[rt-users] Autocreated / LDAP user merge
Robert Munsch
Munsch at phillycarshare.org
Wed Dec 24 11:36:13 EST 2008
I would ideally like the following to work. I think I haven’t seen anything about hooking autocreated users to an LDAP lookup, but…
A user who’s never touched RT sends in a request from their company email. They are autocreated with this email account, and a username matching their sAMAccountName. When they come to RT to log in, the (already working) RT::Auth::ExternalAuth lookup finds their Active Directory info, sees the matching account name and email address, knows it’s the same account, and lets them in if the credentials are correct as per normal LDAP-auth’d login.
Right now, if a user logs in to RT without having ever sent in a request, LDAP auth lets them in and creates their account, and populates with their email, and when they send in a request *after* login it “knows” via the email that they’re an existing user. So it works in that order. But – as with most users – they send in an email request first, their login fails. They’ve been created as “name at domain.tld” , then they login via AD credentials – but both the LDAP login and the autocreated user have the same email address attrib, of course, and it barfs. Login fails with a “already a user with that email.”
What’s the cleanest way to get this to work? Users here have gotten a lot of new stuff to deal with lately, and more systems to log in to. I *really* want them just to be able to use their AD login info for RT, whether or not they’ve mailed in a request before.
Thanks,
------------------------
Rob Munsch
IT Administrator
http://www.PhillyCarShare.org <http://www.PhillyCarShare.org>
Our wheels. Your freedom.
215-730-0988 x131
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20081224/359cb7b4/attachment.htm>
More information about the rt-users
mailing list