[rt-users] Email and LDAP authentication problems or rather issues

Steven McDonald mcdonald at triumf.ca
Tue Mar 10 19:00:46 EDT 2009


Hi

    We are currently running an instance of RT 3.8.1. It has been setup 
to use LDAP for its authentications. For the most part people are 
instructed to use the web interface to submit tickets. However some 
people would prefer to use email, in addition to the web. This has been 
discouraged.

The problem is the following, through the web interface users are 
authenticated against an LDAP server based on their username. However, 
if that same user attempts to send a request via email and they have 
changed the "reply-to" address in their local mail program, RT  creates 
another account based on that email address.

For example our LDAP is setup so that people can have two mail address, 
one is based on their "username" which is also the username RT uses to 
authenticate, the other is based on the standard firstname.lastname So 
in my case our LDAP DB has the following entries for uid=mcdonald

mail: mcdonald at triumf.ca
mail:steven.mcdonald at triumf.ca

username "mcdonald" is used for authentication access to RT

But if I happen to change my reply-to address  from mcdonald at triumf.ca 
to steven.mcdonald at triumf.ca in my local mail program any request I send 
to RT via email will create a new user based on this email address,

Is there any module or mechanism that can check that an email that comes 
in of the form steven.mcdonald at triumf.ca checks that there is already a 
user in the LDAP with this first and last name and associate this ticket 
with that user.

I realize many people may have the same first and last names, but it 
could also check if the domain portions of the email are also the same.

Thanks
Steve



More information about the rt-users mailing list