[rt-users] username same but realname and email is different for existing user compare to ldap attribute, caused create ticket failed

Asif Iqbal vadud3 at gmail.com
Wed Jul 25 15:13:21 EDT 2012


On Wed, Jul 25, 2012 at 2:59 PM, ktm at rice.edu <ktm at rice.edu> wrote:
> On Wed, Jul 25, 2012 at 02:27:00PM -0400, Asif Iqbal wrote:
>> Hi
>>
>> We started using external auth for ldap auth using
>> RT::Authen::ExternalAuth on RT 3.8.2 for more than a month.
>>
>> Our company name changed, so the email domain name changed from
>> foo.com to bar.com
>>
>> I have user with valid account
>> 1893818       muser   "User, My"      My.User at foo.com
>>
>> But he failed to create a ticket since his email address is now My.User at bar.com
>>
>> [Wed Jul 25 16:52:46 2012] [info]:
>> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
>> Autocreated on ticket submission, Disa
>> bled: , EmailAddress: My.User at bar.com, Name: muser, Password: ,
>> Privileged: , RealName: My User (/opt/rt3/local/plugins/
>> RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:633)
>> [Wed Jul 25 16:52:46 2012] [crit]: User creation failed in
>> mailgateway: Name in use
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Wed Jul 25 16:52:46 2012] [warning]: Couldn't load user
>> 'My.User at bar.com'.giving up
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:
>> 806)
>> [Wed Jul 25 16:52:46 2012] [crit]: User  'My.User at example.com' could
>> not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Inter
>> face/Email.pm:244)
>> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user,
>> and RT's configuration does not allow
>> for the creation of a new user for this email (My.User at example.com).
>>
>> You might need to grant 'Everyone' the right 'CreateTicket' for the
>> queue syshelp. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user,
>> and RT's configuration does not allow
>> for the creation of a new user for your email.
>> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
>> [Wed Jul 25 16:52:46 2012] [error]: Could not record email: Could not
>> load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75
>> )
>>
>>
>> Should I change the matching restriction on the config file from
>>
>>                 # to just the Name and EmailAddress to save
>> encountering problems later.
>>                 'attr_match_list'    =>         [       'Name',
>>                                                         'EmailAddress',
>>                                                         'RealName',
>>                                                 ],
>>                 # The mapping of RT attributes on to LDAP attributes
>>                 'attr_map'                  =>  {       'Name' => 'uid',
>>                                                         'EmailAddress'
>> => 'mail',
>>                                                         'RealName' => 'cn',
>>                                                 }
>>
>>
>> to just username which never changed ?
>>
>>                 # to just the Name and EmailAddress to save
>> encountering problems later.
>>                 'attr_match_list'    =>         [       'Name',
>>
>>                                                 ],
>>                 # The mapping of RT attributes on to LDAP attributes
>>                 'attr_map'                  =>  {       'Name' => 'uid',
>>
>>                                                 }
>>
>> In this case user real name (cn) is different in ldap that auto
>> created real name that was picked up from email address.
>>
>> Please advise.
>>
>
> We added an LDAP lookup and some logic to CanonicalizeEmailAddress()
> to map both the old and new Email addresses to the new Email address
> and allow both to be valid for ticket creation. In our case we were
> having different valid addresses due to users changing their preferred
> Email address. The change hit LDAP first and only hit RT during the
> nightly update.

that's what I asked in #rt channel and got no response. so kind a like
pam stacking.

check ldap, if fails then check local. make sense. is it possible to
share that snippet?


>
> Regards,
> Ken



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



More information about the rt-users mailing list