[rt-users] Authentication against LDAP and Authorization against internal db

Ruslan Zakirov ruz at bestpractical.com
Tue Jun 12 13:57:07 EDT 2012


On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <ruz at bestpractical.com>
> wrote:
>>
>> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>> > I am using external authentication against our corporate AD server
>> > successfully, using the  RT::Authen::ExternalAuth.
>> >
>> > But I like the authorization done against internal db for user account.
>> >
>> > Just because a user has a valid AD credential is not enough for him/her
>> > to
>> > be able to login to our RT. We like
>> > to manage the login by creating the user account into internal db using
>> > the
>> > Web UI.
>> >
>> > So we still like the user to use their AD credential and no need to
>> > remember
>> > another password, and at the same time
>> > only be able to login if the same username is available in internal db.
>> >
>> > Is that possible? Any suggestion/tip is appreciated.
>>
>> Yes, it is possible, but not like you want it to be.
>>
>> As far as I can see users need AD record anyway, just mark them
>> somehow in AD and use this marking in ExternalAuth filter.
>>
>
> I have no access to AD. It belongs to corporate group and will not be able
> to manage a group.
>
> There is no way to control the Authorization part locally?

Not out of the box. Patch external auth module and add option to avoid
creation of new users.


>> > --
>> > Asif Iqbal
>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> > A: Because it messes up the order in which people normally read text.
>> > Q: Why is top-posting such a bad thing?
>> >
>> >
>>
>>
>>
>> --
>> Best regards, Ruslan.
>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>



-- 
Best regards, Ruslan.



More information about the rt-users mailing list