[rt-users] ExternalAuth

Kevin Falcone falcone at bestpractical.com
Mon Nov 14 16:36:27 EST 2011


On Mon, Nov 14, 2011 at 08:55:24PM +0000, Witts J Mr wrote:
> > Date: Mon, 14 Nov 2011 10:36:19 -0500
> > From: Kevin Falcone <falcone at bestpractical.com>
> > To: rt-users at lists.bestpractical.com
> > Subject: Re: [rt-users] ExternalAuth
> > Message-ID: <20111114153619.GX1021 at jibsheet.com>
> > Content-Type: text/plain; charset="us-ascii"
> 
> > On Fri, Nov 11, 2011 at 01:14:14PM +0000, Witts J Mr wrote:
> >> We are using the ExternalAuth plugin with RT 4.0.2 at our school authenticating against two different LDAP branches. We also have some internal RT users defined too for users outside of our school who need to be able to log tickets in our queues.
> >>
> >> At the moment we are using the "Everyone" group to define the permissions on our internal queues, but this means that external users can see them too. What we would ideally like to be able to do is have all LDAP users put into a global group at the point of creation (i.e. when they first log in).
> >>
> >> Does anyone know if it would be possible to adjust the ExternalAuth plugin so that you could define a global group and have all users who authenticate from an external source automatically added to that group? This would really help our permissions set up, as it would allow us to create a global group for each LDAP source and assign the permissions to that group rather than using the "Everyone" group.
> 
> >This is not a feature of the plugin, although you could certainly add
> it and send a patch.  Many people just make sure the LDAP users are
> Privileged and use that rather than Everyone.  You could also use
> RT-Extension-LDAPImport and import groups and group memberships from
> LDAP.
> >
> >-kevin
> 
> Thanks for responding. Are there any plugins which would provide a good starting point for me to look at the code to add users into a custom group? I am very new to Perl programming, but am not adverse to get in to the code if that is what is required!

RT-Extension-LDAPImport adds users to groups, so it'd be a place to look.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111114/c29ba2ee/attachment.sig>


More information about the rt-users mailing list