<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns1="http://schemas.microsoft.com/office/2004/12/omml">
<head>
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--a:link
{mso-style-priority:99;}
span.MSOHYPERLINK
{mso-style-priority:99;}
a:visited
{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
{mso-style-priority:99;}
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Berlin Sans FB";
panose-1:2 14 6 2 2 5 2 2 3 6;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Arial;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.EmailStyle18
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>Subject:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Re: [rt-users]
Autocreated users and ldap auth</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><b><font size=2 color="#1f497d" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#1F497D;font-weight:bold'>> </span></font></b><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>I’m
using Authen::ExternalAuth and it seems to be working. If a user logs in
to RT using Active Directory credentials, they get in and get
autocreated. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#1F497D'>></span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#1F497D'>> </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>However, if
before RT login, they submit a ticket, they cannot log in: rt complains that
the email address is already in use (AD lookup finds the email they submitted
from) and says it’s in use. I think I’ve misunderstood: I
thought RT would treat identical info as one account, and LDAP lookup would
take precedence. How can I merge them so ldap lookup is always used,
whether they submitted a ticket or not..?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#1F497D'>></span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#1F497D'>> </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>I’m
not sure I’m asking this clearly. Should I be turning off the
create-on-ticket-submit functionality to achieve this?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>I just ran into this
myself when setting up our LDAP authentication. Our problem was that the
LDAP server did not actually have the email address stored, so the username
created in RT was the email address. I had to go in and manually change
the usernames of all the accounts with email addresses in the username field.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:Calibri;color:#1F497D'>What’s the
value of ‘attr_match_list’ and ‘attr_map’ in your
RT_SiteConfig.pm file?<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=3 face="Berlin Sans FB"><span style='font-size:
12.0pt;font-family:"Berlin Sans FB"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Haven’t altered them from initial values, since it
seemed to work at first…<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'># The list of RT attributes that uniquely identify a
user<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'attr_match_list' => [
'Name',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'EmailAddress',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> ],<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> # The mapping of RT attributes on to
LDAP attributes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'attr_map' => {
'Name' => 'sAMAccountName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'EmailAddress'
=> 'mail',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'Organization'
=> 'physicalDeliveryOfficeName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'RealName'
=> 'cn',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'>
'ExternalAuthId' => 'sAMAccountName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'Gecos'
=> 'sAMAccountName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'WorkPhone'
=> 'telephoneNumber',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'Address1'
=> 'streetAddress',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'City'
=> 'l',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'State'
=> 'st',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'Zip'
=> 'postalCode',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'> 'Country'
=> 'co'</span></font><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Our AD has email values defined. A ticket submitter gets
created with account name “name@address,” which of course also
becomes that autocreated users’ email address. The user then tries to
log in, is checked on AD, their email address is the same, and it tells me “already
a user with that email address.” I want to tell it “yes, same
person, if credentials match let them in!”<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Berlin Sans FB"><span style='font-size:
12.0pt;font-family:"Berlin Sans FB"'>-----------------------</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Rob Munsch</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>IT Administrator</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><a href="http://www.PhillyCarShare.org">http://www.Philly<strong><b><font
color=green face="Times New Roman"><span style='color:green'>Car</span></font></b></strong>Share.org</a></span></font><o:p></o:p></p>
<p class=MsoNormal><strong><b><font size=2 color=green face="Times New Roman"><span
style='font-size:10.0pt;color:green'>Our</span></font></b></strong><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>
wheels. </span></font><strong><b><font size=2 color=green
face="Times New Roman"><span style='font-size:10.0pt;color:green'>Your</span></font></b></strong><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> freedom.</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>215-730-0988 x131</span></font><o:p></o:p></p>
</div>
</body>
</html>