[rt-users] RT::Authen::ExternalAuth to use LDAP for different groups

marthter marthter at yahoo.ca
Thu Feb 17 16:19:28 EST 2011


hi gang,

I'm trying to set up Request Tracker with RT::Authen::ExternalAuth.

Is there anywhere with more documentation on the various parameters 
(besides the comments in the example config file)?  I've been googling 
and reading the wiki at requesttracker.wikia.com but cannot seem to 
figure out how to do what I want, or if what I want is possible.

I currently have only 1 "real" user, the root user, in the Request 
Tracker database.  When I log in with this user, I get the full menu and 
navigation structure.

I have successfully set up the LDAP authentication against my Active 
Directory server, and testing it with my own Windows user and password, 
and that is working and letting me log in that way.  However I get only 
a very restricted menu and navigation structure.  Presumably this is the 
non-privileged user's view of things (I'm new to this so I'm somewhat 
guessing here).



My question is, how do I use RT::Authen::ExternalAuth with LDAP to my 
Active Directory, such that some users (who are in group Blah in the 
Active Directory) are in the privileged group, and the rest of the users 
are in the non-privileged group.

Note thus far I have no manually-created groups on the RT server, so for 
now the question is phrased in terms of the system groups, privileged, 
and non-privileged, but if it is easier to do what I want only if I 
first create some groups, let me know.

Also note, I have not turned on the AutoCreateNonExternalUsers, as I'm 
not clear that I understand the point of it, and I don't want to clutter 
up the RT database with users data being transferred from Active 
Directory while I'm, as yet, only testing things out.

I don't want to have to wait until after a user has logged in, to get 
their info transferred from AD to the RT users database, and then have 
to manually modify their RT groups membership based on who they are, I'm 
hoping I can maintain that only in the Active Directory side, and RT 
will show them the right interface based on that.

Can anyone help?

Thanks.

Martin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110217/60ba058c/attachment.htm>


More information about the rt-users mailing list