Difference between revisions of "ExternalAuthentication"

From Request Tracker Wiki
Jump to navigation Jump to search
m (9 revisions imported)
 
(3 intermediate revisions by one other user not shown)
Line 23: Line 23:
== 4. LDAPS ==
== 4. LDAPS ==


Although RT::Authen::ExternalAuth does not support LDAPS out of the box, this is easily fixed. For a description of how one guy got LDAPS working under openSUSE 12.3 with Request Tracker 4.0.13 and RT::Authen::ExternalAuth 0.12, see the blog entry [http://smithfarm-thebrain.blogspot.cz/2013/05/request-tracker-set-up-external.html Request Tracker: set up external authentication via LDAPS]
RT::Authen::ExternalAuth supports LDAPS out of the box. Simply specify a server of "ldaps://example.com". You'll also need to make sure that the Net::LDAPS Perl module is installed, either via your distribution's package manager or the `cpan` command.

Latest revision as of 16:08, 6 April 2016

External Authentication

External Authentication of users against LDAP, SQL and other data sources can be achieved easily in one of three ways.

1. Apache Authentication

You can configure RT to listen to Apache for an authenticated user. This a flexible but featureless way to authenticate and is detailed in the WebExternalAuth page. You simply configure Apache to restrict authentication via pluggable modules (such as mod_ldap for LDAP authentication).

2. RT::Authen::ExternalAuth

Available via CPAN (cpan -i RT::Authen::ExternalAuth), ExternalAuth is an RTx-style extension to RT that allows authentication and information lookup via any number of external sources, currently limited to LDAP and DBI-supported information services which includes Microsoft Active Directory, OpenLDAP, MySQL, MSSQL, Oracle, Flat files, and many more.

Authentication and information lookup can be configured separately and as many sources as required can be specified which will all be checked in order until a successful result is encountered.

Single Sign-On with other web code via browser cookies is also supported.

More details are available at ExternalAuth.

3. Manual Overlays

You can create & customise your own authentication mechanisms by modifying one of the above methods to suit your needs, or overlaying RT's own files with local modifications.

4. LDAPS

RT::Authen::ExternalAuth supports LDAPS out of the box. Simply specify a server of "ldaps://example.com". You'll also need to make sure that the Net::LDAPS Perl module is installed, either via your distribution's package manager or the `cpan` command.