[rt-users] Authentication against LDAP and Authorization against internal db
Asif Iqbal
vadud3 at gmail.com
Wed Jun 13 13:30:10 EDT 2012
On Wed, Jun 13, 2012 at 12:24 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> On Wed, Jun 13, 2012 at 11:35 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>> On Wed, Jun 13, 2012 at 11:30 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>
>>> On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>>
>>>> On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov <ruz at bestpractical.com>wrote:
>>>>
>>>>> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>>>> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <
>>>>> ruz at bestpractical.com>
>>>>> > wrote:
>>>>> >>
>>>>> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <vadud3 at gmail.com>
>>>>> wrote:
>>>>> >> > I am using external authentication against our corporate AD server
>>>>> >> > successfully, using the RT::Authen::ExternalAuth.
>>>>> >> >
>>>>> >> > But I like the authorization done against internal db for user
>>>>> account.
>>>>> >> >
>>>>> >> > Just because a user has a valid AD credential is not enough for
>>>>> him/her
>>>>> >> > to
>>>>> >> > be able to login to our RT. We like
>>>>> >> > to manage the login by creating the user account into internal db
>>>>> using
>>>>> >> > the
>>>>> >> > Web UI.
>>>>> >> >
>>>>> >> > So we still like the user to use their AD credential and no need
>>>>> to
>>>>> >> > remember
>>>>> >> > another password, and at the same time
>>>>> >> > only be able to login if the same username is available in
>>>>> internal db.
>>>>> >> >
>>>>> >> > Is that possible? Any suggestion/tip is appreciated.
>>>>> >>
>>>>> >> Yes, it is possible, but not like you want it to be.
>>>>> >>
>>>>> >> As far as I can see users need AD record anyway, just mark them
>>>>> >> somehow in AD and use this marking in ExternalAuth filter.
>>>>> >>
>>>>> >
>>>>> > I have no access to AD. It belongs to corporate group and will not
>>>>> be able
>>>>> > to manage a group.
>>>>> >
>>>>> > There is no way to control the Authorization part locally?
>>>>>
>>>>> Not out of the box. Patch external auth module and add option to avoid
>>>>> creation of new users.
>>>>>
>>>>>
>>>> So I could just comment this section out to avoid user create as one
>>>> option? I know, ugly.
>>>>
>>>> http://paste.ubuntu.com/1039210/
>>>>
>>>>
>>> This seem to have worked.
>>>
>>> http://paste.ubuntu.com/1039233/
>>>
>>>
>>
>> fixed some of the comments to reflect the intention
>>
>> http://paste.ubuntu.com/1039239/
>>
>>
> What page to modify to let user know to login with their AD account going
> forward?
>
>
well copied the Elements/Login to local and made the following change.
Hopefully it won't break anything.
http://paste.ubuntu.com/1039396/
>
>
>>
>>
>>>
>>>
>>>>
>>>>> >> > --
>>>>> >> > Asif Iqbal
>>>>> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>>>> >> > A: Because it messes up the order in which people normally read
>>>>> text.
>>>>> >> > Q: Why is top-posting such a bad thing?
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> Best regards, Ruslan.
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Asif Iqbal
>>>>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>>>> > A: Because it messes up the order in which people normally read text.
>>>>> > Q: Why is top-posting such a bad thing?
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards, Ruslan.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Asif Iqbal
>>>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>>> A: Because it messes up the order in which people normally read text.
>>>> Q: Why is top-posting such a bad thing?
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Asif Iqbal
>>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>> A: Because it messes up the order in which people normally read text.
>>> Q: Why is top-posting such a bad thing?
>>>
>>>
>>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>>
>>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120613/0185a39b/attachment.htm>
More information about the rt-users
mailing list