[rt-users] AD External Authentication

MacKillip, Scott smackillip at idanalytics.com
Tue May 14 15:12:50 EDT 2013


Hello,

I have a question about installing and using the Active Directory (AD)Authentication extension plug-in for RT that I hope has a straight-forward answer. I have read the mail list archives, perused the book for RT, absorbed as much information from the on-line documentation for installing and upgrading RT.

The only change I want to make in RT is AD Authentication. I don't want to add new users if they don't exist in RT but do in AD (so $WebExternalAuto will be set to 0).

If the user has an account in RT (set up by an RT administrator) they should still have the same functionality, just authentication is coming from AD and not the internal RT database.

If the user does not have an account in AD they should be denied access.

If the user does not have an account in RT, they should be directed to the self-service pages.

If the user does have an account in RT, they should not notice any difference after installing the AD Authentication module.

Given the above requirements, will the following steps accomplish this?

1.      Install RT::Authen::ExternalAuth

2.      Configure same to use LDAP

3.      Set $WebExternalAuth to 0 in RT_SiteConfig.pm

4.      Set $AutoCreateNonExternalUsers to 0 (I don't want to create any account in RT unless I do it myself)

Are there any other RT specific set up variables that I should be considering? Anything else that I need to look at before trying this update?

I appreciate the input on this topic, and am thankful that Best Practical is hosting a service such as this.

Regards,
Scott MacKillip
Configuration Manager
ID Analytics, Inc.
Office:  858.312.6393
Fax:  858.451.9051
www.idanalytics.com<http://www.idanalytics.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130514/a404d486/attachment.htm>


More information about the rt-users mailing list