Skip Menu |

This queue is for tickets about the RT-Authen-ExternalAuth CPAN distribution.

Report information
The Basics
Id: 76851
Status: open
Priority: 0/
Queue: RT-Authen-ExternalAuth
People
Owner: Nobody in particular
Requestors: tjrc [...] sanger.ac.uk
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
RT-Authen-ExternalAuth-0.10_01.multiattr.patch.gz

History Show all quoted text
  Fri Apr 27 10:41:32 2012 tjrc [...] sanger.ac.uk - Ticket created
CC: Joshua Randall <joshua.randall [...] sanger.ac.uk>
Subject: Users with alternate attributes for identification
Date: Fri, 27 Apr 2012 15:41:19 +0100
To: bug-RT-Authen-ExternalAuth [...] rt.cpan.org
From: Tim Cutts <tjrc [...] sanger.ac.uk>
Users at our Institute have alternate email address aliases (e.g. firstname.lastname@example.com) which are not directly related to their uid. The attached patch to RT::Authen::ExternalAuth adds a new configuration option (filter_attr_map) which -- if it exists -- is used in place of attr_map in the ldap search to map RT attributes to multiple possible LDAP attributes. There is an example in RT_SiteConfig in the patch. We also had to override LoadByEmail to call CanonicalizeUserInfo, because RT::User only calls this when creating new users otherwise. Arguably, there is a related bug in RT::User that CanonicalizeUserInfo should be called once before either Load or Create is attempted. We've done some (limited) testing, and it seems to work for us! Please let us know what you think. Regards, Tim & Josh -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Download RT-Authen-ExternalAuth-0.10_01.multiattr.patch.gz
application/x-gzip 3k

Message body not shown because it is not plain text.

  Fri Apr 27 10:56:12 2012 falcone [...] bestpractical.com - Correspondence added
Subject: Re: [rt.cpan.org #76851] Users with alternate attributes for identification
Date: Fri, 27 Apr 2012 10:56:07 -0400
To: Tim Cutts via RT <bug-RT-Authen-ExternalAuth [...] rt.cpan.org>
From: Kevin Falcone <falcone [...] bestpractical.com>
On Fri, Apr 27, 2012 at 10:41:32AM -0400, Tim Cutts via RT wrote: Show quoted text
> Users at our Institute have alternate email address aliases (e.g. firstname.lastname@example.com) which are not directly related to their uid. The attached patch to RT::Authen::ExternalAuth adds a new configuration option (filter_attr_map) which -- if it exists -- is used in place of attr_map in the ldap search to map RT attributes to multiple possible LDAP attributes. There is an example in RT_SiteConfig in the patch. > > We also had to override LoadByEmail to call CanonicalizeUserInfo, because RT::User only calls this when creating new users otherwise. Arguably, there is a related bug in RT::User that CanonicalizeUserInfo should be called once before either Load or Create is attempted. > > We've done some (limited) testing, and it seems to work for us!
Depending on how your alternate emails are stored, you may want to investigate the multiple-emails branch. -kevin
  Fri Apr 27 10:56:13 2012 The RT System itself - Status changed from 'new' to 'open'
  Mon Apr 30 05:18:06 2012 tjrc [...] sanger.ac.uk - Correspondence added
Subject: Re: [rt.cpan.org #76851] Users with alternate attributes for identification
Date: Mon, 30 Apr 2012 10:18:02 +0100
To: bug-RT-Authen-ExternalAuth [...] rt.cpan.org
From: Tim Cutts <tjrc [...] sanger.ac.uk>
On 27 Apr 2012, at 15:56, falcone@bestpractical.com via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=76851 > > > On Fri, Apr 27, 2012 at 10:41:32AM -0400, Tim Cutts via RT wrote:
>> Users at our Institute have alternate email address aliases (e.g. firstname.lastname@example.com) which are not directly related to their uid. The attached patch to RT::Authen::ExternalAuth adds a new configuration option (filter_attr_map) which -- if it exists -- is used in place of attr_map in the ldap search to map RT attributes to multiple possible LDAP attributes. There is an example in RT_SiteConfig in the patch. >> >> We also had to override LoadByEmail to call CanonicalizeUserInfo, because RT::User only calls this when creating new users otherwise. Arguably, there is a related bug in RT::User that CanonicalizeUserInfo should be called once before either Load or Create is attempted. >> >> We've done some (limited) testing, and it seems to work for us!
> > Depending on how your alternate emails are stored, you may want to > investigate the multiple-emails branch.
Ooh, that sounds interesting. I'll have a look, thanks. Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.