Hello,

I’m using RT 2.1.14 and 2.1.15.
WebExternalAuth = 1 (Apache and LDAP)

How can I change the auto creation behavior?
Using the email address for the username is fine by itself but when a
user successfully authenticates via LDAP using just “rthompson” RT will
complain that the user is not authorized.

I’ve found the following from the archives but they and the directions
were written for 2.1.13 and I think the specified files have changed for
2.1.1[45].
http://lists.fsck.com/pipermail/rt-users/2002-October/010431.html
http://lists.fsck.com/pipermail/rt-devel/2002-May/002357.html

Where is the auto creation handled? I might be able to hack a solution
from there.

Thanks,

Ray Thompson
IPG Shared Services

I’ve found the following from the archives but they and the directions
were written for 2.1.13 and I think the specified files have changed
for 2.1.1[45].
http://lists.fsck.com/pipermail/rt-users/2002-October/010431.html
http://lists.fsck.com/pipermail/rt-devel/2002-May/002357.html

The code snippet you refer to is for 2.0.x, the current stable branch
of rt. 2.1.x is the development branch, also known as 3.0. I believe
everyhting in 2.0.x should be the same (muck with the autohandler),
3.0.x should do it on it’s own, but I don’t know the details.

Where is the auto creation handled? I might be able to hack a
solution from there.

by default RT 2.0.x doesn’t have anything that will do autocreation
for web users. The code snippets you refer to add it to autohandler,
which is the right place for it.

RT 3.0.x does it in autohandler.

seph

seph wrote:

by default RT 2.0.x doesn’t have anything that will do autocreation
for web users.
Not an issue. We’ll be using e-mail most of the time.

The code snippets you refer to add it to autohandler,
which is the right place for it.
I looked through it but didn’t see where users would be auto created.
I’ll look again. Maybe I won’t be able to hack it after all.
Although I am pretty stubborn.

Thanks Seph.

I’m confused about what you’re
asking. I’m going to make a guess, and ask various questions.

What version of RT are you asking about?

You’re original mail said you were using WebExternalAuth, but that
users created via email auto create couldn’t log in? This is because
the autocreated users’s username includes the domain portion. so the
user is “rthompson@interpublic.com” and when apache hands RT
“rthompson” it doesn’t match.

There are 2 ways to fix that. You can set the email autocreation to no
append domain for interpublic.com users (and only those, not appending
domains for all users would be baaaad). Or you can get the get RT to
append interpublic.com to all webauthenticated things. When I had to
solve this, I went the latter route, and you can find my method (for
rt 2.0.x) at
http://lists.fsck.com/pipermail/rt-devel/2002-May/002349.html

If you want to frob the email auto create, I believe you can find it
by tracing rt-mailgate. autohandler is a web thing.

seph

Hello list
Just for the record, here is another solution.

Regards,
Harald

Hi Ray,

Where is the auto creation handled? I might be able to hack a
solution from there.

Have a look at lib/RT/Interface/Email.pm:

Username is the ‘Name’ attribute of the user that RT uses for

things

like authentication

my $Username = undef;

if ($RT::LookupSenderInExternalDatabase) {
($UserFoundInExternalDatabase, %UserInfo) =
RT::LookupExternalUserInfo($Address, $Name);
$Address = $UserInfo{‘EmailAddress’};
$Username = $UserInfo{‘Name’};
}

This means that you’ll have to look at LookupExternalUserInfo(), which
is in etc/config.pm:

I just added the line marked with *:

#Name is the RT username you want to use for this user.
$Name = $EmailAddress;

• $Name =~ s/@.*$//;
  $params{‘Name’} = $Name;

As Steph correctly stated, this is ‘baaad’. But in our environment
where only users from specific domains are allowed to send email to
the queue (and their user part is unique), it’s acceptable.

Regards,
Torsten

Harald Wagener * FCB/Wilkens * An der Alster 42 * 20099 Hamburg