On 23/05/14 10:20, Rory wrote: > Hi Peter, > > As you noted your web environment is essentially holding the login token. > When you click logout, Apache serves up the "you are logged out" page, > processes the authentication configuration and, because of this line:, > # allow web auth to pass login status to RT > Set($WebRemoteUserAuth, 1); > RT accepts the authentication from Apache which logs the user back in. [...] > So in short, your login session on RT is tied to the web browsers > session with the web server.
Right. > To make it work as you would like (clicking logout ends Apaches login > session) the website would need to make a change to the web server. This > generally is not allowed to happen as it's a potential security flaw. Indeed. > If you want the users login session to be controlled by the RT > application then you'll need to configure LDAP authentication within the > RT Configuration. Thank you: I must have misread this. I didn't think RT could do LDAP auth itself. I wouldn't have bothered with the Apache route otherwise. > To be able to do this you need at least these Perl modules (and maybe > some others that I'm neglecting too); > Net::LDAP > RT::Authen::ExternalAuth Done. CPAN complained about a dependency: >> No tests defined for RT::Authen::ExternalAuth extension but I used -f :-) > You then need to add the plugin to your RT_SiteConfig.pm; > Set( @Plugins, qw(RT::Authen::ExternalAuth) ); OK. > And set the LDAP configuration by following the example SiteConfig file > in the plugin etc directory. I'll need to get some more local LDAP help with that. > Lastly you'll need to remove the Auth config from your Apache virtual > host and change: > Set($WebRemoteUserAuth, 1); > to > Set($WebRemoteUserAuth, 0); Should the RT user record still contain the user's (LDAP) email address as the Username to log in with? ///Peter -- Peter Flynn | Academic & Collaborative Technologies | University College Cork IT Services | ☎ +353 21 490 2609 | ✉ [email protected] | 🌍 www.ucc.ie -- RT Training - Boston, September 9-10 http://bestpractical.com/training
