[rt-users] RT-LDAP Authentication Redux
Stephen Fung
stephen at hknet.com
Thu Feb 3 02:16:57 EST 2005
I have tested LDAP auth with 3.2.2 and now testing it with 3.4.0. Hope
that I can answer you questions.
Francisco Javier Martínez Martinez wrote:
> Cheers.
>
> The previus mails due to the answers begins to be a mess, by the way I
> am going to Redux the request:
>
> - I had installed RT 3.2.2 in a Fedora 3 box, with Apache 2 and MySQL
> - I had an external LDAP server, which stores among others fields the
> mail addresses - passwords.
> - I want that the RT checks user/passwords against the LDAP server
> directly, not delegating in the Apache.
> - The mail address is UID in the LDAP :-).
> - I had put the following lines in my RT_SiteConfig, there is no need to
> use passwords for binding to our internal LDAP :
>
> Set($WebExternalAuth , undef);
> $LDAPExternalAuth = 1; # will enable LDAP-Auth
> $LdapServer="ldap.mydomain.com"; # LDAP server for authentication
> $LdapUser=""; # user name for binding
> $LdapPass=""; # password for binding
> $LdapBase="ou=Inte,dc=mydomain,dc=com"; # search base
> $LdapUidAttr="uid"; # attribute for RT user name
> $LdapFilter="(objectclass=*)"; # additional filter
>
> - I had created (copy of Ruediger Riediger´s one) a file for LDAP
> Overlay called User_Local.pm as I had found in varius request, following
> the recomendations of
> http://wiki.bestpractical.com/index.cgi?CleanlyCustomizeRT I had put
> this file in both routes RTroot/local/lib/RT/ and RTroot/lib/RT.
>
> - I had installed the CPAN modules Net::LDAP and Net::SSLeay. But we do
> not need TLS communications at least for the moment.
>
> After all, RT seems to authenticate users against his own DB, there is
> not activities nor communications between RT server and LDAP server.
If you are using the module from
http://www.justatheory.com/computers/programming/perl/rt/User_Local.pm.ldap,
users will be authenticated against RT's DB if the password matched.
If you are using the module from
http://download.bestpractical.com/pub/rt/contrib/3.0/LDAP1.0_RT3.tar.gz,
users will be authenticated against LDAP ONLY if their passwords are
never set in RT's DB(i.e. password = '*NO-PASSWORD*').
>
> My mainly requests are:
>
> Is the LDAP activated with the lines put above? If yes in which part of
> RT_SiteConfig it should to live?
> What should be the value of Set($WebExternalAuth (I wonder that It
> should be undef) ?
You should leave it as undef.
> Where should live User_Local.pm and whith what attributes?
I just put it inside <path_to_rt3>/lib/RT and it works.
> What about /usr/local/rt3/local/html/autohandler, Should It be modified?
I never use it.
> Is TLS communications mandatory for this authentication?
No.
>
> Thanks in advance and mainly to Steve and Ruediger Riediger for his
> kindly and quickly answers.
>
> Best regards.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> RT Administrator and Developer training is coming to your town soon! (Boston, San Francisco, Austin, Sydney) Contact training at bestpractical.com for details.
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
More information about the rt-users
mailing list