Err.. thanks, but that's not what I'm looking for. For one thing, even if I got permission to do that (which I wont), we have 40,000 users in ldap. I dont actually WANT all of them in the rt database. particularly since we have a 15,000 user/year churn rate.
________________________________________ From: Jok Thuau [jth...@spacex.com] Sent: Tuesday, May 14, 2013 05:36 PM To: Philip Brown; rt-users@lists.bestpractical.com Subject: Re: [rt-users] REMOTE_USER, external auth, and email mismatching I have use the LDAPImport extension to pull all my users out of AD into RT. I even submitted a patch on the cpan bug tracker to add a feature to "automatically grant rights" to some groups based on LDAP queries. (and you'll probably need to "merge" the users that you have now into their imported equivalent) Thanks, Jok -- | Joachim Thuau | IT Systems Engineer - Linux / SpaceX | On 5/14/13 1:41 PM, "Philip Brown" <p...@usc.edu> wrote: >On 04/26/13 04:38 PM, Thomas Sibley wrote: >> On 04/26/2013 02:35 PM, Philip Brown wrote: >>> hi there, >>> We are looking at using kerb auth and mod_auth_kerb as our external >>>auth mechanism for RT. >>> >>> ... I was hoping there was potentially a way to do any of the >>>following: >>> >>> a) automatically drop the @xyz from REMOTE_USER entirely >>> b) autoconvert the @xyz to @real.domain >>> >>> c) (least preferable) have the autocreate routines, atomatically fill >>>in @real.domain as the email address >> You can accomplish (b) with these options: >> >>http://bestpractical.com/rt/docs/latest/RT_Config.html#CanonicalizeEmailA >>ddressMatch-CanonicalizeEmailAddressReplace >> >> You can also do more sophisticated munging by writing your own >> RT::User::CanonicalizeUserInfo: >> >>http://bestpractical.com/rt/docs/latest/RT/User.html#CanonicalizeUserInfo >>-HASH-of-ARGS >> >> Or you can take the easy way of (a) by setting the mod_auth_kerb config >> option that Jok pointed out earlier. >> > > >Well, I'm back, now that I've had more time to follow up :) > >I have tried out using the KrbLocalUser tweak, and run into problems. >The email field does not get filled out on autocreate of an account. > >I then attempted to do the fallback suggested via > >CanonicalizeEmailAddressMatch > >after removing the KrbLocalUser from my apache configs. >however, the replace did not seem to have any effect. I'm still getting >logged in as >u...@kerb.my.com >rather than u...@my.com > >for the record, I'm using a match string of >'\@.*\.my.com$' > >and replace of >'\@my.com' > >it's kinda odd that I cant seem to google any sample RT_Config.pm files >for this' > > > > > >-- >RT Training in Seattle, June 19-20: http://bestpractical.com/training -- RT Training in Seattle, June 19-20: http://bestpractical.com/training