[rt-users] rt and LDAP?

Jesse jesse at fsck.com
Tue May 8 21:10:44 EDT 2001


For external auth, you want to look at the attached alternate
autohandler provided by ivan-rt at 420.am



On Tue, May 08, 2001 at 03:50:41PM +0200, Jens von Bülow wrote:
> Jesse/Harald,
> 
> Where and how (briefly) would one use RT2 and, for example, external
> authentication from Apache?
> 
> What I have in mind is the following
> 
> 	Redhat Linux 7.X
> 	PAM - With LDAP support (pointing to our 2000 Active Directory)
> 	Apache - With PAM authentication (or just mod_ldap for
> authentication)
> 	RT2 - with support for external authentication 
> 		(using the BASIC authentication available within HTTP and
> Apache)
> 
> Is this possible? How?
> 
> Regards
> Jens
> 
> -----Original Message-----
> From: Harald Wagener [mailto:hwagener at fcb-wilkens.com]
> Sent: 08 May 2001 03:34
> To: Jesse
> Cc: rt-users at lists.fsck.com
> Subject: Re: [rt-users] rt and LDAP?
> 
> 
> Jesse wrote:
> > 
> > Well,
> >         RT2 provides somewhat cleaner hooks than RT1 to allow user
> metadata
> >         and auth to be done against external databases, though nobody that
> >         I know of has actually _done_ it yet.  Note, however, that you
> >         will still need to have an RT account for each user inside of
> >         RT's database.....it's just that RT can then ask another system
> >         for detailed information.....
> > 
> >         -j
> 
> Which would be fine enough for our purposes - not everybody should have
> access to the request tracker, but those that do shouldn't be bothered by
> an additional password handling mechanism.
> 
> Thanks and regards,
> 	Harald
> 
> -- 
> Harald Wagener      |                                Systemadministrator 
> FCB/Wilkens GmbH    |                              Tel.:+49-40-2881-1252 
> An der Alster 42    |                              Fax.:+49-40-2881-1263 
> 20099 Hamburg       |                         http://www.fcb-wilkens.com
> 
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
> 

-- 
jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com 
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.
-------------- next part --------------

<& /Elements/Footer &>

<%INIT>
#if it's a noauth file, don't ask for auth.
if ($m->base_comp->path =~ '^/NoAuth/') {
        $m->call_next();
}

  
elsif (defined $session{'CurrentUser'}){
    if  (!$session{'CurrentUser'}->Privileged) {
	# If the user isn't priviledged, they can only see SelfService
           if ($m->base_comp->path =~ '^/SelfService/') {
                $m->call_next;
           } else {
                $m->comp('/SelfService/index.html');
           }
    }
    else {
	$m->call_next;
    }
    
} elsif ( $RT::UseApacheAuth && $r->connection->user() ) {
  my $user = $r->connection->user();
  my %cookies = fetch CGI::Cookie; #what's this for?
  $session{'CurrentUser'} = RT::CurrentUser->new();
  unless ($session{'CurrentUser'}->Load($user)) {
    $session{'CurrentUser'} = undef;
    $m->comp('/NoAuth/Login.html', %ARGS, Error=> 'Your username or password is incorrect');
    $m->abort();
  };
  if  (!$session{'CurrentUser'}->Privileged) {
    # If the user isn't priviledged, they can only see SelfService
    if ($m->base_comp->path =~ '^/SelfService/') {
      $m->call_next;
    } else {
      $m->comp('/SelfService/index.html');
    }
  }
  else {
    $m->call_next;
  }
}
elsif (defined ($user) && defined ($pass)){
    my %cookies = fetch CGI::Cookie;
    #TODO if the password is the user's password
    $session{'CurrentUser'} = RT::CurrentUser->new();
    unless ($session{'CurrentUser'}->Load($user)) {
	$session{'CurrentUser'} = undef;
	$m->comp('/NoAuth/Login.html', %ARGS, Error=> 'Your username or password is incorrect');
        $m->abort();
    };
    unless ($session{'CurrentUser'}->IsPassword($pass)) {
	$session{'CurrentUser'} = undef;
	
	$m->comp('/NoAuth/Login.html', Error => 'Your username or password is incorrect', %ARGS);
	$m->abort();
    }
    if  (!$session{'CurrentUser'}->Privileged) {
	# If the user isn't priviledged, they can only see SelfService
        if ($m->base_comp->path =~ '^/SelfService/') {
                $m->call_next;
                } else {
        	$m->comp('/SelfService/index.html');
                }
    }
    else {
	$m->call_next;
    }
}
else {
    $m->comp('/NoAuth/Login.html', %ARGS);
}
</%INIT>

<%ARGS>
$user => undef
$pass => undef
</%ARGS>


More information about the rt-users mailing list