[rt-users] User could not be loaded

Kevin Falcone falcone at bestpractical.com
Tue Aug 24 09:36:49 EDT 2010 

On Tue, Aug 24, 2010 at 06:37:41AM +1000, Steve Berg wrote:
> Here's the log from when an external email address sends in a ticket
> via email (in this case xxx at gmail.com).  I have the granted the
> Everyone group CreateTicket both globally and at the queue level:
> 
> [Mon Aug 23 20:33:39 2010] [debug]: Attempting to use this
> canonicalization key: RealName
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
> [Mon Aug 23 20:33:40 2010] [debug]: LDAP Search ===  Base:
> ou=xxx,dc=xxx,dc=local == Filter: (&(objectclass=user)(cn=Steve Berg))
> == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)

you've told RT-Authen-ExternalAuth that RealName is an acceptable
canonicalization key, so when it searches for Steve Berg (presumably
because your test email is from "Steve Berg" <something at gmail.com>)
it loads your real internal account and then blows up when the From:
address user account doesn't exist.

Don't match on things that aren't actually unique.

-kevin

> [Mon Aug 23 20:33:40 2010] [info]:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
> City: Warana, Comments: Autocreated on ticket submission, Country:
> Australia, Disabled: 0, EmailAddress: xxx.xxx at xxx.com.au,
> ExternalAuthId: xxx.xxx, Gecos: xxx.xxx, Name: xxx.xxx, Organization:
> Warana, Password: , Privileged: 0, RealName: Steve Berg, State: Qld,
> WorkPhone: 07 5343 3326, Zip: 4575
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
> [Mon Aug 23 20:33:40 2010] [crit]: User creation failed in
> mailgateway: Name in use
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Mon Aug 23 20:33:40 2010] [warning]: Couldn't load user
> 'xxx at gmail.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
> [Mon Aug 23 20:33:40 2010] [crit]: User  'xxx at gmail.com' could not be
> loaded in the mail gateway
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Mon Aug 23 20:33:40 2010] [error]: RT could not load a valid user,
> and RT's configuration does not allow
> for the creation of a new user for this email (xxx at gmail.com).
> 
> You might need to grant 'Everyone' the right 'CreateTicket' for the
> queue IT_Support. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Mon Aug 23 20:33:40 2010] [error]: RT could not load a valid user,
> and RT's configuration does not allow
> for the creation of a new user for your email.
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Mon Aug 23 20:33:40 2010] [error]: Could not record email: Could not
> load a valid user
> (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
> 
> 
> 
> On 24 August 2010 05:43, Kevin Falcone <falcone at bestpractical.com> wrote:
> > On Mon, Aug 23, 2010 at 12:27:58PM +1000, Steve Berg wrote:
> >> Hi all,
> >>
> >> I have RT set up and am using RT::Authen::ExternalAuth to authenticate
> >> users against LDAP which is working great.  We now have an external
> >> company we are working with and they don't have  LDAP accounts and
> >> when they send an email in to the RT system they receive a bounce that
> >> says:
> >>
> >> "User xxx at xxx.com could not be loaded in the mail gateway"
> >
> > There is usually a more detailed error in the logs and sent to the
> > OwnerEmail
> >
> > -kevin
> >
> >> My RT_SiteConfig.pm looks like:
> >>
> >> # Any configuration directives you include  here will override
> >> # RT's default configuration file, RT_Config.pm
> >> #
> >> # To include a directive here, just copy the equivalent statement
> >> # from RT_Config.pm and change the value. We've included a single
> >> # sample value below.
> >> #
> >> # This file is actually a perl module, so you can include valid
> >> # perl code, as well.
> >> #
> >> # The converse is also true, if this file isn't valid perl, you're
> >> # going to run into trouble. To check your SiteConfig file, use
> >> # this comamnd:
> >> #
> >> #   perl -c /path/to/your/etc/RT_SiteConfig.pm
> >>
> >> Set( $rtname, 'x');
> >> Set(@Plugins, qw(RT::Authen::ExternalAuth) );
> >> Set($LogToFile , 'debug');
> >>
> >> Set($ExternalAuthPriority,  ['My_LDAP']);
> >> Set($ExternalInfoPriority,  ['My_LDAP']);
> >> Set($ExternalServiceUsesSSLorTLS,    1);
> >> Set($AutoCreateNonExternalUsers,    1);
> >>
> >> Set($ExternalSettings,      {
> >>       'My_LDAP'       =>  {   ## GENERIC SECTION
> >>             'type'                      =>  'ldap',
> >>             'server'                    =>  'x',
> >>             'user'                      =>  'x',
> >>             'pass'                      =>  'x',
> >>             'base'                      =>  'x',
> >>             'filter'                    => '(objectclass=user)',
> >>             'd_filter'                  =>
> >> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
> >>             'tls'                       =>  0,
> >>             'ssl_version'               =>  3,
> >>             'net_ldap_args'             => [    version =>  3   ],
> >>             #'group'                     =>  'GROUP_NAME',
> >>             #'group_attr'                =>  'GROUP_ATTR',
> >>             'attr_match_list'           => [    'Name',
> >>                                                 'EmailAddress',
> >>                                                 'RealName',
> >>                                                 'WorkPhone',
> >>                                                 'Address2'
> >>                                                                  ],
> >>             'attr_map'                  =>  {   'Name' => 'sAMAccountName',
> >>                                                 'EmailAddress' => 'mail',
> >>                                                 'Organization' =>
> >> 'physicalDeliveryOfficeName',
> >>                                                 'RealName' => 'cn',
> >>                                                 'ExternalAuthId' =>
> >> 'sAMAccountName',
> >>                                                 'Gecos' => 'sAMAccountName',
> >>                                                 'WorkPhone' =>
> >> 'telephoneNumber',
> >>                                                 'Address1' => 'streetAddress',
> >>                                                 'City' => 'l',
> >>                                                 'State' => 'st',
> >>                                                 'Zip' => 'postalCode',
> >>                                                 'Country' => 'co'
> >>                                                                        }
> >>                                                     },
> >>
> >>                                 }
> >> );
> >>
> >> 1;
> >>
> >> RT Training in Washington DC, USA on Oct 25 & 26 2010
> >> Last one this year -- Learn how to get the most out of RT!
> >
> >
> > RT Training in Washington DC, USA on Oct 25 & 26 2010
> > Last one this year -- Learn how to get the most out of RT!
> >
> 
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100824/a3d83adc/attachment.sig>

More information about the rt-users mailing list