[rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
Kenneth Crocker
kfcrocker at lbl.gov
Tue Sep 7 14:14:00 EDT 2010
Gabriel,
Try removing the group 'rt'. Then use "filter" to accept a broader range of
LDAP users (we use division codes). Then you can use the autocreate
"Privileged" setting. That way anyone who passes the LDAP test will be
autocreated as "Privileged" users. that's my best guess.
Kenn
LBNL
On Mon, Sep 6, 2010 at 4:25 AM, Robert Gabriel <rgabriel at fnb.co.za> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello all,
>
> I've done some initial investigation but this doesn't seem to be so
> simple for me to do.
>
> Please can someone assist?
>
> I'm using RT::Authen::ExternalAuth and have the following working:
> External auth with LDAP and auto create privileged users if they are
> in 'rt' group in LDAP.
>
> How can unprivileged users be auto created if they are in LDAP but not
> in the 'rt' group when they send a mail ticket request so they can login
> through self service access?
>
> PS What should the ExternalInfoPriority be set to if no LDAP
> lookups for creating new users via RT?
>
> Thanks.
>
> Set( $rtname, '***.***.**.**');
> Set($Organization , '****.***.**.**');
> Set($Timezone , 'Africa/Johannesburg');
> Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth)));
> Set( @Plugins, qw(RT::Authen::ExternalAuth) );
> Set($RTAddressRegexp , '^****(-***)?\@***\.**\.**$');
> Set($LogToSyslog , 'debug');
> Set($LogToScreen, 'debug');
> Set($DatabaseType , 'mysql');
> Set($DatabaseHost , '');
> Set($DatabaseRTHost , '');
> Set($DatabasePort , '');
> Set($DatabaseUser , '****');
> Set($DatabasePassword , '*****');
> Set($DatabaseName , '****');
> Set($DatabaseRequireSSL , undef);
> Set($OwnerEmail , 'root');
> Set($MaxAttachmentSize , 10000000);
> Set($CanonicalizeOnCreate, 0);
> Set($AutoCreate, {Privileged => 1});
> require
> "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
>
>
> Set($ExternalAuthPriority, ['My_LDAP']);
> Set($ExternalInfoPriority, ['My_LDAP']);
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, {
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'server' => '**********',
> 'user' => '',
> 'pass' => '',
> 'base' => 'dc=********,dc=***,dc=**,dc=**',
> 'filter' => '(objectClass=*)',
> 'd_filter' => '(objectClass=FooBarBaz)',
> 'tls' => 0,
> 'ssl_version' => 3,
> 'net_ldap_args' => [version => 3],
> 'group' => 'cn=rt,ou=groups,dc=****,dc=****,dc=**,dc=***',
> 'group_attr' => 'member',
> 'attr_match_list' => ['Name', 'EmailAddress'],
> 'attr_map' => {'Name' => 'uid', 'RealName' => 'cn',
> 'ExternalAuthId' => 'uid', 'Gecos' => 'cn', 'EmailAddress' => 'mail'}
> }
> }
> );
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce
> 8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x
> 8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I
> PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0
> LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o
> Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA=
> =dkSU
> -----END PGP SIGNATURE-----
>
> To read FirstRand Bank's Disclaimer for this email click on the following
> address or copy into your Internet browser:
> https://www.fnb.co.za/disclaimer.html
>
> If you are unable to access the Disclaimer, send a blank e-mail to
> firstrandbankdisclaimer at fnb.co.za and we will send you a copy of the
> Disclaimer.
>
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100907/17d0c3ee/attachment.htm>
More information about the rt-users
mailing list