On Tue, Aug 24, 2010 at 06:37:41AM +1000, Steve Berg wrote: > Here's the log from when an external email address sends in a ticket > via email (in this case [email protected]). I have the granted the > Everyone group CreateTicket both globally and at the queue level: > > [Mon Aug 23 20:33:39 2010] [debug]: Attempting to use this > canonicalization key: RealName > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472) > [Mon Aug 23 20:33:40 2010] [debug]: LDAP Search === Base: > ou=xxx,dc=xxx,dc=local == Filter: (&(objectclass=user)(cn=Steve Berg)) > == Attrs: > l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
you've told RT-Authen-ExternalAuth that RealName is an acceptable canonicalization key, so when it searches for Steve Berg (presumably because your test email is from "Steve Berg" <[email protected]>) it loads your real internal account and then blows up when the From: address user account doesn't exist. Don't match on things that aren't actually unique. -kevin > [Mon Aug 23 20:33:40 2010] [info]: > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , > City: Warana, Comments: Autocreated on ticket submission, Country: > Australia, Disabled: 0, EmailAddress: [email protected], > ExternalAuthId: xxx.xxx, Gecos: xxx.xxx, Name: xxx.xxx, Organization: > Warana, Password: , Privileged: 0, RealName: Steve Berg, State: Qld, > WorkPhone: 07 5343 3326, Zip: 4575 > (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536) > [Mon Aug 23 20:33:40 2010] [crit]: User creation failed in > mailgateway: Name in use > (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) > [Mon Aug 23 20:33:40 2010] [warning]: Couldn't load user > '[email protected]'.giving up > (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947) > [Mon Aug 23 20:33:40 2010] [crit]: User '[email protected]' could not be > loaded in the mail gateway > (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) > [Mon Aug 23 20:33:40 2010] [error]: RT could not load a valid user, > and RT's configuration does not allow > for the creation of a new user for this email ([email protected]). > > You might need to grant 'Everyone' the right 'CreateTicket' for the > queue IT_Support. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) > [Mon Aug 23 20:33:40 2010] [error]: RT could not load a valid user, > and RT's configuration does not allow > for the creation of a new user for your email. > (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) > [Mon Aug 23 20:33:40 2010] [error]: Could not record email: Could not > load a valid user > (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75) > > > > On 24 August 2010 05:43, Kevin Falcone <[email protected]> wrote: > > On Mon, Aug 23, 2010 at 12:27:58PM +1000, Steve Berg wrote: > >> Hi all, > >> > >> I have RT set up and am using RT::Authen::ExternalAuth to authenticate > >> users against LDAP which is working great. We now have an external > >> company we are working with and they don't have LDAP accounts and > >> when they send an email in to the RT system they receive a bounce that > >> says: > >> > >> "User [email protected] could not be loaded in the mail gateway" > > > > There is usually a more detailed error in the logs and sent to the > > OwnerEmail > > > > -kevin > > > >> My RT_SiteConfig.pm looks like: > >> > >> # Any configuration directives you include here will override > >> # RT's default configuration file, RT_Config.pm > >> # > >> # To include a directive here, just copy the equivalent statement > >> # from RT_Config.pm and change the value. We've included a single > >> # sample value below. > >> # > >> # This file is actually a perl module, so you can include valid > >> # perl code, as well. > >> # > >> # The converse is also true, if this file isn't valid perl, you're > >> # going to run into trouble. To check your SiteConfig file, use > >> # this comamnd: > >> # > >> # perl -c /path/to/your/etc/RT_SiteConfig.pm > >> > >> Set( $rtname, 'x'); > >> Set(@Plugins, qw(RT::Authen::ExternalAuth) ); > >> Set($LogToFile , 'debug'); > >> > >> Set($ExternalAuthPriority, ['My_LDAP']); > >> Set($ExternalInfoPriority, ['My_LDAP']); > >> Set($ExternalServiceUsesSSLorTLS, 1); > >> Set($AutoCreateNonExternalUsers, 1); > >> > >> Set($ExternalSettings, { > >> 'My_LDAP' => { ## GENERIC SECTION > >> 'type' => 'ldap', > >> 'server' => 'x', > >> 'user' => 'x', > >> 'pass' => 'x', > >> 'base' => 'x', > >> 'filter' => '(objectclass=user)', > >> 'd_filter' => > >> '(userAccountControl:1.2.840.113556.1.4.803:=2)', > >> 'tls' => 0, > >> 'ssl_version' => 3, > >> 'net_ldap_args' => [ version => 3 ], > >> #'group' => 'GROUP_NAME', > >> #'group_attr' => 'GROUP_ATTR', > >> 'attr_match_list' => [ 'Name', > >> 'EmailAddress', > >> 'RealName', > >> 'WorkPhone', > >> 'Address2' > >> ], > >> 'attr_map' => { 'Name' => 'sAMAccountName', > >> 'EmailAddress' => 'mail', > >> 'Organization' => > >> 'physicalDeliveryOfficeName', > >> 'RealName' => 'cn', > >> 'ExternalAuthId' => > >> 'sAMAccountName', > >> 'Gecos' => > >> 'sAMAccountName', > >> 'WorkPhone' => > >> 'telephoneNumber', > >> 'Address1' => > >> 'streetAddress', > >> 'City' => 'l', > >> 'State' => 'st', > >> 'Zip' => 'postalCode', > >> 'Country' => 'co' > >> } > >> }, > >> > >> } > >> ); > >> > >> 1; > >> > >> RT Training in Washington DC, USA on Oct 25 & 26 2010 > >> Last one this year -- Learn how to get the most out of RT! > > > > > > RT Training in Washington DC, USA on Oct 25 & 26 2010 > > Last one this year -- Learn how to get the most out of RT! > > > > RT Training in Washington DC, USA on Oct 25 & 26 2010 > Last one this year -- Learn how to get the most out of RT!
pgp7lyoEfld5H.pgp
Description: PGP signature
RT Training in Washington DC, USA on Oct 25 & 26 2010 Last one this year -- Learn how to get the most out of RT!
