[rt-users] Authentication against LDAP and Authorization against internal db
Asif Iqbal
vadud3 at gmail.com
Wed Jun 13 12:24:45 EDT 2012
On Wed, Jun 13, 2012 at 11:35 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
> On Wed, Jun 13, 2012 at 11:30 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>> On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>
>>> On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov <ruz at bestpractical.com>wrote:
>>>
>>>> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>>> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <
>>>> ruz at bestpractical.com>
>>>> > wrote:
>>>> >>
>>>> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <vadud3 at gmail.com>
>>>> wrote:
>>>> >> > I am using external authentication against our corporate AD server
>>>> >> > successfully, using the RT::Authen::ExternalAuth.
>>>> >> >
>>>> >> > But I like the authorization done against internal db for user
>>>> account.
>>>> >> >
>>>> >> > Just because a user has a valid AD credential is not enough for
>>>> him/her
>>>> >> > to
>>>> >> > be able to login to our RT. We like
>>>> >> > to manage the login by creating the user account into internal db
>>>> using
>>>> >> > the
>>>> >> > Web UI.
>>>> >> >
>>>> >> > So we still like the user to use their AD credential and no need to
>>>> >> > remember
>>>> >> > another password, and at the same time
>>>> >> > only be able to login if the same username is available in
>>>> internal db.
>>>> >> >
>>>> >> > Is that possible? Any suggestion/tip is appreciated.
>>>> >>
>>>> >> Yes, it is possible, but not like you want it to be.
>>>> >>
>>>> >> As far as I can see users need AD record anyway, just mark them
>>>> >> somehow in AD and use this marking in ExternalAuth filter.
>>>> >>
>>>> >
>>>> > I have no access to AD. It belongs to corporate group and will not be
>>>> able
>>>> > to manage a group.
>>>> >
>>>> > There is no way to control the Authorization part locally?
>>>>
>>>> Not out of the box. Patch external auth module and add option to avoid
>>>> creation of new users.
>>>>
>>>>
>>> So I could just comment this section out to avoid user create as one
>>> option? I know, ugly.
>>>
>>> http://paste.ubuntu.com/1039210/
>>>
>>>
>> This seem to have worked.
>>
>> http://paste.ubuntu.com/1039233/
>>
>>
>
> fixed some of the comments to reflect the intention
>
> http://paste.ubuntu.com/1039239/
>
>
What page to modify to let user know to login with their AD account going
forward?
>
>
>>
>>
>>>
>>>> >> > --
>>>> >> > Asif Iqbal
>>>> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>>> >> > A: Because it messes up the order in which people normally read
>>>> text.
>>>> >> > Q: Why is top-posting such a bad thing?
>>>> >> >
>>>> >> >
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Best regards, Ruslan.
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Asif Iqbal
>>>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>>> > A: Because it messes up the order in which people normally read text.
>>>> > Q: Why is top-posting such a bad thing?
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards, Ruslan.
>>>>
>>>
>>>
>>>
>>> --
>>> Asif Iqbal
>>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>>> A: Because it messes up the order in which people normally read text.
>>> Q: Why is top-posting such a bad thing?
>>>
>>>
>>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>>
>>
>>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120613/01e3e555/attachment.htm>
More information about the rt-users
mailing list