Re: [rt-users] Converting to using LDAP authentication (Active Directory)
On 01/30/2014 04:53 PM, Kevin Falcone wrote: On Thu, Jan 30, 2014 at 09:44:51AM +0100, Marius Flage wrote: is basically if it's possible to convert/migrate to using LDAP and still keep the history for the tickets already in the system (currently around 1500). We've made sure to use the same username in the local database as the one present in Active Directory, so it should be easy to just migrate/convert, but I'm not at all sure how to do this. Can someone give me some pointers? Since your usernames match LDAP, all you have to do is install and configure RT-Authen-ExternalAuth. Ok, but I still have to create a local corresponding user for these users to be able to be privileged and able to use RT as agents, right? This module is just for authenticating against LDAP? And I guess I have to use RT-Extension-LDAPImport for this? But there's no way to sync all these details without having to use import jobs? - Marius
Re: [rt-users] Converting to using LDAP authentication (Active Directory)
Hi. I've never switched from an existing local database to LDAP so I don't know anything about that. However, we have used the RT-Authen-ExternalAuth module (slightly modified) with great success here. With that extension (and the accompanying autocreate user settings in RT_SiteConfig.pm), the users get created as they connect with RT (via email and/or BBI). Yes, I do run the LDAPImport (modified) daily but that is more to update existing user fields and group memberships than it is to import users and groups initially. In other words, it means less work for me maintaining the user database and current group memberships! We like it here also because we then use Kerberos on Apache to auto-authenticate the users with their current domain login credentials (e.g. SSO). - Brent -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Marius Flage Sent: Tuesday, February 04, 2014 11:44 AM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Converting to using LDAP authentication (Active Directory) On 01/30/2014 04:53 PM, Kevin Falcone wrote: On Thu, Jan 30, 2014 at 09:44:51AM +0100, Marius Flage wrote: is basically if it's possible to convert/migrate to using LDAP and still keep the history for the tickets already in the system (currently around 1500). We've made sure to use the same username in the local database as the one present in Active Directory, so it should be easy to just migrate/convert, but I'm not at all sure how to do this. Can someone give me some pointers? Since your usernames match LDAP, all you have to do is install and configure RT-Authen-ExternalAuth. Ok, but I still have to create a local corresponding user for these users to be able to be privileged and able to use RT as agents, right? This module is just for authenticating against LDAP? And I guess I have to use RT-Extension-LDAPImport for this? But there's no way to sync all these details without having to use import jobs? - Marius
[rt-users] Converting to using LDAP authentication (Active Directory)
Hi there! We've been running RT for some months now with a local user database for our agents and also for the auto-created users when they submit tickets. Now we want to start using RT system-wide and we'd like to exploit LDAP authentication (towards our corporate Active Directory). So the question is basically if it's possible to convert/migrate to using LDAP and still keep the history for the tickets already in the system (currently around 1500). We've made sure to use the same username in the local database as the one present in Active Directory, so it should be easy to just migrate/convert, but I'm not at all sure how to do this. Can someone give me some pointers? And what about groups in LDAP? Can these be exploited as well? - Marius
Re: [rt-users] Converting to using LDAP authentication (Active Directory)
On Thu, Jan 30, 2014 at 09:44:51AM +0100, Marius Flage wrote: is basically if it's possible to convert/migrate to using LDAP and still keep the history for the tickets already in the system (currently around 1500). We've made sure to use the same username in the local database as the one present in Active Directory, so it should be easy to just migrate/convert, but I'm not at all sure how to do this. Can someone give me some pointers? Since your usernames match LDAP, all you have to do is install and configure RT-Authen-ExternalAuth. And what about groups in LDAP? Can these be exploited as well? RT-Extension-LDAPImport's documentation covers how to import groups. -kevin pgpXUNuk0rk8L.pgp Description: PGP signature
