Hello all, I was just checking out RT::Authen::ExternalAuth for the first time after seeing the recent announcements on this list, and found it to be a useful extension of RT functionality. However, I noticed that it always attempts to authenticate a user to the external authentication service(s) before falling back to local authentication. I was wondering if there was any interest in enhancing it to allow for the selection of the authentication service on a per-user basis, perhaps based on some user custom field.
In our RT setup, we have a small number of privileged users who can own tickets and have accounts in our LDAP directory, but we have a large number of people who have access only to tickets they requested in RT, and do not have LDAP accounts. I think it would cut down on unnecessary traffic to our LDAP server if we could add some functionality to RT::Authen::ExternalAuth so that it only looks up privileged users in LDAP and does local authentication for everybody else. Maybe a user custom field could indicate which authentication service to use for an account (e.g. LDAP, external DB, local, etc.) rather than the global $RT::ExternalAuthPriority applying to all users? However, this could be problematic in allowing users to change which service they authenticate to. Would this per-user selectable authentication service functionality be useful to anyone else, and does anyone have an alternative suggestion for its implementation other than by using a user custom field? Maybe by RT group membership (e.g. by creating and populating a "auth_ldap" group for users to auth to LDAP, and a "auth_db" group for users to auth to an external DB, etc.)? -Bill -- William Horka UNIX Systems Administrator Harvard-MIT Data Center _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com