[rt-users] Migrating to LDAP

James Chamberlain jamesc at exa.com
Wed Dec 24 12:27:22 EST 2008

On Dec 19, 2008, at 7:38 AM, Ruediger Riediger wrote:

> On 12/19/08 01:06 AM, James Chamberlain wrote:
> [...]
>> RT::Authen::ExternAuth for authentication.  I'm changing people's
>> passwords as part of this.  I've set up a test system, but I've
>> noticed something kind of odd in its behavior.  It seems like people
>> can authenticate with either their old password or their new.  That
>> is, it seems like both the Users table and the LDAP directory are
>> being consulted.  If the user's password is correct in either one of
>> them, the user gets in; but the user has to enter the wrong password
>> according to both before authentication fails.  Have I missed
>> something?  What can I do to make sure that only the LDAP directory
>> gets used?
> This is (as far as I understand) done by intend. E.g. your "root" user
> for RT is likely not in LDAP, so you need to have a local password for
> it, otherwise you cannot log into the web interface.
> Simply drop all (user) passwords from the user table, and only LDAP  
> will
> work (well, until a user sets manually a password in RT again).

Thanks for the info, Ruediger.  To make sure my understanding is  
clear, that's "wipe out the user passwords from the Users table" and  
not "delete all entries from the Users table", right?

Thanks again,


More information about the rt-users mailing list