On Tue, Sep 13, 2011 at 12:04:44PM -0700, Hossein Rafighi wrote: > Hi all, > > We have RT4.0 with RT::Authen::ExternalAuth. In attr_match_list > section we have: > 'attr_match_list' => [ 'Name', > 'EmailAddress', > 'RealName', > ],
You really don't want RealName there, otherwise
RT::Authen::ExternalAuth will disallow two people named Bob Smith.
> 'attr_map' => { 'Name' => 'uid',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> }
>
> However, on our ldap (openldap) a typical user has a uid and cn. For
> instance, my info on the ldap is:
> dn: uid=hossein,ou=People,o=TRIUMF
> uid: hossein
> cn: Hossein Rafighi
> sn: Rafighi
> mail: [email protected]
> mail: [email protected]
> givenName: Hossein
>
> Is it possible to alter the attr_match, attr_map, or any other
> attribute in RT to authenticate based on uid or cn, and not just
> uid? I tried changing various settings, but to no avail.
You'd have to extend the module to use more than just the Name in the
query it runs for DN. There's a branch in the repo for refactoring
some of that code, but it concentrates on alternate email addresses
not alternate uids. It may make doing what you want easier though.
-kevin
pgpcOcCH6MAGC.pgp
Description: PGP signature
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 & 27, 2011 * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Melbourne VIC, Australia November 28 & 29, 2011 * Barcelona, Spain November 28 & 29, 2011
