Skip Menu |

This queue is for tickets about the RT-Authen-ExternalAuth CPAN distribution.

Report information
The Basics
Id: 76851
Status: open
Priority: 0/
Queue: RT-Authen-ExternalAuth

People
Owner: Nobody in particular
Requestors: tjrc [...] sanger.ac.uk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Attachments
RT-Authen-ExternalAuth-0.10_01.multiattr.patch.gz



CC: Joshua Randall <joshua.randall [...] sanger.ac.uk>
Subject: Users with alternate attributes for identification
Date: Fri, 27 Apr 2012 15:41:19 +0100
To: bug-RT-Authen-ExternalAuth [...] rt.cpan.org
From: Tim Cutts <tjrc [...] sanger.ac.uk>
Users at our Institute have alternate email address aliases (e.g. firstname.lastname@example.com) which are not directly related to their uid. The attached patch to RT::Authen::ExternalAuth adds a new configuration option (filter_attr_map) which -- if it exists -- is used in place of attr_map in the ldap search to map RT attributes to multiple possible LDAP attributes. There is an example in RT_SiteConfig in the patch. We also had to override LoadByEmail to call CanonicalizeUserInfo, because RT::User only calls this when creating new users otherwise. Arguably, there is a related bug in RT::User that CanonicalizeUserInfo should be called once before either Load or Create is attempted. We've done some (limited) testing, and it seems to work for us! Please let us know what you think. Regards, Tim & Josh -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.

Message body not shown because it is not plain text.

Subject: Re: [rt.cpan.org #76851] Users with alternate attributes for identification
Date: Fri, 27 Apr 2012 10:56:07 -0400
To: Tim Cutts via RT <bug-RT-Authen-ExternalAuth [...] rt.cpan.org>
From: Kevin Falcone <falcone [...] bestpractical.com>
On Fri, Apr 27, 2012 at 10:41:32AM -0400, Tim Cutts via RT wrote: Show quoted text
> Users at our Institute have alternate email address aliases (e.g. firstname.lastname@example.com) which are not directly related to their uid. The attached patch to RT::Authen::ExternalAuth adds a new configuration option (filter_attr_map) which -- if it exists -- is used in place of attr_map in the ldap search to map RT attributes to multiple possible LDAP attributes. There is an example in RT_SiteConfig in the patch. > > We also had to override LoadByEmail to call CanonicalizeUserInfo, because RT::User only calls this when creating new users otherwise. Arguably, there is a related bug in RT::User that CanonicalizeUserInfo should be called once before either Load or Create is attempted. > > We've done some (limited) testing, and it seems to work for us!
Depending on how your alternate emails are stored, you may want to investigate the multiple-emails branch. -kevin
Subject: Re: [rt.cpan.org #76851] Users with alternate attributes for identification
Date: Mon, 30 Apr 2012 10:18:02 +0100
To: bug-RT-Authen-ExternalAuth [...] rt.cpan.org
From: Tim Cutts <tjrc [...] sanger.ac.uk>
On 27 Apr 2012, at 15:56, falcone@bestpractical.com via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=76851 > > > On Fri, Apr 27, 2012 at 10:41:32AM -0400, Tim Cutts via RT wrote:
>> Users at our Institute have alternate email address aliases (e.g. firstname.lastname@example.com) which are not directly related to their uid. The attached patch to RT::Authen::ExternalAuth adds a new configuration option (filter_attr_map) which -- if it exists -- is used in place of attr_map in the ldap search to map RT attributes to multiple possible LDAP attributes. There is an example in RT_SiteConfig in the patch. >> >> We also had to override LoadByEmail to call CanonicalizeUserInfo, because RT::User only calls this when creating new users otherwise. Arguably, there is a related bug in RT::User that CanonicalizeUserInfo should be called once before either Load or Create is attempted. >> >> We've done some (limited) testing, and it seems to work for us!
> > Depending on how your alternate emails are stored, you may want to > investigate the multiple-emails branch.
Ooh, that sounds interesting. I'll have a look, thanks. Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.