[rt-users] Multiple value match for attr_match_list

Kevin Falcone falcone at bestpractical.com
Tue Sep 13 18:47:33 EDT 2011 

On Tue, Sep 13, 2011 at 03:18:16PM -0700, Hossein Rafighi wrote:
>    Much appreciated. Using alternate email addresses instead of alternate uids sounds even
>    better. Is this url: [1]http://requesttracker.wikia.com/wiki/AutoCreateAndCanonicalizeUserInfo
>    what I need? If not, can you please point me to a page where step-by-step instruction is.

Nope, that page is about 5 years out of date and won't work with any
modern version of RT.  Thanks for pointing it out, I've added the
relevant warning flags.

As I mentioned, it's a branch in the github repo for
RT-Authen-ExternalAuth.  There are no step by step instructions for
setting it up.  You'd need to be comfortable making a git clone and
switching branches and reading the updated documentation.  You can
find the github repo https://github.com/bestpractical/rt-authen-externalauth

-kevin

> 
>  On Tue, Sep 13, 2011 at 12:04:44PM -0700, Hossein Rafighi wrote:
> 
>  Hi all,
> 
>  We have RT4.0 with RT::Authen::ExternalAuth. In attr_match_list
>  section we have:
>  'attr_match_list'  => [    'Name',
>                                         'EmailAddress',
>                                         'RealName',
>                                     ],
> 
>  You really don't want RealName there, otherwise
>  RT::Authen::ExternalAuth will disallow two people named Bob Smith.
> 
> 
>  'attr_map'            =>  {   'Name' => 'uid',
>                                          'EmailAddress' => 'mail',
>                                          'RealName' => 'cn',
>                                      }
> 
>  However, on our ldap (openldap) a typical user has a uid and cn. For
>  instance, my info on the ldap is:
>  dn: uid=hossein,ou=People,o=TRIUMF
>  uid: hossein
>  cn: Hossein Rafighi
>  sn: Rafighi
>  mail: [2]hossein at triumf.ca
>  mail: [3]Hossein.Rafighi at triumf.ca
>  givenName: Hossein
> 
>  Is it possible to alter the attr_match, attr_map, or any other
>  attribute in RT to authenticate based on uid or cn, and not just
>  uid? I tried changing various settings, but to no avail.
> 
>  You'd have to extend the module to use more than just the Name in the
>  query it runs for DN.  There's a branch in the repo for refactoring
>  some of that code, but it concentrates on alternate email addresses
>  not alternate uids.  It may make doing what you want easier though.
> 
>  -kevin
> 
>  --
>    _____  _____   _____  _   _  _   _  ____ Hossein Rafighi
>   |_   _||  _  \ |_   _|| | | || \_/ ||  __|TRIUMF, 4004 Wesbrook Mall
>     | |  | |_|  )  | |  | | | ||     || |__ Vancouver BC, CANADA, V6T 2A3
>     | |  |  _  /   | |  | \_/ || \_/ ||  __|Voice: (604) 222-1047
>     | |  | | \ \  _| |_ |     || | | || |   Fax:   (604) 222-1074
>     |_|  |_|  \_\|_____| \___/ |_| |_||_|   Website: [4]http://www.triumf.ca
> 
> References
> 
>    Visible links
>    1. http://requesttracker.wikia.com/wiki/AutoCreateAndCanonicalizeUserInfo
>    2. mailto:hossein at triumf.ca
>    3. mailto:Hossein.Rafighi at triumf.ca
>    4. http://www.triumf.ca/

> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  Chicago, IL, USA ? September 26 & 27, 2011
> *  San Francisco, CA, USA ? October 18 & 19, 2011
> *  Washington DC, USA ? October 31 & November 1, 2011
> *  Melbourne VIC, Australia ? November 28 & 29, 2011
> *  Barcelona, Spain ? November 28 & 29, 2011

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110913/76178226/attachment.sig>

More information about the rt-users mailing list