[rt-users] LDAP auth: should I still create the users in RT even if I use WebExternalAuth?

Carl Makin carl at xena.IPAustralia.gov.au
Wed Dec 18 17:46:57 EST 2002


On Wed, 2002-12-18 at 22:59, Stanislav Sinyagin wrote:

> Two things missing here: 
> 
> In your filter, you hardcoded "uid" attribute. This will not work 
> in some setups, like MS Active Directory. Because it uses 
> "sAMAccountName" for that purpose.
> 
> Again, you hardcoded mapping 'extensionNumber' and "departmentNumber", and 
> this will work in some specific setups only. 
> 
> Thus, I still prefer my own script :)

Either way works. I prefer this way as I don't have to regularly run the
script to bring in new people.

The code snippets are hacks, but seem to work here against our iPlanet
Directory Server.  The mappings should be extracted into a configuration
hash but if you are inserting large sections of perl code into the
config.pm file to do non-standard things then perhaps some perl
experience might help. :)

What I would really prefer is for user and group information to source
from the LDAP server as the definitive source rather than simply using
it to initially populate RT's own user information.  That would help
when user details change.

Carl.




More information about the rt-users mailing list