[rt-users] ExternalAuth

Witts J Mr jon.witts at southhunsley.org.uk
Mon Nov 14 15:55:24 EST 2011

> Date: Mon, 14 Nov 2011 10:36:19 -0500
> From: Kevin Falcone <falcone at bestpractical.com>
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] ExternalAuth
> Message-ID: <20111114153619.GX1021 at jibsheet.com>
> Content-Type: text/plain; charset="us-ascii"

> On Fri, Nov 11, 2011 at 01:14:14PM +0000, Witts J Mr wrote:
>> We are using the ExternalAuth plugin with RT 4.0.2 at our school authenticating against two different LDAP branches. We also have some internal RT users defined too for users outside of our school who need to be able to log tickets in our queues.
>> At the moment we are using the "Everyone" group to define the permissions on our internal queues, but this means that external users can see them too. What we would ideally like to be able to do is have all LDAP users put into a global group at the point of creation (i.e. when they first log in).
>> Does anyone know if it would be possible to adjust the ExternalAuth plugin so that you could define a global group and have all users who authenticate from an external source automatically added to that group? This would really help our permissions set up, as it would allow us to create a global group for each LDAP source and assign the permissions to that group rather than using the "Everyone" group.

>This is not a feature of the plugin, although you could certainly add
it and send a patch.  Many people just make sure the LDAP users are
Privileged and use that rather than Everyone.  You could also use
RT-Extension-LDAPImport and import groups and group memberships from

Hi Kevin,

Thanks for responding. Are there any plugins which would provide a good starting point for me to look at the code to add users into a custom group? I am very new to Perl programming, but am not adverse to get in to the code if that is what is required!



Confidentiality: this e-mail and its attachments may be confidential and are intended solely for the use of the named recipient(s). If you are not the intended recipient you must take no action based on them, nor must you copy or show them to anyone. If you have received this e-mail in error, please advise the sender by return e-mail and delete all copies of this e-mail and any attachments from your computer.

Security Warning: Please note that internet e-mail is not a completely secure or error free method of communication, and information could be intercepted, corrupted, lost, destroyed, or could arrive late or incomplete. You should understand and accept this lack of security when it communicating by email.

Viruses: Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept responsibility for any loss or damage you sustain as a result of software viruses. You are advised to carry out your own checks before any attachments are opened.

Please note that any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of South Hunsley School and Sixth Form College and the content of their e-mail is not intended to be contractually binding.

South Hunsley School and Sixth Form College is registered in England and Wales with company registration number 07542211 and VAT Registration Number 109 7208 18.

More information about the rt-users mailing list