[rt-users] how to mix Internal method just for admin user and ldap method for all other users

Bob Goldstein bobg at uic.edu
Sat Oct 28 11:33:05 EDT 2006

>I am a problem :(
>I succeed to configure RT to auth users by the classical method. And in 
>another configuration, with the documentation on-line, I succeed to 
>configure RT to auth users with my ldap (using User_Local.pm, and 
>changing RT_SiteConfig.pm and RT_Config)
>But I would like to configure RT to authenticate  my admin user (who is 
root and is not my LDAP, and I doesn't want this user in my ldap) by 
>Internal method, and  authenticate  my others users by LDAP method. 
>Because when I try, just LDAP users can be authenticate, but I can't be 
>authenticate with my admin user (root).
>Is it possible to mixed the authentification methods just internal 
>method for root and ldap method for all other users ? I think that yes, 
>and is what somebody would have the kindness to say to me what are the 
>parameters  to set .... ?

I've done something quite similar by accident.  Note this in your RT_Siteconfig.pm 
   Set($WebFallbackToInternalAuth , 1);

This means that when RT executes, if $ENV{REMOTE_USER} is already set
(via mod_ldap), use that.  But if it is not set, then fall back to
RT's internal authentication.

So, the trick is to have two different urls, one of which invokes
mod_ldap, and the other doesn't.

In my particular case, https://helpdesk.uic.edu/accc   uses 
mod_bluestem (very similar to mod_ldap from an apache point of view),
and http://helpdesk.uic.edu/accc/   does not, and therefore falls back
to RT internal authentication.  You don't have to use the ssl/no-ssl distinction,
of course, I just happened to.  (And I'm careful about when I use the non-ssl logon.)

ScriptAlias /accc /usr/local/rt/production/bin/mason_handler.fcgi

<VirtualHost _default_:443>
<Location /accc>
 SetHandler ldap-status
 Require valid-user

  Hope that helps.

More information about the RT-Users mailing list