[rt-users] how to mix Internal method just for admin user and ldap method for all other users
Bob Goldstein
bobg at uic.edu
Sat Oct 28 11:33:05 EDT 2006
>Hi,
>
>I am a problem :(
>I succeed to configure RT to auth users by the classical method. And in
>another configuration, with the documentation on-line, I succeed to
>configure RT to auth users with my ldap (using User_Local.pm, and
>changing RT_SiteConfig.pm and RT_Config)
>
>But I would like to configure RT to authenticate my admin user (who is
root and is not my LDAP, and I doesn't want this user in my ldap) by
>Internal method, and authenticate my others users by LDAP method.
>Because when I try, just LDAP users can be authenticate, but I can't be
>authenticate with my admin user (root).
>
>Is it possible to mixed the authentification methods just internal
>method for root and ldap method for all other users ? I think that yes,
>and is what somebody would have the kindness to say to me what are the
>parameters to set .... ?
>
I've done something quite similar by accident. Note this in your RT_Siteconfig.pm
Set($WebFallbackToInternalAuth , 1);
This means that when RT executes, if $ENV{REMOTE_USER} is already set
(via mod_ldap), use that. But if it is not set, then fall back to
RT's internal authentication.
So, the trick is to have two different urls, one of which invokes
mod_ldap, and the other doesn't.
In my particular case, https://helpdesk.uic.edu/accc uses
mod_bluestem (very similar to mod_ldap from an apache point of view),
and http://helpdesk.uic.edu/accc/ does not, and therefore falls back
to RT internal authentication. You don't have to use the ssl/no-ssl distinction,
of course, I just happened to. (And I'm careful about when I use the non-ssl logon.)
...
ScriptAlias /accc /usr/local/rt/production/bin/mason_handler.fcgi
...
<VirtualHost _default_:443>
<Location /accc>
SetHandler ldap-status
Require valid-user
</Location>
</VirtualHost>
Hope that helps.
bobg
More information about the rt-users
mailing list