[rt-users] RT::Authen::ExternalAuth v0.06 Released - Includes 3.8.x Compatibility

Mike Peachey mike.peachey at jennic.com
Sun Nov 2 08:44:00 EST 2008


Lars Kellogg-Stedman wrote:
>>  'servers' => [ 'ldaps://dc1.example.com',
>> 'ldaps://ldaps://dc2.example.com/' ],
> 
> I guess one could accomplish a similar effect by specifying multiple
> server entries ("My_LDAP1", "My_LDAP2", etc), which is messy but would
> at least make sure things keep running if the primary becomes
> unavailable.  Would this work?  The downside is that RT would make
> multiple queries for users that are actuall invalid, but the benefits
> might be worth it.  I will try to poke at this over the next few days.
> 
This is precisely how it is meant to work. I know it's not perfect, but
it should do the job. The idea of ExternalAuthPriority and
ExternalInfoPriority is that you can specify as many external sources as
you like, be they LDAP or MySQL or Oracle, and you can then have them
checked in whatever order you please for Auth and for Info until a match
is found providing a failover service or multiple source service (i.e.
Auth out of LDAP, but get Info only from a database).

Yes, it does mean that unknown users will be checked against all
sources, but how many unknown users do you have trying to login to RT
every day? Perhaps in the future, this may be implemented a little
better, but as I said, for now at least, it should work.

With regard to using local sockets, it's not something I have looked
into, however the main concern is the capability of Graham Barr's
Perl-LDAP (Net::LDAP) because that's what is used for LDAP
functionality. Anything Net::LDAP can query, ExternalAuth should be able
to query too so long as you pass it the right params from the config. If
there's anything the ExternalAuth config isn't correctly constructed to
pass to Net::LDAP, let me know and I'll look into it.

Worth saying that the databse interface works the same way, Perl-DBI is
used to connect to databases and so anything DBI can connect to,
ExternalAuth should be able to connect to.
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________



More information about the rt-users mailing list