Are you using apache mod_kerb_auth for authentication? (webexternalauth seems to suggest you do).
I believe that if you do that, by default, the "login" of the user will be the kerberos principal used, including the realm. Ldap and/or the mail gateway might not get the same value (depending on your mapping). Since the email address has to be unique, if the "remote_user" doesn't match the name the rt username, it won't work (creating 2 users with the same email address is not possible, if I'm not mistaken) One thing you can do is add to your apache config the following directive: "KrbLocalUserMapping On". That will set "REMOTE_USER" to just the username part of the principal (no realm). That should make it match between the two (kern and ldap) I hope this puts you on the right track... Jok -- | Joachim Thuau | Linux Systems Administrator / SpaceX | | Cell: 310-890-7937 | Office: 310-363-6153 | -------- RT Training Sessions (http://bestpractical.com/services/training.html) * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Barcelona, Spain November 28 & 29, 2011
