[rt-users] LDAP authentication and existing users
Rich.West at wesmo.com
Tue Dec 9 19:50:40 EST 2008
With the default settings in
local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm, new users
will get created with their AD account name. At least, that is the way
it behaved for me. The down side was that external users with the same
account name (from a different domain, for example) could not open
tickets because of conflicting names. Once I changed the
'attr_match_list' to just the EmailAddress, the accounts started getting
created with the email address as the account name.
More than likely, at some point in time, you adjusted the
'attr_match_list' to only include the email address like so:
'attr_match_list' => ['EmailAddress' ],
The default is like the following:
'attr_match_list' => [ 'Name','EmailAddress', 'RealName',
'WorkPhone', 'Address2' ],
However, your users can log in to RT's interface using their email address.
We're building for our users, outside of RT, a self-service interface,
complete with forms & faq's. The forms simply submit email to RT with
all of the right answers filled out.
As far as adjusting the current accounts.. yes, that can be scripted.
You'd have to look at the SQL tables to see what needs to be adjusted,
but it is definitely do-able with minimal effort.
Joe Hartley wrote:
> I've been working on using LDAP authentication in our RT 3.6.6
> installation using ExternAuth and have gotten quite a way on my own, but
> have run into a minor speedbump.
> People here have gotten used to submitting tickets to RT via email but
> now we want to roll out the self-service interface, and authenticate
> against our Active Directory server to log in. The problem I have is
> that when RT automatically created the users, the RT username was set to
> the email address of the requestor.
> Now, I've discovered that the user cannot access the self-service
> interface unless their username is changed from their email address to
> their AD login. Has anyone ever seen a script that would take a list of
> email addresses and look up the login name?
> Also, does anyone know how I can get RT to use the login name instead of
> the email address when it auto-creates a user upon getting a ticket from
> a new user via email?
> Thanks for any pointers tossed out here - I'm a newbie when it comes to
> the world of LDAP and Active Directory!
> Joe Hartley | Sr. Linux SysAdmin
> Retail Solutions, Inc. (formerly VeriSign RDS)
> 40 Sharpe Drive
> Cranston, RI 02920
> joe.hartley at retailsolutions.com
> +1 401.824.5040 (o) | +1 401.824.5002 (f)
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
More information about the rt-users