[rt-users] CALLING EXTERNALAUTH TESTERS - v0.07_01 now available.

John McCoy jmccoy at ggu.edu
Mon Nov 10 13:36:16 EST 2008 

Good points Mike, I did not think about the fact that future users can 
still get added as user at ggu.edu if they first are just a requester, this 
would mean I either need a constant process to "fix" these or as you 
suggest:

> Since ExternalAuth has been refactored, I could add an Overlay to have
> ExternalAuth checked for info when a user is auto-created by e-mail and
> have the info loaded then. It wouldn't help past users, but would help
> future users that start by e-mail and then login.
>   
I am thinking this might be best, I have a few more days before my next 
major project kicks off, meaning I have some time to give back to RT. 
Would you like to do this as part of LDAP.pm or externally? Give me some 
guide lines and I will see what I can come up with.



Mike Peachey wrote:
> John McCoy wrote:
>   
>> I do have an additional issue now that I have had a few more testers try
>> this:
>> Most of our non-privileged users do already exist in RT as they have
>> been auto added when the were added as requesters on a ticket, this has
>> created their accounts as such:
>>
>> Username: user at ggu.edu
>> Email:     user at ggu.edu
>> Real Name:  user at ggu.edu
>>
>> I think this is causing a problem for ExternalAuth as it tries to create
>> a new user with Username: user but then fails as the email address is
>> already in use. I did a query and I have several hundred uses like this,
>> I am upgrading from 3.6.6 FYI.
>>
>> I'm thinking it might be best to create some sql to remove the
>> "@ggu.edu" from all user names rather then try to modify the add user
>> code to look for both user and user at ggu.edu
>>
>> Thoughts anyone?
>>     
>
> This has always been a difficult one.
>
> I *could* have it like this: Lookup user, load user info, check e-mail
> address, if address in use, overwrite previous user with new details -
> but this could cause some serious issues.
>
> As you suggest, it may simply be better to leave it to the individual
> administrator to decide whether to clean up the users database as each
> one comes up or via a scripted change.
>
> Since ExternalAuth has been refactored, I could add an Overlay to have
> ExternalAuth checked for info when a user is auto-created by e-mail and
> have the info loaded then. It wouldn't help past users, but would help
> future users that start by e-mail and then login.
>
> I could have it periodically do a complete pull from LDAP and create
> users in RT for all users in LDAP, but that could complicate things
> later on for certain users.
>
> As I said, I'm really not sure how best to deal with it.
>   

-- 
*************************************
John McCoy, Jr
Sr. Systems and Network Administrator
Enterprise Technology Services
Golden Gate University
415-442-6560
*************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081110/a6791923/attachment.htm>

More information about the rt-users mailing list