[rt-users] LDAP authentication best practices
Thomas Smith
theitsmith at gmail.com
Tue Oct 4 23:54:51 EDT 2011
On Tue, Oct 4, 2011 at 8:42 PM, Thomas Smith <theitsmith at gmail.com> wrote:
> Thanks Kevin! That setting worked!
>
> On Tue, Oct 4, 2011 at 1:37 PM, Kevin Falcone <falcone at bestpractical.com> wrote:
>> On Tue, Oct 04, 2011 at 01:22:24PM -0700, Thomas Smith wrote:
>>> Thanks again Ruslan!
>>>
>>> I've got this mostly working but I'm missing something and I'm just
>>> not seeing what that is...
>>>
>>> Apache auth via LDAP (mod_auth_ldap) is working correctly--the user
>>> gets into RT, but no options are available except "Tickets" (along
>>> with Open, Create, etc, within the Tickets menu). And the new user can
>>> see that they're logged in, "Logged in as user". However, their user
>>> account is not being created within the RT database and their are no
>>> available options for their account (no drop-down for "Logged in as
>>> user") under their login.
>>
>> Sounds like users are being created Unprivileged.
>> Use $AutoCreate in RT_SiteConfig.pm if you wish them to be created
>> Privileged. You can search for and make users Privileged from the
>> user admin pages. They will not be listed in the list of current
>> users if they are Unprivilged (but will have records in the Users
>> table).
>
> Discovered another issue... This one isn't strictly RT-related, I don't think.
>
> The email gateway is no longer working. When I configured Apache auth,
> I had to do it at the /opt/rt4 level--otherwise, RT would display the
> login page without the option to login and SSO wouldn't work. Now the
> mail gateway is unable to insert new tickets into the database as the
> area it's trying to access is password protected. Are there any
> best-practices for lifting the security off of this one directory
> (NoAuth only, right?) while maintaining SSO on the remainder of the
> system? Every time I exclude this directory from authentication, SSO
> breaks.
Sorry, here are the errors I'm seeing in the maillog regarding rt-mailgate.
Oct 4 20:53:14 hostname postfix/local[12080]: 82FEA7BDE5:
to=<helpdesk at hostname.domain.tld>,
orig_to=<helpdesk at hostname.domain.tld>, relay=local, delay=18072,
status=deferred (temporary failure. Command output: An Error Occurred
================= 401 Authorization Required )
Oct 4 20:53:14 hostname postfix/local[12079]: 0DDC943BD1:
to=<helpdesk at hostname.domain.tld>,
orig_to=<helpdesk at hostname.domain.tld>, relay=local, delay=19194,
status=deferred (temporary failure. Command output: An Error Occurred
================= 401 Authorization Required )
More information about the rt-users
mailing list