[rt-users] LDAP solution that works

Robert Paskowitz rpaskowitz at michener.ca
Thu Aug 12 09:38:08 EDT 2004


Thanks for the file, I knew there was some sort of a missing link. Unfortunatly our LDAP idea here may not take off because of some complexities. Our users are stored in all levels of the tree, so a fairly bruteforce recursive check is needed, which is time consuming, wasteful, and doesn't always seem to work. Some of our other software uses IMAP authentication, so I am currentlly looking into modifying the LDAP portions to do IMAP. We save having to do the lookups for the dn, which is a big plus.

Whatever I end up with will be posted back to the list. Even if we stick with LDAP, the recursive search may be useful to some.

>>> Carl Makin <carl at xena.IPAustralia.gov.au> 08/12/04 00:32 AM >>>
Hi Robert,

Robert Paskowitz wrote:

>We use Novell here and want to authenticate against the eDirectory LDAP server(something we do often). Ideally, we would want a user to be able to sign in with the novell name/password, have RT create a user with the given name, leave the password blank, and use the e-mail adress which can be grabbed from LDAP as well. A nice bonus would be the ability to have a user send an e-mail in, and if it is not associated with an account, perform an LDAP lookup for that address, and proceed with the same account creation described above.
>  
>
The system we have works the other way around.  Users are automatically 
created with data from the LDAP server by an inbound email.  Once they 
are created, then they can log in.  We use the LDAPMail.pm file 
(attached) in the <site>/rt3/lib/RT/Interface/Email/Auth directory to do 
the LDAP based auto user creation.  I got that off this list, but I 
can't remember who from. :(  LDAPMail.pm associated with 
<site>/rt3/local/lib/RT/User_Local.pm (attached) and this snippet in the 
RT_SiteConfig.pm file do it all for us.

# LDAP Authentication
$LDAPExternalAuth = 1;
$LdapServer="your.directory.server";
$LdapUser="";
$LdapPass="";
$LdapBase="dc=your,dc=directory,dc=serverbase";
$LdapUidAttr="uid";
$LdapFilter="(objectclass=inetOrgPerson)";

# LDAP entry from mail.
@RT::MailPlugins = (
        "Auth::LDAPMail",
        "Auth::MailFrom"
  );

At some point I hope to find the time to dive in and make the 
"ParseNewMessageForTicketCcs" function use LDAP data as well. 

Unfortunately this might all go out the window here as my management are 
keen on using a single "Service Desk" based system across the whole 
organisation, and the peope in charge of that are only interested in 
commercial packages. <sigh> 

Hope this helps.
Carl.





More information about the rt-users mailing list