[rt-users] eDirectory authentication and groups question

Kevin Falcone falcone at bestpractical.com
Fri Dec 11 09:08:09 EST 2009


On Thu, Dec 10, 2009 at 04:49:24PM -0800, Scott Melot wrote:
> This helped with part of my problem, and for that I am very grateful
> (it showed me the LDAP authenticated users were being created and I
> could convert them to privileged users).  However, I am still having
> trouble getting LDAP to work based on a group.  In my original
> mailing I may have been unclear, and for that I apologize.  I can
> authenticate with the group attributes disabled but when I try to
> restrict logins to only members of an eDirectory group called
> "RT_Users" I cannot log in through LDAP.  I am only told the user
> couldn't authenticate.  The only member of the group is my account
> (which works without the group attribute).  Has anyone running a
> Novell eDirectory environment been able to get ExternalAuth to work
> with the groups attribute?  If so I would appreciate any
> configuration guidance as I am a bit of a newbie when it comes to
> eDirectory and LDAP.

If you turn your logging up to debug, RT-Authen-ExternalAuth will log
the LDAP queries it is running and then you should be able to inspect
or run them manually against your server until you get the syntax
correct.

-kevin


> >>> <change+lists.rt at nightwind.net> 12/4/2009 4:46 PM >>>
> On Fri, 04 Dec 2009 16:35:57 -0800, "Scott Melot" <SMelot at lmusd.org>
> said:
> > What I would like to do is have general staff be able to log in and have
> > an account created, then for a support staff to be able to manually
> > (automatically would be better but I'll take manual) add them to a custom
> > group within RT if they need more permissions than to submit a trouble
> > ticket to the support queue.
> 
> All that needs to be done is for an admin to go to Configuration, Users,
> and search for the username of the person you want to set up (be sure to
> change the search type to Name, defaults to User ID).  Click their user
> and check the box that says "Let this person be granted rights" and make
> them a member of the appropriate group.
> 
> You can also get a list of all privileged and non-privileged users in RT
> by entering % in the search box.
> .
> 
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> 
> 
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20091211/7e43d38f/attachment.sig>


More information about the rt-users mailing list