[rt-users] username same but realname and email is different for existing user compare to ldap attribute, caused create ticket failed
ktm at rice.edu
ktm at rice.edu
Wed Jul 25 14:59:38 EDT 2012
On Wed, Jul 25, 2012 at 02:27:00PM -0400, Asif Iqbal wrote:
> Hi
>
> We started using external auth for ldap auth using
> RT::Authen::ExternalAuth on RT 3.8.2 for more than a month.
>
> Our company name changed, so the email domain name changed from
> foo.com to bar.com
>
> I have user with valid account
> 1893818 muser "User, My" My.User at foo.com
>
> But he failed to create a ticket since his email address is now My.User at bar.com
>
> [Wed Jul 25 16:52:46 2012] [info]:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
> Autocreated on ticket submission, Disa
> bled: , EmailAddress: My.User at bar.com, Name: muser, Password: ,
> Privileged: , RealName: My User (/opt/rt3/local/plugins/
> RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:633)
> [Wed Jul 25 16:52:46 2012] [crit]: User creation failed in
> mailgateway: Name in use
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [warning]: Couldn't load user
> 'My.User at bar.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:
> 806)
> [Wed Jul 25 16:52:46 2012] [crit]: User 'My.User at example.com' could
> not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Inter
> face/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user,
> and RT's configuration does not allow
> for the creation of a new user for this email (My.User at example.com).
>
> You might need to grant 'Everyone' the right 'CreateTicket' for the
> queue syshelp. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user,
> and RT's configuration does not allow
> for the creation of a new user for your email.
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [error]: Could not record email: Could not
> load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75
> )
>
>
> Should I change the matching restriction on the config file from
>
> # to just the Name and EmailAddress to save
> encountering problems later.
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> 'RealName',
> ],
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'uid',
> 'EmailAddress'
> => 'mail',
> 'RealName' => 'cn',
> }
>
>
> to just username which never changed ?
>
> # to just the Name and EmailAddress to save
> encountering problems later.
> 'attr_match_list' => [ 'Name',
>
> ],
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'uid',
>
> }
>
> In this case user real name (cn) is different in ldap that auto
> created real name that was picked up from email address.
>
> Please advise.
>
We added an LDAP lookup and some logic to CanonicalizeEmailAddress()
to map both the old and new Email addresses to the new Email address
and allow both to be valid for ticket creation. In our case we were
having different valid addresses due to users changing their preferred
Email address. The change hit LDAP first and only hit RT during the
nightly update.
Regards,
Ken
More information about the rt-users
mailing list