Auto-create RT-only users when using LDAP?

Kyle_Barger · July 25, 2006, 6:00pm

I wonder if anybody has any advice about user account arrangements for
our new (but not in production) RT 3.6.0 (running on Fedora Core 4).

In a nutshell, we want folks who have accounts in our existing OpenLDAP
tree to be able to have their RT accounts auto-created based on LDAP
information when they send an email to RT or log in via SelfService.
This much is working fine, with LdapUserLocalOverlay.

However, we also need to be able to take questions (primarily via email;
I’m not that concerned about web access) from people who are not
students or employees. We don’t want to give these people credentials
in our LDAP system–ideally RT would auto-create accounts for them just
as if there were no LDAP at work. As it is now they get an email back
saying an account couldn’t be created for them.

Is there an easy way to set this up? Or any suggestions for other ways
to handle this situation? Thanks.
Kyle Barger
Director of Information Services
The Lutheran Theological Seminary at Philadelphia
For assistance with computer, phone, or network issues at LTSP:
http://www.ltsp.edu/helpdesk

Helmuth_Ramirez · July 25, 2006, 7:18pm

I ‘think’ this may be what you’re looking for. This came from the
Overlay settings in my RT_SiteConfig file

Should we create accounts for users who aren’t in LDAP?

Set($LdapAutoCreateNonLdapUsers, 0);

Mine is 0 since all our users ‘should’ be internal-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kyle
Barger
Sent: Tuesday, July 25, 2006 2:00 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] Auto-create RT-only users when using LDAP?

I wonder if anybody has any advice about user account arrangements for
our new (but not in production) RT 3.6.0 (running on Fedora Core 4).

In a nutshell, we want folks who have accounts in our existing OpenLDAP
tree to be able to have their RT accounts auto-created based on LDAP
information when they send an email to RT or log in via SelfService.
This much is working fine, with LdapUserLocalOverlay.

However, we also need to be able to take questions (primarily via email;

I’m not that concerned about web access) from people who are not
students or employees. We don’t want to give these people credentials
in our LDAP system–ideally RT would auto-create accounts for them just
as if there were no LDAP at work. As it is now they get an email back
saying an account couldn’t be created for them.

Is there an easy way to set this up? Or any suggestions for other ways
to handle this situation? Thanks.
Kyle Barger
Director of Information Services
The Lutheran Theological Seminary at Philadelphia
For assistance with computer, phone, or network issues at LTSP:
http://www.ltsp.edu/helpdesk
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html

eric.valor · July 25, 2006, 8:28pm

Kyle:

You need these settings in RT_SiteConfig.pm:

What auth methods do you like and in what order?

Set($AuthMethods, [‘LDAP’, ‘Internal’]);

Should we create accounts for users who aren’t in LDAP?

Set($LdapAutoCreateNonLdapUsers, 1);

Eric N. Valor
Information Technology Manager
DaimlerChrysler Research & Technology North America, Inc.
eric.valor@daimlerchrysler.com
1510 Page Mill Road, Palo Alto, CA 94304
CIMS 931-00-00
650-845-2536

: This Space Intentionally Left Blank :

I wonder if anybody has any advice about user account arrangements for
our new (but not in production) RT 3.6.0 (running on Fedora Core 4).

In a nutshell, we want folks who have accounts in our existing OpenLDAP
tree to be able to have their RT accounts auto-created based on LDAP
information when they send an email to RT or log in via SelfService.
This much is working fine, with LdapUserLocalOverlay.

However, we also need to be able to take questions (primarily via email;
I’m not that concerned about web access) from people who are not
students or employees. We don’t want to give these people credentials
in our LDAP system–ideally RT would auto-create accounts for them just
as if there were no LDAP at work. As it is now they get an email back
saying an account couldn’t be created for them.

Is there an easy way to set this up? Or any suggestions for other ways
to handle this situation? Thanks.