Re: [rt-users] RT-Authen-ExternalAuth usage questions

[Steve Huston]

I hate to be that guy (top posting, reposting.. how many more taboos
can I break!)  However, I'm hoping a Monday-morning post will get better
attention than a Thursday evening one.

Anyone have ideas on the below?  Thanks!

On 3/22/12 4:10 PM, Steve Huston wrote:
 I'm in the process of setting up a new RT instance which is going to be
 used differently than the one I've been running for many years now.
 Previously I only cared about the web interface for administrators, but
 now it's desired to have web access for all users.
 
 We use a CAS-enabled virtualhost (so RT uses the REMOTE_USER varaible
 with external authentication).  This means a user logging in will have a
 username such as 'huston'.  However if they send an email, it would be
 'hus...@princeton.edu', so there's the possibility of having two users
 created. OK, I need something that populates fields from LDAP.  I found
 a few ways to do this, but it looks like the not outdated method is
 the aforementioned extension.  I've downloaded it and am looking through
 things, but I have some questions for people more intimately in tune
 with the code:
 
 1) Can I run this extension and continue to use the Apache-based
 authentication, relying on ExternalAuth just for the LDAP glue?
 
 2) Did I see right that any time a user logs in, this extension will
 poll LDAP to see if their information matches what's in the RT user
 database and updates accordingly?
 
 3) Will the extension care if a user doesn't exist?  We may have people
 sending in emails that do not have an account in the LDAP server, and
 this should be allowed - we will want an account autocreated just as it
 is currently.
 
 4) Will the extension poll LDAP on an incoming email, properly creating
 the user account if it doesn't exist with the right UID returned from
 the lookup?  Or does this only work when logging in through the web
 interface?
 
 5) If a user is created as a watcher - say someone in the web
 interface adds an email address as a CC to a ticket - will ExternalAuth
 be hooked to look up that user's information in LDAP and populate the
 uid  realname fields?
 
 Thanks!
 


-- 
Steve Huston - W2SRH - Unix Sysadmin, Astrophysical Sci  CSES/PICSciE
  Princeton University  |ICBM Address: 40.346525   -74.651285
206 Peyton Hall |On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852  | headlong into mystery.  -Rush, 'Cygnus X-1'

[rt-users] RT-Authen-ExternalAuth usage questions

[Steve Huston]

I'm in the process of setting up a new RT instance which is going to be
used differently than the one I've been running for many years now.
Previously I only cared about the web interface for administrators, but
now it's desired to have web access for all users.

We use a CAS-enabled virtualhost (so RT uses the REMOTE_USER varaible
with external authentication).  This means a user logging in will have a
username such as 'huston'.  However if they send an email, it would be
'hus...@princeton.edu', so there's the possibility of having two users
created. OK, I need something that populates fields from LDAP.  I found
a few ways to do this, but it looks like the not outdated method is
the aforementioned extension.  I've downloaded it and am looking through
things, but I have some questions for people more intimately in tune
with the code:

1) Can I run this extension and continue to use the Apache-based
authentication, relying on ExternalAuth just for the LDAP glue?

2) Did I see right that any time a user logs in, this extension will
poll LDAP to see if their information matches what's in the RT user
database and updates accordingly?

3) Will the extension care if a user doesn't exist?  We may have people
sending in emails that do not have an account in the LDAP server, and
this should be allowed - we will want an account autocreated just as it
is currently.

4) Will the extension poll LDAP on an incoming email, properly creating
the user account if it doesn't exist with the right UID returned from
the lookup?  Or does this only work when logging in through the web
interface?

5) If a user is created as a watcher - say someone in the web
interface adds an email address as a CC to a ticket - will ExternalAuth
be hooked to look up that user's information in LDAP and populate the
uid  realname fields?

Thanks!

-- 
Steve Huston - W2SRH - Unix Sysadmin, Astrophysical Sci  CSES/PICSciE
  Princeton University  |ICBM Address: 40.346525   -74.651285
206 Peyton Hall |On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852  | headlong into mystery.  -Rush, 'Cygnus X-1'