On Wed, Jun 13, 2012 at 11:30 AM, Asif Iqbal <[email protected]> wrote:
> On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <[email protected]> wrote: > >> On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov >> <[email protected]>wrote: >> >>> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <[email protected]> wrote: >>> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov <[email protected] >>> > >>> > wrote: >>> >> >>> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <[email protected]> wrote: >>> >> > I am using external authentication against our corporate AD server >>> >> > successfully, using the RT::Authen::ExternalAuth. >>> >> > >>> >> > But I like the authorization done against internal db for user >>> account. >>> >> > >>> >> > Just because a user has a valid AD credential is not enough for >>> him/her >>> >> > to >>> >> > be able to login to our RT. We like >>> >> > to manage the login by creating the user account into internal db >>> using >>> >> > the >>> >> > Web UI. >>> >> > >>> >> > So we still like the user to use their AD credential and no need to >>> >> > remember >>> >> > another password, and at the same time >>> >> > only be able to login if the same username is available in internal >>> db. >>> >> > >>> >> > Is that possible? Any suggestion/tip is appreciated. >>> >> >>> >> Yes, it is possible, but not like you want it to be. >>> >> >>> >> As far as I can see users need AD record anyway, just mark them >>> >> somehow in AD and use this marking in ExternalAuth filter. >>> >> >>> > >>> > I have no access to AD. It belongs to corporate group and will not be >>> able >>> > to manage a group. >>> > >>> > There is no way to control the Authorization part locally? >>> >>> Not out of the box. Patch external auth module and add option to avoid >>> creation of new users. >>> >>> >> So I could just comment this section out to avoid user create as one >> option? I know, ugly. >> >> http://paste.ubuntu.com/1039210/ >> >> > This seem to have worked. > > http://paste.ubuntu.com/1039233/ > > fixed some of the comments to reflect the intention http://paste.ubuntu.com/1039239/ > > >> >>> >> > -- >>> >> > Asif Iqbal >>> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> >> > A: Because it messes up the order in which people normally read >>> text. >>> >> > Q: Why is top-posting such a bad thing? >>> >> > >>> >> > >>> >> >>> >> >>> >> >>> >> -- >>> >> Best regards, Ruslan. >>> > >>> > >>> > >>> > >>> > -- >>> > Asif Iqbal >>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> > A: Because it messes up the order in which people normally read text. >>> > Q: Why is top-posting such a bad thing? >>> > >>> > >>> >>> >>> >>> -- >>> Best regards, Ruslan. >>> >> >> >> >> -- >> Asif Iqbal >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> >> > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
