LDAP ExternalAuth - User Aliases

RT Users
#1

Hello,

we have a setup where we’re using RT with ExternalAuth to authenticate
against an existing user database in LDAP, with auto-creating users when
they first log in. We pull the uid as well as the e-mail address from LDAP.

Now, we need to be able to somehow support multiple users with the same
email address. That is, we have several people, say Alice, Bob and Pete,
each logging in to their computer with their own login. But they share
one common mailbox - department1@company.com - through IMAP. These
people should be able to log in to RT each with their personal login,
which should be an ‘Alias’ to a RT user ‘department1’ with mail address
’department1@company.com’. So no matter who logs in, he/she can see all
tickets created by Alice, Bob or Pete.

Is something like this possible?

Thanks,
Andreas

#2

Hi Andreas,

If everyone is using the same SMTP address then you cannot really distinguish individual users in an easy way .

Are you using a Shared mailbox on Exchange or a Mailing list ?

The way it should go:

Customer → Mailbox → RT Picks up from here → Placed in Queue → Assigned to Owner
Individual → RT → SMTP Server → Customer

If multiple users have the same SMTP Address then this is a problem since RT will just import this.
Sounds like you need to fix the LDAP Details or use the LDAP importer and then correct the actual e-mail addresses afterwards.

Keith-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Andreas Heinlein
Sent: 15 April 2014 10:33
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP ExternalAuth - User Aliases

Hello,

we have a setup where we’re using RT with ExternalAuth to authenticate against an existing user database in LDAP, with auto-creating users when they first log in. We pull the uid as well as the e-mail address from LDAP.

Now, we need to be able to somehow support multiple users with the same email address. That is, we have several people, say Alice, Bob and Pete, each logging in to their computer with their own login. But they share one common mailbox - department1@company.com - through IMAP. These people should be able to log in to RT each with their personal login, which should be an ‘Alias’ to a RT user ‘department1’ with mail address ‘department1@company.com’. So no matter who logs in, he/she can see all tickets created by Alice, Bob or Pete.

Is something like this possible?

Thanks,
Andreas
RT Training - Dallas May 20-21

#3

Hello,

I must say we’re using RT for internal purposes only. We’re not using
Exchange or Mailing Lists, not even shared mailboxes in their real
sense. It’s just an IMAP account that is accessed from multiple
Thunderbird instances at the same time - but it works for us.

Actually, we would not need to be able to distinguish individual users
within RT. It would be OK to have a single RT user “dep1” with mail
address “dep1@company.com”. It’s just that the users should not need to
login with dep1 (or dep1@company.com), since that would required them to
remember an additional password. Instead, I’d like bob to be able to use
“bob/” to login as dep1, an alice could use
“alice/” to login as dep1 as well.

As long as the users use only mail for communicating with RT, all is
well, since everyone sends and receives as dep1@company.com. But
sometimes users need access to the web interface as well.

Thanks,
AndreasAm 17.04.2014 09:49, schrieb Clancy, Keith:

Hi Andreas,

If everyone is using the same SMTP address then you cannot really distinguish individual users in an easy way .

Are you using a Shared mailbox on Exchange or a Mailing list ?

The way it should go:

Customer → Mailbox → RT Picks up from here → Placed in Queue → Assigned to Owner
Individual → RT → SMTP Server → Customer

If multiple users have the same SMTP Address then this is a problem since RT will just import this.
Sounds like you need to fix the LDAP Details or use the LDAP importer and then correct the actual e-mail addresses afterwards.

Keith

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Andreas Heinlein
Sent: 15 April 2014 10:33
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP ExternalAuth - User Aliases

Hello,

we have a setup where we’re using RT with ExternalAuth to authenticate against an existing user database in LDAP, with auto-creating users when they first log in. We pull the uid as well as the e-mail address from LDAP.

Now, we need to be able to somehow support multiple users with the same email address. That is, we have several people, say Alice, Bob and Pete, each logging in to their computer with their own login. But they share one common mailbox - department1@company.com - through IMAP. These people should be able to log in to RT each with their personal login, which should be an ‘Alias’ to a RT user ‘department1’ with mail address ‘department1@company.com’. So no matter who logs in, he/she can see all tickets created by Alice, Bob or Pete.

Is something like this possible?

Thanks,
Andreas

RT Training - Dallas May 20-21
Training — Best Practical Solutions

#4

RT and External Auth requires a distinct user to be found when it looks up
I believe.

May I suggest you giving them a savedsearch on their RT At a Glance that
shows all tickets created by all 3 users(and their own email address as the
requestor)? When they send email out of RT it’ll use <user’s name> via RT
and the email it’s coming from will correspond to the queue’s configuration.

The external folks interacting with RT will never know the difference.

Just a thought…

Mike.On Thu, Apr 17, 2014 at 5:47 AM, Andreas Heinlein aheinlein@gmx.com wrote:

Hello,

I must say we’re using RT for internal purposes only. We’re not using
Exchange or Mailing Lists, not even shared mailboxes in their real sense.
It’s just an IMAP account that is accessed from multiple Thunderbird
instances at the same time - but it works for us.

Actually, we would not need to be able to distinguish individual users
within RT. It would be OK to have a single RT user “dep1” with mail address
dep1@company.com”. It’s just that the users should not need to login
with dep1 (or dep1@company.com), since that would required them to
remember an additional password. Instead, I’d like bob to be able to use
“bob/” to login as dep1, an alice could use
“alice/” to login as dep1 as well.

As long as the users use only mail for communicating with RT, all is well,
since everyone sends and receives as dep1@company.com. But sometimes
users need access to the web interface as well.

Thanks,
Andreas

Am 17.04.2014 09:49, schrieb Clancy, Keith:

Hi Andreas,

If everyone is using the same SMTP address then you cannot really
distinguish individual users in an easy way .

Are you using a Shared mailbox on Exchange or a Mailing list ?

The way it should go:

Customer → Mailbox → RT Picks up from here → Placed in Queue →
Assigned to Owner
Individual → RT → SMTP Server → Customer

If multiple users have the same SMTP Address then this is a problem since
RT will just import this.
Sounds like you need to fix the LDAP Details or use the LDAP importer and
then correct the actual e-mail addresses afterwards.

Keith

-----Original Message-----
From: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@
lists.bestpractical.com] On Behalf Of Andreas Heinlein
Sent: 15 April 2014 10:33
To: rt-users@lists.bestpractical.com
Subject: [rt-users] LDAP ExternalAuth - User Aliases

Hello,

we have a setup where we’re using RT with ExternalAuth to authenticate
against an existing user database in LDAP, with auto-creating users when
they first log in. We pull the uid as well as the e-mail address from LDAP.

Now, we need to be able to somehow support multiple users with the same
email address. That is, we have several people, say Alice, Bob and Pete,
each logging in to their computer with their own login. But they share one
common mailbox - department1@company.com - through IMAP. These people
should be able to log in to RT each with their personal login, which should
be an ‘Alias’ to a RT user ‘department1’ with mail address ’
department1@company.com’. So no matter who logs in, he/she can see all
tickets created by Alice, Bob or Pete.

Is something like this possible?

Thanks,
Andreas

RT Training - Dallas May 20-21
Training — Best Practical Solutions


RT Training - Dallas May 20-21
Training — Best Practical Solutions

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca