[Rt-commit] rt branch, 4.4/external-auth, updated. rt-4.2.11-179-gdc45305
Todd Wade
todd at bestpractical.com
Thu Oct 29 19:53:01 EDT 2015
The branch, 4.4/external-auth has been updated
via dc45305c4826e3c9b1ca8a7008764d04e0883a01 (commit)
from 302c1a0a41caec842232977ff549145d92f275c3 (commit)
Summary of changes:
lib/RT/Authen/ExternalAuth.pm | 12 +++++-------
lib/RT/Authen/ExternalAuth/DBI.pm | 5 +++--
lib/RT/Authen/ExternalAuth/DBI/Cookie.pm | 5 +++--
lib/RT/Authen/ExternalAuth/LDAP.pm | 7 ++++---
lib/RT/Config.pm | 1 -
lib/RT/Interface/Web.pm | 4 ++--
lib/RT/LDAPImport.pm | 31 ++++++++++---------------------
lib/RT/User.pm | 4 ++++
8 files changed, 31 insertions(+), 38 deletions(-)
- Log -----------------------------------------------------------------
commit dc45305c4826e3c9b1ca8a7008764d04e0883a01
Author: Todd Wade <todd at bestpractical.com>
Date: Thu Oct 29 19:52:47 2015 -0400
review feedback
diff --git a/lib/RT/Authen/ExternalAuth.pm b/lib/RT/Authen/ExternalAuth.pm
index f00ccb5..84a0a45 100644
--- a/lib/RT/Authen/ExternalAuth.pm
+++ b/lib/RT/Authen/ExternalAuth.pm
@@ -59,7 +59,7 @@ more external data sources at once. It will also allow information about
that user to be loaded from the same, or any other available, source as
well as allowing multple redundant servers for each method.
-The extension currently supports authentication and information from
+The functionality currently supports authentication and information from
LDAP via the Net::LDAP module, and from any data source that an
installed DBI driver is available for.
@@ -72,7 +72,7 @@ access it.
=head1 CONFIGURATION
L<RT::Authen::ExternalAuth> provides a lot of flexibility with many
-configuration options. The following desc these configuration options,
+configuration options. The following describes these configuration options,
and provides a complete example.
=over 4
@@ -213,11 +213,7 @@ your authentication source. For example, an LDAP mapping might look like:
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
- # Users created from LDAP should be Privileged; this is a core RT
- # option. Additionally, this is the 4.2 name for the option; for RT
- # 4.0, is it named $AutoCreate See the core RT documentation at
- # http://docs.bestpractical.com/RT_Config#UserAutocreateDefaultsOnLogin
- # for for further details.
+ # Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
# Users should still be autocreated by RT as internal users if they
@@ -636,4 +632,6 @@ sub UserDisabled {
return $user_disabled;
}
+RT::Base->_ImportOverlays();
+
1;
diff --git a/lib/RT/Authen/ExternalAuth/DBI.pm b/lib/RT/Authen/ExternalAuth/DBI.pm
index 392c437..de1638f 100644
--- a/lib/RT/Authen/ExternalAuth/DBI.pm
+++ b/lib/RT/Authen/ExternalAuth/DBI.pm
@@ -109,8 +109,7 @@ Provides the database implementation for L<RT::Authen::ExternalAuth>.
=head1 CONFIGURATION
DBI-specific options are described here. Shared options
-are described in the F<etc/RT_SiteConfig.pm> file included
-in this distribution.
+are described in L<RT::Authen::ExternalAuth>.
The example in the L</SYNOPSIS> lists all available options
and they are described below. See the L<DBI> module for details
@@ -676,4 +675,6 @@ sub _GetBoundDBIObj {
# }}}
+RT::Base->_ImportOverlays();
+
1;
diff --git a/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm b/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
index 8a72eb6..e0974f3 100644
--- a/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
+++ b/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm
@@ -84,8 +84,7 @@ Provides the Cookie implementation for L<RT::Authen::ExternalAuth>.
=head1 CONFIGURATION
Cookie-specific options are described here. Shared options
-are described in the F<etc/RT_SiteConfig.pm> file included
-in this distribution.
+are described in L<RT::Authen::ExternalAuth::DBI>.
The example in the L</SYNOPSIS> lists all available options
and they are described below.
@@ -155,4 +154,6 @@ sub GetCookieVal {
# }}}
+RT::Base->_ImportOverlays();
+
1;
diff --git a/lib/RT/Authen/ExternalAuth/LDAP.pm b/lib/RT/Authen/ExternalAuth/LDAP.pm
index 3aafa33..444b621 100644
--- a/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -109,8 +109,7 @@ Provides the LDAP implementation for L<RT::Authen::ExternalAuth>.
=head1 CONFIGURATION
LDAP-specific options are described here. Shared options
-are described in the F<etc/RT_SiteConfig.pm> file included
-in this distribution.
+are described in L<RT::Authen::ExternalAuth>.
The example in the L</SYNOPSIS> lists all available options
and they are described below. Note that many of these values
@@ -132,7 +131,7 @@ If you can bind to your LDAP server anonymously you may be able to omit these
options. Many servers do not allow anonymous binds, or restrict what information
they can see or how much information they can retrieve. If your server does not
allow anonymous binds then you must have a service account created for this
-extension to function.
+component to function.
=item base
@@ -689,4 +688,6 @@ sub _GetBoundLdapObj {
# }}}
+RT::Base->_ImportOverlays();
+
1;
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 6c88de4..8db3a09 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -1055,7 +1055,6 @@ our %META;
# Ensure passwords are obfuscated on the System Configuration page
my ($config, $sources, $user) = @_;
- # $user is only passed in versions of RT with 3c7db050
my $msg = 'Password not printed';
$msg = $user->loc($msg) if $user and $user->Id;
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 15f7f6a..f6e18cd 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -307,7 +307,7 @@ sub HandleRequest {
$HTML::Mason::Commands::session{'CurrentUser'} = RT::CurrentUser->new();
}
- # attempt external auth (see RT::Authen::ExternalAuth c4d53ec6d)
+ # attempt external auth
$HTML::Mason::Commands::m->comp( '/Elements/DoAuth', %$ARGS );
# Process session-related callbacks before any auth attempts
@@ -321,7 +321,7 @@ sub HandleRequest {
_ForceLogout() unless _UserLoggedIn();
- # attempt external auth (see RT::Authen::ExternalAuth c4d53ec6d)
+ # attempt external auth
$HTML::Mason::Commands::m->comp( '/Elements/DoAuth', %$ARGS );
# Process per-page authentication callbacks
diff --git a/lib/RT/LDAPImport.pm b/lib/RT/LDAPImport.pm
index 47fa21d..eb5a3f6 100644
--- a/lib/RT/LDAPImport.pm
+++ b/lib/RT/LDAPImport.pm
@@ -77,9 +77,6 @@ In C<RT_SiteConfig.pm>:
WorkPhone => 'telephoneNumber',
Organization => 'departmentName'});
- # Add to any existing plugins
- Set(@Plugins, qw(RT::Extension::LDAPImport));
-
# If you want to sync Groups from LDAP into RT
Set($LDAPGroupBase, 'ou=Groups,o=Our Place');
@@ -100,8 +97,8 @@ Running the import:
=head1 CONFIGURATION
-All of the configuration for the importer goes
-your C<RT_SiteConfig.pm> file. Some of these values pass through
+All of the configuration for the importer goes in
+your F<RT_SiteConfig.pm> file. Some of these values pass through
to L<Net::LDAP> so you can check there for valid values and more
advanced options.
@@ -275,7 +272,7 @@ or code reference besides scalar.
C<Member_Attr> is the field in the LDAP group record the importer should
look at for group members. These values (there may be multiple members)
will then be compared to the RT user name, which came from the LDAP
-user record. See F<t/group-callbacks.t> for a complex example of
+user record. See F<t/ldapimport/group-callbacks.t> for a complex example of
using a code reference as value of this option.
C<Member_Attr_Value>, which defaults to 'dn', specifies where on the LDAP
@@ -360,10 +357,6 @@ users into your RT database. It is recommended that you make a database
backup before doing this. If your filters aren't set properly this could
create a lot of users or groups in your RT instance.
-=head1 RT Versions
-
-The importer works with RT 4.0 and above.
-
=head1 LDAP Filters
The L<ldapsearch|http://www.openldap.org/software/man.cgi?query=ldapsearch&manpath=OpenLDAP+2.0-Release>
@@ -373,9 +366,8 @@ utility in openldap can be very helpful while refining your filters.
=head2 connect_ldap
-Relies on the config variables C<$RT::LDAPHost>,
-C<$RT::LDAPUser> and C<$RT::LDAPPassword> being set
-in your RT Config files.
+Relies on the config variables C<$LDAPHost>, C<$LDAPUser> and C<$LDAPPassword>
+being set in your RT Config files.
Set($LDAPHost,'my.ldap.host')
Set($LDAPUSER,'me');
@@ -511,13 +503,13 @@ sub _run_search {
Takes the results of the search from run_search
and maps attributes from LDAP into C<RT::User> attributes
-using C<$RT::LDAPMapping>.
+using C<$LDAPMapping>.
Creates RT users if they don't already exist.
With no arguments, only prints debugging information.
Pass C<--import> to actually change data.
-C<$RT::LDAPMapping>> should be set in your C<RT_SiteConfig.pm>
+C<$LDAPMapping>> should be set in your C<RT_SiteConfig.pm>
file and look like this.
Set($LDAPMapping, { RTUserField => LDAPField, RTUserField => LDAPField });
@@ -757,11 +749,6 @@ L<Net::LDAP::Entry> instance that should be mapped.
Optional regular expression. If passed then only matching
entries in the mapping will be processed.
-=item only
-
-Optional regular expression. If passed then matching
-entries in the mapping will be skipped.
-
=item mapping
Hash that defines how to map. Key defines position
@@ -1093,7 +1080,7 @@ sub update_object_custom_field_values {
Takes the results of the search from C<run_group_search>
and maps attributes from LDAP into C<RT::Group> attributes
-using C<$RT::LDAPGroupMapping>.
+using C<$LDAPGroupMapping>.
Creates groups if they don't exist.
@@ -1593,4 +1580,6 @@ sub _warn {
print STDERR $msg, "\n";
}
+RT::Base->_ImportOverlays();
+
1;
diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index 41a4411..7a1a61d 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -717,6 +717,10 @@ sub CanonicalizeUserInfo {
=head2 CanonicalizeUserInfoFromExternalAuth
+Convert an ldap entry in to fields that can be used by RT as specified by the
+C<attr_map> configuration in the C<$ExternalSettings> variable for
+L<RT::Authen::ExternalAuth>.
+
=cut
sub CanonicalizeUserInfoFromExternalAuth {
-----------------------------------------------------------------------
More information about the rt-commit
mailing list