[rt-users] (RT::Authen::ExternalAuth) "email exists" problem authenticating trough AD

Maximilien Drouet mdrouet at randco.fr
Thu Jul 4 11:00:23 EDT 2013 

Hello

I'm using version 4.0.13 of RT.
I'm trying to authenticate via an AD.

As you can see in the log output I successfully find the user BUT I have an
error "Couldn't create user myuser " which I don't understand because YES
user exists but I just want to authenticate not recreate a user.


Any Idea ?

You can find below either logs or configuration.

====        Debug Logs Output        ====

[Thu Jul  4 09:59:08 2013] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:186)

[Thu Jul  4 09:59:08 2013] [debug]: Calling UserExists with $username
(myuser ) and $service (My_LDAP)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:227)

[Thu Jul  4 09:59:08 2013] [debug]: UserExists params:
username: 791286 , service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)

[Thu Jul  4 09:59:08 2013] [debug]: LDAP Search ===  Base:
dc=mydomain,dc=local == Filter:
(&(&(ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser)) ==
Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)

[Thu Jul  4 09:59:08 2013] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
675 with: Disabled: , EmailAddress: , Gecos: myuser , Name: myuser ,
Privileged:
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:572)

[Thu Jul  4 09:59:08 2013] [debug]: Attempting to get user info using this
external service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:580)

[Thu Jul  4 09:59:08 2013] [debug]: Attempting to use this canonicalization
key: Name
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:594)

[Thu Jul  4 09:59:08 2013] [debug]: LDAP Search ===  Base:
dc=mydomain,dc=local == Filter:
(&(&(ObjectCategory=User)(ObjectClass=Person))(sAMAccountName=myuser )) ==
Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)

[Thu Jul  4 09:59:08 2013] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City:
Paris, Country: France, Disabled: , EmailAddress: myaddress at mydomain.com,
ExternalAuthId: myuser , Gecos: myuser , Name: myuser , Organization: ,
Privileged: , RealName: John DOE, State: , WorkPhone: myTel, Zip:
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:658)

[Thu Jul  4 09:59:08 2013] [error]: Couldn't create user myuser : Email
address in use
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:251)

[Thu Jul  4 09:59:08 2013] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:16)
[Thu Jul  4 09:59:08 2013] [error]: FAILED LOGIN for myuser from
XX.xxx.XXX.xx (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:753)

====        End Debug Logs Output        ====

====        Configuration         ====
# External Authentication Configuration
 30 Set($ExternalAuthPriority,  [ 'My_LDAP']);
 31 Set($ExternalInfoPriority,  [ 'My_LDAP']);
 32
 33 Set($ExternalSettings, {
 34   # AN EXAMPLE LDAP SERVICE
 35     'My_LDAP'       =>  {
 36         'type'                      =>  'ldap',
 37         'server'                    =>  'myserver',
 38         'user'                      =>  'myuser',
 39         'pass'                      =>  'password',
 40         'base'                      =>  'dc=domain,dc=local',
 41         'filter'                    =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
 42         'd_filter'                  =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
 43         'group'                     =>  'OU=Users &
Clients,OU=MyPrincipalOU,OU=FR,DC=mydomain,DC=local',
 44         'group_attr'                =>  'member',
 45         'tls'                       =>  0,
 46         'ssl_version'               =>  3,
 47         'net_ldap_args'             => [    version =>  3   ],
 48         'group_scope'               =>  'base',
 49         'group_attr_value'          =>  '*',
 50         'attr_match_list' => [
 51             'Name',
 52             'EmailAddress',
 53             'RealName',
 54         ],
 55         'attr_map' => {
 56             'Name' => 'sAMAccountName',
 57             'EmailAddress' => 'mail',
 58             'Organization' => 'physicalDeliveryOfficeName',
 59             'RealName' => 'cn',
 60             'ExternalAuthId' => 'sAMAccountName',
 61             'Gecos' => 'sAMAccountName',
 62             'WorkPhone' => 'telephoneNumber',
 63             'Address1' => 'streetAddress',
 64             'City' => 'l',
 65             'State' => 'st',
 66             'Zip' => 'postalCode',
 67             'Country' => 'co'
 68         },
 69     },
 70 } );
 71
 72
 73 # You must install Plugins on your own, this is only an example
 74 # of the correct syntax to use when activating them.
 75 # There should only be one @Plugins declaration in your config file.
 76 #Set(@Plugins,(qw(RT::Extension::QuickDelete
RT::Extension::CommandByMail)));
 77 Set( @Plugins, qw(RT::Authen::ExternalAuth) );
 78 1;
====        End Of Configuration        ====
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130704/940898f1/attachment.htm>

More information about the rt-users mailing list