I’m wondering if I’m trying to do things which are impossible:
- I have a few hundred users all with internal RT accounts which I want
to move to authenticating from AD (they all have AD account). If I put
the LDAP user overlay in place, It grabs the info from AD into the RT
user fields but will not let the user log on with the AD password, only
the internal RT one.
- What about true Single-Sign on? That it, it automatically logs you
into RT if you are already logged into the AD domain? Would this need to
be done with the Apache mod_ldap extension?
PK
Philip Kime
NOPS Systems Architect
310 401 0407
i have a setup like this.
the ldap/AD integration is two fold.
one piece gives you all the “info” part (fill up all the user’s details on
logon to RT from ldap)
one piece takes care of the authentication.
it looks like you have taken care of one of the two pieces, but not the
other. the wiki has very nice details on how to accomplish that…
HTH
JokFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Philip Kime
Sent: Saturday, August 12, 2006 11:17 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP overlay question
I’m wondering if I’m trying to do things which are impossible:
- I have a few hundred users all with internal RT accounts which I want to
move to authenticating from AD (they all have AD account). If I put the LDAP
user overlay in place, It grabs the info from AD into the RT user fields but
will not let the user log on with the AD password, only the internal RT one.
- What about true Single-Sign on? That it, it automatically logs you into RT
if you are already logged into the AD domain? Would this need to be done
with the Apache mod_ldap extension?
PK
Philip Kime
NOPS Systems Architect
310 401 0407