[rt-users] role based authentication from ldap

[Jim Meyer]

Hello!

On Wed, 2005-12-21 at 19:57, john habermann wrote:
> I am just looking into the possibility of Group based authenitication
> for RT via an LDAP  directory. From what I have read in the LDAP
> information on the wiki and in the email lists (see the thread with
> subject: [Rt-devel] Proposed Contrib: External (LDAP) user info attr
> mapping ) it appears that this is not possible at the moment.

I've just released phase one of the work described in the email thread
you mentioned above; see http://wiki.bestpractical.com/index.cgi?LDAP
for more info about that. I don't know if it helps you, though; see
below for further comments.

> I believe you can authenticate a user against an LDAP directory and
> they are then created as an unprivileged user. Adding them to
> privileged groups or roles in RT has to be done through the RT
> interface. I just wanted to check and confirm that this was the case
> or whether I might have missed something.

You are correct as far as I know.

> The reason I am interested is that we are using Plone to build our
> intranet and have a group/role structure within that which is exported
> to an LDAP directory.

I'm unfamiliar with Plone, but I think I get what you're asking, which
is, "Can RT take its list of group members from LDAP?" and the answer
is, "No, not by default." It's something that could be coded (I've been
considering how we could use our UNIX groups which are stored in LDAP
similarly), but I don't believe there's an existing implementation of
this.

It'd be pretty straightforward to write something which bootstraps a
group from your Plone info, but keeping them in sync would be a
challenge, I think.

Good luck!

--j
-- 
Jim Meyer, Geek at Large                                    purp at acm.org