[Rt-devel] LDAP Authentication module does not place users under "Everyone"
Kevin Falcone
falcone at bestpractical.com
Mon Nov 23 10:28:13 EST 2009
On Mon, Nov 23, 2009 at 10:00:50AM +0000, n.chrysandreas at albourne.com wrote:
> Hi,
>
> I've configured RT (3.8.5) to authenticate users using LDAP by adding the plugin RT::Authen::ExternalAuth.
> My problem is that no user is under the global group "Everyone", thus any permissions I give to the Everyone group does not get applied to all (or any) of the users.
> The same thing goes with the "Unprivileged" group.
> I have read somewhere that the authentication module does not place users under the right groups as it should.
Where did you read this?
> Has anyone faced the same problem? Any suggestions how I can get around it?
With your configuration, users will be placed in the Unprivileged
group and the Everyone group. That is managed by RT, not the module.
-kevin
> My RT_SiteConfig.pm configuration (only the part concerning the problem) :
>
> Set(@Plugins,(qw(RT::Authen::ExternalAuth)));
> Set($AutoCreate, {Privileged => 0});
> Set($WebExternalAuth , 1);
> Set($WebFallbackToInternalAuth , true);
> Set($WebExternalAuto , 1);
> Set($ExternalInfoPriority, ['My_LDAP']);
> Set($ExternalServiceUsesSSLorTLS, 0);
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalAuthPriority,['My_LDAP']);
>
> Set($ExternalSettings, {'My_LDAP' => {
> 'type' => 'ldap',
> 'auth' => 1,
> 'info' => 1,
> 'server' => 'server_hostname',
> 'user' => 'defined',
> 'pass' => 'defined',
> 'base' => 'defined',
> 'filter' => '(objectclass=Person)',
> 'd_filter' => '(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))',
> 'tls' => 0,
> 'net_ldap_args' => [ version => 3 ],
> 'group' => '',
> 'group_attr' => '',
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> 'RealName',
> 'WorkPhone',
> 'Address2'],
> 'attr_map' => { 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'sAMAccountName',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> }
> }
> }
> );
> 1;
> _______________________________________________
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.bestpractical.com/pipermail/rt-devel/attachments/20091123/443576a6/attachment.pgp
More information about the Rt-devel
mailing list