[rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
Gerald Vogt
vogt at spamcop.net
Tue Jan 21 03:27:50 EST 2014
Anyone knows whether this should work? Did see any answers till now...
Is it possible for a user to use more than one sender e-mail address for
the same account if all e-mail addresses are in the LDAP directory?
I have found this in the RT_SiteConfig.pm file which comes with the
ExternalAuth module:
"However, if a user with an existing RT account with EmailAddress set to
the C<mail> address, sent mail from C<alias>, it would still match. The
user's EmailAddress in RT would remain the primary C<mail> address.
This feature is useful for LDAP configurations where users have a
primary institutional email address, but might also use aliases from
subdomains or other email services. This prevents RT from creating
multiple accounts for the same person."
It doesn't clearly say whether e-mails sent from the "alias" email
address would be accepted or not.
Thanks!
Gerald
On 18.01.2014 14:27, Gerald Vogt wrote:
> Hi!
>
> We use the ExternalAuth module to authenticate users against a LDAP
> directory. Some users have multiple e-mail addresses, i.e. multiple
> values for the LDAP mail attribute (e.g. gv2 at example.com and
> vogt at example.com)
>
> Users can send e-mails to the RT server from the e-mail address which
> made it into the RT MySQL database without problems. (let's say
> vogt at example.com works)
>
> However, if they send from a different e-mail address (i.e.
> gv2 at example.com) it fails with error "Could not load a valid user".
>
> Documentations mentions it should work if the users has e-mail addresses
> from different attributes. But it doesn't say anything if there are
> multiple values for the same attribute.
>
> Browsing through the source code it looks to me as if RT first only
> checks against it internal database to find out whether a user with the
> sender address already exists, then tries to create a new user for the
> address only to find that the user name matching in LDAP to this e-mail
> address already exists in the internal database.
>
> Is this not possible or am I missing something here?
>
> Thanks!
>
> Logs show this:
>
> Jan 17 13:57:56 rt4 RT: [5002] The RTAddressRegexp option is not set in
> the config. Not setting this option results in additional SQL queries to
> check whether each address belongs to RT or not. It is especially
> important to set this option if RT recieves emails on addresses that are
> not in the database or config. (/usr/local/rt4/sbin/../lib/RT/Config.pm:485)
> Jan 17 13:57:57 rt4 RT: [5007] Encode::Guess guessed encoding: ascii
> (/usr/local/rt4/sbin/../lib/RT/I18N.pm:595)
> Jan 17 13:57:57 rt4 RT: [5007] Encode::Guess guessed encoding: ascii
> (/usr/local/rt4/sbin/../lib/RT/I18N.pm:595)
> Jan 17 13:57:57 rt4 RT: [5007] Converting 'ascii' to 'utf-8' for
> text/plain - test (/usr/local/rt4/sbin/../lib/RT/I18N.pm:295)
> Jan 17 13:57:57 rt4 RT: [5007] Going to create user with address
> 'gv2 at example.com'
> (/usr/local/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100)
> Jan 17 13:57:57 rt4 RT: [5007]
> RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
> RT::Authen::ExternalAuth
> /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
> 702 with: Comments: Autocreated on ticket submission, Disabled: ,
> EmailAddress: gv2 at example.com, Name: gv2 at example.com, Password: ,
> Privileged: , RealName:
> (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:599)
> Jan 17 13:57:57 rt4 RT: [5007] Attempting to get user info using this
> external service: LDAP
> (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607)
> Jan 17 13:57:57 rt4 RT: [5007] Attempting to use this canonicalization
> key: Name
> (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621)
> Jan 17 13:57:57 rt4 RT: [5007] LDAP Search === Base:
> ou=people,o=ldap,o=root == Filter:
> (&(objectclass=*)(uid=gv2 at example.com)) == Attrs:
> l,gecos,st,mail,gecos,co,streetAddress,postalCode,telephoneNumber,uid,physicalDeliveryOfficeName,uid
> (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)
> Jan 17 13:57:57 rt4 RT: [5007] Attempting to use this canonicalization
> key: EmailAddress
> (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621)
> Jan 17 13:57:57 rt4 RT: [5007] LDAP Search === Base:
> ou=people,o=ldap,o=root == Filter:
> (&(objectclass=*)(mail=gv2 at example.com)) == Attrs:
> l,gecos,st,mail,gecos,co,streetAddress,postalCode,telephoneNumber,uid,physicalDeliveryOfficeName,uid
> (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357)
> Jan 17 13:57:57 rt4 RT: [5007]
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
> City: , Comments: Autocreated on ticket submission, Country: , Disabled:
> , EmailAddress: vogt at example.com, ExternalAuthId: vogt, Gecos: Gerald
> Vogt, Name: vogt, Organization: , Password: , Privileged: , RealName:
> Gerald Vogt, State: , WorkPhone: , Zip:
> Jan 17 13:57:57 rt4 RT: [5007] Use of uninitialized value $Username in
> concatenation (.) or string at
> /usr/local/rt4/sbin/../lib/RT/Interface/Email.pm line 849.
> Jan 17 13:57:57 rt4 RT: [5007] create new user. username = ,
> emailaddress = gv2 at example.com
> (/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:849)
> Jan 17 13:57:57 rt4 RT: [5007] Use of uninitialized value in
> concatenation (.) or string at
> /usr/local/rt4/sbin/../lib/RT/Interface/Email.pm line 859.
> Jan 17 13:57:57 rt4 RT: [5007] loadbyemail got
> (/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:859)
> Jan 17 13:57:57 rt4 RT: [5007] User could not be created: User creation
> failed in mailgateway: Name in use
> Jan 17 13:57:57 rt4 RT: [5007] Couldn't load user
> 'gv2 at example.com'.giving up
> Jan 17 13:57:57 rt4 RT: [5007] User could not be loaded: User
> 'gv2 at example.com' could not be loaded in the mail gateway
> Jan 17 13:57:57 rt4 RT: [5007] Could not load a valid user: RT could not
> load a valid user, and RT's configuration does not allow#012for the
> creation of a new user for this email (gv2 at example.com).#012#012You
> might need to grant 'Everyone' the right 'CreateTicket' for the#012queue
> Firewall.
> Jan 17 13:57:57 rt4 RT: [5007] Could not load a valid user: RT could not
> load a valid user, and RT's configuration does not allow#012for the
> creation of a new user for your email.
> Jan 17 13:57:57 rt4 RT: [5007] Could not record email: Could not load a
> valid user
>
> LDAP configuration is this:
>
> Plugin( "RT::Authen::ExternalAuth" );
>
> Set($ExternalAuthPriority, [ 'LDAP' ]);
> Set($ExternalInfoPriority, [ 'LDAP' ]);
> Set($ExternalServiceUsesSSLorTLS, 1);
> Set($AutoCreateNonExternalUsers, 0);
> Set($ExternalSettings, {
> 'LDAP' => {
> 'type' => 'ldap',
> 'server' => [ 'ldaps://dsp1.example.com',
> 'ldaps://dsp2.example.com' ],
> 'user' => 'cn=agent, ou=Special Users,
> dc=adm',
> 'pass' => 'password',
> 'base' => 'ou=people,o=ldap,o=root',
> 'filter' => '(objectclass=*)',
> # 'd_filter' => '(FILTER_STRING)',
> # 'group' => 'GROUP_NAME',
> # 'group_attr' => 'GROUP_ATTR',
> 'tls' => 1,
> 'ssl_version' => 3,
> 'net_ldap_args' => [ version => 3 ],
> # 'group_scope' => 'base',
> # 'group_attr_value' => 'GROUP_ATTR_VALUE',
> 'attr_match_list' => [
> 'Name',
> 'EmailAddress',
> ],
> 'attr_map' => {
> 'Name' => 'uid',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'gecos',
> 'ExternalAuthId' => 'uid',
> 'Gecos' => 'gecos',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> },
> },
> } );
>
> Gerald
>
More information about the rt-users
mailing list