Re: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
Gabriel, Try removing the group 'rt'. Then use filter to accept a broader range of LDAP users (we use division codes). Then you can use the autocreate Privileged setting. That way anyone who passes the LDAP test will be autocreated as Privileged users. that's my best guess. Kenn LBNL On Mon, Sep 6, 2010 at 4:25 AM, Robert Gabriel rgabr...@fnb.co.za wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I've done some initial investigation but this doesn't seem to be so simple for me to do. Please can someone assist? I'm using RT::Authen::ExternalAuth and have the following working: External auth with LDAP and auto create privileged users if they are in 'rt' group in LDAP. How can unprivileged users be auto created if they are in LDAP but not in the 'rt' group when they send a mail ticket request so they can login through self service access? PS What should the ExternalInfoPriority be set to if no LDAP lookups for creating new users via RT? Thanks. Set( $rtname, '***.***.**.**'); Set($Organization , '.***.**.**'); Set($Timezone , 'Africa/Johannesburg'); Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth))); Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$'); Set($LogToSyslog , 'debug'); Set($LogToScreen, 'debug'); Set($DatabaseType , 'mysql'); Set($DatabaseHost , ''); Set($DatabaseRTHost , ''); Set($DatabasePort , ''); Set($DatabaseUser , ''); Set($DatabasePassword , '*'); Set($DatabaseName , ''); Set($DatabaseRequireSSL , undef); Set($OwnerEmail , 'root'); Set($MaxAttachmentSize , 1000); Set($CanonicalizeOnCreate, 0); Set($AutoCreate, {Privileged = 1}); require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm; Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' = { 'type'= 'ldap', 'server' = '**', 'user'= '', 'pass'= '', 'base'= 'dc=,dc=***,dc=**,dc=**', 'filter' = '(objectClass=*)', 'd_filter'= '(objectClass=FooBarBaz)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3], 'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***', 'group_attr' = 'member', 'attr_match_list' = ['Name', 'EmailAddress'], 'attr_map'= {'Name' = 'uid', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'} } } ); -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce 8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x 8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0 LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA= =dkSU -END PGP SIGNATURE- To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.fnb.co.za/disclaimer.html If you are unable to access the Disclaimer, send a blank e-mail to firstrandbankdisclai...@fnb.co.za and we will send you a copy of the Disclaimer. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
[rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I've done some initial investigation but this doesn't seem to be so simple for me to do. Please can someone assist? I'm using RT::Authen::ExternalAuth and have the following working: External auth with LDAP and auto create privileged users if they are in 'rt' group in LDAP. How can unprivileged users be auto created if they are in LDAP but not in the 'rt' group when they send a mail ticket request so they can login through self service access? PS What should the ExternalInfoPriority be set to if no LDAP lookups for creating new users via RT? Thanks. Set( $rtname, '***.***.**.**'); Set($Organization , '.***.**.**'); Set($Timezone , 'Africa/Johannesburg'); Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth))); Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$'); Set($LogToSyslog , 'debug'); Set($LogToScreen, 'debug'); Set($DatabaseType , 'mysql'); Set($DatabaseHost , ''); Set($DatabaseRTHost , ''); Set($DatabasePort , ''); Set($DatabaseUser , ''); Set($DatabasePassword , '*'); Set($DatabaseName , ''); Set($DatabaseRequireSSL , undef); Set($OwnerEmail , 'root'); Set($MaxAttachmentSize , 1000); Set($CanonicalizeOnCreate, 0); Set($AutoCreate, {Privileged = 1}); require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm; Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' = { 'type'= 'ldap', 'server' = '**', 'user'= '', 'pass'= '', 'base'= 'dc=,dc=***,dc=**,dc=**', 'filter' = '(objectClass=*)', 'd_filter'= '(objectClass=FooBarBaz)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3], 'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***', 'group_attr' = 'member', 'attr_match_list' = ['Name', 'EmailAddress'], 'attr_map'= {'Name' = 'uid', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'} } } ); -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce 8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x 8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0 LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA= =dkSU -END PGP SIGNATURE- To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.fnb.co.za/disclaimer.html If you are unable to access the Disclaimer, send a blank e-mail to firstrandbankdisclai...@fnb.co.za and we will send you a copy of the Disclaimer. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
I'm just going off memory of what I have read, but can't you have more than one LDAP to look up against and have the AutoCreate in the LDAP portion of the config? Maybe have one for RT=Privileged and one for non-RT=normal autocreate? -Mark -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Robert Gabriel Sent: Monday, September 06, 2010 6:25 AM To: rt-users@lists.bestpractical.com Subject: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I've done some initial investigation but this doesn't seem to be so simple for me to do. Please can someone assist? I'm using RT::Authen::ExternalAuth and have the following working: External auth with LDAP and auto create privileged users if they are in 'rt' group in LDAP. How can unprivileged users be auto created if they are in LDAP but not in the 'rt' group when they send a mail ticket request so they can login through self service access? PS What should the ExternalInfoPriority be set to if no LDAP lookups for creating new users via RT? Thanks. Set( $rtname, '***.***.**.**'); Set($Organization , '.***.**.**'); Set($Timezone , 'Africa/Johannesburg'); Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth))); Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$'); Set($LogToSyslog , 'debug'); Set($LogToScreen, 'debug'); Set($DatabaseType , 'mysql'); Set($DatabaseHost , ''); Set($DatabaseRTHost , ''); Set($DatabasePort , ''); Set($DatabaseUser , ''); Set($DatabasePassword , '*'); Set($DatabaseName , ''); Set($DatabaseRequireSSL , undef); Set($OwnerEmail , 'root'); Set($MaxAttachmentSize , 1000); Set($CanonicalizeOnCreate, 0); Set($AutoCreate, {Privileged = 1}); require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm; Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' = { 'type'= 'ldap', 'server' = '**', 'user'= '', 'pass'= '', 'base'= 'dc=,dc=***,dc=**,dc=**', 'filter' = '(objectClass=*)', 'd_filter'= '(objectClass=FooBarBaz)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3], 'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***', 'group_attr' = 'member', 'attr_match_list' = ['Name', 'EmailAddress'], 'attr_map'= {'Name' = 'uid', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'} } } ); -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce 8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x 8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0 LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA= =dkSU -END PGP SIGNATURE- To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.fnb.co.za/disclaimer.html If you are unable to access the Disclaimer, send a blank e-mail to firstrandbankdisclai...@fnb.co.za and we will send you a copy of the Disclaimer. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! CONFIDENTIALITY NOTICE: The information contained in this email message, including any attachments, may be privileged, confidential and otherwise protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this message, including any attachments, is strictly prohibited. If you have received this email message in error, please notify the sender by reply email and delete/destroy the email message, including attachments, and any copies thereof. Although we have taken precautions to minimize the risk of transmitting viruses via email and attachments thereto, we do not guarantee that either is virus-free, and we accept no liability for any damages sustained as a result of any such viruses. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!