Just a Theory

By David E. Wheeler

New LDAP Auth Module for RT

I grabbed the LdapOverlay solution for using an LDAP server to authenticate against Request Tracker today in my continuing efforts to use LDAP for single sign-on for all Kineticode resources. It worked great, but I wanted a couple more things out of it, namely TLS communications with the LDAP server (so that all communications are encrypted), and authentication only for members of a certain LDAP group.

So I refactored LdapOverlay and added these features. You can download it from here. Just set the $LdapTLS variable in your RT_SiteConfig module to a true value to use TLS (but be sure that you also have Net::SSLeay installed!). If you want to allow only members of a certain LDAP group to authenticate to RT, set the DN of the group in the $LdapGroup variable, and set the name of the member attribute (usually “uniqueMember”) in the $LdapGroupAttribute variable.

Enjoy!

Looking for the comments? Try the old layout.