[rt-users] Is a time zone user preference available?

Eli Guzman eguzman at cvimellesgriot.com
Mon May 2 14:06:30 EDT 2011



----Original Message----
From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Monday, May 02, 2011 9:40 AM To:
rt-users at lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available? 

> On Fri, Apr 29, 2011 at 01:58:16PM -0600, Eli Guzman wrote:
>>> On Thu, Apr 28, 2011 at 02:10:20PM -0600, Eli Guzman wrote:
>>>> I have one more issue, I am working on and this is enabling the
>>>> full SSO (auto-login) function of RT::Authen::LDAP, but I keep
>>>> running into some issues. AD users are able to authenticated
>>>> against AD, but the RT interface won't automatically log them in. I
>>>> think my RT_SiteConfig.pm (the one located at
>>>> /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:
>>> 
>>> This should really be a separate email to the list, but you don't
>>> appear to be running the current release of RT::Authen::ExternalAuth
>>> 
>>> Please provide your RT and extension versions
>>> 
>>> -kevin
>> 
>> Hey Kevin,
>> 
>> I am currently running RT-Authen-ExternalAuth 0.8_01, and RT 3.89:
> 
>> cpan -l output
>> 
>> lib::RT::Authen::ExternalAuth   0.08_01
>> lib::RT::Authen::ExternalAuth::DBI      undef
>> lib::RT::Authen::ExternalAuth::LDAP     undef
>> lib::RT::Authen::ExternalAuth::DBI::Cookie      undef
>> blib::lib::RT::Authen::ExternalAuth     0.08_01
>> 
>> I thought I was at the latest version for RT-Authen-ExternalAuth, has
>> another release been made available? If this is the case I can
>> download and install if needed.
>> 
>> Just to recap: LDAP authentication works, the SSO piece (the
>> automatic logon into the interface) fails.
> 
> RT-Authen-ExternalAuth doesn't provide spnego/sso for IE you have to
> configure something like mod_auth_kerb for that 
> 
> -kevin
> 
>> This is essentially the last piece we have before finishing up this
>> setup so any advice you may have could be very useful to us.
>> 
>> Regards,
>> --Eli

Thanks once again for all of the input, IE is indeed the primary browser
here, but we do have users using Mozilla Firefox 4 as well. I have tried
logging in within FF4, and I get the same errors as I do in IE. I think
that there is some basic link not taking place between IE(FF4) and RT
(RT::Auth*), which is interesting (or rather odd) since as I mentioned
before, I am able to login using LDAP directly (though unable I may be
of passing the SSO check itself). I read on a previous message that
RT::Auth* was now at 0.08_02 (not sure if this is correct)? Perhaps I
should use this version with RT 3.89 and see if this fixes the issue. 

You mentioned mod_auth_kerb, and I actually do have mod_auth_kerb
installed for Apache2, so I'm thinking this could be another likely way
to go (would this work for FF4 as well?). I've also used Likewise Open
to physically join the server to our primary domain controller, but this
has not made much of a difference (yet) - although I am sure that a
separate connector has to probably be setup within Likewise for RT (but
I am at the moment not familiar with this option). As another feasible
option for SSO, would it be better to just use an AD synchronized
OpenLDAP server, using something like a DBI Authentication module? 

Regards,
Eli




More information about the rt-users mailing list