Hi,
I’ve noticed this behaviour that I’m not sure how to explain.
I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.
I’ve got this relevant bits of configuration:
Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);
Moreover, “Everyone” can create tickets on the queue. What happened:
1 - I sent an e-mail from username@ldap from “Paul Smith” → ticket and
users were created ok
2 - I sent an e-mail from another@different.domain.com from “Paul Smith”
→ failed as “Name in use”.
3 - If I send an e-mail from other name/surname, it works providing it’s
not in ldap
More precisely,
[Thu May 12 14:31:27 2011] [debug]: Going to create user with address
‘another@different.domain.com’
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:97)
[Thu May 12 14:31:27 2011] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
553 with: Comments: Autocreated on ticket submission, Disabled: 0,
EmailAddress: peppe@orkus.it, Name: another@different.domain.com,
Password: , Privileged: 0, RealName: Paul Smith
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Thu May 12 14:31:27 2011] [debug]: Attempting to get user info using
this external service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: Name
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter:
(&(uid=)(uid=another@different.domain.com)) == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter:
(&(uid=)(mail=another@different.domain.com)) == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: RealName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter: (&(uid=)(cn=Paul Smith))* == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
City: London, Comments: Autocreated on ticket submission, Country: ,
Disabled: 0, EmailAddress: another@different.domain.com, ExternalAuthId:
username, Gecos: Paul Smith, Computing, :
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Thu May 12 14:31:27 2011] [crit]: User creation failed in mailgateway:
Name in use (/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:48 2011] [warning]: Couldn’t load user
‘another@different.domain.com’.giving up
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:996)
[Thu May 12 14:31:48 2011] [crit]: User ‘another@different.domain.com’
could not be loaded in the mail gateway
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:59 2011] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for this email
(another@different.domain.com).
You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the
I guess the problem is that it does not allow auto creation when it
finds a user with the same name in the authentication authority… is
there any chance to disable CanonicalizeUserInfo - providing that is
responsible? Or maybe using AutoCreateFromExternalUserInfo (even though
that would not be the behaviour I’d like to activate).
Any suggestion really appreciated!
Best regards,
Giuseppe
Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE
Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583