<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="�" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sorry,
always something coming up, finally got around to my email today… only 9
hours late </span></font><font size=2 color="#1f497d" face=Wingdings><span
style='font-size:11.0pt;font-family:Wingdings;color:#1F497D'>J</span></font><font
size=2 color="#1f497d" face=Calibri><span style='font-size:11.0pt;font-family:
"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Unfortunately,
my “solution” is one that really only works in larger-IT organizations…
I had one of my helpdesk people sit down and manually fix all the db entries
for multiple users… I saw a message regarding a plugin for RT, and that
would probably have been a better idea </span></font><font size=2
color="#1f497d" face=Wingdings><span style='font-size:11.0pt;font-family:Wingdings;
color:#1F497D'>J</span></font><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>In
terms of the watcher situation, the account is created correctly for us, but
the display name is the username unless the user has rights in RT. We did
have it not creating correctly originally, but with the new system and the new
ExternalAuth version, I re-configured the LDAP query, so it’s likely the
new one we use works right for us… we’re AD backed here, so just in
case, here’s a RT_SiteConfig.pm snippet for you:-<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# The filter to use to match RT-Users<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'filter'
=> '(&(objectClass=User)(objectCategory=Person))',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# The filter that will only match disabled users<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'd_filter'
=> '(&(objectClass=User)(objectCategory=Person)(userAccountControl:1.2.840.113556.1.4.803:=2))',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# Should we try to use TLS to encrypt connections?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'tls'
=> 0,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# What other args should I pass to Net::LDAP->new($host,@args)?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'net_ldap_args' => [ version
=> 3 ],<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# Does authentication depend on group membership? What group name?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#'group'
=> 'GROUP_NAME',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#
What is the attribute for the group object that determines membership?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#'group_attr'
=> 'GROUP_ATTR',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
## RT ATTRIBUTE MATCHING SECTION<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# The list of RT attributes that uniquely identify a user<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#'attr_match_list' => [
'Name',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#
'EmailAddress', <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#
'RealName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#
'WorkPhone', <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#
'Address2'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
#
],<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'attr_match_list' => [
'Name',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'EmailAddress',
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
],<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
# The mapping of RT attributes on to LDAP attributes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'attr_map'
=> {
'Name'
=> 'sAMAccountName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'EmailAddress' =>
'mail',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'Organization' =>
'physicalDeliveryOfficeName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'RealName'
=> 'cn',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'ExternalAuthId' =>
'sAMAccountName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'Gecos'
=> 'sAMAccountName',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'WorkPhone'
=> 'telephoneNumber',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'Address1'
=> 'streetAddress',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'City'
=> 'l',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'State'
=> 'st',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'Zip'
=> 'postalCode',<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
'Country'
=> 'co'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>
}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’ve
also included the section for enabled/disabled users as it took me a while to
get that working as we wanted… I just haven’t had the time to put
it in the RT wiki, maybe someone else will be nice and include it for me </span></font><font
size=2 color="#1f497d" face=Wingdings><span style='font-size:11.0pt;font-family:
Wingdings;color:#1F497D'>J</span></font><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The
above was worked out over a few weeks to work perfectly for our environment, so
YMMV, but I suspect it should handle any standard AD “ldap” </span></font><font
size=2 color="#1f497d" face=Wingdings><span style='font-size:11.0pt;font-family:
Wingdings;color:#1F497D'>J</span></font><font size=2 color="#1f497d"
face=Calibri><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>--<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Cass<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#1f497d" face=Calibri><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></font></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><font size=2 color=black face=Tahoma><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;
font-weight:bold'>From:</span></font></b><font size=2 color=black face=Tahoma><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>
Ken Crocker [mailto:kfcrocker@lbl.gov] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, June 04, 2009 9:24
AM<br>
<b><span style='font-weight:bold'>To:</span></b> Cassandra L. Brockett<br>
<b><span style='font-weight:bold'>Cc:</span></b> 'Susan McClure'; rt-users@lists.bestpractical.com<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [rt-users] RT
ExternalAuth LDAP and Adding Local users in 3.8.2<o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt'>Cass,<br>
<br>
You mentioned in your response that when you went to 3.8 you
had trouble with multiple users of the same email address. I have a similar
problem.<br>
I am on 3.6.4 and have a bunch of users out there with the
email address as the User Name due to them being added automatically as
watchers. When they sign on (Using LDAP) at a later date, they get a new
UserID, correct name, SAME Email address. Now I have 2 id's for the same user.
I want to clean that mess up before I upgrade to 3.8.<br>
So, how did you go about cleaning up the mess?<br>
Also, do you have any suggestions on how to config my RT so
that when a User is added automatically as a watcher, RT will create a <i><span
style='font-style:italic'>real</span></i> User Name and NOT use the Email
address? Thanks.<br>
<br>
Kenn<br>
LBNL<br>
<br>
On 6/3/2009 3:06 PM, Cassandra L. Brockett wrote: <o:p></o:p></span></font></p>
<pre><font size=2 color=black face="Courier New"><span style='font-size:10.0pt'>((Apologies for top-posting, but it's just easier at the moment for me to use outlook to send email))<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>I can answer a few of your questsions:-<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>1) Users with multiple email addresses on our system become one single user, the LDAP query finds the one user responsible for the email address, and just link the submitted ticket to the correct ID.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>2) You cannot have multiple RT accounts with the same email address in the system, we had a lot of cleanup when we migrated to 3.8.2 from a badly botched install of 3.6, and this was our biggest hassle.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>3) I have AutoCreateNonExternalUsers on, but that's mostly because of the nature of the business my company is in :) However, the system seems to work fine with that disabled, and it doesn't autocreate any non-LDAP accounts unless you do so yourself.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>On another level, I know you'll hear this from a lot of angles, but it always deserves to be said... You should try this sort of thing out on a test system before setting it up in production... Especially when dealing with things like authentication, you really want to make sure youself that it does what you want it to do...<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>--<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Cass<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>-----Original Message-----<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>From: <a
href="mailto:rt-users-bounces@lists.bestpractical.com">rt-users-bounces@lists.bestpractical.com</a> [<a
href="mailto:rt-users-bounces@lists.bestpractical.com">mailto:rt-users-bounces@lists.bestpractical.com</a>] On Behalf Of Susan McClure<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Sent: Wednesday, June 03, 2009 2:30 PM<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>To: <a
href="mailto:rt-users@lists.bestpractical.com">rt-users@lists.bestpractical.com</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Cc: Susan McClure<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Subject: [rt-users] RT ExternalAuth LDAP and Adding Local users in 3.8.2<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>I have been reading the postings about RT-Authen-ExternalAuth but am confused on what appears to be some conflicting setup information.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>I am using:<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> RT 3.8.2<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> RT-Authen-ExternalAuth 0.08<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>I would like to use LDAP for authentication and information first, and that part seems to work OK.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>But I also would like to:<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> - add LOCAL users to RT internal DB (i.e; test and test-admin type<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>accounts)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> - NOT autocreate a new RT account, if we receive an email from a user that is unknown in local RT or LDAP.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> - NOT make multiple accounts for a user's multiple email aliases.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(Our ldap contains several email addresses for each user (uid) )<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>When I try to add a local account through the Web(using Root,<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Configuration->Users->Create). I receive the error "Name in Use"<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>The username I am trying to create is NOT in existence, but the email for that new account IS.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>My error_log shows:<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>==================================<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> <o:p></o:p></span></font></pre>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><font size=2
color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:45:21 2009] [debug]: User Check Failed :: ( My_LDAP ) <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>root User not found <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth/LDAP.pm:318)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:45:21 2009] [debug]: Autohandler called ExternalAuth. <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Response: (0, No User)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>html/Callbacks/ExternalAuth/autohandler/Auth:26)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:45:21 2009] [info]: Successful login for root from <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>168.7.56.227 (/usr/site/rt-3.8/PROD/share/html/autohandler:276)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:46:40 2009] [debug]: /ServiceUpdate/Elements/Header <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>calls old style callback, use $m->callback <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/usr/site/rt-3.8/PROD/share/html/Elements/Callback:51)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:46:40 2009] [crit]: HasRight called with no valid <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>object (/usr/site/rt-3.8/PROD/bin/../lib/RT/Principal_Overlay.pm:322)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [debug]: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/l<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>ib/RT/User_Vendor.pm 20 with: Address1: , Address2: , AuthSystem: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>City: , Comments: Admin Authority Level Account for RT, <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>ContactInfoSystem: , Country: , Disabled: 0, EmailAddress: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><a
href="mailto:smcclure@rice.edu">smcclure@rice.edu</a>, EmailEncoding: , ExternalAuthId: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>ExternalContactInfoId: , FreeformContactInfo: , Gecos: , HomePhone: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Lang: en, MobilePhone: , Name: smcclure-admin, NickName: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Smcclure-Admin,<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Organization: , PagerPhone: , Privileged: 1, RealName: Susan McClure, <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Signature: , State: ,<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>WebEncoding: , WorkPhone: , Zip: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth.pm:450)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [debug]: Attempting to get user info using <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>this external service: My_LDAP <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth.pm:458)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [debug]: Attempting to use this <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>canonicalization key: Name <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth.pm:472)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [debug]: LDAP Search === Base: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>ou=People,dc=rice,dc=edu == Filter: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(&(objectclass=*)(uid=smcclure-admin)) == Attrs: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Houston,cn,TX,mail,gecos,postalAddress,postalCode,telephoneNumber,uid,<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>physicalDeliveryOfficeName,uid <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth/LDAP.pm:195)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [debug]: Attempting to use this <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>canonicalization key: EmailAddress <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth.pm:472)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [debug]: LDAP Search === Base: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>ou=People,dc=rice,dc=edu == Filter: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(&(objectclass=*)(<a
href="mailto:mail=smcclure@rice.edu">mail=smcclure@rice.edu</a>)) == Attrs: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Houston,cn,TX,mail,gecos,postalAddress,postalCode,telephoneNumber,uid,<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>physicalDeliveryOfficeName,uid <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth/LDAP.pm:195)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>[Tue Jun 2 17:51:36 2009] [info]: <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>RT::Authen::ExternalAuth::CanonicalizeUserInfo returning<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Address1: 6100 Main Street, Address2: , AuthSystem: , City: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Comments: Admin Authority Level Account for RT, ContactInfoSystem: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Country: , Disabled: 0, EmailAddress: <a
href="mailto:smcclure@rice.edu">smcclure@rice.edu</a>, <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>EmailEncoding: , ExternalAuthId: smcclure, ExternalContactInfoId: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>FreeformContactInfo: , Gecos: , HomePhone: , Lang: en, MobilePhone: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Name: smcclure, NickName: Smcclure-Admin,<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Organization: 222 Mudd Building, PagerPhone: , Privileged: 1, <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>RealName: McClure, Susan, Signature: , State: , WebEncoding: , <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>WorkPhone: 713-348-4852, Zip: 77005 <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>(/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>lib/RT/Authen/ExternalAuth.pm:536)<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> <o:p></o:p></span></font></pre></blockquote>
<pre><font size=2 color=black face="Courier New"><span style='font-size:10.0pt'>==============<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>My Current RT_SiteConfig.pm for LDAP and External Auth has ====================================<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Set(@Plugins,qw(RT::FM RT::IR RT::Authen::ExternalAuth .......<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>and for LDAP<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'># special options for various plugins<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'># Authen::ExternalAuth<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Set($ExternalAuthPriority, ['My_LDAP'] ); Set($ExternalInfoPriority, ['My_LDAP'] );<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Set($ExternalServiceUsesSSLorTLS, 1);<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Set($ExternalSettings, {<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'My_LDAP' => { ## GENERIC<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>SECTION<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'type'<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> => 'ldap',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'server'<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> => 'ldap.rice.edu',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'user'<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> => 'cn=requesttracker,ou=Service Accounts,dc=rice,dc=edu',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> ..... etc etc .........<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>.................<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>And the LDAP Attributes mappings:<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> <o:p></o:p></span></font></pre>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><font size=2
color=black face="Courier New"><span style='font-size:10.0pt'>## RT ATTRIBUTE MATCHING SECTION<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> # The list of RT attributes that uniquely identify a user<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> # This example shows what you *can* specify.. I recommend reducing this<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> # to just the Name and EmailAddress to save encountering problems later.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'attr_match_list' => [ 'Name',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'EmailAddress',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'RealName',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'WorkPhone',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'Address2'<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> ],<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> # The mapping of RT attributes on to LDAP attributes<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'attr_map' => { 'Name' => 'uid',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'EmailAddress' => 'mail',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'Organization' => 'physicalDeliveryOfficeName',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'RealName' => 'cn',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'ExternalAuthId' => 'uid',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'Gecos' => 'gecos',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'WorkPhone' => 'telephoneNumber',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'Address1' => 'postalAddress',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'City' => 'Houston',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'State' => 'TX',<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> 'Zip' => 'postalCode'<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> }<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> }<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> }<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>);<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> <o:p></o:p></span></font></pre></blockquote>
<pre><font size=2 color=black face="Courier New"><span style='font-size:10.0pt'>===================<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Looking at all the postings, I am afraid that if I add:<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>==> Set($AutoCreateNonExternalUsers, 1);<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>That I will automatically MAKE a new account for users that send email or authenticate in some way other than being in our LDAP.<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Can someone clarify the different options to help me get the setup I want please?<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Thanks<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Susie McClure<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><a
href="mailto:smcclure@rice.edu">smcclure@rice.edu</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>----------------------------------<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Check out the Barracuda Spam & Virus Firewall - offering the fastest<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>virus & malware protection in the industry: <a
href="http://www.barracudanetworks.com/spam">www.barracudanetworks.com/spam</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>_______________________________________________<o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><a
href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Community help: <a
href="http://wiki.bestpractical.com">http://wiki.bestpractical.com</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Commercial support: <a
href="mailto:sales@bestpractical.com">sales@bestpractical.com</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Discover RT's hidden secrets with RT Essentials from O'Reilly Media. <o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'>Buy a copy at <a
href="http://rtbook.bestpractical.com">http://rtbook.bestpractical.com</a><o:p></o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt'> <o:p></o:p></span></font></pre></div>
<div>
---------------------------------- <br>
Check out the Barracuda Spam & Virus Firewall - offering the fastest
virus & malware protection in the industry: www.barracudanetworks.com/spam
</div>
</body>
</html>