External Authentication

External Authentication of users against LDAP, SQL and other data sources can be achieved easily in one of three ways.

1. Apache Authentication

You can configure RT to listen to Apache for an authenticated user. This a flexible but featureless way to authenticate and is detailed in the WebExternalAuth page. You simply configure Apache to restrict authentication via pluggable modules (such as mod_ldap for LDAP authentication).

2. RT::Authen::ExternalAuth

Available via CPAN (cpan -i RT::Authen::ExternalAuth), ExternalAuth is an RTx-style extension to RT that allows authentication and information lookup via any number of external sources, currently limited to LDAP and DBI-supported information services which includes Microsoft Active Directory, OpenLDAP, MySQL, MSSQL, Oracle, Flat files, and many more.

Authentication and information lookup can be configured separately and as many sources as required can be specified which will all be checked in order until a successful result is encountered.

Single Sign-On with other web code via browser cookies is also supported.

More details are available at ExternalAuth.

3. Manual Overlays

You can create & customise your own authentication mechanisms by modifying one of the above methods to suit your needs, or overlaying RT's own files with local modifications.

4. LDAPS

Although RT::Authen::ExternalAuth does not support LDAPS out of the box, this is easily fixed. For a description of how one guy got LDAPS working under openSUSE 12.3 with Request Tracker 4.0.13 and RT::Authen::ExternalAuth 0.12, see the blog entry Request Tracker: set up external authentication via LDAPS