We’ve been using RT for over 2 years (and 34000 tickets) now. At the time,
we had no LDAP for authentication. Now we do and I would like to know if
anyone has any advice on migrating the authentication component from the
RT built-in authentciation to an LDAP authentication piece. Specifically:
What happens to the existing accounts when someone logs in using LDAP
after the conversion? This is a complex question in my brain anyway, so
forgive the longevity here. Presently, our users do not login to RT at all
to check ticket status. We would like for them to be able to do this now
but we don’t want them to have yet another password to remember (thus the
desire to cutover to LDAP for authentication). So when a user submits a
ticket after a cutover to LDAP, RT already has a non-priv account for the
user in question (I noticed that email address is an indexed field - no
duplicates) from before the cutover, when the user logs in to the web
interface (now via LDAP) to check ticket status, how does RT know that the
LDAP username that they are logging in with will be associated with the
email address that was already in RT (that they used to submit the ticket
after the cutover to LDAP).
What RT user account fields (if any) are auto-populated when someone
logs in with a valid LDAP account for the first time?
Thanks for the help!
Also, as a feature suggestion:
We have a spam filtering appliance that sends the user an email every day
starting at a designated time to remind them to check their quarantine.
There is a link in the message that, when clicked, takes them to the
appliance web page and logs them in automatically. This is great, because
most of our users do not want to remember another password (they usually
login to the appliance via the link from the email message anyway) and for
those rare users who do occasionally log in to the appliance directly
(rather than using the link in the email), it gives them an opportunity to
change their password if they forget it. Anyway, my suggestion is this:
Have a feature in RT (that is either on or off in the RT_SiteConfig.pm
file) that allows the user to click a link present in any correspondence
within a ticket that will take them to the RT webpage, log them in, and
let them look at the status of the ticket. As an added feature, it might
be nice to have a rule (once again that could be turned on or off) that
would NOT allow this type of action for someone with a privileged account.
In other words, Joe User can click a link in their ticket correspondence
that will take them to the RT site for the organization, log them in, and
let them look at the status and history of their ticket. Jane Tech
however, a privileged user, would not have a link in correspondence for
tickets that they are the requester for (so that someone cannot just click
a link and login to RT as a privileged user). Just a thought.