[rt-users] RT-LDAP Authentication Redux

Francisco Javier Martínez Martinez fjmartinez at csi.uned.es
Wed Feb 2 06:29:33 EST 2005


Cheers.

The previus mails due to the answers begins to be a mess, by the way I am 
going to Redux the request:

- I had installed RT 3.2.2 in a Fedora 3 box, with Apache 2 and MySQL
- I had an external LDAP server, which stores among others fields the mail 
addresses - passwords.
- I want that the RT checks user/passwords against the LDAP server 
directly, not delegating in the Apache.
- The mail address is UID in the LDAP :-).
- I had put the following lines in my RT_SiteConfig, there is no need to 
use passwords for binding to  our internal LDAP :
Set($WebExternalAuth , undef);
$LDAPExternalAuth = 1;          # will enable LDAP-Auth
$LdapServer="ldap.mydomain.com";     # LDAP server for authentication
$LdapUser="";                   # user name for binding
$LdapPass="";                   # password for binding
$LdapBase="ou=Inte,dc=mydomain,dc=com";      # search base
$LdapUidAttr="uid";             # attribute for RT user name
$LdapFilter="(objectclass=*)";  # additional filter
- I had created (copy of Ruediger Riediger´s one) a file for LDAP Overlay 
called User_Local.pm as I had found in varius request, following the 
recomendations of 
http://wiki.bestpractical.com/index.cgi?CleanlyCustomizeRT I had put this 
file in both routes RTroot/local/lib/RT/ and  RTroot/lib/RT.

- I had installed the CPAN modules Net::LDAP and Net::SSLeay. But we do not 
need TLS communications at least for the moment.

After all, RT seems to authenticate users against his own DB, there is not 
activities nor communications between RT server and LDAP server.

My mainly requests are:

Is the LDAP activated with the lines put above? If yes in which part of 
RT_SiteConfig it should to live?
What should be the value of Set($WebExternalAuth (I wonder that It should 
be undef) ?
Where should live User_Local.pm and whith what attributes?
What about  /usr/local/rt3/local/html/autohandler, Should It be modified?
Is TLS communications mandatory for this authentication?

Thanks in advance and mainly to Steve and Ruediger Riediger for his kindly 
and quickly answers.

Best regards.















-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20050202/f0f2e4fb/attachment.htm>


More information about the rt-users mailing list