[rt-users] Recommended method for auto creating users with Active Directory and Authen-ExternalAuth
L B
bertignac at gmail.com
Mon Jan 18 05:40:09 EST 2010
I tried what Ken said, and it didn't work on my login because of this
code in the RT-External-Authen plugin :
ExternalAuth/LDAP.pm : line 230
[...]
} else {
# If there's only one match, we're good; more than one and
# we don't know which is the right one so we skip it.
if ($ldap_msg->count == 1) {
my $entry = $ldap_msg->first_entry();
[...]
I had two sAMAccountName returned because my AD account with my email
address has one normal sAMAccountName, and another admin one (in the
same AD entry).
To make it work, I modified the ldap filter :
Set($EmailCompletionLdapFilter,
"(&(objectclass=organizationalPerson)(!(sAMAccountName=admin*)))");
This filter will match my sAMAccountName but not the one starting with
"admin" (replace this filter in your config). (Be careful of regular
users having a login matching this string)
Once I had only one and only one sAMAccountName, I disabled my current
account (changed all the values insided), I sent an email to my RT in
debug mode and here my new account got created with the AD login.
If a developer of this plugin read this, I think it would be nice to
add a $RT::Logger->info at this step in the code...
--
L.B.
More information about the rt-users
mailing list