[rt-users] SOLVED? LDAP_INVALID_CREDENTIALS error with 'ExternalAuth' extension

Kenneth Crocker KFCrocker at lbl.gov
Mon Apr 14 12:45:04 EDT 2008 

Mike,


	I think so. It seems like it would solve my problem of email only users 
getting listed along with privileged users on the drop-downs.


Kenn
LBNL

On 4/12/2008 4:51 AM, Mike Peachey wrote:
> Kenneth Crocker wrote:
>> Mike, Pedro,
>>
>>
>>     We use LDAP as well and the same setting (Set($AutoCreate, 
>> {Privileged => 1});) and it works well as far as getting the new user 
>> into the DB. All I have to do after that is put them in the 
>> appropriate group the they will HAVE some privileges. We don't grant 
>> many GLOBAL privileges so if someo wants to do something other than 
>> reply to email on their own ticket or see their own ticket, they have 
>> to be in a group.
>>     The problem I'm having with autocreate is that when an email 
>> address is added to some correspondence in the CC field, then RT adds 
>> the entire email address as a privleged user instead of unprivileged. 
>> Once that happens, they show up in a lot of drop-downs for watcher and 
>> then I have this unrelated "privileged" email address being offered as 
>> a possible USER ID for watchers and many of my regular users don't 
>> know which of the two IDs to select for that one person. It gets 
>> irritating and now I'm considering using SQL to get rid of them. Any 
>> ideas on a better setting for adding email addresses as 
>> "unprivileged"? Thanks
>>
>> Kenn
>> LBNL
> 
> I have a thought. I don't know whether I will need to override the 
> AutoCreate method or if I can do it all just by passing params from the 
> autohandler auth callback, but it seems reasonable that I should be able 
> to easily allow LDAP users to be autocreated as Privileged, while 
> leaving the default AutoCreation at unprivileged.
> 
> This way, by way of a configuration setting, that is individual to each 
> ExternalAuth configuration group (LDAP/DBI etc) you could specify 
> whether to autocreate as privileged or unprivileged, and RT would still 
> retain it's own default setting for *other* users..
> 
> Do you think this is something you'd want built into the extension?
> 
> Opinions welcome.
> -- 
> Kind Regards,
> 
> ___________________________________________________
> 
> Mike Peachey, IT
> Tel: +44 (0) 114 281 2655
> Fax: +44 (0) 114 281 2951
> Jennic Ltd, Furnival Street, Sheffield, S1 4QT,  UK
> http://www.jennic.com
> Confidential
> ___________________________________________________
> 
>

More information about the rt-users mailing list