I'm trying to configure a test setup of RT (Request Tracker) against an Active Directory…um…directory.
I am searching for a simple howto, and it appears that there's about seven ways to do it and the howtos all vary according to age of what version of RT you have, apache, what modules are updated and working, what modules are maintained, what you already have working…every time I hit a question about the process I'm following I Google and find another howto that puts me back at step one with something like "the NTLM module hasn't been maintained in awhile, so you need to have kerberos configured and working first…" ARGH!
What I have is a fresh install of Ubuntu 9.04 updated with latest updates via Synaptic. I've installed RT and Apache2 from Synaptic Universe repo. From what I've found, I think I'd want to configure RT to get authentication via Apache for users to log in and submit tickets.
That means configuring Apache to authenticate against AD. I just want Apache to authenticate, not the machine. I only need users to log into the web interface of RT to work with tickets. Is there a current howto that will step through getting authentication of users against AD with Apache (and ideally RT in the process) so I can get this working?
Best Answer
I have done this before (not with RT, though) using mod_ldap with apache. Make sure that module is being loaded, and then do something like this in your config:
By default, AD doesn't allow anonymous LDAP binds, so you'll need to create a role account in AD for that. I typically create a user, and make sure it's only a member of the "Domain Guests" group. That will ensure that the user account has enough permissions to bind to LDAP, but no further permissions in the domain.
You can modify the AuthLDAPURL value to match only certain accounts and attributes.
I believe that mod_ldap comes with the default apache install in ubuntu, so all you should need to do to get it loade is:
Good luck!