[rt-users] RT::Authen::ExternalAuth to use LDAP for different groups

Kevin Falcone falcone at bestpractical.com
Thu Feb 17 17:35:41 EST 2011


On Thu, Feb 17, 2011 at 04:19:28PM -0500, marthter wrote:
>    I have successfully set up the LDAP authentication against my Active Directory server, and
>    testing it with my own Windows user and password, and that is working and letting me log in
>    that way.  However I get only a very restricted menu and navigation structure.  Presumably
>    this is the non-privileged user's view of things (I'm new to this so I'm somewhat guessing
>    here).

You can change this with the $AutoCreate config, read more about it in
RT_Config.pm.  For now you probably want to log in as root and make
your user privileged.

>    My question is, how do I use RT::Authen::ExternalAuth with LDAP to my Active Directory, such
>    that some users (who are in group Blah in the Active Directory) are in the privileged group,
>    and the rest of the users are in the non-privileged group.

There isn't a way to configure who is privileged and who isn't at a
group level in the RT-Authen-ExternalAuth level

I suspect you want to use RT-Extension-LDAPImporter to bulk import
users, set up your privileged users and then let
RT-Authen-ExternalAuth manage passwords and future info updates.

You'd need to handle any new users who should be privileged manually,
but I'm not sure how often that would happen for you

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110217/4855d09f/attachment.sig>


More information about the rt-users mailing list