[rt-users] Authentication against LDAP and Authorization against internal db

Asif Iqbal vadud3 at gmail.com
Wed Jun 13 11:35:21 EDT 2012


On Wed, Jun 13, 2012 at 11:30 AM, Asif Iqbal <vadud3 at gmail.com> wrote:

> On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>> On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov <ruz at bestpractical.com>wrote:
>>
>>> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <ruz at bestpractical.com
>>> >
>>> > wrote:
>>> >>
>>> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>> >> > I am using external authentication against our corporate AD server
>>> >> > successfully, using the  RT::Authen::ExternalAuth.
>>> >> >
>>> >> > But I like the authorization done against internal db for user
>>> account.
>>> >> >
>>> >> > Just because a user has a valid AD credential is not enough for
>>> him/her
>>> >> > to
>>> >> > be able to login to our RT. We like
>>> >> > to manage the login by creating the user account into internal db
>>> using
>>> >> > the
>>> >> > Web UI.
>>> >> >
>>> >> > So we still like the user to use their AD credential and no need to
>>> >> > remember
>>> >> > another password, and at the same time
>>> >> > only be able to login if the same username is available in internal
>>> db.
>>> >> >
>>> >> > Is that possible? Any suggestion/tip is appreciated.
>>> >>
>>> >> Yes, it is possible, but not like you want it to be.
>>> >>
>>> >> As far as I can see users need AD record anyway, just mark them
>>> >> somehow in AD and use this marking in ExternalAuth filter.
>>> >>
>>> >
>>> > I have no access to AD. It belongs to corporate group and will not be
>>> able
>>> > to manage a group.
>>> >
>>> > There is no way to control the Authorization part locally?
>>>
>>> Not out of the box. Patch external auth module and add option to avoid
>>> creation of new users.
>>>
>>>
>> So I could just comment this section out to avoid user create as one
>> option? I know, ugly.
>>
>>  http://paste.ubuntu.com/1039210/
>>
>>
> This seem to have worked.
>
>  http://paste.ubuntu.com/1039233/
>
>

fixed some of the comments to reflect the intention

http://paste.ubuntu.com/1039239/



>
>
>>
>>> >> > --
>>> >> > Asif Iqbal
>>> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>> >> > A: Because it messes up the order in which people normally read
>>> text.
>>> >> > Q: Why is top-posting such a bad thing?
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Best regards, Ruslan.
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Asif Iqbal
>>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>> > A: Because it messes up the order in which people normally read text.
>>> > Q: Why is top-posting such a bad thing?
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Best regards, Ruslan.
>>>
>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>>
>>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
>


-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120613/1ca2a347/attachment.htm>


More information about the rt-users mailing list