[rt-users] ExternalAuth and auto-creating email users

Kevin Falcone falcone at bestpractical.com
Wed Oct 5 08:43:30 EDT 2011

On Tue, Oct 04, 2011 at 10:28:30PM -0700, Thomas Smith wrote:
> I have ExternalAuth working for people who login via the web
> interface. Existing users are also able to submit tickets through the
> email gateway. However, user accounts are not created via the email
> gateway. The following string of errors appears for each attempt:
> [Wed Oct  5 05:08:27 2011] [debug]: Unprivileged users have no right
> to create ticket in queue 'Help Desk'
> (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:170)
> You might need to grant 'Everyone' the right 'CreateTicket' for the
> queue Help Desk. (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)
> Set($AutoCreate, { Privileged => 1 });
> Set($AutoCreateNonExternalUsers, 1);

This last setting prevents RT-Authen-ExternalAuth from blocking user
creation for users who don't exist in AD.  However, as the error
message you quoted says, you still need to grant Unprivileged or
Everyone permission to create tickets in Help Desk.  Otherwise new
users cannot submit tickets via the mailgate and have their internal
users be created.

> However, the latter of the two wasn't needed for new users to be
> created via the web interface--I added it while troubleshooting this
> problem.

The latter setting only applies to users who aren't in AD.

> I see references to an ExternalAuth setting that is or may be
> necessary for this feature to work, but no specific mention of
> it--AutoCreateNonExternalUsers seemed the closest match, from reading
> the sample config included with ExternalAuth.
> The way I'm expecting it to work is that a non-existent internal (AD)
> user will be auto-created as a privileged user in RT. This will give
> the user the necessary permissions to submit a ticket to the Help Desk
> queue.

$AutoCreate only applies to users logging in through the web
interface.  It does not apply to users created via the mailgate.

You may just want to prefill your database using LDAPImport.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111005/0f1cb177/attachment.sig>

More information about the rt-users mailing list