On Wed, Jul 25, 2012 at 02:27:00PM -0400, Asif Iqbal wrote:
> Hi
>
> We started using external auth for ldap auth using
> RT::Authen::ExternalAuth on RT 3.8.2 for more than a month.
>
> Our company name changed, so the email domain name changed from
> foo.com to bar.com
>
> I have user with valid account
> 1893818 muser "User, My" my.u...@foo.com
>
> But he failed to create a ticket since his email address is now
> my.u...@bar.com
>
> [Wed Jul 25 16:52:46 2012] [info]:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
> Autocreated on ticket submission, Disa
> bled: , EmailAddress: my.u...@bar.com, Name: muser, Password: ,
> Privileged: , RealName: My User (/opt/rt3/local/plugins/
> RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:633)
> [Wed Jul 25 16:52:46 2012] [crit]: User creation failed in
> mailgateway: Name in use
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [warning]: Couldn't load user
> 'my.u...@bar.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:
> 806)
> [Wed Jul 25 16:52:46 2012] [crit]: User 'my.u...@example.com' could
> not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Inter
> face/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user,
> and RT's configuration does not allow
> for the creation of a new user for this email (my.u...@example.com).
>
> You might need to grant 'Everyone' the right 'CreateTicket' for the
> queue syshelp. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user,
> and RT's configuration does not allow
> for the creation of a new user for your email.
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
> [Wed Jul 25 16:52:46 2012] [error]: Could not record email: Could not
> load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75
> )
>
>
> Should I change the matching restriction on the config file from
>
> # to just the Name and EmailAddress to save
> encountering problems later.
> 'attr_match_list' => [ 'Name',
> 'EmailAddress',
> 'RealName',
> ],
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'uid',
> 'EmailAddress'
> => 'mail',
> 'RealName' => 'cn',
> }
>
>
> to just username which never changed ?
>
> # to just the Name and EmailAddress to save
> encountering problems later.
> 'attr_match_list' => [ 'Name',
>
> ],
> # The mapping of RT attributes on to LDAP attributes
> 'attr_map' => { 'Name' => 'uid',
>
> }
>
> In this case user real name (cn) is different in ldap that auto
> created real name that was picked up from email address.
>
> Please advise.
>
We added an LDAP lookup and some logic to CanonicalizeEmailAddress()
to map both the old and new Email addresses to the new Email address
and allow both to be valid for ticket creation. In our case we were
having different valid addresses due to users changing their preferred
Email address. The change hit LDAP first and only hit RT during the
nightly update.
Regards,
Ken
