[rt-users] LDAP Auth

[Sam Snow]

Obando, David DE - EV said:
> Dear all,
>
> -I'm using rt 3.4.1 on a Debian 3.1/sparc system.
> -I have an external LDAP server (Windoze AD)
> -I want RT to check users against the LDAP server directly
>
> I searched the mailing list archive for days but I still can't get it
working.
>
> I downloaded
> http://download.bestpractical.com/pub/rt/contrib/3.0/LDAP1.0_RT3.tar.gz
and added it to my RT installation. My RT_SiteConfig.pm looks like this:
>
> # LDAP Auth
> Set($WebExternalAuth , undef);
> $LDAPExternalAuth = 1;
> $LdapServer="txlevd1-dct01";
> $LdapUser="cn=evldap,dc=ev,dc=egmont,dc=com";
> $LdapPass="xxx";
> $LdapBase="dc=ev,dc=egmont,dc=com";
> $LdapUidAttr="sAMAccountName";
> $LdapFilter="(objectclass=*)";
> $LdapTLS = 1;
> #$LdapGroup ="dc=ev,dc=egmont,dc=com";
> #$LdapGroupAttribute = 'uniqueMember';
> $LdapSSLVersion = 3;
> #
>
> RT does not communicate with my LDAP server (I tcpdumped it), it is
still authenticating against its own DB.
>
> -Is my RT_SiteConfig.pm correct?
> -What about the rt-root/html/autohandler? Do I have to put it into
local/html or share/html. When putting it to share/html I received
several errors.
>
>
> Thank you in advance for any help.
>
>
> Best regards,
> David
>
>


An alternate route to take would be to use Winbind out of the samba
package to check emails with your windows domain controller. Works fine
with NT 4, Win 2000, and 2003 servers.

You would then set up external auth via your web server to PAM, which
would check the passwords through winbind.

Sorry I can't help on the LDAP. I use winbind for checking regular account
passwords, but have not tried external auth with RT (though I have looked
into it some). If you go this route I can help you some with the winbind
and pam config; I am running debian sarge.

Sam