RT Question on adding users

RT Users
1

To any and all,

I've asked this question before, but perhaps I didn't word it so it

made any sense. When we add a ‘CC’ on any correspondance thru a ticket,
we find that if the user is /not/ an RT User, as long as they pass the
LDAP test, they get added, with their email address as their Id (NAME
field). First question is:

How do we get RT to drop the '@xxx.xxx' from the Id is uses for

“NAME” on the USER Table.

Secondly, how do we get RT to add a 'CC' to the USER table as an

“unprivileged” user if they do NOT pass the LDAP test?

Thank you in advance. This one has us confused. Hopefully, it's just

a configuration thing.

Kenn
LBNL

2

To any and all,

I've asked this question before, but perhaps I didn't word it so

it made any sense. When we add a ‘CC’ on any correspondance thru a
ticket, we find that if the user is not an RT User, as long as they
pass the LDAP test, they get added, with their email address as
their Id (NAME field). First question is:

How do we get RT to drop the '@xxx.xxx' from the Id is uses for

“NAME” on the USER Table.

You can use RT::User::CanonicalizeUserInfo to munge the Name, assuming
you’re
not using RT::Authen::ExternalAuth which already overrides this.

Secondly, how do we get RT to add a 'CC' to the USER table as an

“unprivileged” user if they do NOT pass the LDAP test?

You don’t say how you’re doing LDAP auth so answering this is hard.

If you’re using RT::Authen::ExternalAuth you want to check your
setting of
AutoCreateNonExternalUsers

-kevin

3

Kevin,

Thank you so much for answering. I looked through our RT_Config.pm

file and did not see any reference to either
“RT::User::CanonicalizeUserInfo” or “RT::Authen::ExternalAuth”. Where do
I find them and how do I set them?
Our current applicable LDAP settings (in RT_SiteConfig.pm) are as
follows:

* *Set($AuthMethods, ['LDAP', 'Internal']);*
* *Set($LdapExternalAuth, 1);*
* *Set($LdapExternalInfo, 1);*
* *Set($LdapAutoCreateNonLdapUsers, 0);*

  *Set($LdapAttrMap, {'Name' => 'uid',*

  *                   'EmailAddress' => 'mail',*

  *                   'Organization' => 'o',*

  *                   'RealName' => 'cn',*

  *                   'ExternalContactInfoId' => 'dn',*

  *                   'ExternalAuthId' => 'lblempnum',*

  *                   'Gecos' => 'uid',*

  *                   'WorkPhone' => 'telephonenumber',*

  *                   'Address1' => 'lblmailstop',*

  *                   'Address2' => 'postaladdress'}*

  *         );*
* *Set($LdapRTAttrMatchList, ['ExternalContactInfoId', 'Name',
  'EmailAddress',  'RealName', 'ExternalAuthId', 'WorkPhone',
  'Address2']);*
* *Set($LdapEmailAttrMatchList, ['uid']);*
* *Set($LdapEmailAttrMatchPrefix, [''] );*
* *Set($LdapTLS, 1);*
* *Set($LdapSSLVersion, 3)*;

Do I have all the LDAP settings I need? Do I need to add one? Change

one?

THANK you!

Kenn
LBNLOn 5/13/2009 1:12 PM, Kevin Falcone wrote:

On May 13, 2009, at 12:48 PM, Ken Crocker wrote:

To any and all,

I've asked this question before, but perhaps I didn't word it so

it made any sense. When we add a ‘CC’ on any correspondance thru a
ticket, we find that if the user is not an RT User, as long as they
pass the LDAP test, they get added, with their email address as
their Id (NAME field). First question is:

How do we get RT to drop the '@xxx.xxx' from the Id is uses for

“NAME” on the USER Table.

You can use RT::User::CanonicalizeUserInfo to munge the Name, assuming
you’re
not using RT::Authen::ExternalAuth which already overrides this.

Secondly, how do we get RT to add a 'CC' to the USER table as an

“unprivileged” user if they do NOT pass the LDAP test?

You don’t say how you’re doing LDAP auth so answering this is hard.

If you’re using RT::Authen::ExternalAuth you want to check your
setting of
AutoCreateNonExternalUsers

-kevin

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

4

I read the rt-users mailing list, its ok to send mail to just the list,
rather than CCing me

Thank you so much for answering. I looked through our

RT_Config.pm file and did not see any reference to either
“RT::User::CanonicalizeUserInfo”

This is a method on the RT::User where you can customize what RT does
on user creation,
you’ll need to override and tweak it.

It should already be overridden in User_Vendor.pm by the LDAP overlay
you’re
using and you could add changes there.

or “RT::Authen::ExternalAuth”. Where do I find them and how do I set
them?

This is a perl module that implements LDAP auth, since you didn’t tell
us your
RT version or how you were doing LDAP I had to do some guessing
It appears you’re using the older overlay method (probably with 3.6)

Our current applicable LDAP settings (in RT_SiteConfig.pm) are

as follows:
• Set($AuthMethods, [‘LDAP’, ‘Internal’]);
• Set($LdapExternalAuth, 1);
• Set($LdapExternalInfo, 1);

This variable change name slightly between the Overlay and the
formal extension

• Set($LdapAutoCreateNonLdapUsers, 0);

Try changing it to 1, it should let you create users that
aren’t in LDAP

-kevin

5

Ken Crocker wrote, On 5/13/09 5:18 PM:

Kevin,

Thank you so much for answering. I looked through our RT_Config.pm file
and did not see any reference to either “RT::User::CanonicalizeUserInfo”
or “RT::Authen::ExternalAuth”. Where do I find them and how do I set them?

CanonicalizeUserInfo is a method in the RT::User, which is a part of the
base package. I think Kevin was saying that you could write an “overlay”
replacement for it. You probably already have an overlay in place, as it
appears that you are using something related to the old LDAP overlay
described at LdapUserLocalOverlay - Request Tracker Wiki and
LdapSiteConfigSettings - Request Tracker Wiki.

RT::Authen::ExternalAuth is an extension that can be used instead of that
overlay approach, and it is nicely documented at
ExternalAuth - Request Tracker Wiki.

Our current applicable LDAP settings (in RT_SiteConfig.pm) are as follows:

* *Set($AuthMethods, ['LDAP', 'Internal']);*
* *Set($LdapExternalAuth, 1);*
* *Set($LdapExternalInfo, 1);*
* *Set($LdapAutoCreateNonLdapUsers, 0);*

That looks promising. I’d bet that if you set that to ‘1’ instead, you’ll
get new internal users if they are not found in LDAP.

6

Kevin,

Yes, I am using LDAP and yes, we are on 3.6.4. I tried turning that

switch on “Set($LdapAutoCreateNonLdapUsers, 1);” and it didn’t work.
Earlier in this thread, User_Vendor.pm was mentioned and I went looking
for some of this stuff. I tried to find "

/opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth" and could not. What I found was:
-bash-3.00$ cd Callbacks
-bash-3.00$ ls -l
total 16
drwxr-xr-x 3 rt rt 4096 Feb 6 2008 LDAP
drwxr-xr-x 4 rt rt 4096 Jan 29 2008 RTx-RightsMatrix

I DID find Auth here:“opt/rt3/local/html/Callbacks/LDAP/autohandler/”.

Am I missing some software that I need to change or refer to?

Thanks.

Kenn
LBNLOn 5/14/2009 6:53 AM, Kevin Falcone wrote:

I read the rt-users mailing list, its ok to send mail to just the list,
rather than CCing me

On May 13, 2009, at 5:18 PM, Ken Crocker wrote:

Thank you so much for answering. I looked through our

RT_Config.pm file and did not see any reference to either
“RT::User::CanonicalizeUserInfo”

This is a method on the RT::User where you can customize what RT does
on user creation,
you’ll need to override and tweak it.

It should already be overridden in User_Vendor.pm by the LDAP overlay
you’re
using and you could add changes there.

or “RT::Authen::ExternalAuth”. Where do I find them and how do I set
them?

This is a perl module that implements LDAP auth, since you didn’t tell
us your
RT version or how you were doing LDAP I had to do some guessing
It appears you’re using the older overlay method (probably with 3.6)

Our current applicable LDAP settings (in RT_SiteConfig.pm) are

as follows:
� Set($AuthMethods, [‘LDAP’, ‘Internal’]);
� Set($LdapExternalAuth, 1);
� Set($LdapExternalInfo, 1);

This variable change name slightly between the Overlay and the
formal extension

� Set($LdapAutoCreateNonLdapUsers, 0);

Try changing it to 1, it should let you create users that
aren’t in LDAP

-kevin

�
Set($LdapAttrMap, {‘Name’ => ‘uid’,

               'EmailAddress' => 'mail',

               'Organization' => 'o',

               'RealName' => 'cn',

               'ExternalContactInfoId' => 'dn',

               'ExternalAuthId' => 'lblempnum',

               'Gecos' => 'uid',

               'WorkPhone' => 'telephonenumber',

               'Address1' => 'lblmailstop',

               'Address2' => 'postaladdress'}

     );

� Set($LdapRTAttrMatchList, [‘ExternalContactInfoId’, ‘Name’,
‘EmailAddress’, ‘RealName’, ‘ExternalAuthId’, ‘WorkPhone’,
‘Address2’]);
� Set($LdapEmailAttrMatchList, [‘uid’]);
� Set($LdapEmailAttrMatchPrefix, [‘’] );
� Set($LdapTLS, 1);
� Set($LdapSSLVersion, 3);
Do I have all the LDAP settings I need? Do I need to add one?
Change one?

THANK you!

Kenn
LBNL

On 5/13/2009 1:12 PM, Kevin Falcone wrote:

On May 13, 2009, at 12:48 PM, Ken Crocker wrote:

To any and all,

I've asked this question before, but perhaps I didn't word it so

it made any sense. When we add a ‘CC’ on any correspondance thru a
ticket, we find that if the user is not an RT User, as long as they
pass the LDAP test, they get added, with their email address as
their Id (NAME field). First question is:

How do we get RT to drop the '@xxx.xxx' from the Id is uses for

“NAME” on the USER Table.

You can use RT::User::CanonicalizeUserInfo to munge the Name,
assuming
you’re
not using RT::Authen::ExternalAuth which already overrides this.

Secondly, how do we get RT to add a 'CC' to the USER table as an

“unprivileged” user if they do NOT pass the LDAP test?

You don’t say how you’re doing LDAP auth so answering this is hard.

If you’re using RT::Authen::ExternalAuth you want to check your
setting of
AutoCreateNonExternalUsers

-kevin

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com