ExternalAuth and auto-creating email users

Hi,

I have ExternalAuth working for people who login via the web
interface. Existing users are also able to submit tickets through the
email gateway. However, user accounts are not created via the email
gateway. The following string of errors appears for each attempt:

[Wed Oct 5 05:08:27 2011] [debug]: Converting ‘us-ascii’ to ‘utf-8’
for text/plain - Test from User (/opt/rt4/sbin/…/lib/RT/I18N.pm:240)
[Wed Oct 5 05:08:27 2011] [debug]: Going to create user with address
’user@domain.tld’
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:97)
[Wed Oct 5 05:08:27 2011] [debug]: Unprivileged users have no right
to create ticket in queue ‘Help Desk’
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:170)
[Wed Oct 5 05:08:27 2011] [error]: RT could not load a valid user,
and RT’s configuration does not allow
for the creation of a new user for this email (user@domain.tld).

You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the
queue Help Desk. (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Wed Oct 5 05:08:28 2011] [error]: RT could not load a valid user,
and RT’s configuration does not allow
for the creation of a new user for your email.
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Wed Oct 5 05:08:28 2011] [error]: Could not record email: Could not
load a valid user
(/opt/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75)

Both of the following settings are configured in RT_SiteConfig.pm:

Set($AutoCreate, { Privileged => 1 });
Set($AutoCreateNonExternalUsers, 1);

However, the latter of the two wasn’t needed for new users to be
created via the web interface–I added it while troubleshooting this
problem.

I see references to an ExternalAuth setting that is or may be
necessary for this feature to work, but no specific mention of
it–AutoCreateNonExternalUsers seemed the closest match, from reading
the sample config included with ExternalAuth.

The way I’m expecting it to work is that a non-existent internal (AD)
user will be auto-created as a privileged user in RT. This will give
the user the necessary permissions to submit a ticket to the Help Desk
queue.

Is there another setting that I’m missing?

I have ExternalAuth working for people who login via the web
interface. Existing users are also able to submit tickets through the
email gateway. However, user accounts are not created via the email
gateway. The following string of errors appears for each attempt:

[Wed Oct 5 05:08:27 2011] [debug]: Unprivileged users have no right
to create ticket in queue ‘Help Desk’
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:170)
You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the
queue Help Desk. (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)

Set($AutoCreate, { Privileged => 1 });
Set($AutoCreateNonExternalUsers, 1);

This last setting prevents RT-Authen-ExternalAuth from blocking user
creation for users who don’t exist in AD. However, as the error
message you quoted says, you still need to grant Unprivileged or
Everyone permission to create tickets in Help Desk. Otherwise new
users cannot submit tickets via the mailgate and have their internal
users be created.

However, the latter of the two wasn’t needed for new users to be
created via the web interface–I added it while troubleshooting this
problem.

The latter setting only applies to users who aren’t in AD.

I see references to an ExternalAuth setting that is or may be
necessary for this feature to work, but no specific mention of
it–AutoCreateNonExternalUsers seemed the closest match, from reading
the sample config included with ExternalAuth.

The way I’m expecting it to work is that a non-existent internal (AD)
user will be auto-created as a privileged user in RT. This will give
the user the necessary permissions to submit a ticket to the Help Desk
queue.

$AutoCreate only applies to users logging in through the web
interface. It does not apply to users created via the mailgate.

You may just want to prefill your database using LDAPImport.

-kevin