<div>It sounds like your matching setup in your LDAP settings is matching to "Paul Smith" for both users... try matching to email address.</div>
<div> </div>
<div>HTH</div>
<div>MIke.<br><br></div>
<div class="gmail_quote">On Thu, May 12, 2011 at 11:11 AM, Giuseppe Sollazzo <span dir="ltr"><<a href="mailto:gsollazz@sgul.ac.uk">gsollazz@sgul.ac.uk</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div text="#000000" bgcolor="#ffffff">Hi,<br>I've noticed this behaviour that I'm not sure how to explain.<br><br>I'm experimenting with our externally facing queue. There seems to be a problem about people with same name creating tickets as external users.<br>
<br>I've got this relevant bits of configuration:<br><br><tt>Set( @Plugins, qw(RT::Authen::ExternalAuth));<br>Set($ExternalAuthPriority, [<br> 'My_LDAP'<br> ]<br>
);<br>Set($ExternalInfoPriority, [<br> 'My_LDAP'<br> ]<br>);<br>Set($AutoCreateNonExternalUsers, 1);<br></tt><br><br>Moreover, "Everyone" can create tickets on the queue. What happened:<br>
1 - I sent an e-mail from username@ldap from "Paul Smith" -> ticket and users were created ok<br>2 - I sent an e-mail from <a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a> from "Paul Smith" -> failed as "Name in use".<br>
3 - If I send an e-mail from other name/surname, it works providing it's not in ldap<br><br>More precisely,<br><br><tt>[Thu May 12 14:31:27 2011] [debug]: Going to create user with address '<a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a>' (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:97)<br>
[Thu May 12 14:31:27 2011] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::Authen::ExternalAuth /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 553 with: Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress: <a href="mailto:peppe@orkus.it" target="_blank">peppe@orkus.it</a>, Name: <a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a>, Password: , Privileged: 0, RealName: Paul Smith (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)<br>
[Thu May 12 14:31:27 2011] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)<br>[Thu May 12 14:31:27 2011] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)<br>
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base: ou=people,o=domain == Filter: (&(uid=*)(<a href="mailto:uid=another@different.domain.com" target="_blank">uid=another@different.domain.com</a>)) == Attrs: l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)<br>
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this canonicalization key: EmailAddress (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)<br>[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base: ou=people,o=domain == Filter: (&(uid=*)(<a href="mailto:mail=another@different.domain.com" target="_blank">mail=another@different.domain.com</a>)) == Attrs: l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)<br>
[Thu May 12 14:31:27 2011] [debug]: <b>Attempting to use this canonicalization key: RealName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)<br>[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base: ou=people,o=domain == Filter: (&(uid=*)(cn=Paul Smith))</b> == Attrs: l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)<br>
[Thu May 12 14:31:27 2011] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: London, Comments: Autocreated on ticket submission, Country: , Disabled: 0, EmailAddress: <a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a>, ExternalAuthId: username, Gecos: Paul Smith, Computing, : (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)<br>
[Thu May 12 14:31:27 2011] [crit]: U<b>ser creation failed in mailgateway: Name in use</b> (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)<br>[Thu May 12 14:31:48 2011] [warning]: Couldn't load user '<a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a>'.giving up (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:996)<br>
[Thu May 12 14:31:48 2011] [crit]: User '<a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a>' could not be loaded in the mail gateway (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)<br>
[Thu May 12 14:31:59 2011] [error]: RT could not load a valid user, and RT's configuration does not allow<br>for the creation of a new user for this email (<a href="mailto:another@different.domain.com" target="_blank">another@different.domain.com</a>).<br>
<br>You might need to grant 'Everyone' the right 'CreateTicket' for the<br></tt><br>I guess the problem is that it does not allow auto creation when it finds a user with the same name in the authentication authority... is there any chance to disable CanonicalizeUserInfo - providing that is responsible? Or maybe using AutoCreateFromExternalUserInfo (even though that would not be the behaviour I'd like to activate).<br>
<br>Any suggestion really appreciated!<br><br>Best regards,<br>Giuseppe<small><small><small><span style="TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium 'Times New Roman'; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px"><span style="LINE-HEIGHT: 27px; FONT-FAMILY: Helvetica, Arial, sans-serif; COLOR: rgb(58,58,58); FONT-SIZE: 26px"></span></span></small></small></small><br>
<br><pre cols="72">--
____________________________________
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE
Email: <a href="mailto:gsollazz@sgul.ac.uk" target="_blank">gsollazz@sgul.ac.uk</a>
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583
</pre></div></blockquote></div><br><br clear="all"><br>-- <br>Mike Johnson<br>Datatel Programmer/Analyst<br>Northern Ontario School of Medicine<br>955 Oliver Road<br>Thunder Bay, ON P7B 5E1<br>Phone: (807) 766-7331<br>
Email: <a href="mailto:mike.johnson@nosm.ca">mike.johnson@nosm.ca</a><br>