[rt-users] LDAP authentication best practices

Thomas Smith theitsmith at gmail.com
Mon Oct 3 17:28:20 EDT 2011


Hi,

I'm looking at using LDAP athentication to auth against a Win2k8 R2 AD
server. I've seen a few different ways to do this on the website and
through Google-ing but none are consistent and none cover all that I'd
like to accomplish with this.

What I'd like to do is this:

    * Authenticate users against AD who login through the web
interface. As part of this authentication (for non-existent RT users),
create the user's account using their AD username as their RT Username
and their AD primary SMTP address as their RT Email.
    * When non-existing users submit a ticket via email, have RT check
that email against AD and if it find a user associated with that
email, create a new account using the user's AD username as RT's
Username and the user's AD email address as RT's Email.
    * Reject all other requests (and auto creations) for users who
don't already exist in AD or the local RT user database.

Is it possible to do all of these things?

--
Thomas Smith
Cell: 602-882-2917



More information about the rt-users mailing list