On Fri, Nov 11, 2011 at 01:14:14PM +0000, Witts J Mr wrote: > We are using the ExternalAuth plugin with RT 4.0.2 at our school > authenticating against two different LDAP branches. We also have some > internal RT users defined too for users outside of our school who need to be > able to log tickets in our queues. > > At the moment we are using the "Everyone" group to define the permissions on > our internal queues, but this means that external users can see them too. > What we would ideally like to be able to do is have all LDAP users put into a > global group at the point of creation (i.e. when they first log in). > > Does anyone know if it would be possible to adjust the ExternalAuth plugin so > that you could define a global group and have all users who authenticate from > an external source automatically added to that group? This would really help > our permissions set up, as it would allow us to create a global group for > each LDAP source and assign the permissions to that group rather than using > the "Everyone" group.
This is not a feature of the plugin, although you could certainly add it and send a patch. Many people just make sure the LDAP users are Privileged and use that rather than Everyone. You could also use RT-Extension-LDAPImport and import groups and group memberships from LDAP. -kevin
pgpjK3crUoI6N.pgp
Description: PGP signature
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011
