[rt-users] Some external users not being AutoCreate'd
Mathew Snyder
mathew.snyder at gmail.com
Mon Feb 10 16:12:44 EST 2014
-Mathew
"When you do things right, people won't be sure you've done anything at
all." - God; Futurama
"We'll get along much better once you accept that you're wrong and neither
am I." - Me
On Mon, Feb 10, 2014 at 1:13 AM, Gerald Vogt <vogt at spamcop.net> wrote:
> On 10.02.2014 09:29, Mathew Snyder wrote:
> > A user who sends in an email for the first time should generate an
> > unprivileged account which sets the username as the email address. It
> > doesn't exist so it should be created.
>
> The user has been created with e-mail address user at example.com mapping
> to user name "user".
>
> Now the user sends e-mail from e-mail address user.example at gmail.com
> which you map to the same user "user" with LDAP. That's not supported.
> That would mean the same LDAP user has two e-mail addresses.
>
> You match users in LDAP using either of these attributes:
>
> 'attr_match_list' => [
> 'Name',
> 'EmailAddress',
> 'RealName',
> ],
>
> If you don't have the gmail address in LDAP then it's probably the real
> name which matches. With your configuration you can only have one RT
> account for each real name. Thus if there is another "Mathew Snyder"
> with a different e-mail address it gets rejected because again.
>
> You don't want RealName in attr_match_list unless you are sure that each
> real name will only match to a single person with a single e-mail address.
>
I asked the person that is doing most of the grunt work to look into this.
Rather than comment out the RealName setting under attr_match_list he
commented it out under attr_map. This seems to have ad the same effect as
it no longer creates a second account with the same real name as another
that is in LDAP.
I'm not entirely sure why RT should care about a person's actual name. The
username is really all that is relevant. This seems to be a failure on the
designers part, as far as I'm concerned.
>
> -Gerald
>
>
>
>
> >
> > On Feb 9, 2014 9:09 PM, "Gerald Vogt" <vogt at spamcop.net
> > <mailto:vogt at spamcop.net>> wrote:
> >
> > On 10.02.2014 06:46, Mathew Snyder wrote:
> > ...
> > > [15816] [Fri Feb 7 05:29:01 2014] [debug]: Going to create user
> with
> > > address 'user.example at gmail.com <mailto:user.example at gmail.com>
> > <mailto:user.example at gmail.com <mailto:user.example at gmail.com>>'
> > > (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100)
> > ...
> > > [15816] [Fri Feb 7 05:29:01 2014] [info]:
> > > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
> > > Autocreated on ticket submission, Disabled: , EmailAddress:
> > > user at example.com <mailto:user at example.com>
> > <mailto:user at example.com <mailto:user at example.com>>, Name: user,
> > Password: ,
> > > Privileged: , RealName: User Example
> > >
> >
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
> >
> > If these logs are correct then the user has two or more email
> addresses
> > in LDAP and user at example.com <mailto:user at example.com> is already in
> > the RT database. The user
> > sends from the second address user.example at gmail.com
> > <mailto:user.example at gmail.com>. This is not
> > supported (yet).
> >
> > Users with multiple email addresses in LDAP are not supported (even
> > though some docs say otherwise). We have just discussed this
> recently.
> > See this thread:
> >
> >
> http://lists.bestpractical.com/pipermail/rt-users/2014-January/082549.html
> >
> > The user must use the email address in the RT database. Mails from
> any
> > other email address in LDAP is rejected because the user already
> exists
> > in the RT database.
> >
> > You may try to manually create a second RT user with the second email
> > address and then use the MergeUser extension to merge the accounts.
> >
> > -Gerald
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140210/fb983a07/attachment.htm>
More information about the rt-users
mailing list