[rt-users] Validating RT users via Active Directory

Gary Holmes Gary.Holmes at SurfControl.com
Fri Aug 8 05:53:18 EDT 2003


Hi all,

I have a request and an opportunity to share.

We currently use RT 2.0.13 but are in the process of migrating to 3.0.X.
At the same time, we're moving from NT domains to Active Directory, so
I've been watching the threads on RT and AD integration closely.

Seems to me that, so far, all I've seen is people using LDAP to lookup
user info essentially via the mailgate to populate new users as they
submit requests. This is cool, we've been doing something like that 
here for over a year with an external directory.

However, what I really want to do is to get users to have a single
login name and password everywhere and so I want to authenticate access
to RT via AD, and not via the password in RT.

I've not found anything on Linux which does this directly. Thus my
request is for any info on anything that does.

The opportunity is that I've found a way to do it. It's rather convoluted
as it involves a piece of ASP sitting on an SSL protected IIS server that
acts as a web service to do the authentication for me as I don't want
passwords
flying over the wire in clear text. I simply call that from
.../rt3/lib/RT/User_Local.pm and voila! AD authenticated users. I'd be
more than happy to post that code here, in all it's crudeness, if anyone is
interested - unless there's a better way!

(FWIW - I've also got this working on RT2 also).

BTW - our RT3 is running on RH9. Having followed Harald's lead, it works
perfectly.
RH9, local built perl 5.8.0, local built apache 1.3.28 with mod_perl 1.28.

Regards,
Gary

Get the latest news on SurfControl and our products,
subscribe to our monthly e-newsletter, SurfAdvisory at:
http://surfcontrol.us-hosts.com/sc/subscribe

*********************************************************************
The information in this email is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
email by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying, distribution or any action taken
or omitted to  be taken in reliance on it, is prohibited and may be
unlawful. If you believe that you have received this email in error,
please contact the sender.
*********************************************************************




More information about the rt-users mailing list