LDAP integration and auto-account creation


#1

This problem was mentioned back in May under the thread of LDAP integration

Mike Peachy stated it had to do with a new //Principle ID// not getting
assigned

Initially we didn’t have this problem with a clean install of RT 3.6.5

[Wed Jun 25 22:35:44 2008] [info]: RT::User::CanonicalizeUserInfo
returning Address1: 13571 Commerce Parkway, Suite 250, City: Richmond,
Country: Canada, Disabled: 0, EmailAddress:
MvanderVelden@zeugmasystems.com, ExternalAuthId: mvanderv, Gecos:
mvanderv, Name: mvanderv, Organization: , Privileged: 0, RealName: Mike
Van der Velden, State: BC, WorkPhone: , Zip: V6V 2R2
(/usr/local/lib/rt3/lib/RT/User_Vendor.pm:444)
[Wed Jun 25 22:35:44 2008] [debug]: About to think about scrips for
transaction #46
(/usr/lib/perl5/vendor_perl/5.8.8/RT/Transaction_Overlay.pm:167)
[Wed Jun 25 22:35:44 2008] [debug]: About to think about scrips for
transaction #47
(/usr/lib/perl5/vendor_perl/5.8.8/RT/Transaction_Overlay.pm:167)
[Wed Jun 25 22:35:44 2008] [info]: Autocreated authenticated user
mvanderv ( 44 )
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)

But as soon as we migrated our database over from RT 3.4.5 the problem
started

[Fri Jul 11 17:11:35 2008] [info]: RT::User::CanonicalizeUserInfo
returning Address1: 13571 Commerce Parkway, Suite 100, City: Richmond,
Country: Canada, Disabled: 0, EmailAddress:
gkiessling@zeugmasystems.com, ExternalAuthId: gkiessling, Gecos:
gkiessling, Name: gkiessling, Organization: Persia, Privileged: 0,
RealName: Glen Kiessling, State: BC, WorkPhone: 604-248-4393, Zip:
V6V2R2 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:444)
[Fri Jul 11 17:11:35 2008] [info]: Autocreated authenticated user
gkiessling ( )
(/usr/share/rt3/html/Callbacks/ExternalAuth/autohandler/Auth:50)

Hopefully this sheds some more light on the problem

Lloyd

/
/


#2

It turned out the reason the accounts weren’t getting created after we
migrated our old database over was due to there being autocreated
accounts using the user’s email address in the database. Once we removed
these accounts the user was able to log in via LDAP and have their
account automatically created.

Lloyd

Lloyd Hughes wrote: