[rt-users] Some external users not being AutoCreate'd

Mathew Snyder mathew.snyder at gmail.com
Mon Feb 10 00:46:34 EST 2014


RT 4.2.2
RT::Authen::ExternalAuth 0.17
MySQL 5.1.71-1
httpd 2.2.15-29
CentOS 6.5

We have RT-Authen-ExternalAuth working with the organization's AD server
(LDAP). All personnel on the domain are able to log in with their AD
account and their RT account is automatically created. This is working
flawlessly.

Generally, external users sending an email to create a ticket are having
their unprivileged accounts created as expected. However, there seems to be
an intermittent issue preventing others from having the same result. There
doesn't appear to be any rhyme or reason to it.

Relevant RT_SiteConfig.pm configuration:

Set($AutoCreate,{Privileged=>0});
Set($AutoCreateNonExternalUsers,    1);

Set($ExternalSettings, {
    'AD'       =>  {
        'type'                      =>  'ldap',
        'server'                    =>  'dc1.example.local',
        'user'                      =>  'RTuser',
        'pass'                      =>  'xxxxxxxx',
        'base'                      =>  'dc=example,dc=local',
        'filter'                    =>  '(objectClass=person)',
        'attr_match_list' => [
            'Name',
            'EmailAddress',
            'RealName',
        ],
        'attr_map' => {
            'Name' => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'RealName' => 'cn',
        },
    },
} );

Relevant RT log example:

[15816] [Fri Feb  7 05:29:01 2014] [debug]: Converting 'cp1252' to 'utf-8'
for text/plain - Subjectless message (/opt
/rt4/sbin/../lib/RT/I18N.pm:295)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Converting 'cp1252' to 'utf-8'
for text/html - Subjectless message (/opt/
rt4/sbin/../lib/RT/I18N.pm:295)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Encode::Guess guessed encoding:
ascii (/opt/rt4/sbin/../lib/RT/I18N.pm:59
5)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Encode::Guess guessed encoding:
ascii (/opt/rt4/sbin/../lib/RT/I18N.pm:59
5)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Going to create user with
address 'user.example at gmail.com'
(/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100)
[15816] [Fri Feb  7 05:29:01 2014] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
702 with: Comments: Autocreated on ticket submission, Disabled: ,
EmailAddress: user.example at gmail.com, Name: user.example at gmail.com,
Password: , Privileged: , RealName: User Example
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:599)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Attempting to get user info
using this external service: AD
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Attempting to use this
canonicalization key: Name
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: LDAP Search ===  Base:
dc=example,dc=local == Filter: (&(objectClass=person)(sAMAccountName=
user.example at gmail.com)) == Attrs: cn,mail,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: LDAP Search ===  Base:
dc=example,dc=local == Filter: (&(objectClass=person)(mail=
user.example at gmail.com)) == Attrs: cn,mail,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: Attempting to use this
canonicalization key: RealName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621)
[15816] [Fri Feb  7 05:29:01 2014] [debug]: LDAP Search ===  Base:
dc=example,dc=local == Filter: (&(objectClass=person)(cn=User Example)) ==
Attrs: cn,mail,sAMAccountName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)
[15816] [Fri Feb  7 05:29:01 2014] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
Autocreated on ticket submission, Disabled: , EmailAddress: user at example.com,
Name: user, Password: , Privileged: , RealName: User Example
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
[15816] [Fri Feb  7 05:29:01 2014] [crit]: User could not be created: User
creation failed in mailgateway: Name in use
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:245)
[15816] [Fri Feb  7 05:29:01 2014] [warning]: Couldn't load user '
user.example at gmail.com'.giving up
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:875)
[15816] [Fri Feb  7 05:29:01 2014] [crit]: User could not be loaded: User  '
user.example at gmail.com' could not be loaded in the mail gateway
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:245)
[15816] [Fri Feb  7 05:29:01 2014] [error]: Could not load a valid user: RT
could not load a valid user, and RT's configuration does not allow
for the creation of a new user for this email (user.example at gmail.com).

You might need to grant 'Everyone' the right 'CreateTicket' for the
queue provisioning. (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:245)
[15816] [Fri Feb  7 05:29:01 2014] [error]: Could not load a valid user: RT
could not load a valid user, and RT's configuration does not allow
for the creation of a new user for your email.
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:245)
[15816] [Fri Feb  7 05:29:01 2014] [error]: Could not record email: Could
not load a valid user (/opt/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75)

The Everyone group already has the CreateTicket and ReplyToTicket rights on
all of the queues that have been configured.

One thing that stands out is [15816] [Fri Feb  7 05:29:01 2014] [crit]:
User could not be created: User creation failed in mailgateway: Name in use
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:245). However, if I search on
the user's email address as the name it says nothing can be found.

I also noticed that the queue being referenced is 'provisioning'. It
actually is 'Provisioning'. Is case important?

-Mathew

"When you do things right, people won't be sure you've done anything at
all." - God; Futurama

"We'll get along much better once you accept that you're wrong and neither
am I." - Me
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140209/989cdf3b/attachment.html>


More information about the rt-users mailing list