[rt-users] External users unable to create tickets since ExternalAuth activated

Tue Jan 11 14:00:02 EST 2011

Kevin,

Would this option require the use of a check to the DataBase? A'la My_Oracle
as a secondary External Setting?

I'm in the same situation where we have some outside consultants that are
NOT in our LDAP database, but need to reply/own tickets in RT.
I was looking at the RT_SiteConfig.pm setting options in
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc and saw the instructions
for 'My_My_SQL'.

These are the parameters I used:

*Set($ExternalAuthPriority,  [ 'My_LDAP', ‘My_Oracle’] );*

*Set($ExternalInfoPriority,  [ 'My_LDAP' ] );*

*Set($ExternalServiceUsesSSLorTLS, 1);*

*Set($AutoCreateNonExternalUsers, 0);*

#

# These are the full settings for each external service as a HashOfHashes

#

*Set(*

*    $ExternalSettings,*

*      {*

*        'My_LDAP' =>*

*           {*

*            Our LDAP stuff - Works well*

 *           }
***

*      },*
*# Settings for secondary Auth - using our Oracle DataBase
*

*      {*

*        'My_Oracle' =>*

*           {*

*            ‘type’           => 'db',*

*            ‘server’        => 'luther',*

*            ‘database’   => ‘rtdev’,*

*            ‘table’          =>  ‘USERS’,*

*            ‘user’           =>  ‘OURID’,*

*            ‘pass’           =>  ‘XXXXXXXX’,*

*            ‘port’           => '’,*

*            ‘u_field’       =>  ‘name’,*

*            ‘dbi_driver’ =>  ‘’,*

*            ‘p_field’       =>  ‘’,*

*            ‘p_enc_pkg’ =>  ‘’,*

*            ‘p_enc_sub’ =>  ‘’,*

*            ‘p_salt’         =>  ‘’,*

*            ‘d_field’       =>   '’,*

*            ‘d_values’    => '',*

*            ‘attr_match_list’  => [' EmailAddress'],*

*            ‘attr_map’            =>  ['EmailAddress'    => 'mail']*

*           }*

*      }*

*   );*
*1;

*Am I on the right track?*
*
Kenn
LBNL*

*
On Tue, Jan 11, 2011 at 7:40 AM, Kevin Falcone <falcone at bestpractical.com>wrote:

> On Mon, Jan 10, 2011 at 11:04:52PM -0400, Nicôle Layne-Balram wrote:
> > Since implementing external auth (LDAP option), RT works as expected for
> users within AD, but I've just realized that external users are unable to
> create tickets, even with the appropriate "Everybody" permissions set via
> the web interface (globally as well as queue-specific).
>
> This comes up about twice a month on the mailing list, there is a
> config option documented in the RT-Authen-ExternalAuth config file to
> enable the creation of external users
>
> -kevin
>
> > Error within logs:
> > *timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
> returning Comments: Autocreated on ticket submission, Disabled: 0,
> EmailAddress: yyy at hotmail.com, Name: yyy at hotmail.com, Password: ,
> Privileged: 0, RealName: Jane Doe
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
> > Jan 10 21:21:58 RT RT: Couldn't load user 'yyy at hotmail.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
> >
> > RT_SiteConfig.pm:
> > Set($rtname , "xxx.com");
> > Set($Organization , "xxx.com");
> > Set($Timezone , 'US/Eastern');
> > Set($DatabaseType , 'mysql');
> > Set($DatabaseHost   , 'localhost');
> > Set($DatabaseRTHost , 'localhost');
> > Set($DatabasePort , '');
> > Set($DatabaseUser , 'rt');
> > Set($DatabasePassword , 'xyz');
> > Set($OwnerEmail , 'root');
> > Set($RTAddressRegexp , '([a-z]+)\@rt\.xxx\.com$');
> > Set($ValidateUserEmailAddresses, 1);
> > Set($CorrespondAddress , 'no-reply at rt.xxx.com');
> > Set($CommentAddress , 'no-reply-comment at rt.xxx.com');
> > Set( $WebDomain, 'rt.xxx.com' );
> > Set($WebPath, "");
> > Set($CanonicalizeRedirectURLs, 1);
> > Set($LogToSyslog , 'info');
> > Set($UnsafeEmailCommands,1);
> > Set($LogToSyslog, "debug");
> > Set($AutoCreateNonExternalUsers, 1);
> > Set($AutoCreate, {Privileged => 1});
> > Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
> RT::Extension::MobileUI RT::Authen::ExternalAuth));
> > require
> "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
> >
> > 1;
> >
> > External User gets two returned e-mails from no-reply at rt.xxx.com:
> > RT could not load a valid user, and RT's configuration does not allow for
> the creation of a new user for your email.
> > User 'yyy at hotmail.com' could not be loaded in the mail gateway
> >
> > Any help and suggestions would be greatly appreciated.
> >
> > Thanks,
> > Nicôle
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110111/74fc5222/attachment.htm>