[rt-users] LDAP authentication..

[Nathan J. Mehl]

In the immortal words of TeleMole (telemole at gmail.com):
> 
> We run a Novell Netware tree and have LDAP servers runnning there.  I
> have been able to successfully use ldap to authenticate users to
> access the rt web server - but not to the RT application.
> 
> example : user 'sdaniels' exists in both the tree (as
> sdaniels.people.ourcompany) and 'sdaneils' exists in RT (having been
> manually created) but when i turn on ldap authentication to the RT app
> (setting WebExternalAuth to 1) i am not loggin in successfully to RT.
> 
> I then decided to set WebExternalAuto to 1 to see just who exactly was
> authinticating according to LDAP :)
> 
> The result was the creation of a user called
> 'cn=sdaniels,ou=people,o=ourcompany'
> 
> I am hoping someone has already encountered and conquered this before,
> as I am admittedly a little out of my depth.
> 
> If I can get LDAP authentication working - ie - just the user name
> being created or passed, what happens when people email requests in? 
> Is there a way to strip the '@ourcompany.com' off the user name upon
> autocreation of the account?

Although it's windows-centric, you may find the information here to be
a good starting point:

	http://blank.org/memory/output/rt-ad-sso.html

Obviously the bits about mod_ntlm aren't relevant, but if you mentally
map the ntlm auth bits to ldap auth, the rest of it should apply
pretty cleanly.  

-n

------------------------------------------------------------<memory at blank.org>
"Zombies are the liberal nightmare. Here you have the masses, whom you would 
love to love, appearing at your front door and their faces falling off; and 
you're trying to be as humane as you possibly can, but they are, after all, 
eating the cat. And the fear of mass activity, of mindlessness on a national 
scale, underlies my fear of zombies.' (--Clive Barker) 
<http://blank.org/memory/>----------------------------------------------------