[rt-users] LDAP authentication best practices
Ruslan Zakirov
ruz at bestpractical.com
Mon Oct 3 18:03:01 EDT 2011
Hi,
On Mon, Oct 3, 2011 at 11:28 PM, Thomas Smith <theitsmith at gmail.com> wrote:
> Hi,
>
> I'm looking at using LDAP athentication to auth against a Win2k8 R2 AD
> server. I've seen a few different ways to do this on the website and
> through Google-ing but none are consistent and none cover all that I'd
> like to accomplish with this.
>
> What I'd like to do is this:
>
> * Authenticate users against AD who login through the web
> interface. As part of this authentication (for non-existent RT users),
> create the user's account using their AD username as their RT Username
> and their AD primary SMTP address as their RT Email.
> * When non-existing users submit a ticket via email, have RT check
> that email against AD and if it find a user associated with that
> email, create a new account using the user's AD username as RT's
> Username and the user's AD email address as RT's Email.
> * Reject all other requests (and auto creations) for users who
> don't already exist in AD or the local RT user database.
>
> Is it possible to do all of these things?
See http://requesttracker.wikia.com/wiki/LDAP
You didn't say if you need SSO or not.
To check and add users when they send emails and don't exist in the
system, you need RT::Authen::ExternalAuth. If you need SSO and LDAP is
quite static then you can use apache for SSO and LDAPImport [1] to
periodically import and/or update users.
[1] http://cpansearch.perl.org/src/FALCONE/RT-Extension-LDAPImport-0.31/README
>
> --
> Thomas Smith
> Cell: 602-882-2917
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * San Francisco, CA, USA October 18 & 19, 2011
> * Washington DC, USA October 31 & November 1, 2011
> * Melbourne VIC, Australia November 28 & 29, 2011
> * Barcelona, Spain November 28 & 29, 2011
>
--
Best regards, Ruslan.
More information about the rt-users
mailing list