'Couldn't create user' 'Email address in use' lib/RT/Authen/ExternalAuth.pm:355

DennisL · June 12, 2018, 2:33pm

Hi folks,

I have issues when trying to login using AD (LDAP).
I can see the user’s information while log-in process. The user was imported by rt-ldapimport --import.
The whole thing is running on Ubuntu 18.04, rt 4.4.2.-2 using packages maintained by distribution.

What I don’t get is, the user is found as you can see below, but it breaks with
Couldn’t create user ExampleAD-User: Email address in use (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm
I also tried to delete and re-import the user again with same outcome.

Here’s a sniplet of the log file /var/log/request-tracker4/rt.log

[28976] [Tue Jun 12 14:12:12 2018] [debug]: Attempting to get user info using this external service: My_LDAP (/usr/share/request-tracker4/lib/RT/User.pm:756)
[28976] [Tue Jun 12 14:12:12 2018] [debug]: Attempting to use this canonicalization key: Name (/usr/share/request-tracker4/lib/RT/User.pm:765)
[28976] [Tue Jun 12 14:12:12 2018] [debug]: LDAP Search ===  Base: ou=MyOU,dc=comp,dc=de == Filter: (&(objectClass=user)(sAMAccountName=ExampleAD-User)) == Attrs: l,streetAddress,mail,telephoneNumber,co,st,cn,postalCode,sAMAccountName (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth/LDAP.pm:404)
[28976] [Tue Jun 12 14:12:12 2018] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Address1: street1, City: MyCity, Country: Germany, Disabled: , EmailAddress: ExampleAD-User@example.com, Gecos: ExampleAD-User, Name: ExampleAD-User, Privileged: 1, RealName: ExampleAD-User, State: MyCity, WorkPhone: +1122, Zip: 012 (/usr/share/request-tracker4/lib/RT/User.pm:824)
**[28976] [Tue Jun 12 14:12:12 2018] [error]: Couldn't create user ExampleAD-User: Email address in use (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:355)**
[28976] [Tue Jun 12 14:12:12 2018] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker4/html/Elements/DoAuth:58)
[28976] [Tue Jun 12 14:12:12 2018] [error]: FAILED LOGIN for ExampleAD-User from 10.10.254.77 (/usr/share/request-tracker4/lib/RT/Interface/Web.pm:828)

Here’s the code for ExternalAuth:

Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);

Set($ExternalSettings, {
    'My_LDAP'       =>  {
        'type'          =>  'ldap',
        'server'        =>  '<Ip of AD server>',
        'user'          =>  'username',
        'pass'          =>  'mypasswd',
        'base'          =>  'ou=MyOU,dc=comp,dc=de',
        'filter'  =>  '(objectClass=user)',
        'd_filter'      =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
        'tls'           =>  0,
        'net_ldap_args' => [    version =>  3   ],
        'attr_match_list'  => [
            'Name',
            'EmailAddress',
        ],
        'attr_map' => {
            'Name'         => 'sAMAccountName',
            'EmailAddress' => 'mail',
            'RealName'     => 'cn',
            'WorkPhone'    => 'telephoneNumber',
            'Address1'     => 'streetAddress',
            'City'         => 'l',
            'State'        => 'st',
            'Zip'          => 'postalCode',
            'Country'      => 'co',
        },
    },
} );

What’s wrong?

G.Booth · June 12, 2018, 2:52pm

Hi Dennis

Looks like the email of the user you are trying to create has been used by another er user

[28976] [Tue Jun 12 14:12:12 2018] [error]: Couldn’t create user ExampleAD-User: Email address in use (/usr/share/request-tracker4/lib/RT/Authen/ExternalAuth.pm:355)

regards
Garry

DennisL · June 12, 2018, 5:59pm

Hi Gary,

that’s very hard to believe. Of course I anonymized the output. The affected (AD-) user is mine.

I also checked another user, which is only for testing purpose generated. Same there.

BR Dennis

DennisL · June 12, 2018, 7:33pm

SOLVED!

It was the script rt-ldapimport --import, which also sets the email address values in the Users’s table in the database - here sqlite3.

After resetting the email address value

update Users set EmailAddress='';

I could log-in as the designated user I intended in the first place. The weird thing is, though its email address was reset, I could see an email address value of the user’s view in the rt web-interface, when I wanted to make same changes on that user.

I would highly recommend to check that script. If some developers are reading this, you may want to take a look