Home / server / Questions / 463589
In Process
FELDAP
Asked: 2013-01-07 20:55:45 +0800 CST

Active directory authentication with Request tracker

  • 772

I have a single organizational unit in AD server for the purpose of integrating many desktop PC's. Now, I have installed Request tracker v 4.0.8 and integrated it with AD server. Now the issue is, I don't want to authenticate all the user who are in the AD server to RT server. I would like only some of them to authenticate to RT server. Condition is, I don't want to create a new organizational unit. I don't want to create separate user for RT within AD server. I would just like to use the single user name for both desktop integration and for RT purpose. How to achieve this?

active-directory

1 Answers

  1. If you used the LDAP module, you can create the query string to limit the users to a specific LDAP group. I did this at $OLDJOB, but I haven't saved the config files so I can't paste a working example here.

    Anyway, the line in your RT_SiteConfig.pm file you need to edit is this: 

    'filter'                    =>  '(FILTER_STRING)'

    in the LDAP segment.

    Edit: A second look into the demo RT_SiteConfig.pm caused me to remember that RT is clever enough do this without a combined search for user and memberOf operation. See this lines in the default config file for the LDAP auth module: 

    # What is the attribute for the group object that determines membership?
'group_attr'                =>  'GROUP_ATTR',
# What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to 'dn')
'group_attr_value'          =>  'GROUP_ATTR_VALUE',
    • 2