[rt-users] Import Users from NIS or radius??

Mike Peachey mike.peachey at jennic.com
Fri Feb 22 04:11:03 EST 2008


Greg Evans wrote:
> Hello,
> 
> Not sure if this made it to the list last time, so I am resending, I
> apologize in advance if it already got to many of you and it is a duplicate.
> We may have been/are having email server issues, so if this is now a
> triplicate, I offer my sincere apologies.
> 
> Hello Mike and everyone else,
> 
> I wanted to follow-up on our conversation below regarding users, etc.
> 
> I obviously don't want massive data duplication so it would seem that the
> best way to do this would be to import all of our internet customers into RT
> as users with basically no permissions, set them up in a group and all of
> that normal business.
> 
> All of my users are in our radius file and accessible via NIS, which is
> great and I am pretty sure that I can figure out how to import them from
> that using standard myself syntax and a exported .csv or similar file.
> 
> The problem that was brought to my attention is that I would need to do this
> daily. Is there a way that you or someone would know of that would allow me
> to import only the new data each day? My boss thought that using NIS would
> be better, and I think that I would agree with that.


You are going to be better off doing direct authentication off your NIS 
or RADIUS platforms rather than doing a daily data import.

If your RADIUS is providing a standard LDAP interface, then you can use 
Jim Meyer's LDAP User Overlay (http://wiki.bestpractical.org/LDAP), 
alternatively, Graeme Fowler did some work on a PAM interface that would 
let you authenticate off of any information with a PAM module, for any 
system running PAM.

Alternatively, if your RADIUS server can be converted to store its 
information inside a database rather than flat files, you could use my 
ExternalDB authentication overlay which will be released soon.

Alternatively, you can make Apache do the authentication. Any 
authentication method that Apache supports will work because you can 
just tell RT to trust Apache. And while it doesn't seem palatable, it 
seems feasible to write some custom cron scripts that convert your 
radius data into .htaccess files.

Just a few things to consider...
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________



More information about the rt-users mailing list