[rt-users] Failed to load valid user when Everyone has the right to CreateTicket [LDAP overlay issue?]
Fran Fabrizio
fran at cis.uab.edu
Mon Sep 17 11:27:46 EDT 2007
Ok, I have a much better lead on what is happening here now. Something
like this:
1. We get a new student who signs up for a department account, which
goes into LDAP.
2. Couple of days later, this new user submits a helpdesk request via
email using their yahoo/gmail/whatever account instead of their
department account.
3. RT receives the request, and sees there is no account for
joeuser at yahoo.com, so starts trying to canonicalize this email address
with one that is already in LDAP.
4. It matches the incoming request to a user in LDAP based on the Gecos
field (or some other mapping that it can extract from the incoming email
request) and canonicalizes joeuser at yahoo.com --> joeuser at cis.uab.edu.
5. RT creates a new account for joeuser at cis.uab.edu and bootstraps it
with info from LDAP
here's where it breaks:
6. RT then tries to load the user joeuser at yahoo.com again, and fails.
It complains about a "name in use" and then says that it cannot load
joeuser at hotmail.com nor can it create a new account.
So, in summary, RT seems to successfully canonicalize it to
joeuser at cis.uab.edu once, but forgets that info or fails to canonicalize
again and then tries to load the account by the original email address.
I think the root of the problem is that canonicalization is only working
some of the time in my setup. I'm using the combined LDAP integration
overlay that does both auth and info, described on this page:
http://wiki.bestpractical.com/view/LDAP
Here's a log sample of that happening (with my narrative in [ ] )
[ First RT tries several ways to find an existing user
'joeuser at hotmail.com' using the LookupExternalUserInfo module. Not
finding it, it canonicalizes it to joeuser at cis.uab.edu.
joeuser at cis.uab.edu doesn't exist as an RT account either, so RT creates
an account by that name ]
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=joeuser at hotmail.com =>
EmailAddress: , Name: , RealN
ame: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mailRoutingAddress=joeuser at hotmail.com
=> EmailAddress: ,
Name: , RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mailAlternateAddress=joeuser at hotmail.com
=> EmailAddress:
, Name: , RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=smtp:joeuser at hotmail.com =>
EmailAddress: , Name: ,
RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailRoutingAddress=smtp:joeuser at hotmail.com => EmailAddre
ss: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailAlternateAddress=smtp:joeuser at hotmail.com => EmailAdd
ress: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=SMTP:joeuser at hotmail.com =>
EmailAddress: , Name: ,
RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailRoutingAddress=SMTP:joeuser at hotmail.com => EmailAddre
ss: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailAlternateAddress=SMTP:joeuser at hotmail.com => EmailAdd
ress: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::CanonicalizeEmailAddress
joeuser at hotmail.com => joeuser at hotmail.com
(/usr/local/rt-3.6.4/local/lib/RT/User_Loc
al.pm:347)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu uid=joeuser at hotmail.com => EmailAddress:
, Name: , RealNa
me: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=joeuser at hotmail.com =>
EmailAddress: , Name: , RealN
ame: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
[ Ok here is where it finally maps joeuser at hotmail.com --->
joeuser at cis.uab.edu ]
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu cn=Joe User => Address1: , Address2: ,
EmailAddress: joeuser@
cis.uab.edu, ExternalAuthId: joeuser, ExternalContactInfoId:
uid=joeuser,ou=People,dc=cis,dc=uab,dc=edu, Gecos: joeuser, Name:
joeuser, Organization: , RealName: Joe User, WorkPhone:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=joeuser at cis.uab.edu => Address1: ,
Address2: , EmailAddres
s: joeuser at cis.uab.edu, ExternalAuthId: joeuser, ExternalContactInfoId:
uid=joeuser,ou=People,dc=cis,dc=uab,dc=edu, Gecos: joeuser, Name:
joeuser, Organization: , RealName
: Joe User, WorkPhone:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::CanonicalizeEmailAddress
joeuser at cis.uab.edu => joeuser at cis.uab.edu
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:347)
[ Here RT is indicating that it has auto-created the account
joeuser at uab.edu based on a ticket submission ]
Sep 10 09:01:08 cherokee RT: RT::User::CanonicalizeUserInfo returning
Address1: , Address2: , Comments: Autocreated on ticket submission,
Disabled: 0, Email
Address: joeuser at cis.uab.edu, ExternalAuthId: joeuser,
ExternalContactInfoId: uid=joeuser,ou=People,dc=cis,dc=uab,dc=edu,
Gecos: joeuser, Name: joeuser, Organization: , Pa
ssword: , Privileged: 0, RealName: Joe User, WorkPhone:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:413)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=joeuser at cis.uab.edu => Address1: ,
Address2: , EmailAddres
s: joeuser at cis.uab.edu, ExternalAuthId: joeuser, ExternalContactInfoId:
uid=joeuser,ou=People,dc=cis,dc=uab,dc=edu, Gecos: joeuser, Name:
joeuser, Organization: , RealName
: Joe User, WorkPhone:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::CanonicalizeEmailAddress
joeuser at cis.uab.edu => joeuser at cis.uab.edu
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:347)
[ Ok now for some reason RT has reverted to looking for
joeuser at hotmail.com all over again ]
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=joeuser at hotmail.com =>
EmailAddress: , Name: , RealN
ame: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mailRoutingAddress=joeuser at hotmail.com
=> EmailAddress: ,
Name: , RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mailAlternateAddress=joeuser at hotmail.com
=> EmailAddress:
, Name: , RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=smtp:joeuser at hotmail.com =>
EmailAddress: , Name: ,
RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailRoutingAddress=smtp:joeuser at hotmail.com => EmailAddre
ss: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailAlternateAddress=smtp:joeuser at hotmail.com => EmailAdd
ress: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=SMTP:joeuser at hotmail.com =>
EmailAddress: , Name: ,
RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailRoutingAddress=SMTP:joeuser at hotmail.com => EmailAddre
ss: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailAlternateAddress=SMTP:joeuser at hotmail.com => EmailAdd
ress: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::CanonicalizeEmailAddress
joeuser at hotmail.com => joeuser at hotmail.com
(/usr/local/rt-3.6.4/local/lib/RT/User_Loc
al.pm:347)
[ The following error message confuses me - what happened here? ]
Sep 10 09:01:08 cherokee RT: User creation failed in mailgateway: Name
in use (/usr/local/rt-3.6.4/lib/RT/Interface/Email.pm:243)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=joeuser at hotmail.com =>
EmailAddress: , Name: , RealN
ame: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mailRoutingAddress=joeuser at hotmail.com
=> EmailAddress: ,
Name: , RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mailAlternateAddress=joeuser at hotmail.com
=> EmailAddress:
, Name: , RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=smtp:joeuser at hotmail.com =>
EmailAddress: , Name: ,
RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailRoutingAddress=smtp:joeuser at hotmail.com => EmailAddre
ss: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailAlternateAddress=smtp:joeuser at hotmail.com => EmailAdd
ress: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu mail=SMTP:joeuser at hotmail.com =>
EmailAddress: , Name: ,
RealName: (/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailRoutingAddress=SMTP:joeuser at hotmail.com => EmailAddre
ss: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::LookupExternalUserInfo :
ou=People,dc=cis,dc=uab,dc=edu
mailAlternateAddress=SMTP:joeuser at hotmail.com => EmailAdd
ress: , Name: , RealName:
(/usr/local/rt-3.6.4/local/lib/RT/User_Local.pm:566)
Sep 10 09:01:08 cherokee RT: RT::User::CanonicalizeEmailAddress
joeuser at hotmail.com => joeuser at hotmail.com
(/usr/local/rt-3.6.4/local/lib/RT/User_Loc
al.pm:347)
[ It decides to give up because it could not create the account
joeuser at hotmail.com (see "name in use" error above) and it says that
RT's configuration does not allow for the creation of a new user for
this account, which is not true, the general queue -does- have
CreateTicket for Everyone set ]
Sep 10 09:01:08 cherokee RT: Couldn't load user
'joeuser at hotmail.com'.giving up
(/usr/local/rt-3.6.4/lib/RT/Interface/Email.pm:329)
Sep 10 09:01:08 cherokee RT: User 'joeuser at hotmail.com' could not be
loaded in the mail gateway
(/usr/local/rt-3.6.4/lib/RT/Interface/Email.pm:243)
Sep 10 09:01:09 cherokee RT: RT could not load a valid user, and RT's
configuration does not allow for the creation of a new user for this
email (joeuser
@hotmail.com). You might need to grant 'Everyone' the right
'CreateTicket' for the queue general.
(/usr/local/rt-3.6.4/lib/RT/Interface/Email.pm:243)
Sep 10 09:01:09 cherokee RT: RT could not load a valid user, and RT's
configuration does not allow for the creation of a new user for your
email. (/usr/loca
l/rt-3.6.4/lib/RT/Interface/Email.pm:243)
Sep 10 09:01:09 cherokee RT: Could not record email: Could not load a
valid user
(/usr/local/rt-3.6.4/share/html/REST/1.0/NoAuth/mail-gateway:75)
Fran Fabrizio wrote:
> Definitely not a disabled account already on the system (although why
> would that matter? Everyone can create a ticket in our setup. Or am I
> misunderstanding your comment?)
>
> It happened again over the weekend. A user tried to submit to our
> helpdesk using her hotmail account and it failed (twice). She then
> tried with her gmail and it worked. This was a user who had never
> contacted the helpdesk before.
>
> Drew Barnes wrote:
>
>> Check to make sure that address is not a disabled account already on the
>> system.
>>
>> Fran Fabrizio wrote:
>>
>>
>>> Occasionally, I get a
>>>
>>> RT could not load a valid user, and RT's configuration does not allow
>>> for the creation of a new user for this email (user at uab.edu).
>>>
>>> even though in this queue, Everyone has the right to CreateTicket. (There's nothing special about @uab.edu, I just picked that as the latest example - it happens with all sorts of domains)
>>>
>>> Has anyone else seen this? It's sporadic, once every week or two. RT 3.6.4
>>>
>>>
>>>
>>>
>
>
>
--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653
More information about the rt-users
mailing list