Revised LDAP Overlay for RT3

Hello RT3 users & developers,
hello Jesse,

I have brushed up the LDAP Overlay which is/was posted as a link on the
twiki. Mainly, I have revised the code, eliminated some bugs, moved
things where they belong so they are now … and can be stored
in /opt/rt3/local/…, and added some functionality (see

  • supports TLS
    => set ‘$LdapCert’ to certificate attributes (just the subject will
    be checked) or ‘$LdapCertDir’ (checks vs. a CA certificate)
  • uses a LDAP-to-RT3 attribute map in the config
  • creates users on the fly when a new user
    • sends email
    • logs in for the first time
    • is added as watcher
      => $LDAPExternalAuto
  • provides a separate tool which can be run via cron to update the
    information in the RT3 user database from LDAP
  • internal (RT3) passwords can overwrite LDAP passwords: if the RT3
    password is set, only this password will be accepted, even if the
    LDAP password would be valid
    => $LDAPInternalAuthRequired

All custom code is wrapped with “LDAP Overlay” comment, so if there is a
new revision, code changes can be easily adopted. It’s GPL2, no support,
use at your own risk, etc.

This was developed on RT3.0.11, so all functions are based on code from
this revision.

Best regards,

Ruediger Riediger

Dr. Ruediger Riediger Sun Microsystems GmbH
NSG - SunCERT Komturstr. 18a D-12099 Berlin
NOTICE: This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
PGP 2048RSA/0x2C5020E9 964C E189 0FF0 8882 2BAB 65E2 6912 1FF2

LDAP1.0_RT3.tar.gz (9.17 KB)