[rt-users] SOLVED? LDAP_INVALID_CREDENTIALS error with 'ExternalAuth' extension

Mike Peachey mike.peachey at jennic.com
Sat Apr 12 07:51:45 EDT 2008

Kenneth Crocker wrote:
> Mike, Pedro,
>     We use LDAP as well and the same setting (Set($AutoCreate, 
> {Privileged => 1});) and it works well as far as getting the new user 
> into the DB. All I have to do after that is put them in the appropriate 
> group the they will HAVE some privileges. We don't grant many GLOBAL 
> privileges so if someo wants to do something other than reply to email 
> on their own ticket or see their own ticket, they have to be in a group.
>     The problem I'm having with autocreate is that when an email address 
> is added to some correspondence in the CC field, then RT adds the entire 
> email address as a privleged user instead of unprivileged. Once that 
> happens, they show up in a lot of drop-downs for watcher and then I have 
> this unrelated "privileged" email address being offered as a possible 
> USER ID for watchers and many of my regular users don't know which of 
> the two IDs to select for that one person. It gets irritating and now 
> I'm considering using SQL to get rid of them. Any ideas on a better 
> setting for adding email addresses as "unprivileged"? Thanks
> Kenn

I have a thought. I don't know whether I will need to override the 
AutoCreate method or if I can do it all just by passing params from the 
autohandler auth callback, but it seems reasonable that I should be able 
to easily allow LDAP users to be autocreated as Privileged, while 
leaving the default AutoCreation at unprivileged.

This way, by way of a configuration setting, that is individual to each 
ExternalAuth configuration group (LDAP/DBI etc) you could specify 
whether to autocreate as privileged or unprivileged, and RT would still 
retain it's own default setting for *other* users..

Do you think this is something you'd want built into the extension?

Opinions welcome.
Kind Regards,


Mike Peachey, IT
Tel: +44 (0) 114 281 2655
Fax: +44 (0) 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT,  UK

More information about the rt-users mailing list