[rt-users] LDAP authentication and existing users

[Joe Hartley]

I feel like I'm heading deeper and deeper down a rathole here...

From: Rich West [mailto:Rich.West at wesmo.com] 
> With the default settings in 
> local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm, new users 
> will get created with their AD account name.  At least, that is the
way 
> it behaved for me.  

That'll be brilliant, I'll have to find someone who hasn't submitted a
ticket
To try it out!

> The down side was that external users with the same 
> account name (from a different domain, for example) could not open 
> tickets because of conflicting names.  Once I changed the 
> 'attr_match_list' to just the EmailAddress, the accounts started
getting 
> created with the email address as the account name.
>
> More than likely, at some point in time, you adjusted the 
> 'attr_match_list' to only include the email address like so:
> 'attr_match_list'           => ['EmailAddress' ],

I've only been hacking at this a couple of days now, the only change was
to
Make "attr_match_list => ['Name', 'EmailAddress']," which is the new
default.

> However, your users can log in to RT's interface using their email
address.

This is not working for me, but I may be confused as to how it's
supposed to
work.  Example:  User John Doe has submitted a ticket in the past via
email.
A user was created in RT with the username, email and real name of 
John.Doe at example.com.  John was unable to log into RT using his email
address.
The logs show that the error on LDAP authentication is "User not found
or
more than one user found."

What's even worse for me is that if John uses his network username to
log in,
he's successful, but RT creates a new user with the ID, so he doesn't
see his
tickets, and I can't change the username on the user account that is the

requestor of the tickets, because now a user with that name exists.

This Active Directory stuff is of the devil, I tell ya!

Thanks for the info, I appreciate it.