On Tue, Jan 26, 2010 at 08:21:43PM -0500, Ed Santora wrote: > Hello, > > I just upgraded to 3.8.7 with RT::Authen::ExternalAuth v0.08 > > I'm trying to restrict RT users to LDAP users in one group. When I set: > > 'group' => 'cn=group,ou=group,dc=my,dc=domain,dc=edu' > > and > > 'group_attr' => 'memberUid' > > I see it query my LDAP server with > (memberUid=uid=user,ou=people,dc=my,dc=domain,dc=com) instead of > (memberUid=user). > > Is there a way to have it use just the 'username' instead of the user's > full dn without changind RT::Authen::ExternalAuth::LDAP? > > If I comment out 'group' and 'group_attr' LDAP auth works fine, but any > valid LDAP user can log in.
Unfortunately, the RT-Authen-ExternalAuth is coded to use the dn. This seems to work for other people, although I'm not sure what group_attr they're using. You'd have to make the right hand side of the filter into a configuration option in order to change that -kevin
pgpM9bbB1gXpW.pgp
Description: PGP signature
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com 2010 RT Training Sessions! San Francisco, CA, USA - Feb 22 & 23 Dublin, Ireland - Mar 15 & 16 Boston, MA, USA - April 5 & 6 Washington DC, USA - Oct 25 & 26 Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com