I have a single organizational unit in AD server for the purpose of integrating many desktop PC's. Now, I have installed Request tracker v 4.0.8 and integrated it with AD server. Now the issue is, I don't want to authenticate all the user who are in the AD server to RT server. I would like only some of them to authenticate to RT server. Condition is, I don't want to create a new organizational unit. I don't want to create separate user for RT within AD server. I would just like to use the single user name for both desktop integration and for RT purpose. How to achieve this?
Asked
Active
Viewed 2,013 times
1 Answers
2
If you used the LDAP module, you can create the query string to limit the users to a specific LDAP group. I did this at $OLDJOB, but I haven't saved the config files so I can't paste a working example here.
Anyway, the line in your RT_SiteConfig.pm file you need to edit is this:
'filter' => '(FILTER_STRING)'
in the LDAP segment.
Edit: A second look into the demo RT_SiteConfig.pm caused me to remember that RT is clever enough do this without a combined search for user and memberOf operation. See this lines in the default config file for the LDAP auth module:
# What is the attribute for the group object that determines membership?
'group_attr' => 'GROUP_ATTR',
# What is the attribute of the user entry that should be matched against group_attr above? (Optional; defaults to 'dn')
'group_attr_value' => 'GROUP_ATTR_VALUE',
Sven
- 100,763