On Wed, Jun 13, 2012 at 12:24 PM, Asif Iqbal <[email protected]> wrote:
> On Wed, Jun 13, 2012 at 11:35 AM, Asif Iqbal <[email protected]> wrote: > >> On Wed, Jun 13, 2012 at 11:30 AM, Asif Iqbal <[email protected]> wrote: >> >>> On Wed, Jun 13, 2012 at 11:13 AM, Asif Iqbal <[email protected]> wrote: >>> >>>> On Tue, Jun 12, 2012 at 1:57 PM, Ruslan Zakirov >>>> <[email protected]>wrote: >>>> >>>>> On Tue, Jun 12, 2012 at 6:35 PM, Asif Iqbal <[email protected]> wrote: >>>>> > On Tue, Jun 12, 2012 at 5:51 AM, Ruslan Zakirov < >>>>> [email protected]> >>>>> > wrote: >>>>> >> >>>>> >> On Tue, Jun 12, 2012 at 5:38 AM, Asif Iqbal <[email protected]> >>>>> wrote: >>>>> >> > I am using external authentication against our corporate AD server >>>>> >> > successfully, using the RT::Authen::ExternalAuth. >>>>> >> > >>>>> >> > But I like the authorization done against internal db for user >>>>> account. >>>>> >> > >>>>> >> > Just because a user has a valid AD credential is not enough for >>>>> him/her >>>>> >> > to >>>>> >> > be able to login to our RT. We like >>>>> >> > to manage the login by creating the user account into internal db >>>>> using >>>>> >> > the >>>>> >> > Web UI. >>>>> >> > >>>>> >> > So we still like the user to use their AD credential and no need >>>>> to >>>>> >> > remember >>>>> >> > another password, and at the same time >>>>> >> > only be able to login if the same username is available in >>>>> internal db. >>>>> >> > >>>>> >> > Is that possible? Any suggestion/tip is appreciated. >>>>> >> >>>>> >> Yes, it is possible, but not like you want it to be. >>>>> >> >>>>> >> As far as I can see users need AD record anyway, just mark them >>>>> >> somehow in AD and use this marking in ExternalAuth filter. >>>>> >> >>>>> > >>>>> > I have no access to AD. It belongs to corporate group and will not >>>>> be able >>>>> > to manage a group. >>>>> > >>>>> > There is no way to control the Authorization part locally? >>>>> >>>>> Not out of the box. Patch external auth module and add option to avoid >>>>> creation of new users. >>>>> >>>>> >>>> So I could just comment this section out to avoid user create as one >>>> option? I know, ugly. >>>> >>>> http://paste.ubuntu.com/1039210/ >>>> >>>> >>> This seem to have worked. >>> >>> http://paste.ubuntu.com/1039233/ >>> >>> >> >> fixed some of the comments to reflect the intention >> >> http://paste.ubuntu.com/1039239/ >> >> > What page to modify to let user know to login with their AD account going > forward? > > well copied the Elements/Login to local and made the following change. Hopefully it won't break anything. http://paste.ubuntu.com/1039396/ > > >> >> >>> >>> >>>> >>>>> >> > -- >>>>> >> > Asif Iqbal >>>>> >> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>>>> >> > A: Because it messes up the order in which people normally read >>>>> text. >>>>> >> > Q: Why is top-posting such a bad thing? >>>>> >> > >>>>> >> > >>>>> >> >>>>> >> >>>>> >> >>>>> >> -- >>>>> >> Best regards, Ruslan. >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > Asif Iqbal >>>>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>>>> > A: Because it messes up the order in which people normally read text. >>>>> > Q: Why is top-posting such a bad thing? >>>>> > >>>>> > >>>>> >>>>> >>>>> >>>>> -- >>>>> Best regards, Ruslan. >>>>> >>>> >>>> >>>> >>>> -- >>>> Asif Iqbal >>>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>>> A: Because it messes up the order in which people normally read text. >>>> Q: Why is top-posting such a bad thing? >>>> >>>> >>>> >>> >>> >>> -- >>> Asif Iqbal >>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> A: Because it messes up the order in which people normally read text. >>> Q: Why is top-posting such a bad thing? >>> >>> >>> >> >> >> -- >> Asif Iqbal >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> >> > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
