranet authentication, and I’d like to avoid
having to create an RT user for everybody we have in LDAP and having the
ensuing password synchronization problems. Is it as easy as compiling
auth_ldap into Apache?

Mike Jones

Basically, yes. There is $WebExternalAuth in config.pm; using auth_ldap
works swell here. Only gripe: Users created on email ticket submission have
username==email_adress, and I would like to have them only their uid (which,
fortunately, is their email address without @…).

If any questions arise, fell free to contact me.

Regards,
Harald

Harald WagenerAn der Alster 4220099 Hamburg*http://www.fcb-wilkens.com

Does anyone have any words of wisdom for using LDAP to
authenticate for
RT? We use LDAP for our intranet authentication, and I’d like
to avoid
having to create an RT user for everybody we have in LDAP and
having the
ensuing password synchronization problems. Is it as easy as compiling
auth_ldap into Apache?

Not quite, although we do use auth_ldap here for keeping some other stuff
under wraps.

As for LDAP-izing RT, you can find some good examples to mimic in the
contrib area of Jesse’s site:

http://www.fsck.com/pub/rt/contrib/2.0/

Also, here is a message I sent to the list in May detailing how I LDAP-ized
our copy of RT:

http://lists.fsck.com/pipermail/rt-users/2002-May/008527.html

Both of these will end up advising that you install the Net::LDAP module
family.
Kendric Beachey

I read many posts about LDAP, but i’m still confused on how to implement
that :

here is what a understood :

I put in the /opt/rt3/lib/RT/ directory a User_Local.pm file containing
:

no warnings qw(redefine);

{{{ sub IsPassword

Modification Originally by Marcelo Bartsch bartschm_cl@hotmail.com

Update by Stewart James <stewart.james@vu.edu.au for rt3.

Drop this file in /opt/rt3/lib/RT/User_Local.pm

Drop something like below in yout RT_SiteConfig.pm

$LDAPExternalAuth = 1;

$LdapServer=“adress”;

$LdapUser="";

$LdapPass="";

$LdapBase=“dc=domain,dc=com”;

$LdapUidAttr=“uid”;

$LdapFilter="(objectclass=*)";

sub IsPassword {
my $self = shift;
my $value = shift;

    #TODO there isn't any apparent way to legitimately ACL this

    # RT does not allow null passwords
    if ( ( !defined($value) ) or ( $value eq '' ) ) {
            return (undef);
    }

    if ( $self->PrincipalObj->Disabled ) {
            $RT::Logger->info(
                    "Disabled user " . $self->Name . " tried to log

in" );
return (undef);
}

    if ( ($self->__Value('Password') eq '') ||
            ($self->__Value('Password') eq undef) )  {
            return(undef);
    }

    # generate an md5 password
    if ($self->_GeneratePassword($value) eq

$self->__Value(‘Password’)) {
return(1);
}

if it’s a historical password we say ok.

    if (! $RT::LDAPExternalAuth)
    {
            if ($self->__Value('Password') eq crypt($value,

$self->__Value(‘Password’))) {
return (1);
}
else {
return (undef);
}
}
else
{
if ($self->__Value(‘Password’) eq crypt($value,
$self->__Value(‘Password’))) {
return (1);
}
$RT::Logger->info(“Using External Authentication\n”);
use Net::LDAP;

            my $mesg;
            my $ldap = Net::LDAP->new($RT::LdapServer, version=>3)

or $RT::Logger->critical("GetExternalUserWithLDAP: " . “Cannot connect
to LDAP’\n”), return 0;

            # Iseem to have problems is I try and bind with a NULL

username by hand
# So this now checks to see if we are really going to
bind with a
# username.
if (defined($RT::LdapUser) && $RT::LdapUser != ‘’) {
$mesg = $ldap->bind($RT::LdapUser, password
=>$RT::LdapPass );
} else {
$mesg = $ldap->bind;
}
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->critical(“GetExternalUserWithLDAP:
Cannot bind to LDAP:”,
$mesg->code, “\n”);
return 0;
}

            my $filter = "(&(&(objectclass=person)(" .

$RT::LdapUidAttr . “=” . $self->Name ."))$RT::LdapFilter)";
$RT::Logger->debug(“GetExternalUserWithLDAP: First
search filter ‘$filter’\n”);
$mesg = $ldap->search(base => $RT::LdapBase,
filter => $filter,
attrs => [‘dn’]);

            if (($mesg->code != LDAP_SUCCESS) or ($mesg->code !=

LDAP_PARTIAL_RESULTS))
{
$RT::Logger->debug(“GetExternalUserWithLDAP:
Could not search for $filter: “,
$mesg->code, “” ,
ldap_error_name($mesg->code) ,”\n”);
return 0;
}
$RT::Logger->debug("GetExternalUserWithLDAP: First
search produced “,
$mesg->count, " results\n”);
if (! $mesg->count)
{
$RT::Logger->info("AUTH FAILED: " . $self->Name
. “\n”);
return 0;
}
$RT::Logger->debug("LDAP DN: " . $mesg->first_entry->dn
. " " . $value . “\n”);
my $mesg2 = $ldap->bind($mesg->first_entry->dn, password
=>$value );
if ($mesg2->code != LDAP_SUCCESS) {
$RT::Logger->critical(“GetExternalUserWithLDAP:
Cannot bind to LDAP:”,
$mesg2->code, “\n”);
return 0;
}
else
{
$RT::Logger->info("AUTH OK: " . $self->Name . “
(” .$mesg->first_entry->dn . “)\n”);
return 1;
}
}

    # no password check has succeeded. get out

    return (undef);

}

}}}

1;

Next I put in httpd.conf :

LDAP integration

<Directory /opt/rt3/share/html>
AuthType Basic
AuthName "Request Tracker Login"
AuthLDAPURL ldap://ipadress
require valid-user

and in Rt_SiteConfig :

Set ($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);

I know i missed other things but do i have to add to meet with the needs
?

i’m running a RH7.3 - apache 1 - mod_perl 1 - RT 3.0.10

thanks a lot !!

The comments in User_Local.pm indicate that there are seven lines that need to be added to RT_SiteConfig.pm. You didn’t mention if you had done this.

Regards,
Ray-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Sivan DERAY
Sent: Friday, September 24, 2004 10:15 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP authentication

I read many posts about LDAP, but i’m still confused on how to implement that :

here is what a understood :

I put in the /opt/rt3/lib/RT/ directory a User_Local.pm file containing :

no warnings qw(redefine);

{{{ sub IsPassword

Modification Originally by Marcelo Bartsch bartschm_cl@hotmail.com

Update by Stewart James <stewart.james@vu.edu.au for rt3.

Drop this file in /opt/rt3/lib/RT/User_Local.pm

Drop something like below in yout RT_SiteConfig.pm

$LDAPExternalAuth = 1;

$LdapServer=“adress”;

$LdapUser="";

$LdapPass="";

$LdapBase=“dc=domain,dc=com”;

$LdapUidAttr=“uid”;

$LdapFilter="(objectclass=*)";

sub IsPassword {
my $self = shift;
my $value = shift;

    #TODO there isn't any apparent way to legitimately ACL this

    # RT does not allow null passwords
    if ( ( !defined($value) ) or ( $value eq '' ) ) {
            return (undef);
    }

    if ( $self->PrincipalObj->Disabled ) {
            $RT::Logger->info(
                    "Disabled user " . $self->Name . " tried to log in" );
            return (undef);
    }

    if ( ($self->__Value('Password') eq '') ||
            ($self->__Value('Password') eq undef) )  {
            return(undef);
    }

    # generate an md5 password
    if ($self->_GeneratePassword($value) eq $self->__Value('Password')) {
            return(1);
    }

if it’s a historical password we say ok.

    if (! $RT::LDAPExternalAuth)
    {
            if ($self->__Value('Password') eq crypt($value, $self->__Value('Password'))) {
                    return (1);
            }
            else {
                    return (undef);
            }
    }
    else
    {
            if ($self->__Value('Password') eq crypt($value, $self->__Value('Password'))) {
                    return (1);
            }
            $RT::Logger->info("Using External Authentication\n");
            use Net::LDAP;

            my $mesg;
            my $ldap = Net::LDAP->new($RT::LdapServer, version=>3) or $RT::Logger->critical("GetExternalUserWithLDAP: " . "Cannot connect to LDAP'\n"), return 0;

            # Iseem to have problems is I try and bind with a NULL username by hand
            # So this now checks to see if we are really going to bind with a
            # username.
            if (defined($RT::LdapUser) && $RT::LdapUser != '') {
                    $mesg = $ldap->bind($RT::LdapUser, password =>$RT::LdapPass );
            } else {
                    $mesg = $ldap->bind;
            }
            if ($mesg->code != LDAP_SUCCESS) {
                    $RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to LDAP:",
                            $mesg->code, "\n");
                    return 0;
            }

            my $filter = "(&(&(objectclass=person)(" . $RT::LdapUidAttr . "=" . $self->Name ."))$RT::LdapFilter)";
            $RT::Logger->debug("GetExternalUserWithLDAP: First search filter '$filter'\n");
            $mesg = $ldap->search(base   => $RT::LdapBase,
                    filter => $filter,
                    attrs  => ['dn']);

            if (($mesg->code != LDAP_SUCCESS) or ($mesg->code != LDAP_PARTIAL_RESULTS))
            {
                    $RT::Logger->debug("GetExternalUserWithLDAP: Could not search for $filter: ",
                            $mesg->code, "" , ldap_error_name($mesg->code) ,"\n");
                    return 0;
            }
            $RT::Logger->debug("GetExternalUserWithLDAP: First search produced ",
                    $mesg->count, " results\n");
            if (! $mesg->count)
            {
                    $RT::Logger->info("AUTH FAILED: " . $self->Name . "\n");
                    return 0;
            }
            $RT::Logger->debug("LDAP DN: " . $mesg->first_entry->dn . " " . $value . "\n");
            my $mesg2 = $ldap->bind($mesg->first_entry->dn, password =>$value );
            if ($mesg2->code != LDAP_SUCCESS) {
                    $RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to LDAP:",
                            $mesg2->code, "\n");
                    return 0;
            }
            else
            {
                    $RT::Logger->info("AUTH OK: " . $self->Name . " (" .$mesg->first_entry->dn . ")\n");
                    return 1;
            }
    }




    # no password check has succeeded. get out

    return (undef);

}

}}}

1;

Next I put in httpd.conf :

LDAP integration

<Directory /opt/rt3/share/html>
AuthType Basic
AuthName "Request Tracker Login"
AuthLDAPURL ldap://ipadress
require valid-user

and in Rt_SiteConfig :

Set ($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);

I know i missed other things but do i have to add to meet with the needs ?

i’m running a RH7.3 - apache 1 - mod_perl 1 - RT 3.0.10

thanks a lot !!

yes i have added in the RT_Siteconfig.pm file

Set ($WebExternalAuth , 1);
$LDAPExternalAuth = 1;
$LdapServer=“adress”;
$LdapUser="";
$LdapPass="";
$LdapBase=“dc=domain,dc=com”;
$LdapUidAttr=“uid”;
$LdapFilter="(objectclass=*)";

do i need to add mod_auth module or something else ?

-----Message d’origine-----De : Ray Thompson [mailto:rthompson@interpublic.com]
Envoyé : lundi 27 septembre 2004 22:22
À : Sivan DERAY; rt-users@lists.bestpractical.com
Objet : [Spam probable] RE: [rt-users] LDAP authentication

The comments in User_Local.pm indicate that there are seven lines that need to be added to RT_SiteConfig.pm. You didn’t mention if you had done this.

Regards,
Ray

You shouldn’t need the

LDAP integration

<Directory /opt/rt3/share/html>
AuthType Basic
AuthName "Request Tracker Login"
AuthLDAPURL ldap://ipadress
require valid-user

part in your httpd.conf since your telling RT to use LDAP and not Apache.

I assume you’ve also modified "$LdapServer and $LdapBase in RT_Siteconfig.pm to reflect your environment.

-Ray

Hi Sivan,

Sivan DERAY wrote:

yes i have added in the RT_Siteconfig.pm file

Set ($WebExternalAuth , 1);
$LDAPExternalAuth = 1;

You don’t need both of these. $WebExternalAuth tells RT to trust the
user information passed by the webserver while $LDAPExternalAuth says
use the RT internal LDAP support you have added. Since you have added
all the LDAP stuff disable the first one, $WebExternalAuth, and just run
with the second.


Next I put in httpd.conf :

LDAP integration

<Directory /opt/rt3/share/html>
AuthType Basic
AuthName "Request Tracker Login"
AuthLDAPURL ldap://ipadress
require valid-user

You also don’t need this. You have added perl code into RT itself to do
the LDAP work. You don’t want the webserver doing it as well.

Carl.

Hi All,

I’m using RT 3.2.1 and I’m trying to get the LDAP auth going using the
User_Local.pm file posted previously.

The problem is that it doesn’t look like LDAP is seeing the
User_Local.pm file, nor does it seem to want to print out debug
statements into the log for me.

Is there any file permission special-ness that needs to occur ?

Cheers
Dave

Hi,

Is it possible to authenticate via LDAP to RT ?

In particular, Mac OS X’s implementation of LDAP (Open DIrectory)

Thanks.

This email and any attachments are confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone. Please contact the sender if you believe you have received this email in error. Emails are not secure and cannot be guaranteed to be free of errors or viruses. It is your responsibility to scan emails and attachments for viruses before opening them.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of The Blackpool Sixth Form College.

Scanned by MailMarshal - Marshal’s comprehensive email content security solution.
Download a free evaluation of MailMarshal at www.marshal.com

Take a look at http://wiki.bestpractical.com/view/ExternalAuthentication and http://wiki.bestpractical.com/view/ExternalAuth

Should cover what you need.

Steve Anderson-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Guy Baxter
Sent: 24 June 2010 3:08 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP authentication

Hi,

Is it possible to authenticate via LDAP to RT ?

In particular, Mac OS X’s implementation of LDAP (Open DIrectory)

Thanks.

This email and any attachments are confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone. Please contact the sender if you believe you have received this email in error. Emails are not secure and cannot be guaranteed to be free of errors or viruses. It is your responsibility to scan emails and attachments for viruses before opening them.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of The Blackpool Sixth Form College.

Scanned by MailMarshal - Marshal’s comprehensive email content security solution.
Download a free evaluation of MailMarshal at www.marshal.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

This email has been scanned by Netintelligence
http://www.netintelligence.com/email

BiP Solutions Limited is a company registered in Scotland with Company
Number SC086146 and VAT number 383030966 and having its registered
office at Medius, 60 Pacific Quay, Glasgow, G51 1DZ.

This e-mail (and any attachment) is intended only for the attention of
the addressee(s). Its unauthorised use, disclosure, storage or copying
is not permitted. If you are not the intended recipient, please destroy
all copies and inform the sender by return e-mail.
This e-mail (whether you are the sender or the recipient) may be
monitored, recorded and retained by BiP Solutions Ltd.
E-mail monitoring/ blocking software may be used, and e-mail content may
be read at any time.You have a responsibility to ensure laws are not
broken when composing or forwarding e-mails and their contents.

Hi,

Is it possible to authenticate via LDAP to RT ?

In particular, Mac OS X’s implementation of LDAP (Open DIrectory)

Thanks.

Yes.

See http://wiki.bestpractical.com/view/ExternalAuthentication for
details.

Kevin W. Gagel
Network Administrator
College of New Caledonia
My Blog:
http://mail.cnc.bc.ca/blogs/gagel
My Shared Files:
http://mail.cnc.bc.ca/users/gagel

The College of New Caledonia
Visit us at http://www.cnc.bc.ca
Virus scanning is done on all incoming and outgoing email.
Anti-spam information for CNC can be found at http://gateway.cnc.bc.ca