[rt-users] LDAP Groups
Hi all, I've been looking into using our Windows 2008 Active Directory for user authentication and group membership. Ideally I'd like to replicate names of groups that our users are members within RT, set up permissions and have the of then have those users be able to log into RT I've looked at ExternalAuth mainly as this seemed to offer the best integration into RT, however by all accounts there is no sort of automatic group assignment. and LDAPImport -- Paul Stead Systems Engineer, Zen Internet T: 01706 902009
Re: [rt-users] LDAP Groups
Apologies.. -8- Hi all, I've been looking into using our Windows 2008 Active Directory for user authentication and group membership. Ideally I'd like to replicate names of groups that our users are members within RT, set up permissions and have the of then have those users be able to log into RT and have the group association automatically assigned. I've looked at ExternalAuth mainly as this seemed to offer the best integration into RT, however by all accounts there is no sort of automatic group assignment. It seems that LDAPImport is suggested as a solution to this - however I feel I would require several runs and different search terms to get everyone into the groups I need, Has anyone used LDAP in this way? Thanks Paul -- Paul Stead Systems Engineer, Zen Internet T: 01706 902009
Re: [rt-users] LDAP Groups
On Fri, Oct 18, 2013 at 11:01:26AM +0100, Paul Stead wrote: It seems that LDAPImport is suggested as a solution to this - however I feel I would require several runs and different search terms to get everyone into the groups I need, Has anyone used LDAP in this way? LDAPImport is the solution for syncing groups. We have many many customers using RT-Authen-ExternalAuth to authenticate and LDAPImport to sync groups and user information. -kevin pgp0s8YEu7keR.pgp Description: PGP signature
Re: [rt-users] LDAP Groups
I am currently unavailable. You can reach me at +1 312-497-3444 and dbau...@me.com
Re: [rt-users] Ldap groups and queues permissions
Cristo, There are several tables that work in conjunction with privileges, The ACL, Group, GroupMembers, CacheGroupMembers, Principals, etc. If you get them out of sync, you are in a world of hurt. I'd suggest reading about privileges and more about the framework of rights before putzing around in the database and doing damage you will regret. There are a couple books out there you can get to help you with this. Kenn On Wed, Apr 11, 2012 at 10:52 AM, Thomas Sibley t...@bestpractical.comwrote: Please keep replies on the list. On 04/11/2012 01:43 PM, Cristo Bolaños Trujillo wrote: This is interesting: I created user on RT user admin page, but didn't see any change on user permissing. Take note of the checkbox Let this user be granted rights (Privileged) which turns a user Privileged or not (Unprivileged). After sometime (I don't know really how many and when), user get right permission. Permissions come from RT's internal system groups, ticket/queue roles, and your own custom user groups. You can grant rights to these globally or on a specific queue/article/custom field level. It looks like cachedgroupmembers table get updated periodically, so, is there any way to force it to refresh immediatelly? No, it doesn't get updated periodically. It gets updated immediately. There's no refresh. Futzing with the database is the really wrong way to go about what you want and will almost certainly lead to you breaking RT.
[rt-users] Ldap groups and queues permissions
Hello, I'm using request tracker at work (succesfully!!) but got some problems when tried to manage queues permission using groups. I've googled about it, read documentation on wiki, tried request tracker web interface and direct sql database changes taking as example already working queues, but I can't get any success. Scenario: - I create a group on LDAP and request tracker. - I create a user on LDAP and request tracker. - I assign this user to group on LDAP and request tracker. - I assign every role on group to a queue. User can login to request tracker, get limited privileges, but user can't see queue: it doesn't appear on the select next to New ticket. I tried restarting apache, memcached, closing user web session and restarting, but didn't get any success. ¿May be I've missed any step? Any help is very appreciated :) Thanks a lot in advance.
Re: [rt-users] Ldap groups and queues permissions
On Wed, Apr 11, 2012 at 11:31:59AM +0100, Cristo Bolaños Trujillo wrote: Hello, I'm using request tracker at work (succesfully!!) but got some problems when tried to manage queues permission using groups. I've googled about it, read documentation on wiki, tried request tracker web interface and direct sql database changes taking as example already working queues, but I can't get any success. Scenario: - I create a group on LDAP and request tracker. - I create a user on LDAP and request tracker. - I assign this user to group on LDAP and request tracker. - I assign every role on group to a queue. User can login to request tracker, get limited privileges, but user can't see queue: it doesn't appear on the select next to New ticket. I tried restarting apache, memcached, closing user web session and restarting, but didn't get any success. *May be I've missed any step? Seeing the Queue is controlled by SeeQueue and you'll also need CreateTicket there. Is the user Privileged? -kevin pgpt4z3PQ6Nym.pgp Description: PGP signature
Re: [rt-users] Ldap groups and queues permissions
Hello, Seeing the Queue is controlled by SeeQueue and you'll also need CreateTicket there. Is the user Privileged? Yup, it's right. All problem come from cachedgroupmembers table: it looks there was a record for that user. I manually created a record and it works :) Thanks a lot for your help. -kevin
Re: [rt-users] Ldap groups and queues permissions
Please keep replies on the list. On 04/11/2012 01:43 PM, Cristo Bolaños Trujillo wrote: This is interesting: I created user on RT user admin page, but didn't see any change on user permissing. Take note of the checkbox Let this user be granted rights (Privileged) which turns a user Privileged or not (Unprivileged). After sometime (I don't know really how many and when), user get right permission. Permissions come from RT's internal system groups, ticket/queue roles, and your own custom user groups. You can grant rights to these globally or on a specific queue/article/custom field level. It looks like cachedgroupmembers table get updated periodically, so, is there any way to force it to refresh immediatelly? No, it doesn't get updated periodically. It gets updated immediately. There's no refresh. Futzing with the database is the really wrong way to go about what you want and will almost certainly lead to you breaking RT.
