Re: [rt-users] Odd Account Behavior after Active Directory Migration

[Thomas Simmons]

On Fri, Feb 22, 2013 at 3:36 PM, Thomas Simmons <twsn...@gmail.com> wrote:

> On Thu, Feb 21, 2013 at 1:58 PM, Thomas Sibley <t...@bestpractical.com>wrote:
>
>> On 02/21/2013 09:07 AM, Thomas Simmons wrote:
>> > Hello,
>> > Just wanted to send a follow up. I'm really stumped one this and I
>> > really am open to any ideas.
>>
>> The information you sent is great, but for anyone to start to help,
>> you're also going to need to provide detailed logs from RT and possibly
>> AD.  Since you're on an ancient RT version and not using a standard LDAP
>> auth solution for newer versions, I suggest you also provide the list
>> with the two customized files you noted.
>>
>>
>> Hello,
> I'm not sure what changed, but "create on email" is consistently working.
> I am still having a problem with users not being creating when assigning
> someone as a requestor (using their email) or when a user tries logging
> into the web interface. I have attached some log snippets of these three
> things occurring, along with my RT_SiteConfig.pm. This is specifically
> confusing (from create on login):
>
> Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
> (/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
> Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
> (/opt/rt3/share/html/autohandler:251)
>
> I then check MySQL and see this user was in fact, not created. Thank you
> for your help.
>
> Create on email (Working)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.a.u...@example.com" by RT::CurrentUser
> /opt/rt3/lib/RT/CurrentUser.pm 218
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.a.u...@example.com =>  
> test.a.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo  called by
> RT::User /opt/rt3/lib/RT/User_Overlay.pm 192 with: Comments: Autocreated on
> ticket submission, Disabled: 0, EmailAddress: test.a.u...@example.com,
> Name: test.a.u...@example.com, Password: , Privileged: 0, RealName: "Test
> A. User"
> Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
> baseDN "cn=Users,dc=internal,dc=example,dc=com" and filter "sAMAccountName=
> test.a.u...@example.com" by RT::User /opt/rt3/lib/RT/User_Local.pm 394
> Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
> cn=Users,dc=internal,dc=example,dc=com sAMAccountName=
> test.a.u...@example.com =>  EmailAddress: , Name: , RealName:
> (/opt/rt3/lib/RT/User_Local.pm:563)
> Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
> baseDN "cn=Users,dc=internal,dc=example,dc=com" and filter "mail=
> test.a.u...@example.com" by RT::User /opt/rt3/lib/RT/User_Local.pm 394
> Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
> cn=Users,dc=internal,dc=example,dc=com mail=test.a.u...@example.com =>
> Address1: , Address2: , EmailAddress: test.a.u...@example.com,
> ExternalAuthId: tauser, ExternalContactInfoId: CN=Test A.
> User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
> Organization: , RealName: Test A. User, WorkPhone:
> (/opt/rt3/lib/RT/User_Local.pm:563)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.a.u...@example.com" by RT::User /opt/rt3/lib/RT/User_Local.pm
> 403
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.a.u...@example.com =>  
> test.a.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo returning
> Address1: , Address2: , Comments: Autocreated on ticket submission,
> Disabled: 0, EmailAddress: test.a.u...@example.com, ExternalAuthId:
> tauser, ExternalContactInfoId: CN=Test A.
> User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
> Organization: , Password: , Privileged: 0, RealName: Test A. User,
> WorkPhone:  (/opt/rt3/lib/RT/User_Local.pm:412)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.a.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 196
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.a.u...@example.com =>  
> test.a.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.a.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.a.u...@example.com =>  
> test.a.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.a.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.a.u...@example.com =>  
> test.a.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
> #43219
> Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
> #43220
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.a.u...@example.com" by RT::CurrentUser
> /opt/rt3/lib/RT/CurrentUser.pm 218
> Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.a.u...@example.com =>  
> test.a.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
> #43221
> Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
> #43222
> Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
> #43223
> Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
> #43224
> Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
> #43225
> Feb 22 14:08:06 helpdesk RT: About to prepare scrips for transaction
> #43225
> Feb 22 14:08:06 helpdesk RT: Found 4 scrips
> Feb 22 14:08:07 helpdesk RT: About to commit scrips for transaction
> #43225
> Feb 22 14:08:07 helpdesk RT: <
> rt-3.6.5-6476-1361560086-1540.3155-...@example.com> #3155/43225 - Scrip
> 3  (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
> Feb 22 14:08:07 helpdesk RT: <
> rt-3.6.5-6476-1361560086-1540.3155-...@example.com> sent  To:
> test.a.u...@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
> Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
> #43226
> Feb 22 14:08:07 helpdesk RT: <
> rt-3.6.5-6476-1361560086-1904.3155-...@example.com> #3155/43225 - Scrip
> 4  (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
> Feb 22 14:08:07 helpdesk RT: <
> rt-3.6.5-6476-1361560086-1904.3155-...@example.com> No recipients found.
> Not sending. (/opt/rt3/lib/RT/Action/SendEmail.pm:264)
> Feb 22 14:08:07 helpdesk RT: <
> rt-3.6.5-6476-1361560087-57.3155-1...@example.com> #3155/43225 - Scrip 15
> NotifyByEmailOnCreate (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
> Feb 22 14:08:07 helpdesk RT: <
> rt-3.6.5-6476-1361560087-57.3155-1...@example.com> sent  To:
> remo...@gmail.com,remo...@gmail.com(/opt/rt3/lib/RT/Action/SendEmail.pm:283)
> Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
> #43227
> Feb 22 14:08:07 helpdesk RT: Ticket 3155 created in queue 'General' by
> tauser (/opt/rt3/lib/RT/Ticket_Overlay.pm:756)
> Feb 22 14:08:13 helpdesk RT: RT::Date used date::parse to make 1970-01-01
> 18000
> Feb 22 14:08:30 helpdesk RT: RT::Date used date::parse to make 1970-01-01
> 18000
> Feb 22 14:09:28 helpdesk RT: RT::Date used date::parse to make 1970-01-01
> 18000
> Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
> #43228
> Feb 22 14:10:03 helpdesk RT: About to prepare scrips for transaction
> #43228
> Feb 22 14:10:03 helpdesk RT: Found 2 scrips
> Feb 22 14:10:03 helpdesk RT: About to commit scrips for transaction
> #43228
> Feb 22 14:10:03 helpdesk RT: <
> rt-3.6.5-6276-1361560203-830.3155-1...@example.com> #3155/43228 - Scrip
> 10  (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
> Feb 22 14:10:03 helpdesk RT: <
> rt-3.6.5-6276-1361560203-830.3155-1...@example.com> sent  To:
> test.a.u...@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
> Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
> #43229
> Feb 22 14:10:50 helpdesk RT: RT::Date used date::parse to make 1970-01-01
> 18000
>
> Create when added as a watcher (Not Working)
> Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::Ticket
> /opt/rt3/lib/RT/Ticket_Overlay.pm 1350
> Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:02:46 helpdesk RT:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
> RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
> with: Comments: Autocreated when added as a watcher, Disabled: ,
> EmailAddress: test.b.u...@example.com, Name: test.b.u...@example.com,
> Privileged: , RealName: test.b.u...@example.com
> Feb 22 14:02:46 helpdesk RT: Attempting to get user info using this
> external service:
> Feb 22 14:02:46 helpdesk RT:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
> Autocreated when added as a watcher, Disabled: , EmailAddress:
> test.b.u...@example.com, Name: test.b.u...@example.com, Privileged: ,
> RealName: 
> test.b.u...@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
> Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:02:51 helpdesk RT: Failed to create user test.b.u...@example.com:
> Could not set user info (/opt/rt3/lib/RT/User_Overlay.pm:617)
> Feb 22 14:02:51 helpdesk RT: Could not load create a user with the email
> address 'test.b.u...@example.com' to add as a watcher for ticket 3090
> (/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
> Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::Ticket
> /opt/rt3/lib/RT/Ticket_Overlay.pm 1350
> Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:05:42 helpdesk RT:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
> RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
> with: Comments: Autocreated when added as a watcher, Disabled: ,
> EmailAddress: test.b.u...@example.com, Name: test.b.u...@example.com,
> Privileged: , RealName: test.b.u...@example.com
> Feb 22 14:05:42 helpdesk RT: Attempting to get user info using this
> external service:
> Feb 22 14:05:42 helpdesk RT:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
> Autocreated when added as a watcher, Disabled: , EmailAddress:
> test.b.u...@example.com, Name: test.b.u...@example.com, Privileged: ,
> RealName: 
> test.b.u...@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
> Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
> with "test.b.u...@example.com" by RT::User
> /opt/rt3/lib/RT/User_Overlay.pm 563
> Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress
> test.b.u...@example.com =>  
> test.b.u...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
> Feb 22 14:05:47 helpdesk RT: Failed to create user test.b.u...@example.com:
> Could not set user info (/opt/rt3/lib/RT/User_Overlay.pm:617)
> Feb 22 14:05:47 helpdesk RT: Could not load create a user with the email
> address 'test.b.u...@example.com' to add as a watcher for ticket 3090
> (/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
> Feb 22 14:07:46 helpdesk RT: RT::Date used date::parse to make 1970-01-01
> 18000
>
> Create on login (Not Working)
> Feb 22 13:23:02 helpdesk RT: Autohandler called ExternalAuth. Response:
> (0, ExternalAuthPriority not defined, please check your configuration
> file.)
> Feb 22 13:23:02 helpdesk RT: Transaction->Create couldn't, as you didn't
> specify an object type and id (/opt/rt3/lib/RT/Record.pm:1481)
> Feb 22 13:23:02 helpdesk RT: Trying LDAP authentication
> Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword Found LDAP DN:
> CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com
> Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword AUTH OK: tcuser
> (CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com)
> (/opt/rt3/lib/RT/User_Local.pm:223)
> Feb 22 13:23:02 helpdesk RT: RT::User::IsPassword auth method
> IsLDAPPassword SUCCEEDED
> Feb 22 13:23:02 helpdesk RT:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
> RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
> with: Disabled: , EmailAddress: , Gecos: tcuser, Name: tcuser,
> Privileged:
> Feb 22 13:23:02 helpdesk RT: Attempting to get user info using this
> external service:
> Feb 22 13:23:02 helpdesk RT:
> RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
> EmailAddress: , Gecos: tcuser, Name: tcuser, Privileged:
> (/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
> Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
> (/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
> Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
> (/opt/rt3/share/html/autohandler:251)
>
> RT_SiteConfig.pm
> # /etc/request-tracker3.6/RT_SiteConfig.pm
> Set($rtname, 'helpdesk.example.com');
> Set($Organization, 'example.com');
> Set($CorrespondAddress , 'rt');
> Set($CommentAddress , 'rt-comment');
> Set($Timezone , 'US/Eastern');
> Set($DatabaseType, 'mysql'); # e.g. Pg or mysql
> Set($DatabaseUser , 'rtuser');
> Set($DatabasePassword , 'super_duper_secret_password');
> Set($DatabaseName , 'rtdb');
> Set($WebPath , "/rt");
> Set($WebBaseURL , "https://helpdesk.example.com";);
> Set($AuthMethods, ['LDAP', 'Internal']);
> Set($LdapExternalAuth, 1);
> Set($LdapExternalInfo, 1);
> Set($LdapAutoCreateNonLdapUsers, 0);
> Set($LdapAttrMap, {'Name' => 'sAMAccountName',
>                    'EmailAddress' => 'mail',
>                    'Organization' => 'company',
>                    'RealName' => 'displayName',
>                    'ExternalContactInfoId' => 'distinguishedName',
>                    'ExternalAuthId' => 'sAMAccountName',
>                    'Gecos' => 'sAMAccountName',
>                    'WorkPhone' => 'telephoneNumber',
>                    'Address1' => 'streetAddress',
>                    'Address2' => 'streetAddress'}
> );
> Set($LdapRTAttrMatchList, ['Name', 'EmailAddress']
> );
> Set($LdapEmailAttrMatchList, ['mail']
> );
> Set($LdapServer, 'ldap://dc1.internal.example.com');
> Set($LdapBase, 'cn=Users,dc=internal,dc=example,dc=com');
> Set($LdapFilter, '(objectclass=user)');
> Set($LdapUser, 'cn=rtbind,cn=Users,dc=internal,dc=example,dc=com');
> Set($LdapPass, 'super_secret_password');
> 1;
>
>>
>>
>> --
>> RT training in Amsterdam, March 20-21:
>> http://bestpractical.com/services/training.html
>>
>> Help improve RT by taking our user survey:
>> https://www.surveymonkey.com/s/N23JW9T
>>
>
> Hello,
It seems I was wrong about mail working 100% of the time. I have made no
changes since my last email and noticed the following when a user tried
submitting a request via email today. This person is a long-time employee
whose account existed before the Samba3 + OpenLDAP to Samba4 (Active
Directory) migration, but had never used RT. Based on what I'm seeing now,
it appears that create-on-email works for domain users who have been
created since the migration, while those who existed previously are having
problems. However, it could also be complete coincidence. The inconsistency
of this problem has made it very difficult to pinpoint exact behavior and
led to my own confusion at times.

Feb 26 17:00:04 helpdesk RT: Converting 'us-ascii' to 'utf-8' for
text/plain - VPN Connection Error
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with "s.ma...@example.com" by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
s.ma...@example.com =>  s.ma...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 26 17:00:04 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
called by RT::Authen::ExternalAuth
/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682 with: Comments:
Autocreated on ticket submission, Disabled: , EmailAddress:
s.ma...@example.com, Name: s.ma...@example.com, Password: , Privileged: ,
RealName: s.ma...@example.com
Feb 26 17:00:04 helpdesk RT: Attempting to get user info using this
external service:
Feb 26 17:00:04 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
returning Comments: Autocreated on ticket submission, Disabled: ,
EmailAddress: s.ma...@example.com, Name: s.ma...@example.com, Password: ,
Privileged: , RealName:
s.ma...@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with "s.ma...@example.com" by RT::User /opt/rt3/lib/RT/User_Overlay.pm 563
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
s.ma...@example.com =>  s.ma...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 26 17:00:04 helpdesk RT: User creation failed in mailgateway: Could not
set user info (/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with "s.ma...@example.com" by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
s.ma...@example.com =>  s.ma...@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 26 17:00:04 helpdesk RT: Couldn't load user 's.ma...@example.com'.giving
up (/opt/rt3/lib/RT/Interface/Email.pm:329)
Feb 26 17:00:04 helpdesk RT: User  's.ma...@example.com' could not be
loaded in the mail gateway (/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:04 helpdesk RT: RT could not load a valid user, and RT's
configuration does not allow for the creation of a new user for this email (
s.ma...@example.com).  You might need to grant 'Everyone' the right
'CreateTicket' for the queue General.
(/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:04 helpdesk RT: RT could not load a valid user, and RT's
configuration does not allow for the creation of a new user for your email.
(/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:05 helpdesk RT: Could not record email: Could not load a valid
user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)

As you can see, this person is in Active Directory and all of the
attributes required by my RT setup are correct.

helpdesk:~# ldapsearch -x -LLL -D example\\Administrator -b
cn=Users,dc=internal,dc=example,dc=com \(mail=s.ma...@example.com\) mail
sAMAccountName displayName distinguishedName objectClass -W
Enter LDAP Password:

dn: CN=Removed Marsh,CN=Users,DC=internal,DC=example,DC=com
sAMAccountName: s.marsh
displayName: Removed Marsh
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
mail: s.ma...@example.com
distinguishedName: CN=Steven Marsh,CN=Users,DC=internal,DC=example,DC=com


-- 
RT training in Amsterdam, March 20-21: 
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T