<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Berlin Sans FB";
panose-1:2 14 6 2 2 5 2 2 3 6;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1298293155;
mso-list-type:hybrid;
mso-list-template-ids:-1872745350 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I would ideally like the following to work. I think I haven’t
seen anything about hooking autocreated users to an LDAP lookup, but…<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>A user who’s never touched RT sends in a request from their
company email. They are autocreated with this email account, and a username matching
their sAMAccountName. When they come to RT to log in, the (already working)
RT::Auth::ExternalAuth lookup finds their Active Directory info, sees the
matching account name and email address, knows it’s the same account, and lets
them in if the credentials are correct as per normal LDAP-auth’d login.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Right now, if a user logs in to RT without having ever sent
in a request, LDAP auth lets them in and creates their account, and populates
with their email, and when they send in a request *<b><span style='font-weight:
bold'>after</span></b>* login it “knows” via the email that they’re an existing
user. So it works in that order. But – as with most users – they send in an
email request first, their login fails. They’ve been created as “name@domain.tld”
, then they login via AD credentials – but both the LDAP login and the
autocreated user have the same email address attrib, of course, and it barfs.
Login fails with a “already a user with that email.”<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>What’s the cleanest way to get this to work? Users here
have gotten a lot of new stuff to deal with lately, and more systems to log in
to. I *<b><span style='font-weight:bold'>really</span></b>* want them just to
be able to use their AD login info for RT, whether or not they’ve mailed in a
request before.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Berlin Sans FB"><span style='font-size:
12.0pt;font-family:"Berlin Sans FB"'>------------------------</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Rob Munsch</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>IT Administrator</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><a href="http://www.PhillyCarShare.org">http://www.Philly<strong><b><font
size=3 color=green face="Times New Roman"><span style='font-size:12.0pt;
color:green'>Car</span></font></b></strong>Share.org</a></span></font><o:p></o:p></p>
<p class=MsoNormal><strong><b><font size=3 color=green face="Times New Roman"><span
style='font-size:12.0pt;color:green'>Our</span></font></b></strong><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>
wheels. </span></font><strong><b><font color=green face="Times New Roman"><span
style='color:green'>Your</span></font></b></strong><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'> freedom.</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>215-730-0988 x131</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span><o:p></o:p></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>