CanonicalizeUserInfo in Email.pm - "Name in use"

Hi!

RT 3.8.1 with RT::Authen::ExternalAuth 0.05

We are having an issue where users can have several mailaliases defined,
and where they have different mailaliases depending on what MUA they are
currently using (like webmail).

Users are properly authenticated on the web interface, and they also
have no problem sending mail to RT, as long as they’re using the email
address defined in RT at createtime (or modified manually in the
preferences), but as soon as they try to send an email to RT with one of
the LDAP defined aliases (specified as ‘mail’ objects) it will be
bounced with the reason ‘Name in use’.

—8<—
Jan 23 18:20:49 ticket RT: Attempting to use this canonicalization key:
EmailAddress
Jan 23 18:20:49 ticket RT: LDAP Search === Base: ou=people,dc=met,dc=no
== Filter: (&(objectClass=posixAccount)(mail=bosse@met.no)) == Attrs
: cn,mail,uid,uid
Jan 23 18:20:49 ticket RT: RT::User::LookupExternalUserInfo : Returning:
EmailAddress: username@met.no, ExternalAuthId: username, Name: username,
RealName: Username Username (/opt/rt3/bin/…/local/lib/RT/User_Vendor.pm:703)
Jan 23 18:20:49 ticket RT: RT::User::CanonicalizeUserInfo returning
Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
username@met.no, ExternalAuthId: username, Name: username, Password: ,
Privileged: 0, RealName: Username Username (/opt/rt3/bin/…/local/lib/RT/User_Vendor.pm:444)
Jan 23 18:20:49 ticket RT: User creation failed in mailgateway: Name in
use (/opt/rt3/bin/…/lib/RT/Interface/Email.pm:244)
—8<—

Any suggestions? It looks to be a bit like this problem:
http://lists.bestpractical.com/pipermail/rt-users/2007-September/047884.html

…/Bosse
Lars Kristian (Bosse) Klykken, Senior Engineer Tel. +47 22963068
Linux Team / Server Operations / IT Department Fax. +47 22696355
Norwegian Meteorological Institute http://www.met.no
P.O. Box 43 Blindern, 0313 Oslo, NORWAY

Lars Kristian Klykken wrote:

Hi!

RT 3.8.1 with RT::Authen::ExternalAuth 0.05

  1. Upgrade to ExtrernalAuth 0.08. EA 0.05 is not supported for use on
    RT-3.8.

  2. Multiple e-mail addresses for a user with the same username is not
    possible at the moment. Primarily because RT does not allow assigning
    multiple e-mail addresses to the same user.

I will be working on functionality for EA 0.09 whereby it will lookup a
user on reception of e-mail, determine if an account already exists with
one of the available e-mail addresses in their LDAP service and if so
log them in with that address, but it is not currently possible in 0.08.
Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

I will be working on functionality for EA 0.09 whereby it will lookup a
user on reception of e-mail, determine if an account already exists with
one of the available e-mail addresses in their LDAP service and if so
log them in with that address, but it is not currently possible in 0.08.

In the meantime, what’s the recommended method for dealing with users
you want to auth via LDAP if they’ve already submitted tickets via
email, and exist in RT because of that?

/chown -R us:us /yourbase

Rob Munsch wrote:> On Thu, Jan 29, 2009 at 12:39 PM, Mike Peachey mike.peachey@jennic.com wrote:

I will be working on functionality for EA 0.09 whereby it will lookup a
user on reception of e-mail, determine if an account already exists with
one of the available e-mail addresses in their LDAP service and if so
log them in with that address, but it is not currently possible in 0.08.

In the meantime, what’s the recommended method for dealing with users
you want to auth via LDAP if they’ve already submitted tickets via
email, and exist in RT because of that?

Change the email address of the email created account to @foo.bar

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Excellent, thanks.

(Are messages sent to the list filtered from coming back to the sender?)On Thu, Jan 29, 2009 at 12:44 PM, Mike Peachey mike.peachey@jennic.com wrote:

Rob Munsch wrote:

On Thu, Jan 29, 2009 at 12:39 PM, Mike Peachey mike.peachey@jennic.com wrote:

I will be working on functionality for EA 0.09 whereby it will lookup a
user on reception of e-mail, determine if an account already exists with
one of the available e-mail addresses in their LDAP service and if so
log them in with that address, but it is not currently possible in 0.08.

In the meantime, what’s the recommended method for dealing with users
you want to auth via LDAP if they’ve already submitted tickets via
email, and exist in RT because of that?

Change the email address of the email created account to @foo.bar


Kind Regards,


Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com


/chown -R us:us /yourbase

If necessary, you can work around the multiple-email addresses issue
as long as emails to the primary email address get to the user in some
way.

In addition to the change I mentioned before, I edited my MailFrom.pm.
Now it checks the ldap server for any user with a forward address
equal to the incoming email. If it finds it, the email is associated
with that user.

The only problem is that the user will be created with the primary
email address, not any of the secondary ones. This means that all
email generated by the system will get sent to the primary email.
Doesn’t matter in my case, since my email server forwards all email to
the secondary address.

Below are my changes for MailFrom.pm:

Find line 72, add:

$RT::Logger->debug(“Now doing initial lookup for email address”);
my ($UserFoundInExternalDatabase, %ExternalUserInfo) =
RT::Authen::ExternalAuth::LDAP::CanonicalizeUserInfo( ‘istmail’,
‘mail’, $Addre
ss );$RT::Logger->debug(“Finished Initial Lookup, Did I find someone?:
” . $UserFoundInExternalDatabase);

if ($UserFoundInExternalDatabase) {
   $Name = $ExternalUserInfo{'Name'} if ($ExternalUserInfo{'Name'});
   $Address  = $ExternalUserInfo{'EmailAddress'} if

($ExternalUserInfo{‘EmailAddress’});
$RealName = $ExternalUserInfo{‘RealName’} if
($ExternalUserInfo{‘RealName’});
$RT::Logger->crit(“I have found the user in the external database”);
}

Replace the $CurrentUser = CreateUser… line with:
$CurrentUser = CreateUser( $Name, $Address, $Name, $Address,
$args{‘Message’} );On Thu, Jan 29, 2009 at 12:49 PM, Rob Munsch rob.munsch@gmail.com wrote:

Excellent, thanks.

(Are messages sent to the list filtered from coming back to the sender?)

On Thu, Jan 29, 2009 at 12:44 PM, Mike Peachey mike.peachey@jennic.com wrote:

Rob Munsch wrote:

On Thu, Jan 29, 2009 at 12:39 PM, Mike Peachey mike.peachey@jennic.com wrote:

I will be working on functionality for EA 0.09 whereby it will lookup a
user on reception of e-mail, determine if an account already exists with
one of the available e-mail addresses in their LDAP service and if so
log them in with that address, but it is not currently possible in 0.08.

In the meantime, what’s the recommended method for dealing with users
you want to auth via LDAP if they’ve already submitted tickets via
email, and exist in RT because of that?

Change the email address of the email created account to @foo.bar


Kind Regards,


Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com



/chown -R us:us /yourbase


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Users are properly authenticated on the web interface, and they also
have no problem sending mail to RT, as long as they’re using the email
address defined in RT at createtime (or modified manually in the
preferences), but as soon as they try to send an email to RT with one of
the LDAP defined aliases (specified as ‘mail’ objects) it will be
bounced with the reason ‘Name in use’.

I have now solved this issue by rewriting the aliases through an LDAP
lookup on the MTA on the RT server. In this case, Postfix.

main.cf:
local_header_rewrite_clients = hash:/etc/postfix/smtpservers
sender_canonical_maps = ldap:/etc/postfix/canonical-ldap.cf

canonical-ldap.cf:
server_host = ldap.example.com
version = 3
search_base = o=example.com
query_filter = mailalternateaddress=%s
result_attribute = mail
domains = example.com

…/Bosse
Lars Kristian (Bosse) Klykken, Senior Engineer Tel. +47 22963068
Server Operations / IT Division Fax. +47 22696355
Norwegian Meteorological Institute, Oslo http://www.met.no

Gentlemen,

I’ve run into this same issue on our setup where we have users who have multiple e-mail addresses defined in ldap and like to use different ones at different times.

A workaround you can do is to setup a canonical rewrite in your MTA to rewrite the “From:” header from any non-primary e-mail address to a primary e-mail address for each of your users. Not ideal, but works. In postfix, it would be something like the following:

In main.cf:
canonical_maps = hash:/etc/postfix/canonical
canonical_classes = envelope_sender, header_sender

Then in /etc/postfix/canonical
# Do this for each user, you’ll want to script it and periodically update maps
secondary_user1@domain user1@domain
tertiary_user1@domain user1@domain
secondary_user2@domain user2@domain
tertiary_user2@domain user2@domain

Note that this doesn’t fix the inability to add secondary addresses into the RT e-mail field in the user interface when creating tickets or adding people. This just works around the incoming mail part.

-Garret

Lars Kristian Klykken wrote:

Hi!

RT 3.8.1 with RT::Authen::ExternalAuth 0.05

  1. Upgrade to ExtrernalAuth 0.08. EA 0.05 is not supported for use on
    RT-3.8.

  2. Multiple e-mail addresses for a user with the same username is not
    possible at the moment. Primarily because RT does not allow assigning
    multiple e-mail addresses to the same user.

I will be working on functionality for EA 0.09 whereby it will lookup a
user on reception of e-mail, determine if an account already exists with
one of the available e-mail addresses in their LDAP service and if so
log them in with that address, but it is not currently possible in 0.08.

Kind Regards,


Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com


Garret W. Huntress
System Administrator / System Developer

Geophysical Laboratory
Carnegie Institution of Washington
5251 Broad Branch Road, NW
Washington, DC 20015

Email: ghuntress@ciw.edu
Phone: (202)-478-8973
AIM: Garret Huntress

Garret Huntress.vcf (17.6 KB)