[rt-users] Recommended method for auto creating users with Active Directory and Authen-ExternalAuth

L B bertignac at gmail.com
Mon Jan 18 05:40:09 EST 2010


I tried what Ken said, and it didn't work on my login because of this
code in the RT-External-Authen plugin :

ExternalAuth/LDAP.pm : line 230
[...]
   } else {
        # If there's only one match, we're good; more than one and
        # we don't know which is the right one so we skip it.
        if ($ldap_msg->count == 1) {
            my $entry = $ldap_msg->first_entry();
[...]

I had two sAMAccountName returned because my AD account with my email
address has one normal sAMAccountName, and another admin one (in the
same AD entry).

To make it work, I modified the ldap filter :
Set($EmailCompletionLdapFilter,
"(&(objectclass=organizationalPerson)(!(sAMAccountName=admin*)))");

This filter will match my sAMAccountName but not the one starting with
"admin" (replace this filter in your config). (Be careful of regular
users having a login matching this string)

Once I had only one and only one sAMAccountName, I disabled my current
account (changed all the values insided), I sent an email to my RT in
debug mode and here my new account got created with the AD login.

If a developer of this plugin read this, I think it would be nice to
add a $RT::Logger->info at this step in the code...
-- 
L.B.



More information about the rt-users mailing list