<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2912" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>i have a setup like this.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>the ldap/AD integration is two fold. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>one piece gives you all the "info" part (fill up all the
user's details on logon to RT from ldap)</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>one piece takes care of the authentication.
</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>it looks like you have taken care of one of the two pieces,
but not the other. the wiki has very nice details on how to accomplish
that...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>HTH</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=922371502-15082006><FONT face=Arial
color=#0000ff size=2>Jok</FONT></SPAN></DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] <B>On Behalf Of </B>Philip
Kime<BR><B>Sent:</B> Saturday, August 12, 2006 11:17 AM<BR><B>To:</B>
rt-users@lists.bestpractical.com<BR><B>Subject:</B> [rt-users] LDAP overlay
question<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=843151618-12082006><FONT face=Arial size=2>I'm wondering if
I'm trying to do things which are impossible:</FONT></SPAN></DIV>
<DIV><SPAN class=843151618-12082006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=843151618-12082006><FONT face=Arial size=2>* I have a few
hundred users all with internal RT accounts which I want to move to
authenticating from AD (they all have AD account). If I put the LDAP user
overlay in place, It grabs the info from AD into the RT user fields but will
not let the user log on with the AD password, only the internal RT
one.</FONT></SPAN></DIV>
<DIV><SPAN class=843151618-12082006><FONT face=Arial size=2>* What about true
Single-Sign on? That it, it automatically logs you into RT if you are already
logged into the AD domain? Would this need to be done with the Apache mod_ldap
extension?</FONT></SPAN></DIV>
<DIV><SPAN class=843151618-12082006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=843151618-12082006><FONT face=Arial
size=2>PK</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>--</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Philip Kime</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>NOPS Systems Architect</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>310 401 0407</FONT></DIV>
<DIV> </DIV></BLOCKQUOTE></BODY></HTML>