[rt-users] Autocreated users and ldap auth

Robert Munsch Munsch at phillycarshare.org
Thu Dec 18 17:55:05 EST 2008 

 

Subject: Re: [rt-users] Autocreated users and ldap auth

 

> I’m using Authen::ExternalAuth and it seems to be working.  If a user logs in to RT using Active Directory credentials, they get in and get autocreated.  

> 

> However, if before RT login, they submit a ticket, they cannot log in: rt complains that the email address is already in use (AD lookup finds the email they submitted from) and says it’s in use.  I think I’ve misunderstood: I thought RT would treat identical info as one account, and LDAP lookup would take precedence.  How can I merge them so ldap lookup is always used, whether they submitted a ticket or not..?

> 

> I’m not sure I’m asking this clearly.  Should I be turning off the create-on-ticket-submit functionality to achieve this?

 

I just ran into this myself when setting up our LDAP authentication.  Our problem was that the LDAP server did not actually have the email address stored, so the username created in RT was the email address.  I had to go in and manually change the usernames of all the accounts with email addresses in the username field.

 

What’s the value of ‘attr_match_list’ and ‘attr_map’ in your RT_SiteConfig.pm file?

 

Haven’t altered them from initial values, since it seemed to work at first…

 

# The list of RT attributes that uniquely identify a user

             'attr_match_list'      => [    'Name',

                                            'EmailAddress',

                                       ],

             # The mapping of RT attributes on to LDAP attributes

              'attr_map'             =>  {   'Name' => 'sAMAccountName',

                                                   'EmailAddress' => 'mail',

                                                   'Organization' => 'physicalDeliveryOfficeName',

                                                   'RealName' => 'cn',

                                                    'ExternalAuthId' => 'sAMAccountName',

                                                    'Gecos' => 'sAMAccountName',

                                                    'WorkPhone' => 'telephoneNumber',

                                                    'Address1' => 'streetAddress',

                                                    'City' => 'l',

                                                    'State' => 'st',

                                                    'Zip' => 'postalCode',

                                                    'Country' => 'co'

 

Our AD has email values defined.  A ticket submitter gets created with account name “name at address,” which of course also becomes that autocreated users’ email address.  The user then tries to log in, is checked on AD, their email address is the same, and it tells me “already a user with that email address.”  I want to tell it “yes, same person, if credentials match let them in!”

 

Thanks,

 

-----------------------

Rob Munsch

IT Administrator

http://www.PhillyCarShare.org <http://www.PhillyCarShare.org> 

Our wheels.  Your freedom.

215-730-0988 x131

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081218/cf255110/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Robert Munsch.vcf
Type: text/x-vcard
Size: 141 bytes
Desc: Robert Munsch.vcf
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081218/cf255110/attachment.vcf>

More information about the rt-users mailing list