[rt-users] Ldap authentication *Easy Question

Mike Peachey mike.peachey at jennic.com
Fri Sep 26 05:32:20 EDT 2008


Auch, Benjamin wrote:
> Hi, I’m running 3.8.1 on Ubuntu 8.04 with MySQL, apache2, modperl2 and
> LDAP.  (Had Linux virtual machine running on MS virtual server 2005, but
> it was a tad slow (no CPU usage though, weird))
> 
>  
> 
> My LDAP config uses the Mike Peachey External Auth method, with the hack
> for 3.8.1.  My users are prompted for their username and password (from
> the RT Self Service page) it uses LDAP to grab their password.  It also
> creates an account when they first email or when I create an account it
> pulls in the AD info.   So LDAP works great.
> 
>  
> 
> My question is:  Can I do more LDAP authentication than I have now?  (I
> think I have LDAP overlay?????)  Using an MS domain environment, can the
> site grab the users current credentials and pass them through?  IE –
> pass through authentication?  (We do this all the time for IIS sites on
> our Intranet)

Difficult one. Certainly no way exists at the moment for pass-through
auth on windows, however you are free to write a way. The closest I got
so far is using Cookies to provide single-sign on for the website RT is
integrated into. Using RT::Authen::ExternalAuth's ability to
authenticate against a MySQL database and RT::Authen::CookieAuth
together allows users to login to our website and be automatically
logged into RT with the cookie the website provides.

Perhaps that's somewhere for you to start?

Alternatively, if you're happy to have users tied to individual
certificates, you can get very effective single sign-on using
certificate authentication and installing a unique certificate in each
user's browser.

-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________



More information about the rt-users mailing list