Based on AD user properties “userAccountControl” , I need to automatically disable RT users (similar to unchecking the checkbox “Let User Access RT” in the rt web UI).
It is possible to do this ? With a Perl script ?
Thanks for your help.
Horst
Note Importante: Le contenu de ce courriel est uniquement réservé à la personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire prévu, veuillez nous en informer au plus vite et détruire le présent courriel. Dans ce cas, il ne vous est pas permis de copier ce courriel, de le distribuer ou de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for the use of the named recipient or organization. If you are not the named recipient, please inform us immediately and delete the present e-mail. In this case, you are not allowed to copy, distribute or use this e-mail in any way.
users, not computers, which are mail enabled, and which don’t have the bit in userAccountControl set for “disabled account”.
From there, you can write a perl script that go over every user in your RT db, and checks them against this filter via LDAP and updates the users that are disabled in AD…
Based on AD user properties “userAccountControl” , I need to automatically disable RT users (similar to unchecking the checkbox “Let User Access RT” in the rt web UI).
It is possible to do this ? With a Perl script ?
Thanks for your help.
Horst
Note Importante: Le contenu de ce courriel est uniquement réservé à la personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire prévu, veuillez nous en informer au plus vite et détruire le présent courriel. Dans ce cas, il ne vous est pas permis de copier ce courriel, de le distribuer ou de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for the use of the named recipient or organization. If you are not the named recipient, please inform us immediately and delete the present e-mail. In this case, you are not allowed to copy, distribute or use this e-mail in any way.
users, not computers, which are mail enabled, and which don’t have the bit
in userAccountControl set for “disabled account”.
From there, you can write a perl script that go over every user in your RT db,
and checks them against this filter via LDAP and updates the users that are
disabled in AD…
Thanks,
Jok
| Joachim Thuau | IT Systems Engineer - Linux / SpaceX |
Based on AD user properties “userAccountControl” , I need to automatically
disable RT users (similar to unchecking the checkbox “Let User Access RT” in
the rt web UI).
It is possible to do this ? With a Perl script ?
Thanks for your help.
Horst
Note Importante: Le contenu de ce courriel est uniquement réservé à la
personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire
prévu, veuillez nous en informer au plus vite et détruire le présent courriel.
Dans ce cas, il ne vous est pas permis de copier ce courriel, de le distribuer ou
de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for
the use of the named recipient or organization. If you are not the named
recipient, please inform us immediately and delete the present e-mail. In this
case, you are not allowed to copy, distribute or use this e-mail in any way.
Note Importante: Le contenu de ce courriel est uniquement réservé à la personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire prévu, veuillez nous en informer au plus vite et détruire le présent courriel. Dans ce cas, il ne vous est pas permis de copier ce courriel, de le distribuer ou de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for the use of the named recipient or organization. If you are not the named recipient, please inform us immediately and delete the present e-mail. In this case, you are not allowed to copy, distribute or use this e-mail in any way.
users, not computers, which are mail enabled, and which don’t have the bit
in userAccountControl set for “disabled account”.
From there, you can write a perl script that go over every user in your RT db,
and checks them against this filter via LDAP and updates the users that are
disabled in AD…
Thanks,
Jok
| Joachim Thuau | IT Systems Engineer - Linux / SpaceX |
Based on AD user properties “userAccountControl” , I need to automatically
disable RT users (similar to unchecking the checkbox “Let User Access RT” in
the rt web UI).
It is possible to do this ? With a Perl script ?
Thanks for your help.
Horst
Note Importante: Le contenu de ce courriel est uniquement réservé à la
personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire
prévu, veuillez nous en informer au plus vite et détruire le présent courriel.
Dans ce cas, il ne vous est pas permis de copier ce courriel, de le distribuer ou
de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for
the use of the named recipient or organization. If you are not the named
recipient, please inform us immediately and delete the present e-mail. In this
case, you are not allowed to copy, distribute or use this e-mail in any way.
Note Importante: Le contenu de ce courriel est uniquement réservé à la personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le destinataire prévu, veuillez nous en informer au plus vite et détruire le présent courriel. Dans ce cas, il ne vous est pas permis de copier ce courriel, de le distribuer ou de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for the use of the named recipient or organization. If you are not the named recipient, please inform us immediately and delete the present e-mail. In this case, you are not allowed to copy, distribute or use this e-mail in any way.
Based on AD user properties “userAccountControl” , I need to automatically
disable RT users (similar to unchecking the checkbox “Let User Access RT” in
the rt web UI).
It is possible to do this ? With a Perl script ?
In case you’re using ExternalAuth then it has d_filter option to put
mentioned filters.
Thanks for your help.
Horst
Note Importante: Le contenu de ce courriel est uniquement réservé à la
personne ou l’organisme à qui il est destiné. Si vous n’êtes pas le
destinataire prévu, veuillez nous en informer au plus vite et détruire le
présent courriel. Dans ce cas, il ne vous est pas permis de copier ce
courriel, de le distribuer ou de l’utiliser de quelque manière que ce soit.
Important Notice: The content of this e-mail is intended only and solely for
the use of the named recipient or organization. If you are not the named
recipient, please inform us immediately and delete the present e-mail. In
this case, you are not allowed to copy, distribute or use this e-mail in any
way.
I found this program from a few years ago, which is supposed to disable a
user:
#! /usr/bin/perl -w
use lib ‘/srv/www/rt4/lib’;
use RT::Base;
use RT::Config;
use RT::User;
my $UserId = “sgeadmin”;
my $user = RT::User->new($RT::SystemUser);
$user->Load($UserId);
$user->SetDisabled();
This script, however, does not work. I end up with this error:
~/bin/rt_disable_user.pl
Can’t locate object method “Config” via package “RT” at
/srv/www/rt4/lib/RT/Record.pm line 76.
BEGIN failed–compilation aborted at /srv/www/rt4/lib/RT/Record.pm line 76.
Compilation failed in require at (eval 11) line 2.
…propagated at /usr/lib/perl5/5.12.3/base.pm line 94.
BEGIN failed–compilation aborted at /srv/www/rt4/lib/RT/User.pm line 70.
Compilation failed in require at ./rt_disable_user line 9.
BEGIN failed–compilation aborted at ./rt_disable_user line 9.
And the user sgeadmin doesn’t get disabled. Once I get the Perl here
working I’ll be able to combine the two, but I cannot figure out what is
wrong. I see other Perl scripts working inside the RT folder that are able
to use RT::User, but I do not seem to be able to do so.
This line does not fail on “use RT::Config”, though; that works. RT::User
seems to load the config, though, and that is where it is hanging up, I
think.
I found this program from a few years ago, which is supposed to disable a
user:
#! /usr/bin/perl -w
use lib ‘/srv/www/rt4/lib’;
use RT::Base;
use RT::Config;
use RT::User;
my $UserId = “sgeadmin”;
my $user = RT::User->new($RT::SystemUser);
$user->Load($UserId);
$user->SetDisabled();
It’s missing some preamble needed to initialise the RT perl API. Something like this:
#! /usr/bin/perl -w
use lib ‘/srv/www/rt4/lib’;
use RT;
use RT::User;
RT::LoadConfig;
RT::Init;
my $UserId = “sgeadmin”;
my $user = RT::User->new($RT::SystemUser);
$user->Load($UserId);
$user->SetDisabled();
Should work.
Tim
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
Thank you! That is exactly what I was missing. I tried looking through
some other Perl scripts already in the folder to see what to “use,” but
hadn’t run across those. I figured it would tell me, too, if it needed
anything else sourced. At any rate, that fixed the problem.
One other thing, it turns out that
$user->SetDisabled();
doesn’t actually work, as it needs a variable. SetDisabled(1) will disable
account, while SetDisabled(0) will actually re-enable the account. Threw
me off at first, but I’m good now.
Thanks again for the help!
AaronOn Tue, Sep 18, 2012 at 7:27 AM, Tim Cutts tjrc@sanger.ac.uk wrote:
I found this program from a few years ago, which is supposed to disable a
user:
#! /usr/bin/perl -w
use lib ‘/srv/www/rt4/lib’;
use RT::Base;
use RT::Config;
use RT::User;
my $UserId = “sgeadmin”;
my $user = RT::User->new($RT::SystemUser);
$user->Load($UserId);
$user->SetDisabled();
It’s missing some preamble needed to initialise the RT perl API.
Something like this:
#! /usr/bin/perl -w
use lib ‘/srv/www/rt4/lib’;
use RT;
use RT::User;
RT::LoadConfig;
RT::Init;
my $UserId = “sgeadmin”;
my $user = RT::User->new($RT::SystemUser);
$user->Load($UserId);
$user->SetDisabled();
Should work.
Tim
–
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.