-Mathew "When you do things right, people won't be sure you've done anything at all." - God; Futurama
"We'll get along much better once you accept that you're wrong and neither am I." - Me On Mon, Feb 10, 2014 at 1:13 AM, Gerald Vogt <[email protected]> wrote: > On 10.02.2014 09:29, Mathew Snyder wrote: > > A user who sends in an email for the first time should generate an > > unprivileged account which sets the username as the email address. It > > doesn't exist so it should be created. > > The user has been created with e-mail address [email protected] mapping > to user name "user". > > Now the user sends e-mail from e-mail address [email protected] > which you map to the same user "user" with LDAP. That's not supported. > That would mean the same LDAP user has two e-mail addresses. > > You match users in LDAP using either of these attributes: > > 'attr_match_list' => [ > 'Name', > 'EmailAddress', > 'RealName', > ], > > If you don't have the gmail address in LDAP then it's probably the real > name which matches. With your configuration you can only have one RT > account for each real name. Thus if there is another "Mathew Snyder" > with a different e-mail address it gets rejected because again. > > You don't want RealName in attr_match_list unless you are sure that each > real name will only match to a single person with a single e-mail address. > I asked the person that is doing most of the grunt work to look into this. Rather than comment out the RealName setting under attr_match_list he commented it out under attr_map. This seems to have ad the same effect as it no longer creates a second account with the same real name as another that is in LDAP. I'm not entirely sure why RT should care about a person's actual name. The username is really all that is relevant. This seems to be a failure on the designers part, as far as I'm concerned. > > -Gerald > > > > > > > > On Feb 9, 2014 9:09 PM, "Gerald Vogt" <[email protected] > > <mailto:[email protected]>> wrote: > > > > On 10.02.2014 06:46, Mathew Snyder wrote: > > ... > > > [15816] [Fri Feb 7 05:29:01 2014] [debug]: Going to create user > with > > > address '[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>' > > > (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100) > > ... > > > [15816] [Fri Feb 7 05:29:01 2014] [info]: > > > RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments: > > > Autocreated on ticket submission, Disabled: , EmailAddress: > > > [email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>, Name: user, > > Password: , > > > Privileged: , RealName: User Example > > > > > > (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:685) > > > > If these logs are correct then the user has two or more email > addresses > > in LDAP and [email protected] <mailto:[email protected]> is already in > > the RT database. The user > > sends from the second address [email protected] > > <mailto:[email protected]>. This is not > > supported (yet). > > > > Users with multiple email addresses in LDAP are not supported (even > > though some docs say otherwise). We have just discussed this > recently. > > See this thread: > > > > > http://lists.bestpractical.com/pipermail/rt-users/2014-January/082549.html > > > > The user must use the email address in the RT database. Mails from > any > > other email address in LDAP is rejected because the user already > exists > > in the RT database. > > > > You may try to manually create a second RT user with the second email > > address and then use the MergeUser extension to merge the accounts. > > > > -Gerald > > > >
