Hi
I am using RT 4.0.5-3 from debian squeeze-backports and ExternalAuth
I have the following LDAP settings, and RT is successfully
authenticating users again Microsoft AD.
my LDAP settings
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, [ 'My_LDAP']);
Set($AutoCreateNonExternalUsers, 1); I think maybe this shouldn't be
necessary.
Then the My_LDAP stuff including this:-
'attr_match_list' => ['Name','EmailAddress'],
'attr_map' => {'Name' => 'sAMAccountName','EmailAddress' =>
'mail',}
I have privileges users who can log into the the web GUI and work on
tickets.
I have autogenerated users who have emailed the system. They do not
need the web GUI at all. In fact they don't have the ssl client cert
that they would need to get to the server.
The problem is that the company keeps changing its name, and so one
person can have had [email protected], [email protected] and
[email protected] over the last two years. This same person would exist
only once as mperson in AD.
I think that this is why I often get this error when someone emails the
system.
[info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
[email protected], Name: mperson, Password: , Privileged: 0, RealName:
(/user/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[crit]: User creation failed in mailgateway: Name in use
(/usr/localshare/request-tracker4/lib/RT/Interface/Email.pm:245)
[warning]: Couldn't load user '[email protected]'. giving up
I am tempted to remove 'Name' from the attr_match_list but I'm not
exactly sure what will happen. Additionally the privileged users are
using their AD username on the GUI login which I guess is the same as
sAMAccountName. I have noticed that when open a privileged user opens a
ticket that RT will attempt to display the users real name or AD
username rather than their email address, but actually I don't need it
to do that.
To be honest the only reason for the AD connection is so that I don't
have to do password management for privileged users. I don't think that
I need AD lookup for non-privileged users at all. Is it easy to have
one without the other?
I also had a look in Email.pm and under sub CreateUser if has things
like Name => ( $Username || $Address ), EmailAddress => $Address,
RealName => $Name which I'm afraid I don't understand.
Can anyone explain to me what "name" actually means in the context of
the error log "Name in use"?
Can anyone tell me maybe how I get RT to treat the three email addresses
but same AD username either in a way that RT can handle, or ignore the
AD username and just use email address, or as three seperate users? or
if there is some other solution, or if maybe I am barking up the wrong
tree entirely.
thanks, Philip
