[rt-users] Multiple value match for attr_match_list
Kevin Falcone
falcone at bestpractical.com
Tue Sep 13 17:42:53 EDT 2011
On Tue, Sep 13, 2011 at 12:04:44PM -0700, Hossein Rafighi wrote:
> Hi all,
>
> We have RT4.0 with RT::Authen::ExternalAuth. In attr_match_list
> section we have:
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> 'RealName',
> ],
You really don't want RealName there, otherwise
RT::Authen::ExternalAuth will disallow two people named Bob Smith.
> 'attr_map' => { 'Name' => 'uid',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> }
>
> However, on our ldap (openldap) a typical user has a uid and cn. For
> instance, my info on the ldap is:
> dn: uid=hossein,ou=People,o=TRIUMF
> uid: hossein
> cn: Hossein Rafighi
> sn: Rafighi
> mail: hossein at triumf.ca
> mail: Hossein.Rafighi at triumf.ca
> givenName: Hossein
>
> Is it possible to alter the attr_match, attr_map, or any other
> attribute in RT to authenticate based on uid or cn, and not just
> uid? I tried changing various settings, but to no avail.
You'd have to extend the module to use more than just the Name in the
query it runs for DN. There's a branch in the repo for refactoring
some of that code, but it concentrates on alternate email addresses
not alternate uids. It may make doing what you want easier though.
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110913/0f948448/attachment.sig>
More information about the rt-users
mailing list