i was looking at the mailing list and couldn’t find a patch
that just do autehntication, all do authentication plus
information fetch from ldap, so i write my own.
This patch allow to autenticate users using Net::LDAP to
autenticate against ldap using normal auth (not external)
for user information i use the script from contrib called
rtimportldap.pl from Stanislav Sinyagin <ssinyagin_[at]yahoo[dot]_com>
so user information is pushed into RT from crontab every 5 minutes, and
authentication is performed online thanks to this patch. i hope it can
be from use to other people.
you musty add this variables to etc/config.pm inside the RT Package
$LDAPExternalAuth = 1;
please note, this is an ldap from Windows2000 Active Directory.
what i do to control access is:
create a new OU called ACLS, then i create groups called WebRT
,WebRT-admin and some other for authentication then i add the
users to those groups, and using filter i can check if someone had
access to some areas or not, so the ldap schema is something like
dn: CN=Name LastName,OU=Support 1,OU=Main OU,DC=domain,DC=com
cn: Name LastName
[more lines of AD ldap stuff]
so “memberOf” makes the trick, the only thing will not work (i mean
i had not tested so if didn’t work, don’t blame me) is that the user is
member of a group wich
is member of webrt for example)
the filter used for query ldap is:
i had’t tested with an empty LdapFilter.
Please not i wrote this patch in some 2 hours, so bugs must
P.D.: is there any way to overwrite a built in function with an
external on, so i can write a module to replace IsPassword ?
P.D.2: i’m a new perl programmer so there must be bugs on the code
or line bad writen, this patch also has not been intensive tested.
PGP Fingerprint :
877E 3A56 F523 B44A 3260 8F83 8916 E158 6100 F721
User-With-Ldap.diff (2.25 KB)