[rt-users] LDAP authentication and existing users
joe.hartley at retailsolutions.com
Wed Dec 10 10:48:12 EST 2008
I feel like I'm heading deeper and deeper down a rathole here...
From: Rich West [mailto:Rich.West at wesmo.com]
> With the default settings in
> local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm, new users
> will get created with their AD account name. At least, that is the
> it behaved for me.
That'll be brilliant, I'll have to find someone who hasn't submitted a
To try it out!
> The down side was that external users with the same
> account name (from a different domain, for example) could not open
> tickets because of conflicting names. Once I changed the
> 'attr_match_list' to just the EmailAddress, the accounts started
> created with the email address as the account name.
> More than likely, at some point in time, you adjusted the
> 'attr_match_list' to only include the email address like so:
> 'attr_match_list' => ['EmailAddress' ],
I've only been hacking at this a couple of days now, the only change was
Make "attr_match_list => ['Name', 'EmailAddress']," which is the new
> However, your users can log in to RT's interface using their email
This is not working for me, but I may be confused as to how it's
work. Example: User John Doe has submitted a ticket in the past via
A user was created in RT with the username, email and real name of
John.Doe at example.com. John was unable to log into RT using his email
The logs show that the error on LDAP authentication is "User not found
more than one user found."
What's even worse for me is that if John uses his network username to
he's successful, but RT creates a new user with the ID, so he doesn't
tickets, and I can't change the username on the user account that is the
requestor of the tickets, because now a user with that name exists.
This Active Directory stuff is of the devil, I tell ya!
Thanks for the info, I appreciate it.
More information about the rt-users