[rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses

Gerald Vogt vogt at spamcop.net
Wed Jan 22 01:49:26 EST 2014 

I have tested the ExternalAuth module with the suggested configuration
of two different attributes for EmailAddress as suggested in the
configuration file:

        'attr_map' => {
            'Name' => 'uid',
            'EmailAddress' => [ 'mail', 'mailAlternateAddress' ],

This won't work at all: the call of postfix to rt-mailgateway fails:

(temporary failure. Command output: RT server error.  The RT server
which handled your email did not behave as expected. It said:  Can't
call method "as_string" on an undefined value at
/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357.  Stack:
[/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]

[/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:655]

[/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:702]
  [/usr/local/rt4/sbin/../lib/RT/User.pm:143]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:838]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:178]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:1531]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:1345]
[/usr/local/rt4/share/html/REST/1.0/NoAuth/mail-gateway:61])

This is because it passes the EmailAddress key as array to the function
and tries to built the LDAP filter from that which results in a string
like this:

(&(objectclass=*)(ARRAY(0xacc5d0)=gv at example.com))

And with that the following call to Net::LDAP::Filter->new will fail.

I don't see how this should work with version 0.17 of ExternalAuth and
RT4.2.2.

Thanks!

Gerald

On 21.01.2014 22:43, Gerald Vogt wrote:
> 
>> On 21.01.2014, at 21:33, Kevin Falcone <falcone at bestpractical.com> wrote:
>>
>>> On Tue, Jan 21, 2014 at 08:49:49PM +0100, Gerald Vogt wrote:
>>> When RT receives an e-mail I don't see any access to the LDAP server at
>>> first. It searches the sender address in the internal database. Doesn't
>>> find it. Then wants to create a new user. And only then it checks
>>> against the LDAP database and finds that the user with that uid (which
>>> maps to the "Name" column in the RT database) exists and refuses to
>>> create this user.
>>>
>>> Why doesn't this work and does this reject e-mails from that sender address?
>>
>> You haven't provided your configuration or debug logs for the
>> condition so any answers would be pure guesses.
>>
> 
> That was in my first email and fully quoted in my second. -Gerald
>

More information about the rt-users mailing list