It's known issue that plugin checks group membership using user's account. I think there were a patch on rt.cpan.org for this.
Ruslan from phone. 29.01.2013 17:43 пользователь "Tony Arnold" <[email protected]> написал: > I am using the ExternalAuth plugin 0.12 on RT 3.8.14 and have configured > to use an LDAP server for authentication. > > I have specified group membership as a requisite for authentication. Our > LDAP server does not allow anonymous bind for looking up group > membership, so I've specified some credentials for this. > > However, this is failing. It seems the plugin binds as the user being > authenticated in order to check group membership rather than the > credentials specified in the config file. The user being authenticated > does not have the rights to look up the group, hence it fails. > > Is this a bug or a feature? Any suggestions for a work around? > > Many thanks. > > Regards, > Tony. > > -- > Tony Arnold, Tel: +44 (0) 161 275 6093 > Head of IT Security, Fax: +44 (0) 705 344 3082 > University of Manchester, Mob: +44 (0) 773 330 0039 > Manchester M13 9PL. Email: [email protected] > >
