Email and LDAP authentication problems or rather issues

Hi

We are currently running an instance of RT 3.8.1. It has been setup 

to use LDAP for its authentications. For the most part people are
instructed to use the web interface to submit tickets. However some
people would prefer to use email, in addition to the web. This has been
discouraged.

The problem is the following, through the web interface users are
authenticated against an LDAP server based on their username. However,
if that same user attempts to send a request via email and they have
changed the “reply-to” address in their local mail program, RT creates
another account based on that email address.

For example our LDAP is setup so that people can have two mail address,
one is based on their “username” which is also the username RT uses to
authenticate, the other is based on the standard firstname.lastname So
in my case our LDAP DB has the following entries for uid=mcdonald

mail: mcdonald@triumf.ca
mail:steven.mcdonald@triumf.ca

username “mcdonald” is used for authentication access to RT

But if I happen to change my reply-to address from mcdonald@triumf.ca
to steven.mcdonald@triumf.ca in my local mail program any request I send
to RT via email will create a new user based on this email address,

Is there any module or mechanism that can check that an email that comes
in of the form steven.mcdonald@triumf.ca checks that there is already a
user in the LDAP with this first and last name and associate this ticket
with that user.

I realize many people may have the same first and last names, but it
could also check if the domain portions of the email are also the same.

Thanks
Steve

Steven McDonald wrote:

Hi

We are currently running an instance of RT 3.8.1. It has been setup 

to use LDAP for its authentications. For the most part people are
instructed to use the web interface to submit tickets. However some
people would prefer to use email, in addition to the web. This has been
discouraged.

It is being worked on for the next release of ExternalAuth, however at
the moment, the only available system is to have everyone log in once to
create their account in RT, and then ensure they always send e-mail to
RT from the e-mail address associated with that account.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Mike Peachey wrote:

Steven McDonald wrote:

Hi

We are currently running an instance of RT 3.8.1. It has been setup 

to use LDAP for its authentications. For the most part people are
instructed to use the web interface to submit tickets. However some
people would prefer to use email, in addition to the web. This has been
discouraged.

It is being worked on for the next release of ExternalAuth, however at
the moment, the only available system is to have everyone log in once to
create their account in RT, and then ensure they always send e-mail to
RT from the e-mail address associated with that account.

Hi Mike

Thanks that would be useful to us. We also discovered the module 

AutoCreateAndCanonicalizeUserInfo which looks like it was created to
solve this problem against an Active Directory. We are looking to see if
we can make use of this to solve our issue.

Thanks for your comments
Steve

Steven McDonald wrote:

Mike Peachey wrote:

Steven McDonald wrote:
Hi Mike

Thanks that would be useful to us. We also discovered the module
AutoCreateAndCanonicalizeUserInfo which looks like it was created to
solve this problem against an Active Directory. We are looking to see if
we can make use of this to solve our issue.

You may well be able to. It is the same basic functionality that will be
integrated into ExternalAuth, but in a different way. The main issue is
the LoadByEmail bit. Currently EA doesn’t overlay any of the e-mail
stuff and so e-mail only works for accounts that already exist in RT.

Good luck.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com

Mike Peachey wrote:

Steven McDonald wrote:

Mike Peachey wrote:

Steven McDonald wrote:

Hi Mike

Thanks that would be useful to us. We also discovered the module
AutoCreateAndCanonicalizeUserInfo which looks like it was created to
solve this problem against an Active Directory. We are looking to see if
we can make use of this to solve our issue.

You may well be able to. It is the same basic functionality that will be
integrated into ExternalAuth, but in a different way. The main issue is
the LoadByEmail bit. Currently EA doesn’t overlay any of the e-mail
stuff and so e-mail only works for accounts that already exist in RT.

Good luck.

Thanks

Do you have some idea when this addition to ExternalAuth might be 

available? If you have an Alpha or Beta module we could test it against
our LDAP on a development instance of RT

Steve

Steven McDonald wrote:

Do you have some idea when this addition to ExternalAuth might be
available? If you have an Alpha or Beta module we could test it against
our LDAP on a development instance of RT

Steve

Fraid not… I’m very busy at work and home at the moment and haven’t got
to it yet. I will mail the list when there’s something to test.

Kind Regards,

Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com