I have been reading the postings about RT-Authen-ExternalAuth but am confused on what appears to be some conflicting setup information.
I am using: RT 3.8.2 RT-Authen-ExternalAuth 0.08 I would like to use LDAP for authentication and information first, and that part seems to work OK. But I also would like to: - add LOCAL users to RT internal DB (i.e; test and test-admin type accounts) - NOT autocreate a new RT account, if we receive an email from a user that is unknown in local RT or LDAP. - NOT make multiple accounts for a user's multiple email aliases. (Our ldap contains several email addresses for each user (uid) ) When I try to add a local account through the Web(using Root, Configuration->Users->Create). I receive the error "Name in Use" The username I am trying to create is NOT in existence, but the email for that new account IS. My error_log shows: ================================== > [Tue Jun 2 17:45:21 2009] [debug]: User Check Failed :: ( My_LDAP ) root > User not found > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:318) > [Tue Jun 2 17:45:21 2009] [debug]: Autohandler called ExternalAuth. > Response: (0, No User) > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) > [Tue Jun 2 17:45:21 2009] [info]: Successful login for root from > 168.7.56.227 (/usr/site/rt-3.8/PROD/share/html/autohandler:276) > [Tue Jun 2 17:46:40 2009] [debug]: /ServiceUpdate/Elements/Header calls old > style callback, use $m->callback > (/usr/site/rt-3.8/PROD/share/html/Elements/Callback:51) > [Tue Jun 2 17:46:40 2009] [crit]: HasRight called with no valid object > (/usr/site/rt-3.8/PROD/bin/../lib/RT/Principal_Overlay.pm:322) > [Tue Jun 2 17:51:36 2009] [debug]: > RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User > /opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm > 20 with: Address1: , Address2: , AuthSystem: , City: , Comments: Admin > Authority Level Account for RT, ContactInfoSystem: , Country: , Disabled: 0, > EmailAddress: [email protected], EmailEncoding: , ExternalAuthId: , > ExternalContactInfoId: , FreeformContactInfo: , Gecos: , HomePhone: , Lang: > en, MobilePhone: , Name: smcclure-admin, NickName: Smcclure-Admin, > Organization: , PagerPhone: , Privileged: 1, RealName: Susan McClure, > Signature: , State: , > WebEncoding: , WorkPhone: , Zip: > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450) > [Tue Jun 2 17:51:36 2009] [debug]: Attempting to get user info using this > external service: My_LDAP > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458) > [Tue Jun 2 17:51:36 2009] [debug]: Attempting to use this canonicalization > key: Name > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472) > [Tue Jun 2 17:51:36 2009] [debug]: LDAP Search === Base: > ou=People,dc=rice,dc=edu == Filter: (&(objectclass=*)(uid=smcclure-admin)) == > Attrs: > Houston,cn,TX,mail,gecos,postalAddress,postalCode,telephoneNumber,uid,physicalDeliveryOfficeName,uid > > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195) > [Tue Jun 2 17:51:36 2009] [debug]: Attempting to use this canonicalization > key: EmailAddress > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472) > [Tue Jun 2 17:51:36 2009] [debug]: LDAP Search === Base: > ou=People,dc=rice,dc=edu == Filter: > (&(objectclass=*)([email protected])) == Attrs: > Houston,cn,TX,mail,gecos,postalAddress,postalCode,telephoneNumber,uid,physicalDeliveryOfficeName,uid > > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195) > [Tue Jun 2 17:51:36 2009] [info]: > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning > Address1: 6100 Main Street, Address2: , AuthSystem: , City: , Comments: Admin > Authority Level Account for RT, ContactInfoSystem: , Country: , Disabled: 0, > EmailAddress: [email protected], EmailEncoding: , ExternalAuthId: smcclure, > ExternalContactInfoId: , FreeformContactInfo: , Gecos: , HomePhone: , Lang: > en, MobilePhone: , Name: smcclure, NickName: Smcclure-Admin, > Organization: 222 Mudd Building, PagerPhone: , Privileged: 1, RealName: > McClure, Susan, Signature: , State: , WebEncoding: , WorkPhone: 713-348-4852, > Zip: 77005 > (/opt/opt.CORE/rt-3.8/rhel4/PROD/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536) ============== My Current RT_SiteConfig.pm for LDAP and External Auth has ==================================== Set(@Plugins,qw(RT::FM RT::IR RT::Authen::ExternalAuth ....... and for LDAP # special options for various plugins # Authen::ExternalAuth Set($ExternalAuthPriority, ['My_LDAP'] ); Set($ExternalInfoPriority, ['My_LDAP'] ); Set($ExternalServiceUsesSSLorTLS, 1); Set($ExternalSettings, { 'My_LDAP' => { ## GENERIC SECTION 'type' => 'ldap', 'server' => 'ldap.rice.edu', 'user' => 'cn=requesttracker,ou=Service Accounts,dc=rice,dc=edu', ..... etc etc ......... ................. And the LDAP Attributes mappings: > ## RT ATTRIBUTE MATCHING SECTION > # The list of RT attributes > that uniquely identify a user > # This example shows what you > *can* specify.. I recommend reducing this > # to just the Name and > EmailAddress to save encountering problems later. > 'attr_match_list' => > [ 'Name', > > 'EmailAddress', > > 'RealName', > > 'WorkPhone', > > 'Address2' > > ], > # The mapping of RT attributes > on to LDAP attributes > 'attr_map' => { > 'Name' => 'uid', > > 'EmailAddress' => 'mail', > > 'Organization' => 'physicalDeliveryOfficeName', > > 'RealName' => 'cn', > > 'ExternalAuthId' => 'uid', > > 'Gecos' => 'gecos', > > 'WorkPhone' => 'telephoneNumber', > > 'Address1' => 'postalAddress', > > 'City' => 'Houston', > > 'State' => 'TX', > > 'Zip' => 'postalCode' > } > } > } > > ); =================== Looking at all the postings, I am afraid that if I add: ==> Set($AutoCreateNonExternalUsers, 1); That I will automatically MAKE a new account for users that send email or authenticate in some way other than being in our LDAP. Can someone clarify the different options to help me get the setup I want please? Thanks Susie McClure [email protected]
begin:vcard fn:Susan McClure n:McClure;Susan email;internet:[email protected] tel;work:713.348.4852 tel;fax:713.348.6099 tel;cell:281.216.5658 version:2.1 end:vcard
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
