[rt-users] Self user creation

Anthony Lincoln ahlincoln at lbl.gov
Wed Mar 22 11:19:36 EST 2006



Jim Meyer wrote:
> Hello!
> 
> On Tue, 2006-03-21 at 10:51 -0800, Anthony Lincoln wrote:
> 
>>Has anyone used the new LDAP overlay stuff?  Does it allow for this 
>>level of granularity?
> 
> Most of that, yes. It allows you to separate auth from info so you can
> choose different LDAP servers for each function if you wish (yes, it was
> necessary; no, I'm not proud of that) and allows you to config SSL,
> base, filter, and user/password per server. No password is considered to
> mean the LDAP server doesn't need authentication. 
> 
> Rather than provide a static list of attributes, the new overlay uses a
> hash ref where you map RT attrs to your LDAP fields. It also does
> something similar to your LDAPSearchAttrs. It doesn't currently
> autocreate accounts on failed login. You can have a peek at the code and
> config twiddles at http://wiki.bestpractical.com/?LDAP (check out the
> RT_SiteConfig.pm stuff).
> 
> I'm pondering the autocreation thing as an overlay separate from the
> LDAP overlay. My approach would be that the front page could provide a
> link for "Create New Account" which would require name, email, and
> password, then activation by emailing you a link, etc. I would also
> include hooks such that if you can successfully auth externally (LDAP,
> $REMOTE_USER, etc.) you can skip all of that. All with config twiddles
> for inside vs. outside users, etc.
> 
> Would there be general interest in this?

I might be.  It would be great to synch back up with the branch when 3.6 
comes out, without having to integrate all my custom code again.  The 
new functionality you described, plus TLS sessions that required 
specific server certs (to prevent man-in-middle exploits), should work 
in my environment.  A logging option that sends back actual LDAP error 
strings (ldap_error_text) would be nice to have for troubleshooting. 
I'd be happy to contribute code review/diffs to help make this happen.

Thanks,

Tony




More information about the rt-users mailing list