<div class="gmail_quote">On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <span dir="ltr"><<a href="mailto:vadud3@gmail.com" target="_blank">vadud3@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="gmail_quote"><div><div class="h5">On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov <span dir="ltr"><<a href="mailto:ruz@bestpractical.com" target="_blank">ruz@bestpractical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <<a href="mailto:vadud3@gmail.com" target="_blank">vadud3@gmail.com</a>> wrote:<br>
> On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <<a href="mailto:ruz@bestpractical.com" target="_blank">ruz@bestpractical.com</a>><br>
> wrote:<br>
>><br>
>> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <<a href="mailto:vadud3@gmail.com" target="_blank">vadud3@gmail.com</a>> wrote:<br>
>> > I am using external authentication against our corporate AD server<br>
>> > successfully, using the RT::Authen::ExternalAuth.<br>
>> ><br>
>> > But I like the authorization done against internal db for user account.<br>
>> ><br>
>> > Just because a user has a valid AD credential is not enough for him/her<br>
>> > to<br>
>> > be able to login to our RT. We like<br>
>> > to manage the login by creating the user account into internal db using<br>
>> > the<br>
>> > Web UI.<br>
>> ><br>
>> > So we still like the user to use their AD credential and no need to<br>
>> > remember<br>
>> > another password, and at the same time<br>
>> > only be able to login if the same username is available in internal db.<br>
>> ><br>
>> > Is that possible? Any suggestion/tip is appreciated.<br>
>><br>
>> Yes, it is possible, but not like you want it to be.<br>
>><br>
>> As far as I can see users need AD record anyway, just mark them<br>
>> somehow in AD and use this marking in ExternalAuth filter.<br>
>><br>
><br>
> I have no access to AD. It belongs to corporate group and will not be able<br>
> to manage a group.<br>
><br>
> There is no way to control the Authorization part locally?<br>
<br>
</div>Not out of the box. Patch external auth module and add option to avoid<br>
creation of new users.<br>
<div><div><br></div></div></blockquote><div><br></div></div></div><div>So I could just comment this section out to avoid user create as one option? I know, ugly.</div><div><br></div><div> <a href="http://paste.ubuntu.com/1039210/" target="_blank">http://paste.ubuntu.com/1039210/</a></div>
<div class="im">
<div><br></div></div></div></blockquote><div><br></div><div>This seem to have worked.</div><div><br></div><div> <a href="http://paste.ubuntu.com/1039233/">http://paste.ubuntu.com/1039233/</a></div><div><br></div><div><br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote"><div class="im"><div></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div>
<br>
>> > --<br>
>> > Asif Iqbal<br>
>> > PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>
>> > A: Because it messes up the order in which people normally read text.<br>
>> > Q: Why is top-posting such a bad thing?<br>
>> ><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> Best regards, Ruslan.<br>
><br>
><br>
><br>
><br>
> --<br>
> Asif Iqbal<br>
> PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>
> A: Because it messes up the order in which people normally read text.<br>
> Q: Why is top-posting such a bad thing?<br>
><br>
><br>
<br>
<br>
<br>
</div></div><span><font color="#888888">--<br>
Best regards, Ruslan.<br>
</font></span></blockquote></div></div><div class="HOEnZb"><div class="h5"><br><br clear="all"><div><br></div>-- <br>Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>
A: Because it messes up the order in which people normally read text.<br>
Q: Why is top-posting such a bad thing?<br><br><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>
Q: Why is top-posting such a bad thing?<br><br><br>