I have a few questions about the ExternalAuth plugin, I’m thinking of
implementing it but I’d like to know a few things before I start:
Will the plugin ensure that only LDAP users can login? (I’m assuming
yes)
What happens if just a random LDAP user logs into RT? Will he/she be
marked as privileged, or will they simply go to the SelfService portal?
I’m hoping the last + thus that a random LDAP user won’t have any
rights until I define them inside RT)=.
What happens when a new requestor sends an e-mail, by default RT
creates an unprivileged user but what I’d want is that RT only creates that
user inside its own database (not inside the LDAP). Is this how
ExternalAuth works or will ExternalAuth try to create that user inside the
LDAP?
When I only us the LDAP for authentication, do I need to configure the
RT MySQL database as well for information or is the DB configuration only
required for extra databases outside RT’s own database?
I wasn’t able to get the above answers in the documentation, even though I
expect the answers to be pretty straight forward. I just want to make sure
that I understand the plugin correctly before I start testing it, if
ExternalAuth does things differently from what I’m hoping then I might have
to look into WebExternalAuth instead (though I’m leaving that one as a last
resort).
* Will the plugin ensure that only LDAP users can login? (I'm assuming yes)
There’s a configuration option to control who can log in.
You will always be able to log in as a non-disabled internal RT user
if the user has a password set (such as the root user).
* What happens if just a random LDAP user logs into RT? Will he/she be marked as privileged,
or will they simply go to the SelfService portal?
This is configurable by you using $AutoCreate.
Also, you can limit which LDAP users can log in by writing an
appropriate filter.
* I'm hoping the last + thus that a random LDAP user won't have any rights until I
define them inside RT)=.
* What happens when a new requestor sends an e-mail, by default RT creates an unprivileged
user but what I'd want is that RT only creates that user inside its own database (not
inside the LDAP). Is this how ExternalAuth works or will ExternalAuth try to create that
user inside the LDAP?
ExternalAuth will never attempt to create a user in your external LDAP
server.
* When I only us the LDAP for authentication, do I need to configure the RT MySQL database
as well for information or is the DB configuration only required for extra databases
outside RT's own database?
Do no attempt to configure RT::Authen::ExternalAuth to authenticate
against RT’s internal database. It automatically falls back to
internal auth.
I wasn’t able to get the above answers in the documentation, even though I expect the answers
to be pretty straight forward. I just want to make sure that I understand the plugin correctly
before I start testing it, if ExternalAuth does things differently from what I’m hoping then I
might have to look into WebExternalAuth instead (though I’m leaving that one as a last
resort).
WebExternalAuth works quite differently, as it relies on your web
server config.
It would be great to see a patch to the documentations now that you
have these answers.
I’ll give it a go in our testing environment and see if I can make
something out of it.
As for documentation, there are allot of things that I’ve documented for
myself. I just need to find some time to submit them to the wiki.
– Bart
Op 27 november 2011 02:03 schreef Kevin Falcone falcone@bestpractical.comhet volgende:> On Thu, Nov 24, 2011 at 09:14:26AM +0100, Bart wrote:
* Will the plugin ensure that only LDAP users can login? (I'm
assuming yes)
There’s a configuration option to control who can log in.
You will always be able to log in as a non-disabled internal RT user
if the user has a password set (such as the root user).
* What happens if just a random LDAP user logs into RT? Will he/she
be marked as privileged,
or will they simply go to the SelfService portal?
This is configurable by you using $AutoCreate.
Also, you can limit which LDAP users can log in by writing an
appropriate filter.
* I'm hoping the last + thus that a random LDAP user won't
have any rights until I
define them inside RT)=.
* What happens when a new requestor sends an e-mail, by default RT
creates an unprivileged
user but what I'd want is that RT only creates that user inside
its own database (not
inside the LDAP). Is this how ExternalAuth works or will
ExternalAuth try to create that
user inside the LDAP?
ExternalAuth will never attempt to create a user in your external LDAP
server.
* When I only us the LDAP for authentication, do I need to
configure the RT MySQL database
as well for information or is the DB configuration only required
for extra databases
outside RT's own database?
Do no attempt to configure RT::Authen::ExternalAuth to authenticate
against RT’s internal database. It automatically falls back to
internal auth.
I wasn’t able to get the above answers in the documentation, even
though I expect the answers
to be pretty straight forward. I just want to make sure that I
understand the plugin correctly
before I start testing it, if ExternalAuth does things differently
from what I’m hoping then I
might have to look into WebExternalAuth instead (though I’m leaving
that one as a last
resort).
WebExternalAuth works quite differently, as it relies on your web
server config.
It would be great to see a patch to the documentations now that you
have these answers.