[rt-devel] Users authentification from LDAP

Jesse jesse at fsck.com
Fri Jan 12 17:22:52 EST 2001


Well, each user who you want to have RT access will need an entry in the users
table. no ifs, ands or buts. It simply has to be there so we have the user
IDs to reference.  The following attributes are available for folks building
functionality to use other systems for auth and contact info:

ExternalContactInfoId
ContactInfoSystem
ExternalAuthId
AuthSystem

The thought was that a bit of magic in _Set and _Value in User.pm
should allow you to use RT::UserInfo::LDAP or whathaveyou to get and
set your info.

One of the absolute requirements of all this is that the base method
of using RT's internal database for this stuff be the functional default
out of the tarball.  



On Fri, Jan 12, 2001 at 11:13:57PM +0100, Atif Ghaffar wrote:
> Jesse wrote:
> > 
> > Hi, Atif,
> > 
> >         You should take a look at RT2.  We've got the basic code in place to
> > allow RT to use an external system to get user info (though we've not yet
> > implemented any external authentication / user info providers.)
> Can you point me to the right direction? what needs to be done to have
> an alternative provider?
> I had a look at User.pm and Users.pm and they are too much DB Oriented.
> 
> Perhaps it will be a good idea to abstract the fetch/store of data a bit
> more.
> maybe RT::Users::DB, RT::Users::LDAP,
> and RT::Users can simply use one of the backends.
> 
> 
> > 
> > If you folks wanted to start looking at the right ways to do that, we'd
> > be overjoyed.  Folks have talked about auth based on SSL certs, kerberos 4,
> > kerberos 5, and LDAP though I don't believe anyone's actually tried an
> > implementation yet.
> 
> Auth is more or less simple to setup.
> I am more interested to fetch all user related info from LDAP. 
> Excellent for enterprises that already have LDAP based systems in place.
> 
> Other wise its a mess to synchronize data from Mysql to LDAP and
> vice-versa.
> 
> thanks
> 
> 
> 
> > 
> >         -j
> > 
> 
> > On Fri, Jan 12, 2001 at 06:39:23PM +0100, Atif Ghaffar wrote:
> > > Hi rt-delevelopers.
> > >
> > > We are in need of a trouble ticketing system that we want to deploy in
> > > our architechture.
> > > We have all our users in an LDAP directory and all information that you
> > > need in the table "users"
> > > can be retrieved from there.
> > >
> > > Is it possible to get rt work with an LDAP server for fetching user
> > > informations?
> > > I  had a very quick look at some code and see that users table is needed
> > > cause rt is using sql to get username etc from users to show with
> > > queues.
> > > We want to avoid duplication of data.
> > >
> > > I just would like to know if rt-team is interested to give LDAP as the
> > > user-management backend and if there is already some code for it.
> > > I will hack rt this weekend so it works with LDAP/DB.
> > >
> > > If this functionality is of interest, we will be happy to contribute our
> > > code to rt.
> > >
> > > thanks && best regards
> > >
> 
> -- 
> Atif Ghaffar
> Internet Development Manager
> 4unet AG/SA 
> 
> -------------------------.
> 	+41 78 787 51 45 ¦ voice
> 	+41 24 441 09 03 ¦ fax
>     http://www.4unet.net ¦ www
> http://atif.developer.ch ¦ homepage
>   atif.ghaffar at 4unet.net ¦ email
> 
> Do you speak Unix?
> 

-- 
jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com 
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

'"As the company that brought users the Internet, Netscape is now inviting 
the more than 60 million people who have used our client software to
'tune up' and upgrade to Netscape Communicator," said Mike Homer, 
senior vice president of marketing at Netscape.'  Sometimes I wonder.




More information about the Rt-devel mailing list