[rt-users] Auto creating user email addresses from CAS authenticated RT SelfService

Kevin Falcone falcone at bestpractical.com
Fri Jun 14 11:58:37 EDT 2013 

On Mon, Jun 10, 2013 at 09:29:20PM -0700, Duncan Napier wrote:
> OK ... I solved the problem. After some looking around and re-examining my old code, I found for RT 4.0.8, go to /lib in your "rt" directory (eg /var/rt or /usr/local/rt) so for me I edited in
> /usr/local/rt/lib/RT/Interface/Web.pm

Rather than overriding code in RT and making upgrades harder (you're
already behind 5 versions, including some security releases) you can
make a local/lib/RT/Interface/Web_Local.pm and only override the one
method you're changing.

I'd probably make the change in a User_Local.pm file changing the
RT::User::CanonicalizeUserInfo method, but there are many ways to fix
this.

-kevin

> ############### Start Code Fragment 
> 
> sub WebExternalAutoInfo {
> 
> my $user = shift;
> 
>  my %user_info;
> 
>  
> # default to making Privileged users, even if they specify
> 
> # some other default Attributes
> 
> if ( !$RT::AutoCreate
> 
> || ( ref($RT::AutoCreate) && not exists $RT::AutoCreate->{Privileged} ) )
> 
> {
> 
> $user_info{'Privileged'} = 1;
> 
> }
> 
> ############## End Code Fragment
> 
> and add the line
> 
> $user_info{'EmailAddress'} = "$user\@mycompany.com";
> 
> 
> ############### Start Code Fragment 
> 
>  
>   
> sub WebExternalAutoInfo {
> 
> my $user = shift;
> 
> my %user_info;
> 
> $user_info{'EmailAddress'} = "$user\@mycompany.com";
> 
> # default to making Privileged users, even if they specify
> 
> # some other default Attributes
> 
> if ( !$RT::AutoCreate
> 
> || ( ref($RT::AutoCreate) && not exists $RT::AutoCreate->{Privileged} ) )
> 
> {
> 
> $user_info{'Privileged'} = 1;
> 
> }
> 
> ############## End Code Fragment
> 
> You may (?) also have to add 
> 
>  $user_info{'Privileged'} = 0;
> 
> along with 
> 
> $user_info{'EmailAddress'} = "$user\@mycompany.com";
> 
> if you want your newly-created user to be Unpriviliged, which is standard for RT SelfServe. I'm not sure what happens when you ask to autocreate priviliged (internal) users ... I believe in the case of RT_SiteConfig.pm to enable external authentication (like CAS or LDAP):
> 
> Set($WebExternalAuth , '1');
> Set($WebFallbackToInternalAuth , '1');
> Set($WebExternalGecos , undef);
> Set($WebExternalAuto , '1');
> 
> And now for each new user, the field 'EmailAddress'is populated with "$user at mycompany.com"
> 
> Have fun with it, people!
> 
>                                              Duncan. 
> 
> ----- Original Message -----
> > Hello,
> > 
> > I am currently migrating from RT 3.4.5-2 (2006) on Fedora Core 4 to
> > RT 4.0.8 on Centos 6.2. The reasons are many, including aging
> > platform, move to virtualization etc.
> > 
> > The new RT, like the old one, does external authentication through
> > CAS (Central Authentication Service). Basically users always
> > initiate a support request through the RT SelfServe website by
> > authenticating with single sign-on credentails (username, password).
> > 
> > The system generates a new user the first time the user logs in
> > populates the "Identity" Username and "Unix login" Username from
> > their login credentials. On the old system, loggin in for the first
> > time also autogenerates an email by concatenating the "Identity"
> > with the email domain suffix ("@mydomain.com").
> > 
> > So for example, person with ID newuser, logs in for the first time,
> > and their Email field is populated with "newuser at mydomain.com", and
> > nothing needs to be done from my end.
> > 
> > For some reason, it does not do this on the new system. I seem to
> > recall some 7 years ago adding a hack to set this autocreation of
> > the email field using the username. I have searched but can't find
> > anything and searched through the code to see where/how it was
> > implemented, but I am at a loss.
> > 
> > Does anyone know how this is done in RT 4.x? Other than putting it in
> > manually, I haven't been able to figure out how to do this. Thanks
> > in advance.
> > 
> > 
> > 
> > 
> 
> -- 
> 
>                                  Regards,
> 
>                                  Duncan.
> 
> -----------------------------------------------------------------------
> Duncan Napier
> duncan_napier at sfu.ca
> http://www.sfu.ca/~dgnapier/
> IT & Instrumentation Consultant
> Dept of Molecular Biology and Biochemistry
> Simon Fraser University
> 
> "It takes ten years to become good at being a kid. Then another ten years
> to become good at not being a kid" - Larry Wall.
> 
> 
> 
> -- 
> RT Training in Seattle, June 19-20: http://bestpractical.com/training
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130614/824887ff/attachment.sig>

More information about the rt-users mailing list