RT-Authen-ExternalAuth usage & questions

I’m in the process of setting up a new RT instance which is going to be
used differently than the one I’ve been running for many years now.
Previously I only cared about the web interface for administrators, but
now it’s desired to have web access for all users.

We use a CAS-enabled virtualhost (so RT uses the REMOTE_USER varaible
with external authentication). This means a user logging in will have a
username such as ‘huston’. However if they send an email, it would be
’huston@princeton.edu’, so there’s the possibility of having two users
created. OK, I need something that populates fields from LDAP. I found
a few ways to do this, but it looks like the “not outdated” method is
the aforementioned extension. I’ve downloaded it and am looking through
things, but I have some questions for people more intimately in tune
with the code:

  1. Can I run this extension and continue to use the Apache-based
    authentication, relying on ExternalAuth just for the LDAP glue?

  2. Did I see right that any time a user logs in, this extension will
    poll LDAP to see if their information matches what’s in the RT user
    database and updates accordingly?

  3. Will the extension care if a user doesn’t exist? We may have people
    sending in emails that do not have an account in the LDAP server, and
    this should be allowed - we will want an account autocreated just as it
    is currently.

  4. Will the extension poll LDAP on an incoming email, properly creating
    the user account if it doesn’t exist with the right UID returned from
    the lookup? Or does this only work when logging in through the web
    interface?

  5. If a user is “created” as a watcher - say someone in the web
    interface adds an email address as a CC to a ticket - will ExternalAuth
    be hooked to look up that user’s information in LDAP and populate the
    uid & realname fields?

Thanks!

Steve Huston - W2SRH - Unix Sysadmin, Astrophysical Sci & CSES/PICSciE
Princeton University | ICBM Address: 40.346525 -74.651285
206 Peyton Hall |“On my ship, the Rocinante, wheeling through
Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852 | headlong into mystery.” -Rush, ‘Cygnus X-1’

I hate to be “that guy” (top posting, reposting… how many more taboos
can I break!) However, I’m hoping a Monday-morning post will get better
attention than a Thursday evening one.

Anyone have ideas on the below? Thanks!On 3/22/12 4:10 PM, Steve Huston wrote:

I’m in the process of setting up a new RT instance which is going to be
used differently than the one I’ve been running for many years now.
Previously I only cared about the web interface for administrators, but
now it’s desired to have web access for all users.

We use a CAS-enabled virtualhost (so RT uses the REMOTE_USER varaible
with external authentication). This means a user logging in will have a
username such as ‘huston’. However if they send an email, it would be
’huston@princeton.edu’, so there’s the possibility of having two users
created. OK, I need something that populates fields from LDAP. I found
a few ways to do this, but it looks like the “not outdated” method is
the aforementioned extension. I’ve downloaded it and am looking through
things, but I have some questions for people more intimately in tune
with the code:

  1. Can I run this extension and continue to use the Apache-based
    authentication, relying on ExternalAuth just for the LDAP glue?

  2. Did I see right that any time a user logs in, this extension will
    poll LDAP to see if their information matches what’s in the RT user
    database and updates accordingly?

  3. Will the extension care if a user doesn’t exist? We may have people
    sending in emails that do not have an account in the LDAP server, and
    this should be allowed - we will want an account autocreated just as it
    is currently.

  4. Will the extension poll LDAP on an incoming email, properly creating
    the user account if it doesn’t exist with the right UID returned from
    the lookup? Or does this only work when logging in through the web
    interface?

  5. If a user is “created” as a watcher - say someone in the web
    interface adds an email address as a CC to a ticket - will ExternalAuth
    be hooked to look up that user’s information in LDAP and populate the
    uid & realname fields?

Thanks!

Steve Huston - W2SRH - Unix Sysadmin, Astrophysical Sci & CSES/PICSciE
Princeton University | ICBM Address: 40.346525 -74.651285
206 Peyton Hall |“On my ship, the Rocinante, wheeling through
Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852 | headlong into mystery.” -Rush, ‘Cygnus X-1’