[rt-users] LDAP authentication best practices

Thomas Smith theitsmith at gmail.com
Mon Oct 3 17:28:20 EDT 2011


I'm looking at using LDAP athentication to auth against a Win2k8 R2 AD
server. I've seen a few different ways to do this on the website and
through Google-ing but none are consistent and none cover all that I'd
like to accomplish with this.

What I'd like to do is this:

    * Authenticate users against AD who login through the web
interface. As part of this authentication (for non-existent RT users),
create the user's account using their AD username as their RT Username
and their AD primary SMTP address as their RT Email.
    * When non-existing users submit a ticket via email, have RT check
that email against AD and if it find a user associated with that
email, create a new account using the user's AD username as RT's
Username and the user's AD email address as RT's Email.
    * Reject all other requests (and auto creations) for users who
don't already exist in AD or the local RT user database.

Is it possible to do all of these things?

Thomas Smith
Cell: 602-882-2917

More information about the rt-users mailing list