[rt-users] LDAP auth: should I still create the users in RT even if I use WebExternalAuth?

Stanislav Sinyagin ssinyagin at yahoo.com
Wed Dec 18 06:59:07 EST 2002


--- Carl Makin <carl at xena.IPAustralia.gov.au> wrote:
> Here is what I'm playing with at the moment.  I use
> Apache::AuthenNetLDAP in Apache to authenticate against our LDAP server.


>   my $filter = "(uid=" . $username . ")";
>   $RT::Logger->debug("LookupExternalUserInfo: First search filter ",
> 		     "'$filter'\n");
>   $mesg = $ldap->search(base   => LDAP_BASE,
>                         filter => $filter,
>                         attrs  => [ LDAP_EMAIL, LDAP_CN, LDAP_UID,
> "mobile", "departmentNumber", "extensionNumber", "givenName" ]);

Two things missing here: 

In your filter, you hardcoded "uid" attribute. This will not work 
in some setups, like MS Active Directory. Because it uses 
"sAMAccountName" for that purpose.

Again, you hardcoded mapping 'extensionNumber' and "departmentNumber", and 
this will work in some specific setups only. 

Thus, I still prefer my own script :)

Stan





More information about the rt-users mailing list