[rt-users] rt and LDAP?
Jesse
jesse at fsck.com
Tue May 8 21:10:44 EDT 2001
For external auth, you want to look at the attached alternate
autohandler provided by ivan-rt at 420.am
On Tue, May 08, 2001 at 03:50:41PM +0200, Jens von Bülow wrote:
> Jesse/Harald,
>
> Where and how (briefly) would one use RT2 and, for example, external
> authentication from Apache?
>
> What I have in mind is the following
>
> Redhat Linux 7.X
> PAM - With LDAP support (pointing to our 2000 Active Directory)
> Apache - With PAM authentication (or just mod_ldap for
> authentication)
> RT2 - with support for external authentication
> (using the BASIC authentication available within HTTP and
> Apache)
>
> Is this possible? How?
>
> Regards
> Jens
>
> -----Original Message-----
> From: Harald Wagener [mailto:hwagener at fcb-wilkens.com]
> Sent: 08 May 2001 03:34
> To: Jesse
> Cc: rt-users at lists.fsck.com
> Subject: Re: [rt-users] rt and LDAP?
>
>
> Jesse wrote:
> >
> > Well,
> > RT2 provides somewhat cleaner hooks than RT1 to allow user
> metadata
> > and auth to be done against external databases, though nobody that
> > I know of has actually _done_ it yet. Note, however, that you
> > will still need to have an RT account for each user inside of
> > RT's database.....it's just that RT can then ask another system
> > for detailed information.....
> >
> > -j
>
> Which would be fine enough for our purposes - not everybody should have
> access to the request tracker, but those that do shouldn't be bothered by
> an additional password handling mechanism.
>
> Thanks and regards,
> Harald
>
> --
> Harald Wagener | Systemadministrator
> FCB/Wilkens GmbH | Tel.:+49-40-2881-1252
> An der Alster 42 | Fax.:+49-40-2881-1263
> 20099 Hamburg | http://www.fcb-wilkens.com
>
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
>
--
jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.
-------------- next part --------------
<& /Elements/Footer &>
<%INIT>
#if it's a noauth file, don't ask for auth.
if ($m->base_comp->path =~ '^/NoAuth/') {
$m->call_next();
}
elsif (defined $session{'CurrentUser'}){
if (!$session{'CurrentUser'}->Privileged) {
# If the user isn't priviledged, they can only see SelfService
if ($m->base_comp->path =~ '^/SelfService/') {
$m->call_next;
} else {
$m->comp('/SelfService/index.html');
}
}
else {
$m->call_next;
}
} elsif ( $RT::UseApacheAuth && $r->connection->user() ) {
my $user = $r->connection->user();
my %cookies = fetch CGI::Cookie; #what's this for?
$session{'CurrentUser'} = RT::CurrentUser->new();
unless ($session{'CurrentUser'}->Load($user)) {
$session{'CurrentUser'} = undef;
$m->comp('/NoAuth/Login.html', %ARGS, Error=> 'Your username or password is incorrect');
$m->abort();
};
if (!$session{'CurrentUser'}->Privileged) {
# If the user isn't priviledged, they can only see SelfService
if ($m->base_comp->path =~ '^/SelfService/') {
$m->call_next;
} else {
$m->comp('/SelfService/index.html');
}
}
else {
$m->call_next;
}
}
elsif (defined ($user) && defined ($pass)){
my %cookies = fetch CGI::Cookie;
#TODO if the password is the user's password
$session{'CurrentUser'} = RT::CurrentUser->new();
unless ($session{'CurrentUser'}->Load($user)) {
$session{'CurrentUser'} = undef;
$m->comp('/NoAuth/Login.html', %ARGS, Error=> 'Your username or password is incorrect');
$m->abort();
};
unless ($session{'CurrentUser'}->IsPassword($pass)) {
$session{'CurrentUser'} = undef;
$m->comp('/NoAuth/Login.html', Error => 'Your username or password is incorrect', %ARGS);
$m->abort();
}
if (!$session{'CurrentUser'}->Privileged) {
# If the user isn't priviledged, they can only see SelfService
if ($m->base_comp->path =~ '^/SelfService/') {
$m->call_next;
} else {
$m->comp('/SelfService/index.html');
}
}
else {
$m->call_next;
}
}
else {
$m->comp('/NoAuth/Login.html', %ARGS);
}
</%INIT>
<%ARGS>
$user => undef
$pass => undef
</%ARGS>
More information about the rt-users
mailing list