[rt-users] LDAP authentication best practices

Thomas Smith theitsmith at gmail.com
Tue Oct 4 23:42:09 EDT 2011


Thanks Kevin! That setting worked!

On Tue, Oct 4, 2011 at 1:37 PM, Kevin Falcone <falcone at bestpractical.com> wrote:
> On Tue, Oct 04, 2011 at 01:22:24PM -0700, Thomas Smith wrote:
>> Thanks again Ruslan!
>>
>> I've got this mostly working but I'm missing something and I'm just
>> not seeing what that is...
>>
>> Apache auth via LDAP (mod_auth_ldap) is working correctly--the user
>> gets into RT, but no options are available except "Tickets" (along
>> with Open, Create, etc, within the Tickets menu). And the new user can
>> see that they're logged in, "Logged in as user". However, their user
>> account is not being created within the RT database and their are no
>> available options for their account (no drop-down for "Logged in as
>> user") under their login.
>
> Sounds like users are being created Unprivileged.
> Use $AutoCreate in RT_SiteConfig.pm if you wish them to be created
> Privileged.  You can search for and make users Privileged from the
> user admin pages.  They will not be listed in the list of current
> users if they are Unprivilged (but will have records in the Users
> table).

Discovered another issue... This one isn't strictly RT-related, I don't think.

The email gateway is no longer working. When I configured Apache auth,
I had to do it at the /opt/rt4 level--otherwise, RT would display the
login page without the option to login and SSO wouldn't work. Now the
mail gateway is unable to insert new tickets into the database as the
area it's trying to access is password protected. Are there any
best-practices for lifting the security off of this one directory
(NoAuth only, right?) while maintaining SSO on the remainder of the
system? Every time I exclude this directory from authentication, SSO
breaks.

~ Tom



More information about the rt-users mailing list