[rt-users] Some external users not being AutoCreate'd

Gerald Vogt vogt at spamcop.net
Mon Feb 10 06:13:04 EST 2014

On 10.02.2014 09:29, Mathew Snyder wrote:
> A user who sends in an email for the first time should generate an
> unprivileged account which sets the username as the email address. It
> doesn't exist so it should be created.

The user has been created with e-mail address user at example.com mapping
to user name "user".

Now the user sends e-mail from e-mail address user.example at gmail.com
which you map to the same user "user" with LDAP. That's not supported.
That would mean the same LDAP user has two e-mail addresses.

You match users in LDAP using either of these attributes:

        'attr_match_list' => [

If you don't have the gmail address in LDAP then it's probably the real
name which matches. With your configuration you can only have one RT
account for each real name. Thus if there is another "Mathew Snyder"
with a different e-mail address it gets rejected because again.

You don't want RealName in attr_match_list unless you are sure that each
real name will only match to a single person with a single e-mail address.


> On Feb 9, 2014 9:09 PM, "Gerald Vogt" <vogt at spamcop.net
> <mailto:vogt at spamcop.net>> wrote:
>     On 10.02.2014 06:46, Mathew Snyder wrote:
>     ...
>     > [15816] [Fri Feb  7 05:29:01 2014] [debug]: Going to create user with
>     > address 'user.example at gmail.com <mailto:user.example at gmail.com>
>     <mailto:user.example at gmail.com <mailto:user.example at gmail.com>>'
>     > (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100)
>     ...
>     > [15816] [Fri Feb  7 05:29:01 2014] [info]:
>     > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
>     > Autocreated on ticket submission, Disabled: , EmailAddress:
>     > user at example.com <mailto:user at example.com>
>     <mailto:user at example.com <mailto:user at example.com>>, Name: user,
>     Password: ,
>     > Privileged: , RealName: User Example
>     >
>     (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
>     If these logs are correct then the user has two or more  email addresses
>     in LDAP and user at example.com <mailto:user at example.com> is already in
>     the RT database. The user
>     sends from the second address user.example at gmail.com
>     <mailto:user.example at gmail.com>. This is not
>     supported (yet).
>     Users with multiple email addresses in LDAP are not supported (even
>     though some docs say otherwise). We have just discussed this recently.
>     See this thread:
>     http://lists.bestpractical.com/pipermail/rt-users/2014-January/082549.html
>     The user must use the email address in the RT database. Mails from any
>     other email address in LDAP is rejected because the user already exists
>     in the RT database.
>     You may try to manually create a second RT user with the second email
>     address and then use the MergeUser extension to merge the accounts.
>     -Gerald

More information about the rt-users mailing list