I’m using The RT::Authen::ExternalAuth Plugin, and all is working nicely.
The one things that I’d like is that when a user logs in, in addition to
updating the various account info (Real Name, Address, etc), I would like
the actual RT account username to be updated to match the account name
in Active Directory.
In other words, I’d like the sAMAccountName from AD/LDAP to be applied
to the RT account name just like this plugin does for other info fields.
I’m wondering if this is even possible?
Right now I have this in my config:
[snip]
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
],
# The mapping of RT attributes on to LDAP attributes
’attr_map’ => { ‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘department’,
‘RealName’ => ‘cn’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘MobilePhone’ => ‘mobile’,
‘Address1’ => ‘streetAddress’,
‘Address2’ => ‘physicalDeliveryOfficeName’,
‘City’ => ‘l’,
‘State’ => ‘st’,
‘Zip’ => ‘postalCode’,
‘Country’ => ‘co’,
‘MobilePhone’ => ‘mobile’,
}
},
[snip]
One thing I wanted to try was to remove ‘Name’ from the attr_match_list, but
I’m not sure that will achieve what I want, and I don’t have an RT test
system to test this on.
The issue I’m trying to get around is this:
- Most of our RT users already have an RT account (auto-generated) from
previous interaction with RT. - They try to login with their Active Directory credentials.
- Their E-mail address in AD matches RT, but RT account name does not match, so authentication fails.
To get around this I’m always having to lookup the person’s AD account name,
then go into RT, and edit their RT account name to match AD. (Kind of time
consuming.) If they already have an AD account, I’d like RT to just let them
login and update their RT account name to match AD.
Does any of this make sense? Any suggestions would be appreciated.
Thanks,
--Mark
Mark A Bentley
CTO Lab Systems Support
AT&T Mobility, Redmond, WA