[rt-users] LDAP auth: should I still create the users in RT even if I use WebExternalAuth?

[Stanislav Sinyagin]

--- Carl Makin <carl at xena.IPAustralia.gov.au> wrote:
> What I would really prefer is for user and group information to source
> from the LDAP server as the definitive source rather than simply using
> it to initially populate RT's own user information.  That would help
> when user details change.

well, adding to groups is already done in rtimportldap. You can 
establish several filters and run the script several times, 
with the groups setting you need. 

Deleting from groups is a different thing. If you do that 
automatically, you must be sure that you have one-to-one both-ways 
mapping of group membership in LDAP and in RT, which is 
not always convinient. 

What I can do in my script, is replacing the --group option
with two different ones:

--groupadd: this is the old behaviour of "--group"
--groupbind: do the one-to-one match, e.g. those users 
selected by filter will remain in the RT group, all others being deleted.

OT: proposal to Jesse: 

what about creating a new SourceForge project, "rt-addons" ?
SF is really convinient in that, because it allows different access levels, 
and the CVS public access.
I can do all the initial setup, and then add you with administrative rights.

Regards, 
Stan