[rt-users] Questions about ExternalAuth

Bart bart at pleh.info
Sun Nov 27 09:20:22 EST 2011 

Thanks for the answers :-)

I'll give it a go in our testing environment and see if I can make
something out of it.

As for documentation, there are allot of things that I've documented for
myself. I just need to find some time to submit them to the wiki.


-- Bart


Op 27 november 2011 02:03 schreef Kevin Falcone
<falcone at bestpractical.com>het volgende:

> On Thu, Nov 24, 2011 at 09:14:26AM +0100, Bart wrote:
> >      * Will the plugin ensure that only LDAP users can login? (I'm
> assuming yes)
>
> There's a configuration option to control who can log in.
> You will always be able to log in as a non-disabled internal RT user
> if the user has a password set (such as the root user).
>
> >      * What happens if just a random LDAP user logs into RT? Will he/she
> be marked as privileged,
> >        or will they simply go to the SelfService portal?
>
> This is configurable by you using $AutoCreate.
> Also, you can limit which LDAP users can log in by writing an
> appropriate filter.
>
> >           * I'm hoping the last + thus that a random LDAP user won't
> have any rights until I
> >             define them inside RT)=.
> >
> >      * What happens when a new requestor sends an e-mail, by default RT
> creates an unprivileged
> >        user but what I'd want is that RT only creates that user inside
> its own database (not
> >        inside the LDAP). Is this how ExternalAuth works or will
> ExternalAuth try to create that
> >        user inside the LDAP?
>
> ExternalAuth will never attempt to create a user in your external LDAP
> server.
>
> >      * When I only us the LDAP for authentication, do I need to
> configure the RT MySQL database
> >        as well for information or is the DB configuration only required
> for extra databases
> >        outside RT's own database?
>
> Do no attempt to configure RT::Authen::ExternalAuth to authenticate
> against RT's internal database.  It automatically falls back to
> internal auth.
>
> >    I wasn't able to get the above answers in the documentation, even
> though I expect the answers
> >    to be pretty straight forward. I just want to make sure that I
> understand the plugin correctly
> >    before I start testing it, if ExternalAuth does things differently
> from what I'm hoping then I
> >    might have to look into WebExternalAuth instead (though I'm leaving
> that one as a last
> >    resort).
>
> WebExternalAuth works quite differently, as it relies on your web
> server config.
>
> It would be great to see a patch to the documentations now that you
> have these answers.
>
> -kevin
>
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  Barcelona, Spain — November 28 & 29, 2011
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111127/c8205ad8/attachment.htm>

More information about the rt-users mailing list