Hi,
Can I use a directory server (openldap) to authenticate rt users?
I have an intranet so I’d like to use the same users and authentication
method in rt
ste.
It is a really frequently asked question. Look in the archives.
And second RT can’t authenticate to a server.
RT uses external authentication or internal.
The external authentication means you use the authentication of your
webserver.
So you have to look at the configuration of your web server to see with
which directory servers you can authenticate to.
Samuel-----Original Message-----
From: stefano [mailto:stefano.razzauti@yogitech.com]
Sent: Thursday,11 December,2003 14:46
To: RT-USER-MAILING-LIST
Cc: Gianfranco Risaliti
Subject: [rt-users] rt with openldap
Hi,
Can I use a directory server (openldap) to authenticate rt users?
I have an intranet so I’d like to use the same users and authentication
method in rt
ste.
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users
Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
And second RT can’t authenticate to a server.
This is incorrect, at least it is if you consider applying patches. The
full picture is complicated to explain, since RT is configurable enough
that there are many valid configations.
RT does need to have info about the users in its database. There are
patches available to dynamically add entries to the database when a new
user shows up that matches the LDAP authentication. We don’t do that,
but instead have a script that runs periodically and refreshes the RT
database from LDAP. Our user community is fixed and has a low rate of
change, so this works ok for us.
The authentication can come from apache as you mention, or LDAP
authentication can be configured directly into RT – we do the latter.
Our LDAP world is AD (at the moment) and it works fine. RT has no
passwords locally.
I repeat, RT can’t authenticate to an LDAP server directly.
RT uses the authentication of the web server, RT knows it has to use an
external authentication (you set in in Siteconfig), and the one who
authenticates to LDAP is apache, or whatever web server you are using,
after that RT catches REMOTE_USER from the web server and uses this
username.
You mentioned that RT needs to have a user entry on the data base, but
this has nothing to do how you authenticate to the RT system. In
addition every module of RT is configured in the standard configuration
that if a user that authenticate hasn’t an account in the db the account
is created with minimal information automatically when you use external
authentication.
I also use AD and LDAP, but I had to configure my apache to authenticate
throught LDAP to the AD, RT just knows it has to use external
authentication.
Sorry for so much caos, but with that I just wanted to say that if you
don’t want to use the internal authentication of RT you have to use the
authentication of your web server. After that it is an issue of how to
configure apache or your web server.
Samuel
I repeat, RT can’t authenticate to an LDAP server directly.
Then how come we’re doing it just fine?
This is how:
http://lists.fsck.com/pipermail/rt-users/2003-March/012550.html
Works like a charm against Sun ONE Directory Server, even uses SSL
encryption when necessary perl modules are provided. I can’t see any reason
why it wouldn’t work with OpenLDAP.
Jari Lehtonen
Unix & Network services
Computing Center
University of Turku, Finland
Sorry sorry sorry three time sorry.
I searched long time before I implemented LDAP how it works in the
easiest way, but I never found this.
Thank you to let me see what a big mistake I did saying something like
this. Anyway with a patch in one of this modules everything is possible
so forget if somebody sais to you that with RT something is absolutely
impossible. 
SAmuel-----Original Message-----
From: Jari Lehtonen [mailto:jari@utu.fi]
Sent: Friday,12 December,2003 13:41
To: Senoner Samuel; Jim Rowan; RT-USER-MAILING-LIST
Subject: RE: [rt-users] rt with openldap
On perjantai 12. joulukuu 2003 10:48 +0100 Senoner Samuel Samuel.Senoner@eurac.edu wrote:
I repeat, RT can’t authenticate to an LDAP server directly.
Then how come we’re doing it just fine?
This is how:
http://lists.fsck.com/pipermail/rt-users/2003-March/012550.html
Works like a charm against Sun ONE Directory Server, even uses SSL
encryption when necessary perl modules are provided. I can’t see any
reason why it wouldn’t work with OpenLDAP.
Jari Lehtonen
Unix & Network services
Computing Center
University of Turku, Finland