I use ExternalAuth.pm for AD authentication
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'XXXXXX:636',
'user' => 'XXXXXX',
'pass' => 'XXXXXX',
'base' => 'XXXXXX',
'filter' => '(objectClass=user)',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => { verify => 'require',
},
'net_ldap_args' => [ version => 3, scheme => 'ldaps' ],
# Users are allowed to log in via email address or account name
'attr_match_list' => [
'Name',
'EmailAddress',
],
# Import the following properties of the user from LDAP upon login
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'WorkPhone' => 'telephoneNumber',
},
},
} );
and this is my RT_SiteConfig.pm
use utf8;
Set($rtname, 'sosinformatica.XXXXXX.it');
Set($Organization, 'XXXXXX.it');
Set($Timezone, 'Europe/Rome');
Set($WebDomain, 'sosinformatica.XXXXXX.it');
Set($WebPort, '443');
Set($CorrespondAddress, 'sosinformatica@XXXXXX.it');
Set($CommentAddress, 'sosinformatica@XXXXXX.it');
Set($DatabaseHost, 'localhost');
Set($DatabasePort, undef);
Set($DatabaseName, 'rt5');
Set($EmailSubjectTagRegex, qr/\Q$rtname\E/i );
Set($OwnerEmail, 'admin');
Set($MaxAttachmentSize, 10_000_000); # 10M
Set($TruncateLongAttachments , 1);
Set($RTAddressRegexp, 'sosinformatica\@XXXXXX\.it');
Set($DefaultQueue, 'Assistenza');
Set($RememberDefaultQueue, 0);
Set($LogoURL, '/static/images/request-tracker-logo.png');
Set($LogoLinkURL, '');
Set($ShowUnreadMessageNotifications, 1);
Set($ShowMoreAboutPrivilegedUsers, 1);
Set($MoreAboutRequestorExtraInfo, 'WorkPhone');
Set($HideUnsetFieldsOnDisplay, 1);
Set($OldestTransactionsFirst, 0);
Set($SelfServiceUserPrefs, 'view-info');
Set($SelfServiceShowGroupTickets, 1);
Set($SelfServiceUseDashboard, 1);
Set($LogToSyslog, 'debug');
Set($LogToSTDERR, undef);
Set(%GnuPG, 'Enable' => '0');
Set(%SMIME, 'Enable' => '0');
1;
but I don’t think it depends on the configuration but on the fact that someone inserts an email that RT doesn’t find in the DB
Thanks