[rt-users] User could not be loaded
Steve Berg
stevodevo at gmail.com
Tue Aug 24 19:33:48 EDT 2010
Kevin -
Thank you very much. I changed the Ldap settings to match on the following:
'attr_match_list' => [ 'Name',
'EmailAddress',
],
Now it works perfectly.
-Steve
On 24 August 2010 23:36, Kevin Falcone <falcone at bestpractical.com> wrote:
> On Tue, Aug 24, 2010 at 06:37:41AM +1000, Steve Berg wrote:
>> Here's the log from when an external email address sends in a ticket
>> via email (in this case xxx at gmail.com). I have the granted the
>> Everyone group CreateTicket both globally and at the queue level:
>>
>> [Mon Aug 23 20:33:39 2010] [debug]: Attempting to use this
>> canonicalization key: RealName
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
>> [Mon Aug 23 20:33:40 2010] [debug]: LDAP Search === Base:
>> ou=xxx,dc=xxx,dc=local == Filter: (&(objectclass=user)(cn=Steve Berg))
>> == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
>
> you've told RT-Authen-ExternalAuth that RealName is an acceptable
> canonicalization key, so when it searches for Steve Berg (presumably
> because your test email is from "Steve Berg" <something at gmail.com>)
> it loads your real internal account and then blows up when the From:
> address user account doesn't exist.
>
> Don't match on things that aren't actually unique.
>
> -kevin
>
>> [Mon Aug 23 20:33:40 2010] [info]:
>> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
>> City: Warana, Comments: Autocreated on ticket submission, Country:
>> Australia, Disabled: 0, EmailAddress: xxx.xxx at xxx.com.au,
>> ExternalAuthId: xxx.xxx, Gecos: xxx.xxx, Name: xxx.xxx, Organization:
>> Warana, Password: , Privileged: 0, RealName: Steve Berg, State: Qld,
>> WorkPhone: 07 5343 3326, Zip: 4575
>> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
>> [Mon Aug 23 20:33:40 2010] [crit]: User creation failed in
>> mailgateway: Name in use
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Mon Aug 23 20:33:40 2010] [warning]: Couldn't load user
>> 'xxx at gmail.com'.giving up
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
>> [Mon Aug 23 20:33:40 2010] [crit]: User 'xxx at gmail.com' could not be
>> loaded in the mail gateway
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Mon Aug 23 20:33:40 2010] [error]: RT could not load a valid user,
>> and RT's configuration does not allow
>> for the creation of a new user for this email (xxx at gmail.com).
>>
>> You might need to grant 'Everyone' the right 'CreateTicket' for the
>> queue IT_Support. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Mon Aug 23 20:33:40 2010] [error]: RT could not load a valid user,
>> and RT's configuration does not allow
>> for the creation of a new user for your email.
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Mon Aug 23 20:33:40 2010] [error]: Could not record email: Could not
>> load a valid user
>> (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)
>>
>>
>>
>> On 24 August 2010 05:43, Kevin Falcone <falcone at bestpractical.com> wrote:
>> > On Mon, Aug 23, 2010 at 12:27:58PM +1000, Steve Berg wrote:
>> >> Hi all,
>> >>
>> >> I have RT set up and am using RT::Authen::ExternalAuth to authenticate
>> >> users against LDAP which is working great. We now have an external
>> >> company we are working with and they don't have LDAP accounts and
>> >> when they send an email in to the RT system they receive a bounce that
>> >> says:
>> >>
>> >> "User xxx at xxx.com could not be loaded in the mail gateway"
>> >
>> > There is usually a more detailed error in the logs and sent to the
>> > OwnerEmail
>> >
>> > -kevin
>> >
>> >> My RT_SiteConfig.pm looks like:
>> >>
>> >> # Any configuration directives you include here will override
>> >> # RT's default configuration file, RT_Config.pm
>> >> #
>> >> # To include a directive here, just copy the equivalent statement
>> >> # from RT_Config.pm and change the value. We've included a single
>> >> # sample value below.
>> >> #
>> >> # This file is actually a perl module, so you can include valid
>> >> # perl code, as well.
>> >> #
>> >> # The converse is also true, if this file isn't valid perl, you're
>> >> # going to run into trouble. To check your SiteConfig file, use
>> >> # this comamnd:
>> >> #
>> >> # perl -c /path/to/your/etc/RT_SiteConfig.pm
>> >>
>> >> Set( $rtname, 'x');
>> >> Set(@Plugins, qw(RT::Authen::ExternalAuth) );
>> >> Set($LogToFile , 'debug');
>> >>
>> >> Set($ExternalAuthPriority, ['My_LDAP']);
>> >> Set($ExternalInfoPriority, ['My_LDAP']);
>> >> Set($ExternalServiceUsesSSLorTLS, 1);
>> >> Set($AutoCreateNonExternalUsers, 1);
>> >>
>> >> Set($ExternalSettings, {
>> >> 'My_LDAP' => { ## GENERIC SECTION
>> >> 'type' => 'ldap',
>> >> 'server' => 'x',
>> >> 'user' => 'x',
>> >> 'pass' => 'x',
>> >> 'base' => 'x',
>> >> 'filter' => '(objectclass=user)',
>> >> 'd_filter' =>
>> >> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>> >> 'tls' => 0,
>> >> 'ssl_version' => 3,
>> >> 'net_ldap_args' => [ version => 3 ],
>> >> #'group' => 'GROUP_NAME',
>> >> #'group_attr' => 'GROUP_ATTR',
>> >> 'attr_match_list' => [ 'Name',
>> >> 'EmailAddress',
>> >> 'RealName',
>> >> 'WorkPhone',
>> >> 'Address2'
>> >> ],
>> >> 'attr_map' => { 'Name' => 'sAMAccountName',
>> >> 'EmailAddress' => 'mail',
>> >> 'Organization' =>
>> >> 'physicalDeliveryOfficeName',
>> >> 'RealName' => 'cn',
>> >> 'ExternalAuthId' =>
>> >> 'sAMAccountName',
>> >> 'Gecos' => 'sAMAccountName',
>> >> 'WorkPhone' =>
>> >> 'telephoneNumber',
>> >> 'Address1' => 'streetAddress',
>> >> 'City' => 'l',
>> >> 'State' => 'st',
>> >> 'Zip' => 'postalCode',
>> >> 'Country' => 'co'
>> >> }
>> >> },
>> >>
>> >> }
>> >> );
>> >>
>> >> 1;
>> >>
>> >> RT Training in Washington DC, USA on Oct 25 & 26 2010
>> >> Last one this year -- Learn how to get the most out of RT!
>> >
>> >
>> > RT Training in Washington DC, USA on Oct 25 & 26 2010
>> > Last one this year -- Learn how to get the most out of RT!
>> >
>>
>> RT Training in Washington DC, USA on Oct 25 & 26 2010
>> Last one this year -- Learn how to get the most out of RT!
>
>
> RT Training in Washington DC, USA on Oct 25 & 26 2010
> Last one this year -- Learn how to get the most out of RT!
>
More information about the rt-users
mailing list