[rt-users] Odd Account Behavior after Active Directory Migration

Thomas Simmons twsnnva at gmail.com
Thu Feb 21 12:07:50 EST 2013


Hello,
Just wanted to send a follow up. I'm really stumped one this and I really
am open to any ideas. When I originally deployed this install 6-7 years
ago, I remember taking great notes, but sadly, they've been lost. I know I
installed this from "source", not from my distro's repo. I also remember
having to modify a few "non-config" files for my specific setup. I notice
User_Local.pm and User_Overlay.pm have slightly newer timestamps that the
rest of the files in the lib directory, so I'm assuming that's where the
changes are. Sadly, I have no idea what I actually changed.

Also, I've noticed that the problem is not entirely consistent. I've begun
sending emails to RT from new accounts when I create them, so my users will
be able to access the system. I created 2 accounts yesterday. The first one
created the user in RT after only the 2nd email. The second user was not
created until the 9th email.

Thanks,
Thomas


On Wed, Feb 20, 2013 at 9:06 AM, Thomas Simmons <twsnnva at gmail.com> wrote:

> Hello All,
> I know the subject is not very descriptive, but this problem is hard to
> explain in few words.
>
> We recently upgraded our Samba3+OpenLDAP (NT-Style) domain to Samba4
> (Active Directory). I have reconfigured all of our services to authenticate
> using AD via LDAP, and this is working as expected for most applications.
> It's also working for RT (3.6.5), but I am seeing very strange behavior
> that I cannot explain. Let's say I have 2 "classes" of users. Users that
> used RT before the AD migration and users that have not. The "have not"
> group includes users that existed in LDAP before the migration but never
> used RT and users that have been created since migrating from OpenLDAP to
> AD.
>
> Users that used RT before AD:
> These users can email RT, login to the web interface and can be manually
> assigned as a requestor on the "people" page. Everything works as expected.
>
> Users that have never used RT:
> These users CANNOT email RT (User could not be loaded). They also CANNOT
> login to the web interface. They CANNOT be assigned as a requestor on the
> people page. However, if they continue emailing RT, after 3-5 tries the
> user will be created in RT and the user can then also login and be assigned
> as a requestor. The user will only be created if they EMAIL RT 3 times -
> attempting to login via the web interface or assigning the user on the
> people page 3 times (or 10) does NOT create the user in RT.
>
> I do not even know where to begin with this problem. The connection to AD
> seems fine. If I reset a password in AD, RT requires the new credentials.Users are createdwith the proper
> info from AD (that I re-configured in RT_SiteConfig.pm), but the user must
> send multiple emails before the account is created.
>
> Thanks,
> Thomas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130221/47548cbc/attachment.htm>


More information about the rt-users mailing list