[rt-users] REMOTE_USER, external auth, and email mismatching

Jok Thuau JThuau at spacex.com
Fri Apr 26 18:29:20 EDT 2013


Philip, 

We are in the same boat.

Your kerb config can drop the realm part by using the option in your kerb
auth section of the apache config with "KrbLocalUserMapping" set to ON.

In combination with that, we have ldap-import (to pull all the users from
AD), as well as the proper mapping (sAMAccountName <-> username) when we
import users.

We've had instances where someone has managed to send email in from
another system with a different email address, and we just merge those new
accounts in with the ldap imported accounts on a regular basis (doesn't
happen often).

Thanks,Jok

-- 
| Joachim Thuau | IT Systems Engineer - Linux / SpaceX |





On 4/26/13 2:35 PM, "Philip Brown" <ppb at usc.edu> wrote:

>hi there,
>We are looking at using kerb auth and mod_auth_kerb as our external auth
>mechanism for RT.
>
>Trouble is.. our kerb domain is not the same as people's email address
>domain.
>
>We have mumble-thousand users. Hand-populating things is not an option.
>
>So, I was hoping there was potentially a way to do any of the following:
>
>a) automatically drop the @xyz from REMOTE_USER entirely
>b) autoconvert the @xyz to @real.domain
>
>c) (least preferable) have the autocreate routines, atomatically fill in
>@real.domain as the email address
>




More information about the rt-users mailing list