External Authentication of users against LDAP, SQL and other data sources can be achieved easily in one of three ways.
1. Apache Authentication
You can configure RT to listen to Apache for an authenticated user. This a flexible but featureless way to authenticate and is detailed in the WebExternalAuth page. You simply configure Apache to restrict authentication via pluggable modules (such as mod_ldap for LDAP authentication).
Available via CPAN (cpan -i RT::Authen::ExternalAuth), ExternalAuth is an RTx-style extension to RT that allows authentication and information lookup via any number of external sources, currently limited to LDAP and DBI-supported information services which includes Microsoft Active Directory, OpenLDAP, MySQL, MSSQL, Oracle, Flat files, and many more.
Authentication and information lookup can be configured separately and as many sources as required can be specified which will all be checked in order until a successful result is encountered.
Single Sign-On with other web code via browser cookies is also supported.
More details are available at ExternalAuth.
3. Manual Overlays
You can create & customise your own authentication mechanisms by modifying one of the above methods to suit your needs, or overlaying RT's own files with local modifications.
RT::Authen::ExternalAuth supports LDAPS out of the box. Simply specify a server of "ldaps://example.com". You'll also need to make sure that the Net::LDAPS Perl module is installed, either via your distribution's package manager or the `cpan` command.