[rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users

Mon Sep 6 09:49:36 EDT 2010

I'm just going off memory of what I have read, but can't you have more
than one LDAP to look up against and have the AutoCreate in the LDAP
portion of the config?

Maybe have one for RT=>Privileged and one for non-RT=>normal autocreate?

-Mark

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Robert
Gabriel
Sent: Monday, September 06, 2010 6:25 AM
To: rt-users at lists.bestpractical.com
Subject: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged
Users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

I've done some initial investigation but this doesn't seem to be so
simple for me to do.

Please can someone assist?

I'm using RT::Authen::ExternalAuth and have the following working:
External auth with LDAP and auto create privileged users if they are
in 'rt' group in LDAP.

How can unprivileged users be auto created if they are in LDAP but not
in the 'rt' group when they send a mail ticket request so they can login
through self service access?

PS What should the ExternalInfoPriority be set to if no LDAP
lookups for creating new users via RT?

Thanks.

Set( $rtname, '***.***.**.**');
Set($Organization , '****.***.**.**');
Set($Timezone , 'Africa/Johannesburg');
Set(@Plugins,(qw(Extension::QuickDelete RT::FM
RT::Authen::ExternalAuth)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($RTAddressRegexp , '^****(-***)?\@***\.**\.**$');
Set($LogToSyslog , 'debug');
Set($LogToScreen, 'debug');
Set($DatabaseType , 'mysql');
Set($DatabaseHost   , '');
Set($DatabaseRTHost , '');
Set($DatabasePort , '');
Set($DatabaseUser , '****');
Set($DatabasePassword , '*****');
Set($DatabaseName , '****');
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , 'root');
Set($MaxAttachmentSize , 10000000);
Set($CanonicalizeOnCreate, 0);
Set($AutoCreate, {Privileged => 1});
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";

Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
   'My_LDAP'         => {
   'type'            => 'ldap',
   'server'          => '**********',
   'user'            => '',
   'pass'            => '',
   'base'            => 'dc=********,dc=***,dc=**,dc=**',
   'filter'          => '(objectClass=*)',
   'd_filter'        => '(objectClass=FooBarBaz)',
   'tls'             => 0,
   'ssl_version'     => 3,
   'net_ldap_args'   => [version =>  3],
   'group'           => 'cn=rt,ou=groups,dc=****,dc=****,dc=**,dc=***',
   'group_attr'      => 'member',
   'attr_match_list' => ['Name', 'EmailAddress'],
   'attr_map'        => {'Name' => 'uid', 'RealName' => 'cn',
'ExternalAuthId' => 'uid', 'Gecos' => 'cn', 'EmailAddress' => 'mail'}
   }
}
);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce
8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x
8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I
PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0
LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o
Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA=
=dkSU
-----END PGP SIGNATURE-----

To read FirstRand Bank's Disclaimer for this email click on the
following address or copy into your Internet browser: 
https://www.fnb.co.za/disclaimer.html 

If you are unable to access the Disclaimer, send a blank e-mail to
firstrandbankdisclaimer at fnb.co.za and we will send you a copy of the
Disclaimer.

RT Training in Washington DC, USA on Oct 25 & 26 2010
Last one this year -- Learn how to get the most out of RT!

CONFIDENTIALITY NOTICE:  The information contained in this email message, including any attachments, may be 
privileged, confidential and otherwise protected from disclosure.  If the reader of this message is not the 
intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this 
message, including any attachments, is strictly prohibited.  If you have received this email message in 
error, please notify the sender by reply email and delete/destroy the email message, including attachments, 
and any copies thereof.  Although we have taken precautions to minimize the risk of transmitting viruses via 
email and attachments thereto, we do not guarantee that either is virus-free, and we accept no liability for 
any damages sustained as a result of any such viruses.