Users authentification from LDAP


#1

Hi rt-delevelopers.

We are in need of a trouble ticketing system that we want to deploy in
our architechture.
We have all our users in an LDAP directory and all information that you
need in the table "users"
can be retrieved from there.

Is it possible to get rt work with an LDAP server for fetching user
informations?
I had a very quick look at some code and see that users table is needed
cause rt is using sql to get username etc from users to show with
queues.
We want to avoid duplication of data.

I just would like to know if rt-team is interested to give LDAP as the
user-management backend and if there is already some code for it.
I will hack rt this weekend so it works with LDAP/DB.

If this functionality is of interest, we will be happy to contribute our
code to rt.

thanks && best regards

Atif Ghaffar
Internet Development Manager
4unet AG/SA/Ltd.

-------------------------.
+41 21 351 53 60 ¦ voice
+41 78 787 51 45 ¦ mobile
+41 86 0796598972¦ fax
http://www.4unet.net ¦ www
http://atif.developer.ch ¦ homepage
atif.ghaffar@4unet.net ¦ email


#2

Hi, Atif,

    You should take a look at RT2.  We've got the basic code in place to

allow RT to use an external system to get user info (though we’ve not yet
implemented any external authentication / user info providers.)

If you folks wanted to start looking at the right ways to do that, we’d
be overjoyed. Folks have talked about auth based on SSL certs, kerberos 4,
kerberos 5, and LDAP though I don’t believe anyone’s actually tried an
implementation yet.

    -jOn Fri, Jan 12, 2001 at 06:39:23PM +0100, Atif Ghaffar wrote:

Hi rt-delevelopers.

We are in need of a trouble ticketing system that we want to deploy in
our architechture.
We have all our users in an LDAP directory and all information that you
need in the table "users"
can be retrieved from there.

Is it possible to get rt work with an LDAP server for fetching user
informations?
I had a very quick look at some code and see that users table is needed
cause rt is using sql to get username etc from users to show with
queues.
We want to avoid duplication of data.

I just would like to know if rt-team is interested to give LDAP as the
user-management backend and if there is already some code for it.
I will hack rt this weekend so it works with LDAP/DB.

If this functionality is of interest, we will be happy to contribute our
code to rt.

thanks && best regards


Atif Ghaffar
Internet Development Manager
4unet AG/SA/Ltd.

-------------------------.
+41 21 351 53 60 ¦ voice
+41 78 787 51 45 ¦ mobile
+41 86 0796598972¦ fax
http://www.4unet.net ¦ www
http://atif.developer.ch ¦ homepage
atif.ghaffar@4unet.net ¦ email


Rt-devel mailing list
Rt-devel@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-devel

jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

I have images of Marc in well worn combat fatigues, covered in mud,
sweat and blood, knife in one hand and PSION int he other, being
restrained by several other people, screaming “Let me at it!
Just let me at it!” Eichin standing calmly by with something
automated, milspec, and likely recoilless.
-xiphmont on opensource peer review


#3

Well, each user who you want to have RT access will need an entry in the users
table. no ifs, ands or buts. It simply has to be there so we have the user
IDs to reference. The following attributes are available for folks building
functionality to use other systems for auth and contact info:

ExternalContactInfoId
ContactInfoSystem
ExternalAuthId
AuthSystem

The thought was that a bit of magic in _Set and _Value in User.pm
should allow you to use RT::UserInfo::LDAP or whathaveyou to get and
set your info.

One of the absolute requirements of all this is that the base method
of using RT’s internal database for this stuff be the functional default
out of the tarball.On Fri, Jan 12, 2001 at 11:13:57PM +0100, Atif Ghaffar wrote:

Jesse wrote:

Hi, Atif,

    You should take a look at RT2.  We've got the basic code in place to

allow RT to use an external system to get user info (though we’ve not yet
implemented any external authentication / user info providers.)
Can you point me to the right direction? what needs to be done to have
an alternative provider?
I had a look at User.pm and Users.pm and they are too much DB Oriented.

Perhaps it will be a good idea to abstract the fetch/store of data a bit
more.
maybe RT::Users::DB, RT::Users::LDAP,
and RT::Users can simply use one of the backends.

If you folks wanted to start looking at the right ways to do that, we’d
be overjoyed. Folks have talked about auth based on SSL certs, kerberos 4,
kerberos 5, and LDAP though I don’t believe anyone’s actually tried an
implementation yet.

Auth is more or less simple to setup.
I am more interested to fetch all user related info from LDAP.
Excellent for enterprises that already have LDAP based systems in place.

Other wise its a mess to synchronize data from Mysql to LDAP and
vice-versa.

thanks

    -j

On Fri, Jan 12, 2001 at 06:39:23PM +0100, Atif Ghaffar wrote:

Hi rt-delevelopers.

We are in need of a trouble ticketing system that we want to deploy in
our architechture.
We have all our users in an LDAP directory and all information that you
need in the table "users"
can be retrieved from there.

Is it possible to get rt work with an LDAP server for fetching user
informations?
I had a very quick look at some code and see that users table is needed
cause rt is using sql to get username etc from users to show with
queues.
We want to avoid duplication of data.

I just would like to know if rt-team is interested to give LDAP as the
user-management backend and if there is already some code for it.
I will hack rt this weekend so it works with LDAP/DB.

If this functionality is of interest, we will be happy to contribute our
code to rt.

thanks && best regards


Atif Ghaffar
Internet Development Manager
4unet AG/SA

-------------------------.
+41 78 787 51 45 ¦ voice
+41 24 441 09 03 ¦ fax
http://www.4unet.net ¦ www
http://atif.developer.ch ¦ homepage
atif.ghaffar@4unet.net ¦ email

Do you speak Unix?

jesse reed vincent – root@eruditorum.orgjesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

‘"As the company that brought users the Internet, Netscape is now inviting
the more than 60 million people who have used our client software to
’tune up’ and upgrade to Netscape Communicator," said Mike Homer,
senior vice president of marketing at Netscape.’ Sometimes I wonder.