[rt-users] RT & mysql / LDAP Auth

Mike Peachey mike.peachey at jennic.com
Thu May 13 08:56:18 EDT 2010


Julian Grunnell wrote:
>> -----Original Message-----
>> From: Mike Peachey [mailto:mike.peachey at jennic.com]
>> Sent: 10 May 2010 12:54
>> To: Julian Grunnell
>> Cc: rt-users at lists.bestpractical.com
>> Subject: Re: [rt-users] RT & mysql / LDAP Auth
>>
> 
> So at present users are just authenticating against RT's own DB for user
> access. What I'd like to do is keep this but also have LDAP. The reason
> being users now have multiple usernames / passwords for different
> services we run and I want to use LDAP as a way to simplify this - BUT
> in order for this to be done I also need to be able to keep the MySQL
> access for now and not break RT for all the users.
> 
> The RT DB is on a different physical server and the fact that after I
> restarted httpd with the config above and could still login with my
> usual (mysql) credentials assumed that atleast part of it was working -
> is this not the case?

No, you've misunderstood and it has massively complicated your debugging
of the situation.

ExternalAuth *only* adds to the available authentication mechanisms. It
does not replace RT's own. The use of ExternalAuth MySQL authentication
is if you want to be able to authenticate against some other MySQL
source such as a custom website database or the database of another
web-application. This is /in addition/ to checking against RT's own
internal database (whether this is hosted locally or not).

So, authentication happens in this order:

1. ExternalAuth
2. RT-Internal

And you can have as many ExternalAuth sources as you wish.


For your setup, what you want is to only specify the LDAP source which
is then checked for a valid user. If there's no user in LDAP, RT's
internal DB will be checked.
-- 
Kind Regards,

__________________________________________________

Mike Peachey, IT Systems Administrator
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__________________________________________________



More information about the rt-users mailing list