[rt-users] RT Extermnal Auth plugin and LDAP
Tony Arnold
tony.arnold at manchester.ac.uk
Tue Jan 29 10:17:59 EST 2013
Ruslan,
Thanks. I can't find a patch for this on rt.cpan.org. I've found bug
#69500 which refers to version 0.09 of the ExternalAuth plugin and I'm
on 0.12.
Looking at the source of LDAP.pm a simple fix could be to check the
group membership before the user password check. Any reason why that
would not do the trick?
Any ideas where else to look?
Regards,
Tony.
On 29/01/13 14:42, Ruslan Zakirov wrote:
> It's known issue that plugin checks group membership using user's
> account. I think there were a patch on rt.cpan.org <http://rt.cpan.org>
> for this.
>
> Ruslan from phone.
>
> 29.01.2013 17:43 пользователь "Tony Arnold"
> <tony.arnold at manchester.ac.uk <mailto:tony.arnold at manchester.ac.uk>>
> написал:
>
> I am using the ExternalAuth plugin 0.12 on RT 3.8.14 and have configured
> to use an LDAP server for authentication.
>
> I have specified group membership as a requisite for authentication. Our
> LDAP server does not allow anonymous bind for looking up group
> membership, so I've specified some credentials for this.
>
> However, this is failing. It seems the plugin binds as the user being
> authenticated in order to check group membership rather than the
> credentials specified in the config file. The user being authenticated
> does not have the rights to look up the group, hence it fails.
>
> Is this a bug or a feature? Any suggestions for a work around?
>
> Many thanks.
>
> Regards,
> Tony.
>
> --
> Tony Arnold, Tel: +44 (0) 161 275 6093
> Head of IT Security, Fax: +44 (0) 705 344 3082
> University of Manchester, Mob: +44 (0) 773 330 0039
> Manchester M13 9PL. Email:
> tony.arnold at manchester.ac.uk <mailto:tony.arnold at manchester.ac.uk>
>
--
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold at manchester.ac.uk
More information about the rt-users
mailing list