Email address updating with RT::Authen::ExternalAuth


Our organisation was recently merged with another, and we have a lot of
email address updates coming. Normally I could just do a straight s/ in the database, but there will be unpredictable changes
in naming conventions where there are collisions. For instance will become where there’s already a Joe
Bloggs in the new organisation.

The RT user table is populated from AD with the ExternalAuth plugin, on
user action (not syncing, as there are far too many users to import in
the org as a whole - our RT is just for a couple of departments). Most user
interaction is by email only.

This has served us well, but as various departments and users are migrated
to the new email domain, we’re getting errors such as this:

[Thu Feb 7 15:16:08 2013] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning valid updated

[Thu Feb 7 15:16:08 2013] [crit]: User creation failed in mailgateway:
Name in use (/opt/rt4/sbin/…/lib/RT/Interface/
[Thu Feb 7 15:16:10 2013] [warning]: Couldn’t load user
up (/opt/rt4/sbin/…/lib/RT/Interface/
[Thu Feb 7 15:16:10 2013] [crit]: User ‘’ could not be
loaded in the mail gateway (/opt/rt4/sbin/…/lib/RT/Interface/
[Thu Feb 7 15:16:11 2013] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for this email (

You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the
queue General. (/opt/rt4/sbin/…/lib/RT/Interface/
[Thu Feb 7 15:16:12 2013] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for your email.
[Thu Feb 7 15:16:13 2013] [error]: Could not record email: Could not load
a valid user (/opt/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75)

So it seems that it detects the account details correctly by searching the
AD for the new email address, but it tries to create a new account which
fails because there’s a username collision. It doesn’t seem to attempt to
update the existing account with that username. The user has just a
straightforward non-privileged account. The ‘CreateTicket’ permission is
granted for ‘Everyone’, but that’s clearly not the issue in this case.

I’ve scanned the config options for both RT and ExternalAuth, and very
briefly picked through the code, and I can’t see anything obvious to allow
the mail attribute to be updated.

Can anyone shed some light on this? I’ll have to keep updating addresses
manually as I get the failure notification otherwise…