Re: [rt-users] RT Question on adding users
Kevin, Yes, I am using LDAP and yes, we are on 3.6.4. I tried turning that switch on Set($LdapAutoCreateNonLdapUsers, 1); and it didn't work. Earlier in this thread, User_Vendor.pm was mentioned and I went looking for some of this stuff. I tried to find /opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth and could not. What I found was: -bash-3.00$ cd Callbacks -bash-3.00$ ls -l total 16 drwxr-xr-x 3 rt rt 4096 Feb 6 2008 LDAP drwxr-xr-x 4 rt rt 4096 Jan 29 2008 RTx-RightsMatrix I DID find Auth here:opt/rt3/local/html/Callbacks/LDAP/autohandler/. Am I missing some software that I need to change or refer to? Thanks. Kenn LBNL On 5/14/2009 6:53 AM, Kevin Falcone wrote: I read the rt-users mailing list, its ok to send mail to just the list, rather than CCing me On May 13, 2009, at 5:18 PM, Ken Crocker wrote: Thank you so much for answering. I looked through our RT_Config.pm file and did not see any reference to either RT::User::CanonicalizeUserInfo This is a method on the RT::User where you can customize what RT does on user creation, you'll need to override and tweak it. It should already be overridden in User_Vendor.pm by the LDAP overlay you're using and you could add changes there. or RT::Authen::ExternalAuth. Where do I find them and how do I set them? This is a perl module that implements LDAP auth, since you didn't tell us your RT version or how you were doing LDAP I had to do some guessing It appears you're using the older overlay method (probably with 3.6) Our current applicable LDAP settings (in RT_SiteConfig.pm) are as follows: • Set($AuthMethods, ['LDAP', 'Internal']); • Set($LdapExternalAuth, 1); • Set($LdapExternalInfo, 1); This variable change name slightly between the Overlay and the formal extension • Set($LdapAutoCreateNonLdapUsers, 0); Try changing it to 1, it should let you create users that aren't in LDAP -kevin • Set($LdapAttrMap, {'Name' = 'uid', 'EmailAddress' = 'mail', 'Organization' = 'o', 'RealName' = 'cn', 'ExternalContactInfoId' = 'dn', 'ExternalAuthId' = 'lblempnum', 'Gecos' = 'uid', 'WorkPhone' = 'telephonenumber', 'Address1' = 'lblmailstop', 'Address2' = 'postaladdress'} ); • Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'ExternalAuthId', 'WorkPhone', 'Address2']); • Set($LdapEmailAttrMatchList, ['uid']); • Set($LdapEmailAttrMatchPrefix, [''] ); • Set($LdapTLS, 1); • Set($LdapSSLVersion, 3); Do I have all the LDAP settings I need? Do I need to add one? Change one? THANK you! Kenn LBNL On 5/13/2009 1:12 PM, Kevin Falcone wrote: On May 13, 2009, at 12:48 PM, Ken Crocker wrote: To any and all, I've asked this question before, but perhaps I didn't word it so it made any sense. When we add a 'CC' on any correspondance thru a ticket, we find that if the user is not an RT User, as long as they pass the LDAP test, they get added, with their email address as their Id (NAME field). First question is: How do we get RT to drop the '@xxx.xxx' from the Id is uses for NAME on the USER Table. You can use RT::User::CanonicalizeUserInfo to munge the Name, assuming you're not using RT::Authen::ExternalAuth which already overrides this. Secondly, how do we get RT to add a 'CC' to the USER table as an unprivileged user if they do NOT pass the LDAP test? You don't say how you're doing LDAP auth so answering this is hard. If you're using RT::Authen::ExternalAuth you want to check your setting of AutoCreateNonExternalUsers -kevin ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT Question on adding users
I read the rt-users mailing list, its ok to send mail to just the list, rather than CCing me On May 13, 2009, at 5:18 PM, Ken Crocker wrote: Thank you so much for answering. I looked through our RT_Config.pm file and did not see any reference to either RT::User::CanonicalizeUserInfo This is a method on the RT::User where you can customize what RT does on user creation, you'll need to override and tweak it. It should already be overridden in User_Vendor.pm by the LDAP overlay you're using and you could add changes there. or RT::Authen::ExternalAuth. Where do I find them and how do I set them? This is a perl module that implements LDAP auth, since you didn't tell us your RT version or how you were doing LDAP I had to do some guessing It appears you're using the older overlay method (probably with 3.6) Our current applicable LDAP settings (in RT_SiteConfig.pm) are as follows: • Set($AuthMethods, ['LDAP', 'Internal']); • Set($LdapExternalAuth, 1); • Set($LdapExternalInfo, 1); This variable change name slightly between the Overlay and the formal extension • Set($LdapAutoCreateNonLdapUsers, 0); Try changing it to 1, it should let you create users that aren't in LDAP -kevin • Set($LdapAttrMap, {'Name' = 'uid', 'EmailAddress' = 'mail', 'Organization' = 'o', 'RealName' = 'cn', 'ExternalContactInfoId' = 'dn', 'ExternalAuthId' = 'lblempnum', 'Gecos' = 'uid', 'WorkPhone' = 'telephonenumber', 'Address1' = 'lblmailstop', 'Address2' = 'postaladdress'} ); • Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'ExternalAuthId', 'WorkPhone', 'Address2']); • Set($LdapEmailAttrMatchList, ['uid']); • Set($LdapEmailAttrMatchPrefix, [''] ); • Set($LdapTLS, 1); • Set($LdapSSLVersion, 3); Do I have all the LDAP settings I need? Do I need to add one? Change one? THANK you! Kenn LBNL On 5/13/2009 1:12 PM, Kevin Falcone wrote: On May 13, 2009, at 12:48 PM, Ken Crocker wrote: To any and all, I've asked this question before, but perhaps I didn't word it so it made any sense. When we add a 'CC' on any correspondance thru a ticket, we find that if the user is not an RT User, as long as they pass the LDAP test, they get added, with their email address as their Id (NAME field). First question is: How do we get RT to drop the '@xxx.xxx' from the Id is uses for NAME on the USER Table. You can use RT::User::CanonicalizeUserInfo to munge the Name, assuming you're not using RT::Authen::ExternalAuth which already overrides this. Secondly, how do we get RT to add a 'CC' to the USER table as an unprivileged user if they do NOT pass the LDAP test? You don't say how you're doing LDAP auth so answering this is hard. If you're using RT::Authen::ExternalAuth you want to check your setting of AutoCreateNonExternalUsers -kevin ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT Question on adding users
Ken Crocker wrote, On 5/13/09 5:18 PM: Kevin, Thank you so much for answering. I looked through our RT_Config.pm file and did not see any reference to either RT::User::CanonicalizeUserInfo or RT::Authen::ExternalAuth. Where do I find them and how do I set them? CanonicalizeUserInfo is a method in the RT::User, which is a part of the base package. I think Kevin was saying that you could write an overlay replacement for it. You probably already have an overlay in place, as it appears that you are using something related to the old LDAP overlay described at http://wiki.bestpractical.com/view/LdapUserLocalOverlay and http://wiki.bestpractical.com/view/LdapSiteConfigSettings. RT::Authen::ExternalAuth is an extension that can be used instead of that overlay approach, and it is nicely documented at http://wiki.bestpractical.com/view/ExternalAuth. Our current applicable LDAP settings (in RT_SiteConfig.pm) are as follows: * *Set($AuthMethods, ['LDAP', 'Internal']);* * *Set($LdapExternalAuth, 1);* * *Set($LdapExternalInfo, 1);* * *Set($LdapAutoCreateNonLdapUsers, 0);* That looks promising. I'd bet that if you set that to '1' instead, you'll get new internal users if they are not found in LDAP. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] RT Question on adding users
To any and all, I've asked this question before, but perhaps I didn't word it so it made any sense. When we add a 'CC' on any correspondance thru a ticket, we find that if the user is */not/* an RT User, as long as they pass the LDAP test, they get added, with their email address as their Id (NAME field). First question is: How do we get RT to drop the '@xxx.xxx' from the Id is uses for NAME on the USER Table. Secondly, how do we get RT to add a 'CC' to the USER table as an unprivileged user if they do NOT pass the LDAP test? Thank you in advance. This one has us confused. Hopefully, it's just a configuration thing. Kenn LBNL ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT Question on adding users
On May 13, 2009, at 12:48 PM, Ken Crocker wrote: To any and all, I've asked this question before, but perhaps I didn't word it so it made any sense. When we add a 'CC' on any correspondance thru a ticket, we find that if the user is not an RT User, as long as they pass the LDAP test, they get added, with their email address as their Id (NAME field). First question is: How do we get RT to drop the '@xxx.xxx' from the Id is uses for NAME on the USER Table. You can use RT::User::CanonicalizeUserInfo to munge the Name, assuming you're not using RT::Authen::ExternalAuth which already overrides this. Secondly, how do we get RT to add a 'CC' to the USER table as an unprivileged user if they do NOT pass the LDAP test? You don't say how you're doing LDAP auth so answering this is hard. If you're using RT::Authen::ExternalAuth you want to check your setting of AutoCreateNonExternalUsers -kevin ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT Question on adding users
Kevin, Thank you so much for answering. I looked through our RT_Config.pm file and did not see any reference to either RT::User::CanonicalizeUserInfo or RT::Authen::ExternalAuth. Where do I find them and how do I set them? Our current applicable LDAP settings (in RT_SiteConfig.pm) are as follows: * *Set($AuthMethods, ['LDAP', 'Internal']);* * *Set($LdapExternalAuth, 1);* * *Set($LdapExternalInfo, 1);* * *Set($LdapAutoCreateNonLdapUsers, 0);* * *Set($LdapAttrMap, {'Name' = 'uid',* * 'EmailAddress' = 'mail',* * 'Organization' = 'o',* * 'RealName' = 'cn',* * 'ExternalContactInfoId' = 'dn',* * 'ExternalAuthId' = 'lblempnum',* * 'Gecos' = 'uid',* * 'WorkPhone' = 'telephonenumber',* * 'Address1' = 'lblmailstop',* * 'Address2' = 'postaladdress'}* * );* * *Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'ExternalAuthId', 'WorkPhone', 'Address2']);* * *Set($LdapEmailAttrMatchList, ['uid']);* * *Set($LdapEmailAttrMatchPrefix, [''] );* * *Set($LdapTLS, 1);* * *Set($LdapSSLVersion, 3)*; Do I have all the LDAP settings I need? Do I need to add one? Change one? THANK you! Kenn LBNL On 5/13/2009 1:12 PM, Kevin Falcone wrote: On May 13, 2009, at 12:48 PM, Ken Crocker wrote: To any and all, I've asked this question before, but perhaps I didn't word it so it made any sense. When we add a 'CC' on any correspondance thru a ticket, we find that if the user is not an RT User, as long as they pass the LDAP test, they get added, with their email address as their Id (NAME field). First question is: How do we get RT to drop the '@xxx.xxx' from the Id is uses for NAME on the USER Table. You can use RT::User::CanonicalizeUserInfo to munge the Name, assuming you're not using RT::Authen::ExternalAuth which already overrides this. Secondly, how do we get RT to add a 'CC' to the USER table as an unprivileged user if they do NOT pass the LDAP test? You don't say how you're doing LDAP auth so answering this is hard. If you're using RT::Authen::ExternalAuth you want to check your setting of AutoCreateNonExternalUsers -kevin ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com