[rt-users] RT::Authen::ExternalAuth LDAP group filter
Kevin Falcone
falcone at bestpractical.com
Wed Jan 27 11:12:45 EST 2010
On Tue, Jan 26, 2010 at 08:21:43PM -0500, Ed Santora wrote:
> Hello,
>
> I just upgraded to 3.8.7 with RT::Authen::ExternalAuth v0.08
>
> I'm trying to restrict RT users to LDAP users in one group. When I set:
>
> 'group' => 'cn=group,ou=group,dc=my,dc=domain,dc=edu'
>
> and
>
> 'group_attr' => 'memberUid'
>
> I see it query my LDAP server with
> (memberUid=uid=user,ou=people,dc=my,dc=domain,dc=com) instead of
> (memberUid=user).
>
> Is there a way to have it use just the 'username' instead of the user's
> full dn without changind RT::Authen::ExternalAuth::LDAP?
>
> If I comment out 'group' and 'group_attr' LDAP auth works fine, but any
> valid LDAP user can log in.
Unfortunately, the RT-Authen-ExternalAuth is coded to use the dn.
This seems to work for other people, although I'm not sure what
group_attr they're using.
You'd have to make the right hand side of the filter into a
configuration option in order to change that
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100127/69d62bd5/attachment.sig>
More information about the rt-users
mailing list