Re: [rt-users] Best method to authenticate with AD
Hello Mike Thank you for your advice. I have decided to go with RT:Authen::ExternalAuth for AD authentication. Regards Gerrit -Original Message- From: Mike Peachey [mailto:[EMAIL PROTECTED] Sent: 26 August 2008 10:51 AM To: Gerrit Kilian; RT Users Subject: Re: [rt-users] Best method to authenticate with AD Gerrit Kilian wrote: Hi I need to let RT authenticate users through AD. We have a number of levels in our AD structure to separate users on geographical and departmental reasons. On the best practice website I have read that there are three ways: 1. Apache Authentication 2. Mike Peachey's RT:Authen::ExternalAuth extension 3. Jim Meyer's User_Local Overlay(Deprecated) I recommend 2 over 3 because 2 is a complete rewrite of 3 and Jim is happy that 2 deprecates 3. As for 1, I've never done it, but it depends on whether you just want access authentication, or whether you want user information to be loaded from an external source. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Best method to authenticate with AD
Hi I need to let RT authenticate users through AD. We have a number of levels in our AD structure to separate users on geographical and departmental reasons. On the best practice website I have read that there are three ways: 1. Apache Authentication 2. Mike Peachey's RT:Authen::ExternalAuth extension 3. Jim Meyer's User_Local Overlay(Deprecated) Which of the three ways had work for you well and would you recommend? Kind regards Gerrit Kilian DGB (Pty) Ltd IT Support supervisor ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Best method to authenticate with AD
Gerrit Kilian wrote: Hi I need to let RT authenticate users through AD. We have a number of levels in our AD structure to separate users on geographical and departmental reasons. On the best practice website I have read that there are three ways: 1. Apache Authentication 2. Mike Peachey’s RT:Authen::ExternalAuth extension 3. Jim Meyer’s User_Local Overlay(Deprecated) I recommend 2 over 3 because 2 is a complete rewrite of 3 and Jim is happy that 2 deprecates 3. As for 1, I've never done it, but it depends on whether you just want access authentication, or whether you want user information to be loaded from an external source. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Best method to authenticate with AD
im using externalauth in 3.8.1 and it works well with our ldap, but closer integration could be achieved via apache auth against a pam.d stack utilizing kerberos and samba to directly authenticate with your domain controllers. its less expensive for windows. you could even audit your logins to the RT system through the event viewer. - Original Message - From: Gerrit Kilian [EMAIL PROTECTED] Date: Tuesday, August 26, 2008 2:23 Subject: [rt-users] Best method to authenticate with AD To: rt-users@lists.bestpractical.com Hi I need to let RT authenticate users through AD. We have a number of levels in our AD structure to separate users on geographical and departmental reasons. On the best practice website I have read that there are three ways: 1. Apache Authentication 2. Mike Peachey's RT:Authen::ExternalAuth extension 3. Jim Meyer's User_Local Overlay(Deprecated) Which of the three ways had work for you well and would you recommend? Kind regards Gerrit Kilian DGB (Pty) Ltd IT Support supervisor ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Best method to authenticate with AD
Another vote for #2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Peachey Sent: Tuesday, August 26, 2008 4:51 AM To: Gerrit Kilian; RT Users Subject: Re: [rt-users] Best method to authenticate with AD Gerrit Kilian wrote: Hi I need to let RT authenticate users through AD. We have a number of levels in our AD structure to separate users on geographical and departmental reasons. On the best practice website I have read that there are three ways: 1. Apache Authentication 2. Mike Peachey's RT:Authen::ExternalAuth extension 3. Jim Meyer's User_Local Overlay(Deprecated) I recommend 2 over 3 because 2 is a complete rewrite of 3 and Jim is happy that 2 deprecates 3. As for 1, I've never done it, but it depends on whether you just want access authentication, or whether you want user information to be loaded from an external source. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Best method to authenticate with AD
I'm using ExternalAuth, it works well and I would recommend it. I ran into a couple of implementation issues because 1) my AD User Objects lacked an E-mail address, and 2) many of my users had submitted tickets via E-mail and had rt accounts autocreated with their RT username being their E-mail address. The empty E-mail Addresses in the AD User object causes problems when a new user sends an E-mail to RT. A user account gets created with information from AD, but then mailgateway fails to find that user because the account has a null E-mail address. This meant that I had to update all my AD user objects, adding in their E-mail address, and update my procedures for Adding a User, but it all seems good now. The existing RT autocreated users needed to have their RT Username updated to match their AD account name (specifically the sAMAccountName) so that they could login to the RT web interface with the AD account name and password. Brian On Tue, 2008-08-26 at 08:20 +0200, Gerrit Kilian wrote: Hi I need to let RT authenticate users through AD. We have a number of levels in our AD structure to separate users on geographical and departmental reasons. On the best practice website I have read that there are three ways: 1. Apache Authentication 2. Mike Peachey’s RT:Authen::ExternalAuth extension 3. Jim Meyer’s User_Local Overlay(Deprecated) Which of the three ways had work for you well and would you recommend? Kind regards Gerrit Kilian DGB (Pty) Ltd IT Support supervisor ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
