[rt-users] Error when receiving emails from external (e.g. gmail) accounts

Gerrard Leach gleach at btisystems.com
Tue Jul 19 11:56:14 EDT 2011


I believe so, 
In /etc/RT_SiteConfig.pm, I have the following at the bottom

require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";

If I look at this file I see the following which indicates that external users should be created as internal ones I believe.

Set($ExternalAuthPriority,  [   'My_LDAP' ]);
Set($ExternalInfoPriority,  [   'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS,    0);
Set($AutoCreateNonExternalUsers,    1);
Set($ExternalSettings,      {   # AN EXAMPLE LDAP SERVICE
                                'My_LDAP'       =>  {   ## GENERIC SECTION
                                                        # The type of service (db/ldap/cookie) 
                                                        'type'                      =>  'ldap',
                                                        # Should the service be used for authentication?
                                                        'auth'                      =>  1,
                                                        # Should the service be used for information?
                                                        'info'                      =>  1,
                                                        # The server hosting the service
                                                        'server'                    =>  'dc.domain.com',
                                                        ## SERVICE-SPECIFIC SECTION
                                                        # If you can bind to your LDAP server anonymously you should 
                                                        # remove the user and pass config lines, otherwise specify them here:
                                                        # 
                                                        # The username RT should use to connect to the LDAP server 
                                                        'user'                      =>  'username',
                                                        # The password RT should use to connect to the LDAP server
                                                        'pass'                    =>  'password',
                                                        #
                                                        # The LDAP search base
                                                        'base'                      =>  'dc=domain,dc=com',
                                                        # The filter to use to match RT-Users
                                                        'filter'                    =>  '(objectclass=Person)',
                                                        # The filter that will only match disabled users
                                                        'd_filter'                  =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                                        # Should we try to use TLS to encrypt connections?
                                                        'tls'                       =>  0,
                                                        # What other args should I pass to Net::LDAP->new($host, at args)?
                                                        'net_ldap_args'             => [    version =>  3   ],
                                                        # Does authentication depend on group membership? What group name?
                                                      # 'group'                     =>  'Request Tracker Users',
                                                        # What is the attribute for the group object that determines membership?
                                                        'group_attr'                =>  'GROUP_ATTR',
                                                        ## RT ATTRIBUTE MATCHING SECTION
                                                        # The list of RT attributes that uniquely identify a user
                                                        'attr_match_list'           => [    'Name',
                                                                                            'EmailAddress', 
                                                                                            'RealName',
                                                                                            'WorkPhone', 
                                                                                            'Address2'
                                                                                        ],
                                                        # The mapping of RT attributes on to LDAP attributes
                                                        'attr_map'                  =>  {   'Name' => 'sAMAccountName',
                                                                                            'EmailAddress' => 'mail',
                                                                                            'Organization' => 'physicalDeliveryOfficeName',
                                                                                            'RealName' => 'cn',
                                                                                            'ExternalAuthId' => 'sAMAccountName',
                                                                                            'Gecos' => 'sAMAccountName',
                                                                                            'WorkPhone' => 'telephoneNumber',
                                                                                            'Address1' => 'streetAddress',
                                                                                            'City' => 'l',
                                                                                            'State' => 'st',
                                                                                            'Zip' => 'postalCode',
                                                                                            'Country' => 'co'
                                                                                        }
                                                    }
                                }
);

1;
-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Tuesday, July 19, 2011 11:25 AM
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Error when receiving emails from external (e.g. gmail) accounts

On Mon, Jul 18, 2011 at 11:30:27AM -0400, Gerrard Leach wrote:
> RT is integrated to an internal Microsoft Active Directory Server for 
> authentication, and no the email addresses are not corporate ones.
> (Using Gmail ones etc. to send in emails when they cannot VPN in to 
> access RT, or their domain credentials are locked out etc.

Do you have RT-Authen-ExternalAuth configured to allow for account creation for emails outside your AD server?

If not, there will never be a current user and this will cause CommandByMail to fail when it tries to find Custom Fields.

Do you actually want external users using CommandByMail?  If not, I suggest using the configuration to limit the extension to Privileged or a smaller group of users.

-kevin

> The version I believe is 0.07.
> 
> Gerrard
> 
> -----Original Message-----
> From: rt-users-bounces at lists.bestpractical.com 
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Kevin 
> Falcone
> Sent: Monday, July 18, 2011 11:06 AM
> To: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Error when receiving emails from external 
> (e.g. gmail) accounts
> 
> On Fri, Jul 15, 2011 at 01:12:40PM -0400, Gerrard Leach wrote:
> > We are receiving an error when non-corporate user accounts send email to our help desk within our production system.
> 
> Do these users have RT User records?  The error implies that they do not.  Also, without knowing what version of RT-Extension-CommandByMail that you're running, it isn't possible to look and see what line 484 is doing.
> 
> -kevin
> 
> > We are using version 3.8.7 and are seeing the following error when these emails are received.
> > 
> > This sounds permissions related somehow.
> > Thanks for any help you can provide.
> > Gerrard
> > ___________________________________________________
> > RT server error.
> > 
> > The RT server which handled your email did not behave as expected. 
> > It
> > said:
> > 
> > Can't call method "HasRight" on an undefined value at /opt/rt3/bin/../lib/RT/User_Overlay.pm line 1277.
> > 
> > Stack:
> > [/opt/rt3/bin/../lib/RT/User_Overlay.pm:1277]
> > [/opt/rt3/bin/../lib/RT/Queue_Overlay.pm:1223]
> > [/opt/rt3/bin/../lib/RT/Queue_Overlay.pm:1188]
> > [/opt/rt3/bin/../lib/RT/Queue_Overlay.pm:635]
> > [/opt/rt3/local/plugins/RT-Extension-CommandByMail/lib/RT/Interface/
> > Em
> > ail/Filter/TakeAction.pm:484]
> > [/opt/rt3/bin/../lib/RT/Interface/Email.pm:1560]
> > [/opt/rt3/bin/../lib/RT/Interface/Email.pm:1377]
> > [/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:61]
> > 
> > "|/etc/smrsh/rt-mailgate --queue IT --action correspond --url 
> > http://rt.domain.com/"... Deferred: prog mailer (/usr/sbin/smrsh) 
> > exited with EX_TEMPFAIL
> > Warning: message still undelivered after 4 hours Will keep trying 
> > until message is 5 days old Download (untitled) 
> > message/delivery-status 456b
> > Reporting-MTA: dns; rt.domain.com
> > Arrival-Date: Thu, 14 Jul 2011 14:46:22 -0400
> > 
> > Original-Recipient: rfc822;btiit at domain.com
> > Final-Recipient: RFC822; btiit at rt.domain.com
> > X-Actual-Recipient: X-Unix; |/etc/smrsh/rt-mailgate --queue IT 
> > --action correspond --url http://rt.domain.com/
> > Action: delayed
> > Status: 4.2.0
> > Diagnostic-Code: X-Unix; 75
> > Last-Attempt-Date: Thu, 14 Jul 2011 19:51:38 -0400
> > Will-Retry-Until: Tue, 19 Jul 2011 14:46:22 -0400
> > 
> > --------
> > 2011 Training: http://bestpractical.com/services/training.html
> 
> --------
> 2011 Training: http://bestpractical.com/services/training.html



More information about the rt-users mailing list