[rt-users] RT-Authen-ExternalAuth usage & questions

Steve Huston huston at astro.princeton.edu
Mon Mar 26 10:38:51 EDT 2012 

I hate to be "that guy" (top posting, reposting.. how many more taboos
can I break!)  However, I'm hoping a Monday-morning post will get better
attention than a Thursday evening one.

Anyone have ideas on the below?  Thanks!

On 3/22/12 4:10 PM, Steve Huston wrote:
> I'm in the process of setting up a new RT instance which is going to be
> used differently than the one I've been running for many years now.
> Previously I only cared about the web interface for administrators, but
> now it's desired to have web access for all users.
> 
> We use a CAS-enabled virtualhost (so RT uses the REMOTE_USER varaible
> with external authentication).  This means a user logging in will have a
> username such as 'huston'.  However if they send an email, it would be
> 'huston at princeton.edu', so there's the possibility of having two users
> created. OK, I need something that populates fields from LDAP.  I found
> a few ways to do this, but it looks like the "not outdated" method is
> the aforementioned extension.  I've downloaded it and am looking through
> things, but I have some questions for people more intimately in tune
> with the code:
> 
> 1) Can I run this extension and continue to use the Apache-based
> authentication, relying on ExternalAuth just for the LDAP glue?
> 
> 2) Did I see right that any time a user logs in, this extension will
> poll LDAP to see if their information matches what's in the RT user
> database and updates accordingly?
> 
> 3) Will the extension care if a user doesn't exist?  We may have people
> sending in emails that do not have an account in the LDAP server, and
> this should be allowed - we will want an account autocreated just as it
> is currently.
> 
> 4) Will the extension poll LDAP on an incoming email, properly creating
> the user account if it doesn't exist with the right UID returned from
> the lookup?  Or does this only work when logging in through the web
> interface?
> 
> 5) If a user is "created" as a watcher - say someone in the web
> interface adds an email address as a CC to a ticket - will ExternalAuth
> be hooked to look up that user's information in LDAP and populate the
> uid & realname fields?
> 
> Thanks!
> 


-- 
Steve Huston - W2SRH - Unix Sysadmin, Astrophysical Sci & CSES/PICSciE
  Princeton University  |    ICBM Address: 40.346525   -74.651285
    206 Peyton Hall     |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'

More information about the rt-users mailing list