[rt-users] LDAP authentication best practices
ruz at bestpractical.com
Mon Oct 3 18:03:01 EDT 2011
On Mon, Oct 3, 2011 at 11:28 PM, Thomas Smith <theitsmith at gmail.com> wrote:
> I'm looking at using LDAP athentication to auth against a Win2k8 R2 AD
> server. I've seen a few different ways to do this on the website and
> through Google-ing but none are consistent and none cover all that I'd
> like to accomplish with this.
> What I'd like to do is this:
> * Authenticate users against AD who login through the web
> interface. As part of this authentication (for non-existent RT users),
> create the user's account using their AD username as their RT Username
> and their AD primary SMTP address as their RT Email.
> * When non-existing users submit a ticket via email, have RT check
> that email against AD and if it find a user associated with that
> email, create a new account using the user's AD username as RT's
> Username and the user's AD email address as RT's Email.
> * Reject all other requests (and auto creations) for users who
> don't already exist in AD or the local RT user database.
> Is it possible to do all of these things?
You didn't say if you need SSO or not.
To check and add users when they send emails and don't exist in the
system, you need RT::Authen::ExternalAuth. If you need SSO and LDAP is
quite static then you can use apache for SSO and LDAPImport  to
periodically import and/or update users.
> Thomas Smith
> Cell: 602-882-2917
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * San Francisco, CA, USA October 18 & 19, 2011
> * Washington DC, USA October 31 & November 1, 2011
> * Melbourne VIC, Australia November 28 & 29, 2011
> * Barcelona, Spain November 28 & 29, 2011
Best regards, Ruslan.
More information about the rt-users