[rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users

Robert Gabriel rgabriel at fnb.co.za
Mon Sep 6 07:25:21 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

I've done some initial investigation but this doesn't seem to be so
simple for me to do.

Please can someone assist?

I'm using RT::Authen::ExternalAuth and have the following working:
External auth with LDAP and auto create privileged users if they are
in 'rt' group in LDAP.

How can unprivileged users be auto created if they are in LDAP but not
in the 'rt' group when they send a mail ticket request so they can login
through self service access?

PS What should the ExternalInfoPriority be set to if no LDAP
lookups for creating new users via RT?

Thanks.

Set( $rtname, '***.***.**.**');
Set($Organization , '****.***.**.**');
Set($Timezone , 'Africa/Johannesburg');
Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($RTAddressRegexp , '^****(-***)?\@***\.**\.**$');
Set($LogToSyslog , 'debug');
Set($LogToScreen, 'debug');
Set($DatabaseType , 'mysql');
Set($DatabaseHost   , '');
Set($DatabaseRTHost , '');
Set($DatabasePort , '');
Set($DatabaseUser , '****');
Set($DatabasePassword , '*****');
Set($DatabaseName , '****');
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , 'root');
Set($MaxAttachmentSize , 10000000);
Set($CanonicalizeOnCreate, 0);
Set($AutoCreate, {Privileged => 1});
require
"/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";


Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
   'My_LDAP'         => {
   'type'            => 'ldap',
   'server'          => '**********',
   'user'            => '',
   'pass'            => '',
   'base'            => 'dc=********,dc=***,dc=**,dc=**',
   'filter'          => '(objectClass=*)',
   'd_filter'        => '(objectClass=FooBarBaz)',
   'tls'             => 0,
   'ssl_version'     => 3,
   'net_ldap_args'   => [version =>  3],
   'group'           => 'cn=rt,ou=groups,dc=****,dc=****,dc=**,dc=***',
   'group_attr'      => 'member',
   'attr_match_list' => ['Name', 'EmailAddress'],
   'attr_map'        => {'Name' => 'uid', 'RealName' => 'cn',
'ExternalAuthId' => 'uid', 'Gecos' => 'cn', 'EmailAddress' => 'mail'}
   }
}
);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce
8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x
8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I
PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0
LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o
Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA=
=dkSU
-----END PGP SIGNATURE-----

To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: 
https://www.fnb.co.za/disclaimer.html 

If you are unable to access the Disclaimer, send a blank e-mail to
firstrandbankdisclaimer at fnb.co.za and we will send you a copy of the Disclaimer.



More information about the rt-users mailing list