[rt-users] RT 4.0.4 CAS LDAP LDAPImport - Problem Privileged/Unprivileged users

Jan Niezbędny janniezbedny1887 at gmail.com
Mon Oct 8 12:01:27 EDT 2012


Hey everybody. I’m new with RT and please for a little patience if I
said some stupid things and sorry for my English
I’m setting up new instance RT 4.0.4 on CentOS 6. For auth I’m using
CAS to implement SSO on a few applications. CAS using LDAP which
stands on AD Win Ser 2008.

I implement CAS in RT using mod_auth_cas and WebExternalAuth. To get
groups and users form LDAP I used LDAPImport. And almost everything
works fine but I have problem with Unprivileged users. For example I
wanna set up mapping for 3 groups from LDAP:  external (users who can
only write ticket and check status of them),  internal (users who
manage tickets from external users and other stuff) and admin. I want
this grups in RT, and it’s not problem to make configuration for
internal and admin groups but for all 3 grups it’s not that easy (at
least for me ). I think the best configuration for external users is
to be Unprivileged because this is the simplest way to close that
group in some place. This group only need to login, make ticket and
check status

The question is, it’s possible to resolve problem with Privileged
(internal, admin) and Unprivileged (external) groups of users using
some steps or changing configuration? To send 2 groups with Privileged
users and others with Unprivileged users?

Some my thoughts: It’s obvious that if I use LDAPImport and put
Set($LDAPCreatePrivileged, 1); in RT_SiteConfig, all new users
imported to RT will be Privileged, and when if I put 0 all users will
be Unprivileged. I thing it’s possible to use
Set($LDAPCreatePrivileged, 1); and default settings of RT to get a
solution of this problem. Because if you make a user in LDAP and as a
first step you try to login in RT, not using LDAPImport but login
directly in RT the user will be create with Unprivileged rights. This
is some solution but in settings of this user we don’t have email
which is required to make and see  own tickets.
If you have some thoughts or ideas, I will be very grateful

Regards,
Jan



More information about the rt-users mailing list