On Wed, Jun 13, 2012 at 11:35 AM, Asif Iqbal <[email protected]> wrote:
> On Wed, Jun 13, 2012 at 11:30 AM, Asif Iqbal <[email protected]> wrote: > >> On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <[email protected]> wrote: >> >>> On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov >>> <[email protected]>wrote: >>> >>>> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <[email protected]> wrote: >>>> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov < >>>> [email protected]> >>>> > wrote: >>>> >> >>>> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <[email protected]> >>>> wrote: >>>> >> > I am using external authentication against our corporate AD server >>>> >> > successfully, using the RT::Authen::ExternalAuth. >>>> >> > >>>> >> > But I like the authorization done against internal db for user >>>> account. >>>> >> > >>>> >> > Just because a user has a valid AD credential is not enough for >>>> him/her >>>> >> > to >>>> >> > be able to login to our RT. We like >>>> >> > to manage the login by creating the user account into internal db >>>> using >>>> >> > the >>>> >> > Web UI. >>>> >> > >>>> >> > So we still like the user to use their AD credential and no need to >>>> >> > remember >>>> >> > another password, and at the same time >>>> >> > only be able to login if the same username is available in >>>> internal db. >>>> >> > >>>> >> > Is that possible? Any suggestion/tip is appreciated. >>>> >> >>>> >> Yes, it is possible, but not like you want it to be. >>>> >> >>>> >> As far as I can see users need AD record anyway, just mark them >>>> >> somehow in AD and use this marking in ExternalAuth filter. >>>> >> >>>> > >>>> > I have no access to AD. It belongs to corporate group and will not be >>>> able >>>> > to manage a group. >>>> > >>>> > There is no way to control the Authorization part locally? >>>> >>>> Not out of the box. Patch external auth module and add option to avoid >>>> creation of new users. >>>> >>>> >>> So I could just comment this section out to avoid user create as one >>> option? I know, ugly. >>> >>> http://paste.ubuntu.com/1039210/ >>> >>> >> This seem to have worked. >> >> http://paste.ubuntu.com/1039233/ >> >> > > fixed some of the comments to reflect the intention > > http://paste.ubuntu.com/1039239/ > > What page to modify to let user know to login with their AD account going forward? > > >> >> >>> >>>> >> > -- >>>> >> > Asif Iqbal >>>> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>>> >> > A: Because it messes up the order in which people normally read >>>> text. >>>> >> > Q: Why is top-posting such a bad thing? >>>> >> > >>>> >> > >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Best regards, Ruslan. >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > Asif Iqbal >>>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>>> > A: Because it messes up the order in which people normally read text. >>>> > Q: Why is top-posting such a bad thing? >>>> > >>>> > >>>> >>>> >>>> >>>> -- >>>> Best regards, Ruslan. >>>> >>> >>> >>> >>> -- >>> Asif Iqbal >>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> A: Because it messes up the order in which people normally read text. >>> Q: Why is top-posting such a bad thing? >>> >>> >>> >> >> >> -- >> Asif Iqbal >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> >> > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
