[rt-users] LDAP working, now the next step

Joachim Thuau jthuau at heavy-iron.com
Wed Jul 19 22:05:07 EDT 2006

I just went through the step to setup the auth from the wiki, using LDAP.
following all the steps (and now that my exchange and AD are sync'ed
throught the exchange connector), gave me the ability to logon with my AD
password, and have users registered the same way.

If a user send an email, their account is created automatically, and
populated with the right details from AD. 
If a user logon using a browser, the same thing happens. As long as exchange
and AD have "sync'ed" data (the connector wasn't configured properly in our
case, but since it's there, everything is working beautifully.) 

my understanding is that with the LDAP plugin/extension setup, the
authentication happens over LDAP against AD, and the user details (including
emails and stuff) is pulled from AD as well. so when a user sends an email,
an account for that user is created with their AD login (minus the domain).
the password being checked is the one is AD.

So if you look at the auth extension for the ldap in the wiki.

i believe the pages that i looked at are the one linked from there:

not the one you referenced.

RT3.6, apache 1.3, perl 5.8.8.

Thanks to Jim Meyer. It works for me(TM).
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com]On Behalf Of Jay
Sent: Wednesday, July 19, 2006 5:53 PM
To: rt-users at lists.bestpractical.com
Subject: [rt-users] LDAP working, now the next step

Hurrah!  I got LDAP working with Active Directory using the Mosemann
implementation found on the wiki.  It took some tweaking and some trial
and error, but I finally got it working with a Windows 2003 AD server
(which is different than 2000).  If anyone is having problems getting
that far, I think I can be a resource for you.

NOW I have a problem.  I want people to be able to create tickets
without having an account, but then be able to log into the system and
have those tickets associated with their account (by email).

I am currently using the "Auto Create on email, then set password via
Auto Respond" method, which I will need to turn off. Ideally I can have
a replacement for that process that uses LDAP.  Does anyone have any
ideas about how I might accomplish the above?



Community help: http://wiki.bestpractical.com
Commercial support: sales at bestpractical.com

Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

We're hiring! Come hack Perl for Best Practical:

More information about the rt-users mailing list