[rt-users] Authentication against LDAP and Authorization against internal db
Asif Iqbal
vadud3 at gmail.com
Wed Jun 13 11:13:12 EDT 2012
On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov <ruz at bestpractical.com>wrote:
> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <ruz at bestpractical.com>
> > wrote:
> >>
> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
> >> > I am using external authentication against our corporate AD server
> >> > successfully, using the RT::Authen::ExternalAuth.
> >> >
> >> > But I like the authorization done against internal db for user
> account.
> >> >
> >> > Just because a user has a valid AD credential is not enough for
> him/her
> >> > to
> >> > be able to login to our RT. We like
> >> > to manage the login by creating the user account into internal db
> using
> >> > the
> >> > Web UI.
> >> >
> >> > So we still like the user to use their AD credential and no need to
> >> > remember
> >> > another password, and at the same time
> >> > only be able to login if the same username is available in internal
> db.
> >> >
> >> > Is that possible? Any suggestion/tip is appreciated.
> >>
> >> Yes, it is possible, but not like you want it to be.
> >>
> >> As far as I can see users need AD record anyway, just mark them
> >> somehow in AD and use this marking in ExternalAuth filter.
> >>
> >
> > I have no access to AD. It belongs to corporate group and will not be
> able
> > to manage a group.
> >
> > There is no way to control the Authorization part locally?
>
> Not out of the box. Patch external auth module and add option to avoid
> creation of new users.
>
>
So I could just comment this section out to avoid user create as one
option? I know, ugly.
http://paste.ubuntu.com/1039210/
> >> > --
> >> > Asif Iqbal
> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> >> > A: Because it messes up the order in which people normally read text.
> >> > Q: Why is top-posting such a bad thing?
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Best regards, Ruslan.
> >
> >
> >
> >
> > --
> > Asif Iqbal
> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> >
> >
>
>
>
> --
> Best regards, Ruslan.
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120613/8a0bf605/attachment.htm>
More information about the rt-users
mailing list