[rt-users] problem with users and WebExternalAuth

Sean Perry sean.perry at intransa.com
Mon Sep 15 11:36:09 EDT 2003 

Eric Doutreleau wrote:

>  
> Hi
> 
> I have just installed rt on my RH9 machine and i have some probleme to
> manage my user.
> As they already exist in my ldap database i would like to use it
> I have set the following value in my config file and it works  quite
> nice.                                                                               
> Set($WebExternalAuth,1);                                                                            Set($WebExternalAuto , 1);
> 
> Nevertheless i have two little problems.
> All my user are privileged. How can i make rt create these users as
> non privileged?
> I would like to get some information from my ldap server to the rt
> database like the real name of user and the email adress.
> 
> It would be nice if it was been at the creation of the account.
> 
> Does someone know how to do that?
> 

Here are the modifications I made to html/autohandler to support LDAP 
lookups into our Active Directory system.

sub LookupLdapUserInfo {
   use Net::LDAP;
   use Net::LDAP::Constant qw(LDAP_SUCCESS);

   use constant LDAP       => q(<your LDAP server);
   use constant LDAP_PORT  => q(389);
   use constant LDAP_BASE  => q(<your LDAP base>);
   use constant LDAP_UID   => q(<whatever the UID key is>);
   use constant LDAP_CN    => q(cn);

   my ($user) = @_;

   my $ldap = new Net::LDAP(LDAP, port => LDAP_PORT)
       or return undef;

   my $mesg = $ldap->bind(<whomever you bind as>, password => <their 
password>);
   return undef unless $mesg->code == LDAP_SUCCESS;

   my $filter = "@{[ LDAP_UID ]}=$user";

   $mesg = $ldap->search(base   => LDAP_BASE,
                         filter => $filter,
                         attrs  => [ LDAP_CN ]);
   return undef unless ($mesg->code == LDAP_SUCCESS);

   if ($mesg->count != 1 ||
       ($mesg->first_entry->get_value(LDAP_CN))[0] eq '') {
     return undef;
   }

   my $cn = $mesg->first_entry->get_value(LDAP_CN);

   $mesg = $ldap->unbind();

   return $cn;
}

now find the block that starts with:
# If RT is configured for external auth, let's get REMOTE_USER
elsif ($RT::WebExternalAuth and length($ENV{'REMOTE_USER'})) {

there is a chunk that looks like:
         if ($val) {
             $UserObj->SetPrivileged(1);

set the 1 to 0 and people default to unprivileged.

Inside this if block you add the call to the LookupLdapUserInfo().

For maintenance, you can place any modified file in local/html instead 
of share/html.  The Mason looks in local first then in share for any file.

More information about the rt-users mailing list