LdapOverlay

From Request Tracker Wiki
Revision as of 15:14, 6 April 2016 by Admin (talk | contribs) (2 revisions imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

NOTE: Please see LdapSummary for an overview of the latest available implementations

This overlay code allows authentication from ldap without basic auth

See instructions in the source (top comments) on how to install this overlay code as .../lib/RT/User_Local.pm (and CleanlyCustomizeRT for more details on these overlays).

You'll find some discussion, hints and code on this message http://marc.free.net.ph/message/20040303.190901.a2d55cc6.html (2004-03-03)

You'll find an updated version with TLS support and authentication for only members of certain groups here: http://www.justatheory.com/computers/programming/perl/rt/User_Local.pm.ldap (2004-11-30)

If you set the DEBUG constant in this file, it will log plaintext passwords into your RT logs. You have been warned.

Discussion for this latest version may be found here: http://www.justatheory.com/computers/programming/perl/rt/ldap_auth.html

Basically, this is usefull for the following example situation :

  • users submit requests by email and are then autocreated in the system as unpriviledged (default configuration). Now, they can use their email as login in RT. But they need to provide a password that will be authenticated with the LDAP server.
  • you define which LDAP attribute will be used to match the login, for instance "uid" where you store the emails in your LDAP tree
  • the password is authenticated if a LDAP bind is successfull and gives access to their bug reports
  • the users can then track on the intranet (for instance) the state of all their requests to support/help-desk
  • you want only members of a certain group to be able to login and use RT (optional)
  • you want TLS (encrypted) communications with the LDAP server (optional)

-- When using this, users logging in see only a very abbreviated SelfServices screen here... Is that normal? They only see "OpenTickets", "Closed Tickets", "New Tickets", and "Preferences". They cannot see the Queues list even though group Everyone has this right. Am I missing something in my setup?

-- Fix the links again...

-- Alt version available here: www.justatheory.com/computers/programming/perl/rt/ldap_auth.html

This link is dead too: Ldap Overlay http://marc.free.net.ph/attach/3@20040303.190901.a2d55cc6.attach (Previous post http://thefeed.no/marcus/rt/User_Local.ldap.pm.txt) (original post http://lists.fsck.com/pipermail/rt-users/2003-March/012550.html)