Company keeps changing is name/email addresses -> User creation failed in mailgateway: Name in use?

RT Users
1

Hi
I am using RT 4.0.5-3 from debian squeeze-backports and ExternalAuth

I have the following LDAP settings, and RT is successfully
authenticating users again Microsoft AD.

my LDAP settings
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [ ‘My_LDAP’]);
Set($AutoCreateNonExternalUsers, 1); I think maybe this shouldn’t be
necessary.
Then the My_LDAP stuff including this:-
‘attr_match_list’ => [‘Name’,‘EmailAddress’],
‘attr_map’ => {‘Name’ => ‘sAMAccountName’,‘EmailAddress’ => ‘mail’,}

I have privileges users who can log into the the web GUI and work on
tickets.
I have autogenerated users who have emailed the system. They do not
need the web GUI at all. In fact they don’t have the ssl client cert
that they would need to get to the server.

The problem is that the company keeps changing its name, and so one
person can have had me.person@x.co.uk, me.person@y.com and
me.person@z.co.uk over the last two years. This same person would exist
only once as mperson in AD.

I think that this is why I often get this error when someone emails the
system.
[info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
me.person@z.xo.uk, Name: mperson, Password: , Privileged: 0, RealName:
(/user/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[crit]: User creation failed in mailgateway: Name in use
(/usr/localshare/request-tracker4/lib/RT/Interface/Email.pm:245)
[warning]: Couldn’t load user ‘me.person@z.co.uk’. giving up

I am tempted to remove ‘Name’ from the attr_match_list but I’m not
exactly sure what will happen. Additionally the privileged users are
using their AD username on the GUI login which I guess is the same as
sAMAccountName. I have noticed that when open a privileged user opens a
ticket that RT will attempt to display the users real name or AD
username rather than their email address, but actually I don’t need it
to do that.

To be honest the only reason for the AD connection is so that I don’t
have to do password management for privileged users. I don’t think that
I need AD lookup for non-privileged users at all. Is it easy to have
one without the other?

I also had a look in Email.pm and under sub CreateUser if has things
like Name => ( $Username || $Address ), EmailAddress => $Address,
RealName => $Name which I’m afraid I don’t understand.

Can anyone explain to me what “name” actually means in the context of
the error log “Name in use”?

Can anyone tell me maybe how I get RT to treat the three email addresses
but same AD username either in a way that RT can handle, or ignore the
AD username and just use email address, or as three seperate users? or
if there is some other solution, or if maybe I am barking up the wrong
tree entirely.

thanks, Philip

2

Hi
I am using RT 4.0.5-3 from debian squeeze-backports and ExternalAuth
pointing at the company AD.

I’m not much of a database admin. The database is mysql 5.1.63.

Can someone tell me the commands that would tell me:-

All users
whether they are privileged or not?
what RT thinks their AD username is?
what RT thinks their email address is?

thanks, Philip

3

I managed to dump out usernames by logging in as root in the web GUI and
doing a user search.
Job done

regards, PhilipOn 18/01/13 12:55, Philip wrote:

Hi
I am using RT 4.0.5-3 from debian squeeze-backports and ExternalAuth
pointing at the company AD.

I’m not much of a database admin. The database is mysql 5.1.63.

Can someone tell me the commands that would tell me:-

All users
whether they are privileged or not?
what RT thinks their AD username is?
what RT thinks their email address is?

thanks, Philip

4

I found that when I searched for users by
select_user->email_address_matches->@companyy.com that there were two
categories of user.

  1. The username was a.person@companyy.com I think that these users had
    been created without a successful AD lookup.
    When such a person sent another email from a.person@companyz.co.uk RT
    treated them as a totally new user and now they exist twice. However
    the user isn’t aware of this and it is all fine.

  2. The username was bperson and their email address was
    b.person@companyy.com
    In this case it seems that when that user then sends an email from
    b.person@companyz.co.uk that RT does an AD lookup and figures out they
    are bperson but it can’t update their email address or something…
    Anyway by changing their email address to b.person@companyz.co.uk it
    makes their account work again.

This may all be linked to a time when AD lookups were unreliable. It
seems that the ones that didn’t work have two accounts but the better
user experience.

I would like to understand if there is a way that if someone has an
existing account that matches an AD identity, and, if their email
address changes, and when they send an email to RT if RT can find them
in RT could it not update their email address automatically?

thanks, PhilipOn 17/01/13 17:30, Philip wrote:

Hi
I am using RT 4.0.5-3 from debian squeeze-backports and ExternalAuth

I have the following LDAP settings, and RT is successfully
authenticating users again Microsoft AD.

my LDAP settings
Set($ExternalAuthPriority, [‘My_LDAP’]);
Set($ExternalInfoPriority, [ ‘My_LDAP’]);
Set($AutoCreateNonExternalUsers, 1); I think maybe this shouldn’t be
necessary.
Then the My_LDAP stuff including this:-
‘attr_match_list’ => [‘Name’,‘EmailAddress’],
‘attr_map’ => {‘Name’ => ‘sAMAccountName’,‘EmailAddress’ => ‘mail’,}

I have privileges users who can log into the the web GUI and work on
tickets.
I have autogenerated users who have emailed the system. They do not need
the web GUI at all. In fact they don’t have the ssl client cert that
they would need to get to the server.

The problem is that the company keeps changing its name, and so one
person can have had me.person@x.co.uk, me.person@y.com and
me.person@z.co.uk over the last two years. This same person would exist
only once as mperson in AD.

I think that this is why I often get this error when someone emails the
system.
[info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
me.person@z.xo.uk, Name: mperson, Password: , Privileged: 0, RealName:
(/user/local/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)

[crit]: User creation failed in mailgateway: Name in use
(/usr/localshare/request-tracker4/lib/RT/Interface/Email.pm:245)
[warning]: Couldn’t load user ‘me.person@z.co.uk’. giving up

I am tempted to remove ‘Name’ from the attr_match_list but I’m not
exactly sure what will happen. Additionally the privileged users are
using their AD username on the GUI login which I guess is the same as
sAMAccountName. I have noticed that when open a privileged user opens a
ticket that RT will attempt to display the users real name or AD
username rather than their email address, but actually I don’t need it
to do that.

To be honest the only reason for the AD connection is so that I don’t
have to do password management for privileged users. I don’t think that
I need AD lookup for non-privileged users at all. Is it easy to have one
without the other?

I also had a look in Email.pm and under sub CreateUser if has things
like Name => ( $Username || $Address ), EmailAddress => $Address,
RealName => $Name which I’m afraid I don’t understand.

Can anyone explain to me what “name” actually means in the context of
the error log “Name in use”?

Can anyone tell me maybe how I get RT to treat the three email addresses
but same AD username either in a way that RT can handle, or ignore the
AD username and just use email address, or as three seperate users? or
if there is some other solution, or if maybe I am barking up the wrong
tree entirely.

thanks, Philip