[rt-users] [solved-ish] Company keeps changing is name/email addresses -> User creation failed in mailgateway: Name in use?

Philip subs at christiantena.net
Fri Jan 18 13:22:11 EST 2013 

I found that when I searched for users by 
select_user->email_address_matches->@companyy.com that there were two 
categories of user.

1. The username was a.person at companyy.com  I think that these users had 
been created without a successful AD lookup.
When such a person sent another email from a.person at companyz.co.uk RT 
treated them as a totally new user and now they exist twice.  However 
the user isn't aware of this and it is all fine.

2. The username was bperson and their email address was 
b.person at companyy.com
In this case it seems that when that user then sends an email from 
b.person at companyz.co.uk that RT does an AD lookup and figures out they 
are bperson but it can't update their email address or something...
Anyway by changing their email address to b.person at companyz.co.uk it 
makes their account work again.

This may all be linked to a time when AD lookups were unreliable.  It 
seems that the ones that didn't work have two accounts but the better 
user experience.

I would like to understand if there is a way that if someone has an 
existing account that matches an AD identity, and, if their email 
address changes, and when they send an email to RT if RT can find them 
in RT could it not update their email address automatically?

thanks, Philip

On 17/01/13 17:30, Philip wrote:
> Hi
> I am using RT 4.0.5-3 from debian squeeze-backports and ExternalAuth
>
> I have the following LDAP settings, and RT is successfully
> authenticating users again Microsoft AD.
>
> my LDAP settings
> Set($ExternalAuthPriority, ['My_LDAP']);
> Set($ExternalInfoPriority, [ 'My_LDAP']);
> Set($AutoCreateNonExternalUsers, 1); I think maybe this shouldn't be
> necessary.
> Then the My_LDAP stuff including this:-
> 'attr_match_list' => ['Name','EmailAddress'],
> 'attr_map' => {'Name' => 'sAMAccountName','EmailAddress' => 'mail',}
>
> I have privileges users who can log into the the web GUI and work on
> tickets.
> I have autogenerated users who have emailed the system. They do not need
> the web GUI at all. In fact they don't have the ssl client cert that
> they would need to get to the server.
>
> The problem is that the company keeps changing its name, and so one
> person can have had me.person at x.co.uk, me.person at y.com and
> me.person at z.co.uk over the last two years. This same person would exist
> only once as mperson in AD.
>
> I think that this is why I often get this error when someone emails the
> system.
> [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
> Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
> me.person at z.xo.uk, Name: mperson, Password: , Privileged: 0, RealName:
> (/user/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
>
> [crit]: User creation failed in mailgateway: Name in use
> (/usr/localshare/request-tracker4/lib/RT/Interface/Email.pm:245)
> [warning]: Couldn't load user 'me.person at z.co.uk'. giving up
>
> I am tempted to remove 'Name' from the attr_match_list but I'm not
> exactly sure what will happen. Additionally the privileged users are
> using their AD username on the GUI login which I guess is the same as
> sAMAccountName. I have noticed that when open a privileged user opens a
> ticket that RT will attempt to display the users real name or AD
> username rather than their email address, but actually I don't need it
> to do that.
>
> To be honest the only reason for the AD connection is so that I don't
> have to do password management for privileged users. I don't think that
> I need AD lookup for non-privileged users at all. Is it easy to have one
> without the other?
>
> I also had a look in Email.pm and under sub CreateUser if has things
> like Name => ( $Username || $Address ), EmailAddress => $Address,
> RealName => $Name which I'm afraid I don't understand.
>
> Can anyone explain to me what "name" actually means in the context of
> the error log "Name in use"?
>
> Can anyone tell me maybe how I get RT to treat the three email addresses
> but same AD username either in a way that RT can handle, or ignore the
> AD username and just use email address, or as three seperate users? or
> if there is some other solution, or if maybe I am barking up the wrong
> tree entirely.
>
> thanks, Philip

More information about the rt-users mailing list