Re: [rt-users] Name in use

2012-03-21 Thread Diego Roccia 
- Original Message -
 On Tue, Mar 20, 2012 at 12:15:01PM +0100, Diego Roccia wrote:
  I have RT4.0.5 with RT::Authen::ExternalAuth, and I'm experiencing
  exactly this problem
  
  http://lists.fsck.com/pipermail/rt-users/2011-May/070489.html
  
  1 - u...@domain1.com send an email - the user is created and the
  ticket opened
  2 - u...@domain2.com send an email - the user is not created and
  the ticket not opened, because of the Name in use problem
  
  my question is: is possible to have unprivileged users created
  without stripping the @domain.tld part?
 
 Please show a sanitized version of your RT-Authen-ExternalAuth
 configuration.
 
 Also, please show us Name, RealName and EmailAddress for user 1.
 
 -kevin
 

Thanks Guys for your help.
here's the configuration

-cut---cut---cutcut---

Set(@Plugins, qw(RT::Authen::ExternalAuth) );
Set($LdapAutoCreateNonLdapUsers, 0);
Set($AutoCreateNonExternalUsers, 1);
Set($CanonicalizeOnCreate, 0);
Set($ExternalAuthPriority,  [   'My_LDAP' ] );
Set($ExternalInfoPriority,  [   'My_LDAP' ]);
Set($ExternalServiceUsesSSLorTLS,0);
Set($AutoCreateNonExternalUsers,1);
Set($ExternalSettings,  { 'My_LDAP'   =  {   'type'
  =  'ldap',
  'server'=  'XX.XX.XX.XX',
  'user'  =  
'uid=ldapuser,ou=people,dc=subito,dc=it',
  'pass'  =  
'***',
  'base'  =  
'ou=people,dc=subito,dc=it',
  'filter'=  
'(objectClass=organizationalPerson)',
  'tls'   =  1,
  'ssl_version'   =  3,
  'net_ldap_args' = [version =  3 
  ],
  'attr_match_list'   = [ 
'ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 
'Address2'],
  'attr_map'  =   {  'Name' = 
'uid',
  
'EmailAddress' = 'mail',
  
'Organization' = 'ou',
  'RealName' = 
'cn',
  
'ExternalContactInfoId' = 'dn',
  
'ExternalAuthId' = 'uid',
  'WorkPhone' 
= 'telephoneNumber',
  'Signature' 
= 'zimbraPrefMailSignature'}
}
}


-cut---cut---cutcut---

The problems is with emails coming from outside, not my domain.

Thanks

--
Diego Roccia - SystemNetwork Admin - Subito.it

Re: [rt-users] Name in use

2012-03-21 Thread Kevin Falcone 
On Wed, Mar 21, 2012 at 06:50:03PM +0100, Diego Roccia wrote:
 - Original Message -
   'attr_match_list'   = [ 
 'ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 
 'Address2'],

This tells RT that the RealName of any user must be unique.
So, there can only be one Kevin Falcone at your company.
This is unlikely to be what you want.
I suggest you trim that down to Name and EmailAddress (since RT will
enforce EmailAddress uniqueness anyway).

-kevin


pgphM4dFjS5Qa.pgp
Description: PGP signature

[rt-users] Name in use

2012-03-20 Thread Diego Roccia 
Hi All,

I have RT4.0.5 with RT::Authen::ExternalAuth, and I'm experiencing exactly this 
problem

http://lists.fsck.com/pipermail/rt-users/2011-May/070489.html

1 - u...@domain1.com send an email - the user is created and the ticket opened
2 - u...@domain2.com send an email - the user is not created and the ticket 
not opened, because of the Name in use problem

my question is: is possible to have unprivileged users created without 
stripping the @domain.tld part?

thanks

--
Diego Roccia
System  Network Admin - Subito.it 
Via della Moscova 3 - Milano
www.subito.it

Re: [rt-users] Name in use

2012-03-20 Thread Thomas Sibley 
On 03/20/2012 07:15 AM, Diego Roccia wrote:
 I have RT4.0.5 with RT::Authen::ExternalAuth, and I'm experiencing exactly 
 this problem
 
 http://lists.fsck.com/pipermail/rt-users/2011-May/070489.html
 
 1 - u...@domain1.com send an email - the user is created and the ticket 
 opened
 2 - u...@domain2.com send an email - the user is not created and the ticket 
 not opened, because of the Name in use problem

Did you read the rest of the thread?  Click the Next Message link a few
times.

You are probably matching users based on the realname or something else
equally non-unique.  Send your config to the list.

 my question is: is possible to have unprivileged users created without 
 stripping the @domain.tld part?

Yes, that's the default behaviour.

Re: [rt-users] Name in use

2012-03-20 Thread Kevin Falcone 
On Tue, Mar 20, 2012 at 12:15:01PM +0100, Diego Roccia wrote:
 I have RT4.0.5 with RT::Authen::ExternalAuth, and I'm experiencing exactly 
 this problem
 
 http://lists.fsck.com/pipermail/rt-users/2011-May/070489.html
 
 1 - u...@domain1.com send an email - the user is created and the ticket 
 opened
 2 - u...@domain2.com send an email - the user is not created and the ticket 
 not opened, because of the Name in use problem
 
 my question is: is possible to have unprivileged users created without 
 stripping the @domain.tld part?

Please show a sanitized version of your RT-Authen-ExternalAuth
configuration.

Also, please show us Name, RealName and EmailAddress for user 1.

-kevin


pgpzByAVDBFqa.pgp
Description: PGP signature

Re: [rt-users] Name in Use

2011-05-16 Thread Ruslan Zakirov 
Hello,

Recently had a chance to hack on the extension. In the latest
available version you can only update users' info from external source
only by Name. This has been fixed in multiple-emails branch along with
more fixes and new features.

On Fri, May 13, 2011 at 5:34 PM, Giuseppe Sollazzo gsoll...@sgul.ac.uk wrote:
 Ok - there's a problem with this solution.

 If I limit the match to the EmailAddress, ldap data are not imported.

 Is the only solution possible that of using two different definition of the
 ldap, one for auth and one for info?

 Cheers,
 G

 On 12/05/11 16:27, Giuseppe Sollazzo wrote:

 Ah, right.

 I suppose I need to change

 'attr_match_list'           = [    'Name',
                                    'EmailAddress',
                                    'RealName',
                               ],
 to

 'attr_match_list'           = [
                                    'EmailAddress',
                               ],
 ?

 Thanks,
 G

 On 12/05/11 16:17, Thomas Sibley wrote:

 On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:

 Hi,
 I've noticed this behaviour that I'm not sure how to explain.

 I'm experimenting with our externally facing queue. There seems to be a
 problem about people with same name creating tickets as external users.

 I've got this relevant bits of configuration:

 Set( @Plugins, qw(RT::Authen::ExternalAuth));
 Set($ExternalAuthPriority,  [
                                 'My_LDAP'
                             ]
 );
 Set($ExternalInfoPriority,  [
                                 'My_LDAP'
                             ]
 );
 Set($AutoCreateNonExternalUsers,    1);

 Show us the actual config that matters, please.  Your ldap settings for
 My_LDAP.

 The likely problem is that you're matching on Realname, which is almost
 never what you want (as you've found out).

 Thomas




 --
 

 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE

 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583






-- 
Best regards, Ruslan.

Re: [rt-users] Name in Use

2011-05-13 Thread Giuseppe Sollazzo 

Ok - there's a problem with this solution.

If I limit the match to the EmailAddress, ldap data are not imported.

Is the only solution possible that of using two different definition of 
the ldap, one for auth and one for info?


Cheers,
G

On 12/05/11 16:27, Giuseppe Sollazzo wrote:

Ah, right.

I suppose I need to change

'attr_match_list'   = ['Name',
'EmailAddress',
'RealName',
   ],
to

'attr_match_list'   = [
'EmailAddress',
   ],
?

Thanks,
G

On 12/05/11 16:17, Thomas Sibley wrote:

On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:

Hi,
I've noticed this behaviour that I'm not sure how to explain.

I'm experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I've got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority,  [
 'My_LDAP'
 ]
);
Set($ExternalInfoPriority,  [
 'My_LDAP'
 ]
);
Set($AutoCreateNonExternalUsers,1);

Show us the actual config that matters, please.  Your ldap settings for
My_LDAP.

The likely problem is that you're matching on Realname, which is almost
never what you want (as you've found out).

Thomas






--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

[rt-users] Name in Use

2011-05-12 Thread Giuseppe Sollazzo 

Hi,
I've noticed this behaviour that I'm not sure how to explain.

I'm experimenting with our externally facing queue. There seems to be a 
problem about people with same name creating tickets as external users.


I've got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority,  [
'My_LDAP'
]
);
Set($ExternalInfoPriority,  [
'My_LDAP'
]
);
Set($AutoCreateNonExternalUsers,1);


Moreover, Everyone can create tickets on the queue. What happened:
1 - I sent an e-mail from username@ldap from Paul Smith - ticket and 
users were created ok
2 - I sent an e-mail from anot...@different.domain.com from Paul Smith 
- failed as Name in use.
3 - If I send an e-mail from other name/surname, it works providing it's 
not in ldap


More precisely,

[Thu May 12 14:31:27 2011] [debug]: Going to create user with address 
'anot...@different.domain.com' 
(/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:97)
[Thu May 12 14:31:27 2011] [debug]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by 
RT::Authen::ExternalAuth 
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 
553 with: Comments: Autocreated on ticket submission, Disabled: 0, 
EmailAddress: pe...@orkus.it, Name: anot...@different.domain.com, 
Password: , Privileged: 0, RealName: Paul Smith 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Thu May 12 14:31:27 2011] [debug]: Attempting to get user info using 
this external service: My_LDAP 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this 
canonicalization key: Name 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search ===  Base: 
ou=people,o=domain == Filter: 
((uid=*)(uid=anot...@different.domain.com)) == Attrs: 
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this 
canonicalization key: EmailAddress 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search ===  Base: 
ou=people,o=domain == Filter: 
((uid=*)(mail=anot...@different.domain.com)) == Attrs: 
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: *Attempting to use this 
canonicalization key: RealName 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search ===  Base: 
ou=people,o=domain == Filter: ((uid=*)(cn=Paul Smith))* == Attrs: 
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [info]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , 
City: London, Comments: Autocreated on ticket submission, Country: , 
Disabled: 0, EmailAddress: anot...@different.domain.com, ExternalAuthId: 
username, Gecos: Paul Smith, Computing, :  
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Thu May 12 14:31:27 2011] [crit]: U*ser creation failed in mailgateway: 
Name in use* (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:48 2011] [warning]: Couldn't load user 
'anot...@different.domain.com'.giving up 
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:996)
[Thu May 12 14:31:48 2011] [crit]: User  'anot...@different.domain.com' 
could not be loaded in the mail gateway 
(/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:59 2011] [error]: RT could not load a valid user, and 
RT's configuration does not allow
for the creation of a new user for this email 
(anot...@different.domain.com).


You might need to grant 'Everyone' the right 'CreateTicket' for the

I guess the problem is that it does not allow auto creation when it 
finds a user with the same name in the authentication authority... is 
there any chance to disable CanonicalizeUserInfo - providing that is 
responsible? Or maybe using AutoCreateFromExternalUserInfo (even though 
that would not be the behaviour I'd like to activate).


Any suggestion really appreciated!

Best regards,
Giuseppe

--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] Name in Use

2011-05-12 Thread Thomas Sibley 
On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:
 Hi,
 I've noticed this behaviour that I'm not sure how to explain.
 
 I'm experimenting with our externally facing queue. There seems to be a
 problem about people with same name creating tickets as external users.
 
 I've got this relevant bits of configuration:
 
 Set( @Plugins, qw(RT::Authen::ExternalAuth));
 Set($ExternalAuthPriority,  [
 'My_LDAP'
 ]
 );
 Set($ExternalInfoPriority,  [
 'My_LDAP'
 ]
 );
 Set($AutoCreateNonExternalUsers,1);

Show us the actual config that matters, please.  Your ldap settings for
My_LDAP.

The likely problem is that you're matching on Realname, which is almost
never what you want (as you've found out).

Thomas

Re: [rt-users] Name in Use

2011-05-12 Thread Mike Johnson 
It sounds like your matching setup in your LDAP settings is matching to
Paul Smith for both users... try matching to email address.

HTH
MIke.

On Thu, May 12, 2011 at 11:11 AM, Giuseppe Sollazzo gsoll...@sgul.ac.ukwrote:

 Hi,
 I've noticed this behaviour that I'm not sure how to explain.

 I'm experimenting with our externally facing queue. There seems to be a
 problem about people with same name creating tickets as external users.

 I've got this relevant bits of configuration:

 Set( @Plugins, qw(RT::Authen::ExternalAuth));
 Set($ExternalAuthPriority,  [
 'My_LDAP'
 ]
 );
 Set($ExternalInfoPriority,  [
 'My_LDAP'
 ]
 );
 Set($AutoCreateNonExternalUsers,1);


 Moreover, Everyone can create tickets on the queue. What happened:
 1 - I sent an e-mail from username@ldap from Paul Smith - ticket and
 users were created ok
 2 - I sent an e-mail from anot...@different.domain.com from Paul Smith
 - failed as Name in use.
 3 - If I send an e-mail from other name/surname, it works providing it's
 not in ldap

 More precisely,

 [Thu May 12 14:31:27 2011] [debug]: Going to create user with address '
 anot...@different.domain.com'
 (/opt/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:97)
 [Thu May 12 14:31:27 2011] [debug]:
 RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
 RT::Authen::ExternalAuth
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
 553 with: Comments: Autocreated on ticket submission, Disabled: 0,
 EmailAddress: pe...@orkus.it, Name: anot...@different.domain.com,
 Password: , Privileged: 0, RealName: Paul Smith
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
 [Thu May 12 14:31:27 2011] [debug]: Attempting to get user info using this
 external service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
 [Thu May 12 14:31:27 2011] [debug]: Attempting to use this canonicalization
 key: Name
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
 [Thu May 12 14:31:27 2011] [debug]: LDAP Search ===  Base:
 ou=people,o=domain == Filter: ((uid=*)(uid=anot...@different.domain.com))
 == Attrs:
 l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
 [Thu May 12 14:31:27 2011] [debug]: Attempting to use this canonicalization
 key: EmailAddress
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
 [Thu May 12 14:31:27 2011] [debug]: LDAP Search ===  Base:
 ou=people,o=domain == Filter: ((uid=*)(mail=anot...@different.domain.com))
 == Attrs:
 l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
 [Thu May 12 14:31:27 2011] [debug]: *Attempting to use this
 canonicalization key: RealName
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
 [Thu May 12 14:31:27 2011] [debug]: LDAP Search ===  Base:
 ou=people,o=domain == Filter: ((uid=*)(cn=Paul Smith))* == Attrs:
 l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
 [Thu May 12 14:31:27 2011] [info]:
 RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City:
 London, Comments: Autocreated on ticket submission, Country: , Disabled: 0,
 EmailAddress: anot...@different.domain.com, ExternalAuthId: username,
 Gecos: Paul Smith, Computing, :
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
 [Thu May 12 14:31:27 2011] [crit]: U*ser creation failed in mailgateway:
 Name in use* (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)
 [Thu May 12 14:31:48 2011] [warning]: Couldn't load user '
 anot...@different.domain.com'.giving up
 (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:996)
 [Thu May 12 14:31:48 2011] [crit]: User  'anot...@different.domain.com'
 could not be loaded in the mail gateway
 (/opt/rt4/sbin/../lib/RT/Interface/Email.pm:244)
 [Thu May 12 14:31:59 2011] [error]: RT could not load a valid user, and
 RT's configuration does not allow
 for the creation of a new user for this email (
 anot...@different.domain.com).

 You might need to grant 'Everyone' the right 'CreateTicket' for the

 I guess the problem is that it does not allow auto creation when it finds a
 user with the same name in the authentication authority... is there any
 chance to disable CanonicalizeUserInfo - providing that is responsible? Or
 maybe using AutoCreateFromExternalUserInfo (even though that would not be
 the behaviour I'd like to activate).

 Any suggestion really appreciated!

 Best regards,
 Giuseppe

 --
 

 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing

Re: [rt-users] Name in Use

2011-05-12 Thread Giuseppe Sollazzo 

Ah, right.

I suppose I need to change

'attr_match_list'   = ['Name',
'EmailAddress',
'RealName',
   ],
to

'attr_match_list'   = [
'EmailAddress',
   ],
?

Thanks,
G

On 12/05/11 16:17, Thomas Sibley wrote:

On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:

Hi,
I've noticed this behaviour that I'm not sure how to explain.

I'm experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I've got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority,  [
 'My_LDAP'
 ]
);
Set($ExternalInfoPriority,  [
 'My_LDAP'
 ]
);
Set($AutoCreateNonExternalUsers,1);

Show us the actual config that matters, please.  Your ldap settings for
My_LDAP.

The likely problem is that you're matching on Realname, which is almost
never what you want (as you've found out).

Thomas



--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583