Add external hooks to IsPassword() and SetPassword()

[Petter Reinholdtsen]

Anyway, by making sure the hook provided in LookupExternalUserInfo()
is used in the code, it is easier to add ones own synchronizing code
for LDAP, and it should make it easier to implement your idea of
making this configurable using RTx::Authen.

Here is the complete patch to enable this. I’ve tested it at our test
installation of RT.

Of course, LDAP synchronizing is not complete unless one can use LDAP
to authenticate users in LDAP, while leaving it to RT to authenticate
the users not present in LDAP.

Here is a patch to add hooks in the right places for external password

  • One hook in RT::User::IsPassword() to call a new
    IsPasswordExternal() in the proper place. This make it possible to
    add LDAP support by overriding IsPasswordExternal() only, and
    removed the need to copy the code in IsPassword() just add two
    lines to it.

  • Similar hook in RT::User::SetPassword() to call

Please include this patch in a future version of RT, or let me know if
there is something with the patch making it unfit for inclusion in the
official source.

Index: lib/RT/
— lib/RT/ (revision 1376)
+++ lib/RT/ (working copy)
@@ -1001,6 +1058,28 @@


+# {{{ sub SetPasswordExternal
+=head2 SetPasswordExternal
+Takes a string, and try to set this string as the users password in an
+external system, if the user is listed in the external system.
+Returns 1 if the password was set successfully, undef if it failed,
+and -1 if the user is unknown to the external system.
+This hook is called from SetPassword.
+sub SetPasswordExternal {

  • my $self = shift;
  • my $password = shift;
  • return ( -1, $self->loc(“No external users”) );
    +# }}}

{{{ sub SetPassword

=head2 SetPassword
@@ -1018,6 +1097,9 @@
return ( 0, $self->loc(‘Permission Denied’) );

  • my ($code, $msg) = $self->SetPasswordExternal($password);
  • return ($code, $msg) unless (-1 == $code);
    if ( !$password ) {
    return ( 0, $self->loc(“No password set”) );
    @@ -1066,6 +1148,27 @@


+# {{{ sub IsPasswordExternal
+=head2 IsPasswordExternal
+Returns true if the passed in value is this user’s password. Return
+undef if the password don’t match. Return -1 if the user is unknown
+in the external system.
+This hook is called from IsPassword.
+sub IsPasswordExternal {

  • my $self = shift;
  • my $value = shift;
  • return ( -1, $self->loc(“No external users”) );
    +# }}}

{{{ sub IsPassword

=head2 IsPassword
@@ -1097,6 +1200,9 @@

  • my $code = $self->IsPasswordExternal($value);
  • return ($code) unless (-1 == $code);

    generate an md5 password

    if ($self->_GeneratePassword($value) eq $self->__Value(‘Password’)) {