[rt-users] ExternalAuth

Kevin Falcone falcone at bestpractical.com
Mon Nov 14 10:36:19 EST 2011


On Fri, Nov 11, 2011 at 01:14:14PM +0000, Witts J Mr wrote:
> We are using the ExternalAuth plugin with RT 4.0.2 at our school authenticating against two different LDAP branches. We also have some internal RT users defined too for users outside of our school who need to be able to log tickets in our queues.
> 
> At the moment we are using the "Everyone" group to define the permissions on our internal queues, but this means that external users can see them too. What we would ideally like to be able to do is have all LDAP users put into a global group at the point of creation (i.e. when they first log in).
> 
> Does anyone know if it would be possible to adjust the ExternalAuth plugin so that you could define a global group and have all users who authenticate from an external source automatically added to that group? This would really help our permissions set up, as it would allow us to create a global group for each LDAP source and assign the permissions to that group rather than using the "Everyone" group.

This is not a feature of the plugin, although you could certainly add
it and send a patch.  Many people just make sure the LDAP users are
Privileged and use that rather than Everyone.  You could also use
RT-Extension-LDAPImport and import groups and group memberships from
LDAP.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111114/8777ca07/attachment.sig>


More information about the rt-users mailing list