[rt-users] Converting to using LDAP authentication (Active Directory)

Parish, Brent bparish at cognex.com
Tue Feb 4 12:00:22 EST 2014 

Hi.

I've never switched from an existing local database to LDAP so I don't know anything about that.

However, we have used the RT-Authen-ExternalAuth module (slightly modified) with great success here.
With that extension (and the accompanying autocreate user settings in RT_SiteConfig.pm), the users get created as they connect with RT (via email and/or BBI).

Yes, I do run the LDAPImport (modified) daily but that is more to update existing user fields and group memberships than it is to import users and groups initially.
In other words, it means less work for me maintaining the user database and current group memberships!

We like it here also because we then use Kerberos on Apache to auto-authenticate the users with their current domain login credentials (e.g. SSO).

- Brent


-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Marius Flage
Sent: Tuesday, February 04, 2014 11:44 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Converting to using LDAP authentication (Active Directory)

On 01/30/2014 04:53 PM, Kevin Falcone wrote:
> On Thu, Jan 30, 2014 at 09:44:51AM +0100, Marius Flage wrote:
>> is basically if it's possible to convert/migrate to using LDAP and 
>> still keep the history for the tickets already in the system 
>> (currently around 1500). We've made sure to use the same username in 
>> the local database as the one present in Active Directory, so it 
>> should be easy to just migrate/convert, but I'm not at all sure how 
>> to do this. Can someone give me some pointers?
>
> Since your usernames match LDAP, all you have to do is install and 
> configure RT-Authen-ExternalAuth.

Ok, but I still have to create a local corresponding user for these users to be able to be privileged and able to use RT as agents, right?
This module is just for authenticating against LDAP? And I guess I have to use RT-Extension-LDAPImport for this? But there's no way to sync all these details without having to use import jobs?

- Marius

More information about the rt-users mailing list