Name in Use

Hi,
I’ve noticed this behaviour that I’m not sure how to explain.

I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I’ve got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);

Moreover, “Everyone” can create tickets on the queue. What happened:
1 - I sent an e-mail from username@ldap from “Paul Smith” → ticket and
users were created ok
2 - I sent an e-mail from another@different.domain.com from “Paul Smith”
→ failed as “Name in use”.
3 - If I send an e-mail from other name/surname, it works providing it’s
not in ldap

More precisely,

[Thu May 12 14:31:27 2011] [debug]: Going to create user with address
‘another@different.domain.com’
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:97)
[Thu May 12 14:31:27 2011] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
553 with: Comments: Autocreated on ticket submission, Disabled: 0,
EmailAddress: peppe@orkus.it, Name: another@different.domain.com,
Password: , Privileged: 0, RealName: Paul Smith
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Thu May 12 14:31:27 2011] [debug]: Attempting to get user info using
this external service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: Name
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter:
(&(uid=)(uid=another@different.domain.com)) == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter:
(&(uid=
)(mail=another@different.domain.com)) == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: RealName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter: (&(uid=
)(cn=Paul Smith))* == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: ,
City: London, Comments: Autocreated on ticket submission, Country: ,
Disabled: 0, EmailAddress: another@different.domain.com, ExternalAuthId:
username, Gecos: Paul Smith, Computing, :
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Thu May 12 14:31:27 2011] [crit]: User creation failed in mailgateway:
Name in use
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:48 2011] [warning]: Couldn’t load user
‘another@different.domain.com’.giving up
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:996)
[Thu May 12 14:31:48 2011] [crit]: User ‘another@different.domain.com’
could not be loaded in the mail gateway
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:59 2011] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for this email
(another@different.domain.com).

You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the

I guess the problem is that it does not allow auto creation when it
finds a user with the same name in the authentication authority… is
there any chance to disable CanonicalizeUserInfo - providing that is
responsible? Or maybe using AutoCreateFromExternalUserInfo (even though
that would not be the behaviour I’d like to activate).

Any suggestion really appreciated!

Best regards,
Giuseppe

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Hi,
I’ve noticed this behaviour that I’m not sure how to explain.

I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I’ve got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);

Show us the actual config that matters, please. Your ldap settings for
My_LDAP.

The likely problem is that you’re matching on Realname, which is almost
never what you want (as you’ve found out).

Thomas

It sounds like your matching setup in your LDAP settings is matching to
“Paul Smith” for both users… try matching to email address.

HTH
MIke.On Thu, May 12, 2011 at 11:11 AM, Giuseppe Sollazzo gsollazz@sgul.ac.ukwrote:

Hi,
I’ve noticed this behaviour that I’m not sure how to explain.

I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I’ve got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);

Moreover, “Everyone” can create tickets on the queue. What happened:
1 - I sent an e-mail from username@ldap from “Paul Smith” → ticket and
users were created ok
2 - I sent an e-mail from another@different.domain.com from “Paul Smith”
→ failed as “Name in use”.
3 - If I send an e-mail from other name/surname, it works providing it’s
not in ldap

More precisely,

[Thu May 12 14:31:27 2011] [debug]: Going to create user with address ’
another@different.domain.com
(/opt/rt4/sbin/…/lib/RT/Interface/Email/Auth/MailFrom.pm:97)
[Thu May 12 14:31:27 2011] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
553 with: Comments: Autocreated on ticket submission, Disabled: 0,
EmailAddress: peppe@orkus.it, Name: another@different.domain.com,
Password: , Privileged: 0, RealName: Paul Smith
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Thu May 12 14:31:27 2011] [debug]: Attempting to get user info using this
external service: My_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this canonicalization
key: Name
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter: (&(uid=)(uid=another@different.domain.com))
== Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this canonicalization
key: EmailAddress
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter: (&(uid=
)(mail=another@different.domain.com))
== Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [debug]: Attempting to use this
canonicalization key: RealName
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Thu May 12 14:31:27 2011] [debug]: LDAP Search === Base:
ou=people,o=domain == Filter: (&(uid=
)(cn=Paul Smith))* == Attrs:
l,cn,st,mail,gecos,co,postalAddress,postalCode,telephoneNumber,uid,o,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Thu May 12 14:31:27 2011] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City:
London, Comments: Autocreated on ticket submission, Country: , Disabled: 0,
EmailAddress: another@different.domain.com, ExternalAuthId: username,
Gecos: Paul Smith, Computing, :
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Thu May 12 14:31:27 2011] [crit]: User creation failed in mailgateway:
Name in use
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:48 2011] [warning]: Couldn’t load user ’
another@different.domain.com’.giving up
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:996)
[Thu May 12 14:31:48 2011] [crit]: User ‘another@different.domain.com’
could not be loaded in the mail gateway
(/opt/rt4/sbin/…/lib/RT/Interface/Email.pm:244)
[Thu May 12 14:31:59 2011] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for this email (
another@different.domain.com).

You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the

I guess the problem is that it does not allow auto creation when it finds a
user with the same name in the authentication authority… is there any
chance to disable CanonicalizeUserInfo - providing that is responsible? Or
maybe using AutoCreateFromExternalUserInfo (even though that would not be
the behaviour I’d like to activate).

Any suggestion really appreciated!

Best regards,
Giuseppe


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Mike Johnson
Datatel Programmer/Analyst
Northern Ontario School of Medicine
955 Oliver Road
Thunder Bay, ON P7B 5E1
Phone: (807) 766-7331
Email: mike.johnson@nosm.ca

Ah, right.

I suppose I need to change

‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
],
to

‘attr_match_list’ => [
‘EmailAddress’,
],
?

Thanks,
GOn 12/05/11 16:17, Thomas Sibley wrote:

On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:

Hi,
I’ve noticed this behaviour that I’m not sure how to explain.

I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I’ve got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);
Show us the actual config that matters, please. Your ldap settings for
My_LDAP.

The likely problem is that you’re matching on Realname, which is almost
never what you want (as you’ve found out).

Thomas

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Ok - there’s a problem with this solution.

If I limit the match to the EmailAddress, ldap data are not imported.

Is the only solution possible that of using two different definition of
the ldap, one for auth and one for info?

Cheers,
GOn 12/05/11 16:27, Giuseppe Sollazzo wrote:

Ah, right.

I suppose I need to change

‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
],
to

‘attr_match_list’ => [
‘EmailAddress’,
],
?

Thanks,
G

On 12/05/11 16:17, Thomas Sibley wrote:

On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:

Hi,
I’ve noticed this behaviour that I’m not sure how to explain.

I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I’ve got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);
Show us the actual config that matters, please. Your ldap settings for
My_LDAP.

The likely problem is that you’re matching on Realname, which is almost
never what you want (as you’ve found out).

Thomas

Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Hello,

Recently had a chance to hack on the extension. In the latest
available version you can only update users’ info from external source
only by Name. This has been fixed in multiple-emails branch along with
more fixes and new features.On Fri, May 13, 2011 at 5:34 PM, Giuseppe Sollazzo gsollazz@sgul.ac.uk wrote:

Ok - there’s a problem with this solution.

If I limit the match to the EmailAddress, ldap data are not imported.

Is the only solution possible that of using two different definition of the
ldap, one for auth and one for info?

Cheers,
G

On 12/05/11 16:27, Giuseppe Sollazzo wrote:

Ah, right.

I suppose I need to change

‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
],
to

‘attr_match_list’ => [
‘EmailAddress’,
],
?

Thanks,
G

On 12/05/11 16:17, Thomas Sibley wrote:

On 05/12/2011 11:11 AM, Giuseppe Sollazzo wrote:

Hi,
I’ve noticed this behaviour that I’m not sure how to explain.

I’m experimenting with our externally facing queue. There seems to be a
problem about people with same name creating tickets as external users.

I’ve got this relevant bits of configuration:

Set( @Plugins, qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, [
‘My_LDAP’
]
);
Set($ExternalInfoPriority, [
‘My_LDAP’
]
);
Set($AutoCreateNonExternalUsers, 1);

Show us the actual config that matters, please. Your ldap settings for
My_LDAP.

The likely problem is that you’re matching on Realname, which is almost
never what you want (as you’ve found out).

Thomas


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George’s, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsollazz@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Best regards, Ruslan.