Skip Menu |

This queue is for tickets about the RT-Authen-ExternalAuth CPAN distribution.

Report information
The Basics
Id: 43478
Status: open
Priority: 0/
Queue: RT-Authen-ExternalAuth

People
Owner: Nobody in particular
Requestors:
Cc: RINGERC [...] cpan.org
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: Enhancement to selectively update fields from LDAP
Date: Fri, 20 Feb 2009 13:25:03 -0500
To: <bug-RT-Authen-ExternalAuth [...] rt.cpan.org>
From: "Pete Gillis" <pgillis [...] usm.maine.edu>
We use an LDAP source to authenticate users and populate their data. For one field in particular, email, it is necessary for some users to change the address to an address that is different than the one in the LDAP source. We need the address set to the LDAP value when the user is created, but would rather that one field not be overwritten on subsequent logins. Would be nice to have a configuration option where you could set some fields as populated on user creation but then left alone after. I have patched our local install for email specifically, but I do not have a patch that would handle reconfigurability. If you would like some help with this, please let me know. Thanks... Pete ====================== Peter Gillis Database and Application Support University of Southern Maine USM Professional Staff Senate ======================
On Fri Feb 20 13:26:23 2009, pgillis@usm.maine.edu wrote: Show quoted text
> We use an LDAP source to authenticate users and populate their data. > For one field in particular, email, it is necessary for some users > to change the address to an address that is different than the one > in the LDAP source. We need the address set to the LDAP value when > the user is created, but would rather that one field not be > overwritten on subsequent logins. > > Would be nice to have a configuration option where you could set some > fields as populated on user creation but then left alone after. I > have patched our local install for email specifically, but I do not > have a patch that would handle reconfigurability.
If there was a patch to try and implement this, I'd be happy to review it, but I don't think it's likely to make it to the top of the TODO list otherwise. -kevin
RT::Extension::LDAPImport supports the functionality you desire, but lacks other features. It cannot perform bind authentication checks with LDAP or create users on first access. It has to be run as a batch job. Also, passwords must either be stored in clear-text in LDAP (ugh!), set separately in RT, or you must use an external auth system like Apache's mod_ldap_authnz and set RT to honour the REMOTE_USER setting. I would love to see a merge of the functionality of RT::Extension::LDAPImport and RT::Authen::ExternalAuth - giving ExternalAuth the ability to selectively update accounts and the ability to create groups, so it'd be a full superset of LDAPImport's functionality.