<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">I figured this one out after some more experimentation. In the event that there is an user in the local database with the same e-mail address as the user logging in, and the account for the ldap user needs to be created, creation fails although no exception log is thrown that *this* is the case. For example:<DIV><BR class="khtml-block-placeholder"></DIV><DIV>Local:</DIV><DIV>Username: <A href="mailto:testuser@domain.com">testuser@domain.com</A></DIV><DIV>Email: <A href="mailto:testuser@domain.com">testuser@domain.com</A></DIV><DIV>(Created prior to ldap integration through the e-mail gateway or when added as a watcher to a ticket)</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>LDAP:</DIV><DIV>Username: testuser</DIV><DIV>Email: <A href="mailto:testuser@domain.com">testuser@domain.com</A></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>When testuser attempts to log in, LDAP auth is successful, the account creation fails, and testuser is denied the ability to login to rt.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>An error about the fact that there was an e-mail address conflict during account creation would be most helpful.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>-Garret</DIV><DIV><BR><DIV><DIV>On Nov 13, 2006, at 9:21 PM, Garret Huntress wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV>Hello,</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>I've been trying to setup LDAP integration in RT 3.6.1, however I am unable to get authentication to work properly. Authentication against the LDAP directory succeeds (the code is able to bind with the supplied credentials), however the $UserObj->Id variable remains undefined, and the rest of the code fails. I spent the weekend poking around in the code, I've attached some logs below to help explain what I have found.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Note, I've removed some details from the logs for privacy/security:</DIV><DIV>$MyUID is my ldap UID</DIV><DIV>$MyDN is my ldap DN</DIV><DIV>$MyEMAIL is my Email</DIV><DIV>$MyINFO is all of the LDAP info</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The first key line in the logs seems to be: [Sat Nov 11 19:34:19 2006] [warning]: Transaction->Create couldn't, as you didn't specify an object type and id (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1466)</DIV><DIV>Which occurs at this line of code in the LDAP Auth callback: <FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">my ($val, $msg) = $UserObj->SetName($user);</SPAN></FONT></DIV><DIV>What this means, I do not know. I'm not familiar enough with RT's structure to debug that line.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The next key log is: [Sat Nov 11 19:34:19 2006] [debug]: RT::User::IsPassword auth method IsLDAPPassword SUCCEEDED (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:291)</DIV><DIV>So the code is able to bind with the credentials I supplied. Our ldap server logs also indicate successful binding as my user</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>The next key log: [Sat Nov 11 19:34:19 2006] [info]: Autocreated authenticated user $MyUID () (/usr/share/rt3/html/Callbacks/LDAP/autohandler/Auth:23)</DIV><DIV>Which occurs at this line in the LDAP Auth callback: <FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">$RT::Logger->info("Autocreated authenticated user " . $UserObj->Name . </SPAN></FONT><FONT class="Apple-style-span" face="Courier" size="3"><SPAN class="Apple-style-span" style="font-size: 13px;">" (" . $UserObj->Id . ")\n");</SPAN></FONT></DIV><DIV>What's interesting about this is that the $UserObj->Id is blank. This means that no data is loaded into the $session{'CurrentUser'} variable, and remainder of the code fails to execute because it is dependent on $session{'CurrentUser'}->Id to be set</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Is this a bug, or is something wrong with my LDAP mapping that cause the $UserObj->Id value to not be set? Below are the relevant LDAP settings from my RT_SiteConfig.pm (I've left out server settings since I know those are working):</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Set($AuthMethods, ['LDAP', 'Internal']);</DIV><DIV>Set($LdapExternalAuth, 1);</DIV><DIV>Set($LdapExternalInfo, 1);</DIV><DIV>Set($LdapAutoCreateNonLdapUsers, 1);</DIV><DIV>Set($LdapAttrMap, {'Name' => 'uid',</DIV><DIV> 'EmailAddress' => 'mail',</DIV><DIV> 'Organization' => 'o',</DIV><DIV> 'RealName' => 'cn',</DIV><DIV> 'ExternalContactInfoId' => 'dn',</DIV><DIV> 'ExternalAuthId' => 'uid',</DIV><DIV> 'Gecos' => 'uid',</DIV><DIV> 'WorkPhone' => 'telephoneNumber',</DIV><DIV> 'Address1' => 'street',</DIV><DIV> 'City' => 'l',</DIV><DIV> 'State' => 'st',</DIV><DIV> 'Zip' => 'postalCode',</DIV><DIV> 'Country' => 'co'}</DIV><DIV>);</DIV><DIV>Set($LdapRTAttrMatchList, ['ExternalContactInfoId',</DIV><DIV> 'Name',</DIV><DIV> 'EmailAddress',</DIV><DIV> 'RealName']</DIV><DIV>);</DIV><DIV>Set($LdapEmailAttrMatchList, ['mail']);</DIV><DIV>Set($LdapEmailAttrMatchPrefix, ['']);</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>-Garret</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>P.S. Logs</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>[Sat Nov 11 19:34:19 2006] [warning]: Transaction->Create couldn't, as you didn't specify an object type and id (/usr/lib/perl5/vendor_perl/5.8.8/RT/Record.pm:1466)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: Trying LDAP authentication (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:153)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::IsLDAPPassword Found LDAP DN: $MyDN (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:187)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::IsLDAPPassword AUTH OK: $MyUID ($MyDN) (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:222)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::IsPassword auth method IsLDAPPassword SUCCEEDED (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:291)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 190 with: Disabled: 0, EmailAddress: , Gecos: $MyUID, Name: $MyUID, Privileged: 0 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:378)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "MyDN" and filter "uid=$MyUID" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 393 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeEmailAddress : called with "$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 402 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:326)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "$MyDN" and filter "mail=$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 332 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: FOUND OK (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:335)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeEmailAddress $MyEMAIL => $MyEMAIL (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:345)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeUserInfo returning $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:411)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeEmailAddress : called with "$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 194 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:326)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "$MyDN" and filter "mail=$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 332 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: FOUND OK (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:335)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeEmailAddress $MyEMAIL => $MyEMAIL (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:345)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::CanonicalizeEmailAddress : called with "$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Overlay.pm 561 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:326)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: RT::User::LookupExternalUserInfo called with baseDN "$MyDN" and filter "mail=$MyEMAIL" by RT::User /usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm 332 (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:508)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::LookupExternalUserInfo : $MyINFO (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:563)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [debug]: FOUND OK (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:335)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: RT::User::CanonicalizeEmailAddress $MyEMAIL => $MyEMAIL (/usr/lib/perl5/vendor_perl/5.8.8/RT/User_Local.pm:345)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [info]: Autocreated authenticated user $MyUID () (/usr/share/rt3/html/Callbacks/LDAP/autohandler/Auth:23)</DIV><DIV>[Sat Nov 11 19:34:19 2006] [error]: FAILED LOGIN for $MyUID from 10.1.1.254 (/usr/share/rt3/html/autohandler:238)</DIV><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">-- </DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Garret W. Huntress</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">System Administrator / System Developer</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Geophysical Laboratory</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Carnegie Institution of Washington</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">5251 Broad Branch Road, NW</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Washington, DC 20015</DIV></SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Community help: <A href="http://wiki.bestpractical.com">http://wiki.bestpractical.com</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Commercial support: <A href="mailto:sales@bestpractical.com">sales@bestpractical.com</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Discover RT's hidden secrets with RT Essentials from O'Reilly Media.<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Buy a copy at <A href="http://rtbook.bestpractical.com">http://rtbook.bestpractical.com</A></DIV> </BLOCKQUOTE></DIV><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">-- </DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Garret W. Huntress</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">System Administrator / System Developer</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Geophysical Laboratory</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Carnegie Institution of Washington</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">5251 Broad Branch Road, NW</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Washington, DC 20015</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Email:<SPAN class="Apple-converted-space"> </SPAN><A href="mailto:ghuntress@ciw.edu">ghuntress@ciw.edu</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Phone: (202)-478-8973</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">AIM: Garret Huntress</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN></DIV></DIV></BODY></HTML>