[rt-users] Some external users not being AutoCreate'd

Mathew Snyder mathew.snyder at gmail.com
Mon Feb 10 16:12:44 EST 2014


-Mathew

"When you do things right, people won't be sure you've done anything at
all." - God; Futurama

"We'll get along much better once you accept that you're wrong and neither
am I." - Me


On Mon, Feb 10, 2014 at 1:13 AM, Gerald Vogt <vogt at spamcop.net> wrote:

> On 10.02.2014 09:29, Mathew Snyder wrote:
> > A user who sends in an email for the first time should generate an
> > unprivileged account which sets the username as the email address. It
> > doesn't exist so it should be created.
>
> The user has been created with e-mail address user at example.com mapping
> to user name "user".
>
> Now the user sends e-mail from e-mail address user.example at gmail.com
> which you map to the same user "user" with LDAP. That's not supported.
> That would mean the same LDAP user has two e-mail addresses.
>
> You match users in LDAP using either of these attributes:
>
>         'attr_match_list' => [
>             'Name',
>             'EmailAddress',
>             'RealName',
>         ],
>
> If you don't have the gmail address in LDAP then it's probably the real
> name which matches. With your configuration you can only have one RT
> account for each real name. Thus if there is another "Mathew Snyder"
> with a different e-mail address it gets rejected because again.
>
> You don't want RealName in attr_match_list unless you are sure that each
> real name will only match to a single person with a single e-mail address.
>

I asked the person that is doing most of the grunt work to look into this.
Rather than comment out the RealName setting under attr_match_list he
commented it out under attr_map. This seems to have ad the same effect as
it no longer creates a second account with the same real name as another
that is in LDAP.

I'm not entirely sure why RT should care about a person's actual name. The
username is really all that is relevant. This seems to be a failure on the
designers part, as far as I'm concerned.



>
> -Gerald
>
>
>
>
> >
> > On Feb 9, 2014 9:09 PM, "Gerald Vogt" <vogt at spamcop.net
> > <mailto:vogt at spamcop.net>> wrote:
> >
> >     On 10.02.2014 06:46, Mathew Snyder wrote:
> >     ...
> >     > [15816] [Fri Feb  7 05:29:01 2014] [debug]: Going to create user
> with
> >     > address 'user.example at gmail.com <mailto:user.example at gmail.com>
> >     <mailto:user.example at gmail.com <mailto:user.example at gmail.com>>'
> >     > (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100)
> >     ...
> >     > [15816] [Fri Feb  7 05:29:01 2014] [info]:
> >     > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
> >     > Autocreated on ticket submission, Disabled: , EmailAddress:
> >     > user at example.com <mailto:user at example.com>
> >     <mailto:user at example.com <mailto:user at example.com>>, Name: user,
> >     Password: ,
> >     > Privileged: , RealName: User Example
> >     >
> >
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685)
> >
> >     If these logs are correct then the user has two or more  email
> addresses
> >     in LDAP and user at example.com <mailto:user at example.com> is already in
> >     the RT database. The user
> >     sends from the second address user.example at gmail.com
> >     <mailto:user.example at gmail.com>. This is not
> >     supported (yet).
> >
> >     Users with multiple email addresses in LDAP are not supported (even
> >     though some docs say otherwise). We have just discussed this
> recently.
> >     See this thread:
> >
> >
> http://lists.bestpractical.com/pipermail/rt-users/2014-January/082549.html
> >
> >     The user must use the email address in the RT database. Mails from
> any
> >     other email address in LDAP is rejected because the user already
> exists
> >     in the RT database.
> >
> >     You may try to manually create a second RT user with the second email
> >     address and then use the MergeUser extension to merge the accounts.
> >
> >     -Gerald
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140210/fb983a07/attachment.html>


More information about the rt-users mailing list