Re: [rt-users] Questions about ExternalAuth

Sun, 27 Nov 2011 00:12:21 -0800 

On Thu, Nov 24, 2011 at 09:14:26AM +0100, Bart wrote:
>      * Will the plugin ensure that only LDAP users can login? (I'm assuming 
> yes)

There's a configuration option to control who can log in.
You will always be able to log in as a non-disabled internal RT user
if the user has a password set (such as the root user).

>      * What happens if just a random LDAP user logs into RT? Will he/she be 
> marked as privileged,
>        or will they simply go to the SelfService portal?

This is configurable by you using $AutoCreate.
Also, you can limit which LDAP users can log in by writing an
appropriate filter.

>           * I'm hoping the last + thus that a random LDAP user won't have any 
> rights until I
>             define them inside RT)=.
> 
>      * What happens when a new requestor sends an e-mail, by default RT 
> creates an unprivileged
>        user but what I'd want is that RT only creates that user inside its 
> own database (not
>        inside the LDAP). Is this how ExternalAuth works or will ExternalAuth 
> try to create that
>        user inside the LDAP?

ExternalAuth will never attempt to create a user in your external LDAP
server.

>      * When I only us the LDAP for authentication, do I need to configure the 
> RT MySQL database
>        as well for information or is the DB configuration only required for 
> extra databases
>        outside RT's own database?

Do no attempt to configure RT::Authen::ExternalAuth to authenticate
against RT's internal database.  It automatically falls back to
internal auth.

>    I wasn't able to get the above answers in the documentation, even though I 
> expect the answers
>    to be pretty straight forward. I just want to make sure that I understand 
> the plugin correctly
>    before I start testing it, if ExternalAuth does things differently from 
> what I'm hoping then I
>    might have to look into WebExternalAuth instead (though I'm leaving that 
> one as a last
>    resort).

WebExternalAuth works quite differently, as it relies on your web
server config.

It would be great to see a patch to the documentations now that you
have these answers.

-kevin

Attachment: pgpb40UjAGwHN.pgp
Description: PGP signature

--------
RT Training Sessions (http://bestpractical.com/services/training.html)
*  Barcelona, Spain — November 28 & 29, 2011

Reply via email to