[rt-users] Email and LDAP authentication problems or rather issues
Steven McDonald
mcdonald at triumf.ca
Tue Mar 10 19:00:46 EDT 2009
Hi
We are currently running an instance of RT 3.8.1. It has been setup
to use LDAP for its authentications. For the most part people are
instructed to use the web interface to submit tickets. However some
people would prefer to use email, in addition to the web. This has been
discouraged.
The problem is the following, through the web interface users are
authenticated against an LDAP server based on their username. However,
if that same user attempts to send a request via email and they have
changed the "reply-to" address in their local mail program, RT creates
another account based on that email address.
For example our LDAP is setup so that people can have two mail address,
one is based on their "username" which is also the username RT uses to
authenticate, the other is based on the standard firstname.lastname So
in my case our LDAP DB has the following entries for uid=mcdonald
mail: mcdonald at triumf.ca
mail:steven.mcdonald at triumf.ca
username "mcdonald" is used for authentication access to RT
But if I happen to change my reply-to address from mcdonald at triumf.ca
to steven.mcdonald at triumf.ca in my local mail program any request I send
to RT via email will create a new user based on this email address,
Is there any module or mechanism that can check that an email that comes
in of the form steven.mcdonald at triumf.ca checks that there is already a
user in the LDAP with this first and last name and associate this ticket
with that user.
I realize many people may have the same first and last names, but it
could also check if the domain portions of the email are also the same.
Thanks
Steve
More information about the rt-users
mailing list