[rt-users] User Provisioning from AD

Robert Nesius nesius at gmail.com
Fri Aug 28 11:36:34 EDT 2009


On Fri, Aug 28, 2009 at 7:20 AM, Kevin Falcone <falcone at bestpractical.com>wrote:

> On Thu, Aug 27, 2009 at 02:59:03PM -0500, Robert Nesius wrote:
>
> >
> >    I've installed RT-Extension-LDAPImport and was reading the README.
> What jumped out at me is
> >    that there is both a script to run (presumably to bulk-load
> identities) and a plug-in. I was
> >    expecting to see a script, but a plugin was unexpected, which lead me
> to wonder if this module
> >    is both a method for importing users from ldap, and an on-the-fly
> authentication and
> >    user-creation tool too? If so, that implies I don't need the 3rd party
> ldapauth plug-in I
> >    already have installed. (I'd rather use a module from Best Practical
> if I had a choice).
>
> If you look at the script, it is 23 lines long.  The plugin is where
> the import code is stored and organized, the script is just a wrapper.


I saw that and I get that the script is a wrapper.

What I was wondering is why the import code is stored in a plug-in and
loaded as a plug-in, but I think I figured it out.  Basically the import
code is working against the objects and subsystems in RT, and needs those
objects to exist before it's loaded, so you load your import code indirectly
via by simply loading the RT runtime via the RT Module, which inspects
RT_SiteConfig.pm, initializes the environment, and then eventually loads
your plug-in, thus making your code available to your script within the
context of a complete RT runtime environment.

Okay, so I get that now.

Once I configured the script the first thing I wanted to do was "test the
config".  I was extremely surprised to see there is no "look before you
leap" flag.  Rather, just a comment advising "back up your database first",
which has this sense of playing russian roulette with a revolver with no
empty cylinders.  Having looked at the code I can see some ways to work
around that.  Not cleanly, since "fetch users" and "load users" are sitting
inside one api call but it shouldn't be hard to change that.

-Rob




> You still need RT-Authen-ExternalAuth or apache LDAP authentication if
> you want to validate passwords against an external source
>
> -kevin
>
> >
> >    Just trying to make sure I'm understanding things correctly.
> >
> >    Thanks much!
> >
> >    -Rob
> >
> >    On Tue, Aug 18, 2009 at 12:52 PM, Robert Nesius <[1]nesius at gmail.com>
> wrote:
> >
> >      On Tue, Aug 18, 2009 at 12:50 PM, Kevin Falcone <[2]
> falcone at bestpractical.com> wrote:
> >
> >        Have you looked at RT-Extension-LDAPImport ?
> >        -kevin
> >
> >      I had not found my way to it yet! Now that I read the cpan page,
> that looks very much like
> >      what I'm looking for.
> >
> >      Thanks so much, Kevin. I'll play with this and see how it goes!
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090828/97769eb6/attachment.htm>


More information about the rt-users mailing list