[rt-users] ldap users

steve steve at n2sw.com
Mon Dec 20 13:31:10 EST 2004


hi all, i have all my users authenticating via ldap, and when they log 
in they see everything, including the configuration tab on the left 
side, which means that they can see that there is an account called 
superuser etc..., while they can not modify any of this info i would 
like for all users except those specified to not be able to see the 
configuration tab on the left.

is this possible, if so how do i go about doing this,

also for those of you that need to authenticate via ldap here is how to 
do it in 3 steps,

add this to RT_Site_config.pm
$LDAPExternalAuth = 1;
$LdapServer="ldap.mydomain.com";
$LdapUser="cn=DADDY,o=MAMA";
$LdapPass="PASS";
$LdapBase="";
$LdapUidAttr="uid";
$LdapFilter="(objectclass=*)";
$LdapTLS = 0;
$LdapGroup ="cn=NY-Everyone,ou=Groups,ou=NY,ou=YOYO,ou=MAMA";
$LdapGroupAttribute = 'member';


then in httpd.conf

ServerName rt.mydomain.com
     DocumentRoot /usr/local/rt3/share/html
     AddDefaultCharset UTF-8
     PerlModule Apache::DBI
     PerlRequire /usr/local/rt3/bin/webmux.pl
     <Location />
         SetHandler perl-script
         PerlHandler RT::Mason
         AuthName "RT Web Users"
         AuthType Basic
         AuthLDAPAuthoritative  off
         AuthLDAPurl ldap://ldap.mydomain.com/?cn?sub
         require valid-user
     </Location>
</VirtualHost>


you must install auth_ldap first, and in freebsd this is not mod_ldap 
but auth_ldap and is located in /usr/ports/www/auth_ldap






-------------- next part --------------
A non-text attachment was scrubbed...
Name: steve.vcf
Type: text/x-vcard
Size: 774 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20041220/0b3e559b/attachment.vcf>


More information about the rt-users mailing list