Thanks for the answers :-)<div><br></div><div>I'll give it a go in our testing environment and see if I can make something out of it.</div><div><br></div><div>As for documentation, there are allot of things that I've documented for myself. I just need to find some time to submit them to the wiki.</div>
<div><br></div><div><br clear="all">-- Bart<br>
<br><br><div class="gmail_quote">Op 27 november 2011 02:03 schreef Kevin Falcone <span dir="ltr"><<a href="mailto:falcone@bestpractical.com">falcone@bestpractical.com</a>></span> het volgende:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Thu, Nov 24, 2011 at 09:14:26AM +0100, Bart wrote:<br>
> * Will the plugin ensure that only LDAP users can login? (I'm assuming yes)<br>
<br>
There's a configuration option to control who can log in.<br>
You will always be able to log in as a non-disabled internal RT user<br>
if the user has a password set (such as the root user).<br>
<br>
> * What happens if just a random LDAP user logs into RT? Will he/she be marked as privileged,<br>
<div class="im">> or will they simply go to the SelfService portal?<br>
<br>
</div>This is configurable by you using $AutoCreate.<br>
Also, you can limit which LDAP users can log in by writing an<br>
appropriate filter.<br>
<br>
> * I'm hoping the last + thus that a random LDAP user won't have any rights until I<br>
> define them inside RT)=.<br>
><br>
> * What happens when a new requestor sends an e-mail, by default RT creates an unprivileged<br>
<div class="im">> user but what I'd want is that RT only creates that user inside its own database (not<br>
> inside the LDAP). Is this how ExternalAuth works or will ExternalAuth try to create that<br>
> user inside the LDAP?<br>
<br>
</div>ExternalAuth will never attempt to create a user in your external LDAP<br>
server.<br>
<br>
> * When I only us the LDAP for authentication, do I need to configure the RT MySQL database<br>
<div class="im">> as well for information or is the DB configuration only required for extra databases<br>
> outside RT's own database?<br>
<br>
</div>Do no attempt to configure RT::Authen::ExternalAuth to authenticate<br>
against RT's internal database. It automatically falls back to<br>
internal auth.<br>
<div class="im"><br>
> I wasn't able to get the above answers in the documentation, even though I expect the answers<br>
> to be pretty straight forward. I just want to make sure that I understand the plugin correctly<br>
> before I start testing it, if ExternalAuth does things differently from what I'm hoping then I<br>
> might have to look into WebExternalAuth instead (though I'm leaving that one as a last<br>
> resort).<br>
<br>
</div>WebExternalAuth works quite differently, as it relies on your web<br>
server config.<br>
<br>
It would be great to see a patch to the documentations now that you<br>
have these answers.<br>
<span class="HOEnZb"><font color="#888888"><br>
-kevin<br>
</font></span><br>--------<br>
RT Training Sessions (<a href="http://bestpractical.com/services/training.html" target="_blank">http://bestpractical.com/services/training.html</a>)<br>
* Barcelona, Spain — November 28 & 29, 2011<br></blockquote></div><br></div>