On Wed, Jul 25, 2012 at 2:59 PM, [email protected] <[email protected]> wrote: > On Wed, Jul 25, 2012 at 02:27:00PM -0400, Asif Iqbal wrote: >> Hi >> >> We started using external auth for ldap auth using >> RT::Authen::ExternalAuth on RT 3.8.2 for more than a month. >> >> Our company name changed, so the email domain name changed from >> foo.com to bar.com >> >> I have user with valid account >> 1893818 muser "User, My" [email protected] >> >> But he failed to create a ticket since his email address is now >> [email protected] >> >> [Wed Jul 25 16:52:46 2012] [info]: >> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments: >> Autocreated on ticket submission, Disa >> bled: , EmailAddress: [email protected], Name: muser, Password: , >> Privileged: , RealName: My User (/opt/rt3/local/plugins/ >> RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:633) >> [Wed Jul 25 16:52:46 2012] [crit]: User creation failed in >> mailgateway: Name in use >> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) >> [Wed Jul 25 16:52:46 2012] [warning]: Couldn't load user >> '[email protected]'.giving up >> (/opt/rt3/bin/../lib/RT/Interface/Email.pm: >> 806) >> [Wed Jul 25 16:52:46 2012] [crit]: User '[email protected]' could >> not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Inter >> face/Email.pm:244) >> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user, >> and RT's configuration does not allow >> for the creation of a new user for this email ([email protected]). >> >> You might need to grant 'Everyone' the right 'CreateTicket' for the >> queue syshelp. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) >> [Wed Jul 25 16:52:46 2012] [error]: RT could not load a valid user, >> and RT's configuration does not allow >> for the creation of a new user for your email. >> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) >> [Wed Jul 25 16:52:46 2012] [error]: Could not record email: Could not >> load a valid user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75 >> ) >> >> >> Should I change the matching restriction on the config file from >> >> # to just the Name and EmailAddress to save >> encountering problems later. >> 'attr_match_list' => [ 'Name', >> 'EmailAddress', >> 'RealName', >> ], >> # The mapping of RT attributes on to LDAP attributes >> 'attr_map' => { 'Name' => 'uid', >> 'EmailAddress' >> => 'mail', >> 'RealName' => 'cn', >> } >> >> >> to just username which never changed ? >> >> # to just the Name and EmailAddress to save >> encountering problems later. >> 'attr_match_list' => [ 'Name', >> >> ], >> # The mapping of RT attributes on to LDAP attributes >> 'attr_map' => { 'Name' => 'uid', >> >> } >> >> In this case user real name (cn) is different in ldap that auto >> created real name that was picked up from email address. >> >> Please advise. >> > > We added an LDAP lookup and some logic to CanonicalizeEmailAddress() > to map both the old and new Email addresses to the new Email address > and allow both to be valid for ticket creation. In our case we were > having different valid addresses due to users changing their preferred > Email address. The change hit LDAP first and only hit RT during the > nightly update.
that's what I asked in #rt channel and got no response. so kind a like pam stacking. check ldap, if fails then check local. make sense. is it possible to share that snippet? > > Regards, > Ken -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
