Odd Account Behavior after Active Directory Migration

RT Users
1

Hello All,
I know the subject is not very descriptive, but this problem is hard to
explain in few words.

We recently upgraded our Samba3+OpenLDAP (NT-Style) domain to Samba4
(Active Directory). I have reconfigured all of our services to authenticate
using AD via LDAP, and this is working as expected for most applications.
It’s also working for RT (3.6.5), but I am seeing very strange behavior
that I cannot explain. Let’s say I have 2 “classes” of users. Users that
used RT before the AD migration and users that have not. The "have not"
group includes users that existed in LDAP before the migration but never
used RT and users that have been created since migrating from OpenLDAP to
AD.

Users that used RT before AD:
These users can email RT, login to the web interface and can be manually
assigned as a requestor on the “people” page. Everything works as expected.

Users that have never used RT:
These users CANNOT email RT (User could not be loaded). They also CANNOT
login to the web interface. They CANNOT be assigned as a requestor on the
people page. However, if they continue emailing RT, after 3-5 tries the
user will be created in RT and the user can then also login and be assigned
as a requestor. The user will only be created if they EMAIL RT 3 times -
attempting to login via the web interface or assigning the user on the
people page 3 times (or 10) does NOT create the user in RT.

I do not even know where to begin with this problem. The connection to AD
seems fine. If I reset a password in AD, RT requires the new
credentials.Users are createdwith the proper
info from AD (that I re-configured in RT_SiteConfig.pm), but the user must send
multiple emails before the account is created.

Thanks,
Thomas

2

Hello,
Just wanted to send a follow up. I’m really stumped one this and I really
am open to any ideas. When I originally deployed this install 6-7 years
ago, I remember taking great notes, but sadly, they’ve been lost. I know I
installed this from “source”, not from my distro’s repo. I also remember
having to modify a few “non-config” files for my specific setup. I notice
User_Local.pm and User_Overlay.pm have slightly newer timestamps that the
rest of the files in the lib directory, so I’m assuming that’s where the
changes are. Sadly, I have no idea what I actually changed.

Also, I’ve noticed that the problem is not entirely consistent. I’ve begun
sending emails to RT from new accounts when I create them, so my users will
be able to access the system. I created 2 accounts yesterday. The first one
created the user in RT after only the 2nd email. The second user was not
created until the 9th email.

Thanks,
ThomasOn Wed, Feb 20, 2013 at 9:06 AM, Thomas Simmons twsnnva@gmail.com wrote:

Hello All,
I know the subject is not very descriptive, but this problem is hard to
explain in few words.

We recently upgraded our Samba3+OpenLDAP (NT-Style) domain to Samba4
(Active Directory). I have reconfigured all of our services to authenticate
using AD via LDAP, and this is working as expected for most applications.
It’s also working for RT (3.6.5), but I am seeing very strange behavior
that I cannot explain. Let’s say I have 2 “classes” of users. Users that
used RT before the AD migration and users that have not. The “have not”
group includes users that existed in LDAP before the migration but never
used RT and users that have been created since migrating from OpenLDAP to
AD.

Users that used RT before AD:
These users can email RT, login to the web interface and can be manually
assigned as a requestor on the “people” page. Everything works as expected.

Users that have never used RT:
These users CANNOT email RT (User could not be loaded). They also CANNOT
login to the web interface. They CANNOT be assigned as a requestor on the
people page. However, if they continue emailing RT, after 3-5 tries the
user will be created in RT and the user can then also login and be assigned
as a requestor. The user will only be created if they EMAIL RT 3 times -
attempting to login via the web interface or assigning the user on the
people page 3 times (or 10) does NOT create the user in RT.

I do not even know where to begin with this problem. The connection to AD
seems fine. If I reset a password in AD, RT requires the new credentials.Users are createdwith the proper
info from AD (that I re-configured in RT_SiteConfig.pm), but the user must
send multiple emails before the account is created.

Thanks,
Thomas

3

Hello,
Just wanted to send a follow up. I’m really stumped one this and I
really am open to any ideas.

The information you sent is great, but for anyone to start to help,
you’re also going to need to provide detailed logs from RT and possibly
AD. Since you’re on an ancient RT version and not using a standard LDAP
auth solution for newer versions, I suggest you also provide the list
with the two customized files you noted.

Thomas

4

Hello,
Just wanted to send a follow up. I’m really stumped one this and I
really am open to any ideas.

The information you sent is great, but for anyone to start to help,
you’re also going to need to provide detailed logs from RT and possibly
AD. Since you’re on an ancient RT version and not using a standard LDAP
auth solution for newer versions, I suggest you also provide the list
with the two customized files you noted.

Hello,
I’m not sure what changed, but “create on email” is consistently working. I
am still having a problem with users not being creating when assigning
someone as a requestor (using their email) or when a user tries logging
into the web interface. I have attached some log snippets of these three
things occurring, along with my RT_SiteConfig.pm. This is specifically
confusing (from create on login):

Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
(/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
(/opt/rt3/share/html/autohandler:251)

I then check MySQL and see this user was in fact, not created. Thank you
for your help.

Create on email (Working)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com =>
test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo called by
RT::User /opt/rt3/lib/RT/User_Overlay.pm 192 with: Comments: Autocreated on
ticket submission, Disabled: 0, EmailAddress: test.a.user@example.com,
Name: test.a.user@example.com, Password: , Privileged: 0, RealName: “Test
A. User”
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
baseDN “cn=Users,dc=internal,dc=example,dc=com” and filter “sAMAccountName=
test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm 394
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
cn=Users,dc=internal,dc=example,dc=com sAMAccountName=
test.a.user@example.com => EmailAddress: , Name: , RealName:
(/opt/rt3/lib/RT/User_Local.pm:563)
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
baseDN “cn=Users,dc=internal,dc=example,dc=com” and filter “mail=
test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm 394
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
cn=Users,dc=internal,dc=example,dc=com mail=test.a.user@example.com =>
Address1: , Address2: , EmailAddress: test.a.user@example.com,
ExternalAuthId: tauser, ExternalContactInfoId: CN=Test A.
User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
Organization: , RealName: Test A. User, WorkPhone:
(/opt/rt3/lib/RT/User_Local.pm:563)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm
403
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com =>
test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo returning
Address1: , Address2: , Comments: Autocreated on ticket submission,
Disabled: 0, EmailAddress: test.a.user@example.com, ExternalAuthId: tauser,
ExternalContactInfoId: CN=Test A.
User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
Organization: , Password: , Privileged: 0, RealName: Test A. User,
WorkPhone: (/opt/rt3/lib/RT/User_Local.pm:412)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
196
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com =>
test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com =>
test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com =>
test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43219
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43220
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com =>
test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43221
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43222
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43223
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43224
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43225
Feb 22 14:08:06 helpdesk RT: About to prepare scrips for transaction
#43225
Feb 22 14:08:06 helpdesk RT: Found 4 scrips
Feb 22 14:08:07 helpdesk RT: About to commit scrips for transaction #43225
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1540.3155-3-0@example.com> #3155/43225 - Scrip 3
(/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1540.3155-3-0@example.com> sent To:
test.a.user@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
#43226
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1904.3155-4-0@example.com> #3155/43225 - Scrip 4
(/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1904.3155-4-0@example.com> No recipients found.
Not sending. (/opt/rt3/lib/RT/Action/SendEmail.pm:264)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560087-57.3155-15-0@example.com> #3155/43225 - Scrip 15
NotifyByEmailOnCreate (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560087-57.3155-15-0@example.com> sent To:
removed@gmail.com,removed@gmail.com(/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
#43227
Feb 22 14:08:07 helpdesk RT: Ticket 3155 created in queue ‘General’ by
tauser (/opt/rt3/lib/RT/Ticket_Overlay.pm:756)
Feb 22 14:08:13 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:08:30 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:09:28 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: About to prepare scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: Found 2 scrips
Feb 22 14:10:03 helpdesk RT: About to commit scrips for transaction #43228
Feb 22 14:10:03 helpdesk RT: <
rt-3.6.5-6276-1361560203-830.3155-10-0@example.com> #3155/43228 - Scrip 10
(/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:10:03 helpdesk RT: <
rt-3.6.5-6276-1361560203-830.3155-10-0@example.com> sent To:
test.a.user@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
#43229
Feb 22 14:10:50 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000

Create when added as a watcher (Not Working)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::Ticket
/opt/rt3/lib/RT/Ticket_Overlay.pm 1350
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:46 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
called by RT::Authen::ExternalAuth
/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682 with: Comments:
Autocreated when added as a watcher, Disabled: , EmailAddress:
test.b.user@example.com, Name: test.b.user@example.com, Privileged: ,
RealName: test.b.user@example.com
Feb 22 14:02:46 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 14:02:46 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
returning Comments: Autocreated when added as a watcher, Disabled: ,
EmailAddress: test.b.user@example.com, Name: test.b.user@example.com,
Privileged: , RealName:
test.b.user@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:51 helpdesk RT: Failed to create user test.b.user@example.com:
Could not set user info (/opt/rt3/lib/RT/User_Overlay.pm:617)
Feb 22 14:02:51 helpdesk RT: Could not load create a user with the email
address ‘test.b.user@example.com’ to add as a watcher for ticket 3090
(/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::Ticket
/opt/rt3/lib/RT/Ticket_Overlay.pm 1350
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:42 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
called by RT::Authen::ExternalAuth
/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682 with: Comments:
Autocreated when added as a watcher, Disabled: , EmailAddress:
test.b.user@example.com, Name: test.b.user@example.com, Privileged: ,
RealName: test.b.user@example.com
Feb 22 14:05:42 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 14:05:42 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
returning Comments: Autocreated when added as a watcher, Disabled: ,
EmailAddress: test.b.user@example.com, Name: test.b.user@example.com,
Privileged: , RealName:
test.b.user@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com =>
test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:47 helpdesk RT: Failed to create user test.b.user@example.com:
Could not set user info (/opt/rt3/lib/RT/User_Overlay.pm:617)
Feb 22 14:05:47 helpdesk RT: Could not load create a user with the email
address ‘test.b.user@example.com’ to add as a watcher for ticket 3090
(/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
Feb 22 14:07:46 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000

Create on login (Not Working)
Feb 22 13:23:02 helpdesk RT: Autohandler called ExternalAuth. Response: (0,
ExternalAuthPriority not defined, please check your configuration file.)
Feb 22 13:23:02 helpdesk RT: Transaction->Create couldn’t, as you didn’t
specify an object type and id (/opt/rt3/lib/RT/Record.pm:1481)
Feb 22 13:23:02 helpdesk RT: Trying LDAP authentication
Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword Found LDAP DN:
CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com
Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword AUTH OK: tcuser
(CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com)
(/opt/rt3/lib/RT/User_Local.pm:223)
Feb 22 13:23:02 helpdesk RT: RT::User::IsPassword auth method
IsLDAPPassword SUCCEEDED
Feb 22 13:23:02 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
called by RT::Authen::ExternalAuth
/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682 with: Disabled: ,
EmailAddress: , Gecos: tcuser, Name: tcuser, Privileged:
Feb 22 13:23:02 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 13:23:02 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
returning Disabled: , EmailAddress: , Gecos: tcuser, Name: tcuser,
Privileged: (/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
(/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
(/opt/rt3/share/html/autohandler:251)

RT_SiteConfig.pm

/etc/request-tracker3.6/RT_SiteConfig.pm

Set($rtname, ‘helpdesk.example.com’);
Set($Organization, ‘example.com’);
Set($CorrespondAddress , ‘rt’);
Set($CommentAddress , ‘rt-comment’);
Set($Timezone , ‘US/Eastern’);
Set($DatabaseType, ‘mysql’); # e.g. Pg or mysql
Set($DatabaseUser , ‘rtuser’);
Set($DatabasePassword , ‘super_duper_secret_password’);
Set($DatabaseName , ‘rtdb’);
Set($WebPath , “/rt”);
Set($WebBaseURL , “https://helpdesk.example.com”);
Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 0);
Set($LdapAttrMap, {‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘company’,
‘RealName’ => ‘displayName’,
‘ExternalContactInfoId’ => ‘distinguishedName’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘Address2’ => ‘streetAddress’}
);
Set($LdapRTAttrMatchList, [‘Name’, ‘EmailAddress’]
);
Set($LdapEmailAttrMatchList, [‘mail’]
);
Set($LdapServer, ‘ldap://dc1.internal.example.com’);
Set($LdapBase, ‘cn=Users,dc=internal,dc=example,dc=com’);
Set($LdapFilter, ‘(objectclass=user)’);
Set($LdapUser, ‘cn=rtbind,cn=Users,dc=internal,dc=example,dc=com’);
Set($LdapPass, ‘super_secret_password’);
1;

5

Hello,
Just wanted to send a follow up. I’m really stumped one this and I
really am open to any ideas.

The information you sent is great, but for anyone to start to help,
you’re also going to need to provide detailed logs from RT and possibly
AD. Since you’re on an ancient RT version and not using a standard LDAP
auth solution for newer versions, I suggest you also provide the list
with the two customized files you noted.

Hello,
I’m not sure what changed, but “create on email” is consistently working.
I am still having a problem with users not being creating when assigning
someone as a requestor (using their email) or when a user tries logging
into the web interface. I have attached some log snippets of these three
things occurring, along with my RT_SiteConfig.pm. This is specifically
confusing (from create on login):

Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
(/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
(/opt/rt3/share/html/autohandler:251)

I then check MySQL and see this user was in fact, not created. Thank you
for your help.

Create on email (Working)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo called by
RT::User /opt/rt3/lib/RT/User_Overlay.pm 192 with: Comments: Autocreated on
ticket submission, Disabled: 0, EmailAddress: test.a.user@example.com,
Name: test.a.user@example.com, Password: , Privileged: 0, RealName: “Test
A. User”
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
baseDN “cn=Users,dc=internal,dc=example,dc=com” and filter “sAMAccountName=
test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm 394
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
cn=Users,dc=internal,dc=example,dc=com sAMAccountName=
test.a.user@example.com => EmailAddress: , Name: , RealName:
(/opt/rt3/lib/RT/User_Local.pm:563)
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
baseDN “cn=Users,dc=internal,dc=example,dc=com” and filter “mail=
test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm 394
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
cn=Users,dc=internal,dc=example,dc=com mail=test.a.user@example.com =>
Address1: , Address2: , EmailAddress: test.a.user@example.com,
ExternalAuthId: tauser, ExternalContactInfoId: CN=Test A.
User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
Organization: , RealName: Test A. User, WorkPhone:
(/opt/rt3/lib/RT/User_Local.pm:563)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm
403
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo returning
Address1: , Address2: , Comments: Autocreated on ticket submission,
Disabled: 0, EmailAddress: test.a.user@example.com, ExternalAuthId:
tauser, ExternalContactInfoId: CN=Test A.
User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
Organization: , Password: , Privileged: 0, RealName: Test A. User,
WorkPhone: (/opt/rt3/lib/RT/User_Local.pm:412)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 196
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43219
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43220
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43221
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43222
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43223
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43224
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43225
Feb 22 14:08:06 helpdesk RT: About to prepare scrips for transaction
#43225
Feb 22 14:08:06 helpdesk RT: Found 4 scrips
Feb 22 14:08:07 helpdesk RT: About to commit scrips for transaction
#43225
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1540.3155-3-0@example.com> #3155/43225 - Scrip
3 (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1540.3155-3-0@example.com> sent To:
test.a.user@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
#43226
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1904.3155-4-0@example.com> #3155/43225 - Scrip
4 (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560086-1904.3155-4-0@example.com> No recipients found.
Not sending. (/opt/rt3/lib/RT/Action/SendEmail.pm:264)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560087-57.3155-15-0@example.com> #3155/43225 - Scrip 15
NotifyByEmailOnCreate (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT: <
rt-3.6.5-6476-1361560087-57.3155-15-0@example.com> sent To:
removed@gmail.com,removed@gmail.com(/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
#43227
Feb 22 14:08:07 helpdesk RT: Ticket 3155 created in queue ‘General’ by
tauser (/opt/rt3/lib/RT/Ticket_Overlay.pm:756)
Feb 22 14:08:13 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:08:30 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:09:28 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: About to prepare scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: Found 2 scrips
Feb 22 14:10:03 helpdesk RT: About to commit scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: <
rt-3.6.5-6276-1361560203-830.3155-10-0@example.com> #3155/43228 - Scrip
10 (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:10:03 helpdesk RT: <
rt-3.6.5-6276-1361560203-830.3155-10-0@example.com> sent To:
test.a.user@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
#43229
Feb 22 14:10:50 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000

Create when added as a watcher (Not Working)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::Ticket
/opt/rt3/lib/RT/Ticket_Overlay.pm 1350
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:46 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
with: Comments: Autocreated when added as a watcher, Disabled: ,
EmailAddress: test.b.user@example.com, Name: test.b.user@example.com,
Privileged: , RealName: test.b.user@example.com
Feb 22 14:02:46 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 14:02:46 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
Autocreated when added as a watcher, Disabled: , EmailAddress:
test.b.user@example.com, Name: test.b.user@example.com, Privileged: ,
RealName: test.b.user@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:51 helpdesk RT: Failed to create user test.b.user@example.com:
Could not set user info (/opt/rt3/lib/RT/User_Overlay.pm:617)
Feb 22 14:02:51 helpdesk RT: Could not load create a user with the email
address ‘test.b.user@example.com’ to add as a watcher for ticket 3090
(/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::Ticket
/opt/rt3/lib/RT/Ticket_Overlay.pm 1350
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:42 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
with: Comments: Autocreated when added as a watcher, Disabled: ,
EmailAddress: test.b.user@example.com, Name: test.b.user@example.com,
Privileged: , RealName: test.b.user@example.com
Feb 22 14:05:42 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 14:05:42 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
Autocreated when added as a watcher, Disabled: , EmailAddress:
test.b.user@example.com, Name: test.b.user@example.com, Privileged: ,
RealName: test.b.user@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Overlay.pm 563
Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:47 helpdesk RT: Failed to create user test.b.user@example.com:
Could not set user info (/opt/rt3/lib/RT/User_Overlay.pm:617)
Feb 22 14:05:47 helpdesk RT: Could not load create a user with the email
address ‘test.b.user@example.com’ to add as a watcher for ticket 3090
(/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
Feb 22 14:07:46 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000

Create on login (Not Working)
Feb 22 13:23:02 helpdesk RT: Autohandler called ExternalAuth. Response:
(0, ExternalAuthPriority not defined, please check your configuration
file.)
Feb 22 13:23:02 helpdesk RT: Transaction->Create couldn’t, as you didn’t
specify an object type and id (/opt/rt3/lib/RT/Record.pm:1481)
Feb 22 13:23:02 helpdesk RT: Trying LDAP authentication
Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword Found LDAP DN:
CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com
Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword AUTH OK: tcuser
(CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com)
(/opt/rt3/lib/RT/User_Local.pm:223)
Feb 22 13:23:02 helpdesk RT: RT::User::IsPassword auth method
IsLDAPPassword SUCCEEDED
Feb 22 13:23:02 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
with: Disabled: , EmailAddress: , Gecos: tcuser, Name: tcuser,
Privileged:
Feb 22 13:23:02 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 13:23:02 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: , Gecos: tcuser, Name: tcuser, Privileged:
(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
(/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
(/opt/rt3/share/html/autohandler:251)

RT_SiteConfig.pm

/etc/request-tracker3.6/RT_SiteConfig.pm

Set($rtname, ‘helpdesk.example.com’);
Set($Organization, ‘example.com’);
Set($CorrespondAddress , ‘rt’);
Set($CommentAddress , ‘rt-comment’);
Set($Timezone , ‘US/Eastern’);
Set($DatabaseType, ‘mysql’); # e.g. Pg or mysql
Set($DatabaseUser , ‘rtuser’);
Set($DatabasePassword , ‘super_duper_secret_password’);
Set($DatabaseName , ‘rtdb’);
Set($WebPath , “/rt”);
Set($WebBaseURL , “https://helpdesk.example.com”);
Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 0);
Set($LdapAttrMap, {‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘company’,
‘RealName’ => ‘displayName’,
‘ExternalContactInfoId’ => ‘distinguishedName’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘Address2’ => ‘streetAddress’}
);
Set($LdapRTAttrMatchList, [‘Name’, ‘EmailAddress’]
);
Set($LdapEmailAttrMatchList, [‘mail’]
);
Set($LdapServer, ‘ldap://dc1.internal.example.com’);
Set($LdapBase, ‘cn=Users,dc=internal,dc=example,dc=com’);
Set($LdapFilter, ‘(objectclass=user)’);
Set($LdapUser, ‘cn=rtbind,cn=Users,dc=internal,dc=example,dc=com’);
Set($LdapPass, ‘super_secret_password’);
1;


RT training in Amsterdam, March 20-21:
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey:
https://www.surveymonkey.com/s/N23JW9T

Hello,
It seems I was wrong about mail working 100% of the time. I have made no
changes since my last email and noticed the following when a user tried
submitting a request via email today. This person is a long-time employee
whose account existed before the Samba3 + OpenLDAP to Samba4 (Active
Directory) migration, but had never used RT. Based on what I’m seeing now,
it appears that create-on-email works for domain users who have been
created since the migration, while those who existed previously are having
problems. However, it could also be complete coincidence. The inconsistency
of this problem has made it very difficult to pinpoint exact behavior and
led to my own confusion at times.

Feb 26 17:00:04 helpdesk RT: Converting ‘us-ascii’ to ‘utf-8’ for
text/plain - VPN Connection Error
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “s.marsh@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
s.marsh@example.com => s.marsh@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 26 17:00:04 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
called by RT::Authen::ExternalAuth
/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682 with: Comments:
Autocreated on ticket submission, Disabled: , EmailAddress:
s.marsh@example.com, Name: s.marsh@example.com, Password: , Privileged: ,
RealName: s.marsh@example.com
Feb 26 17:00:04 helpdesk RT: Attempting to get user info using this
external service:
Feb 26 17:00:04 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
returning Comments: Autocreated on ticket submission, Disabled: ,
EmailAddress: s.marsh@example.com, Name: s.marsh@example.com, Password: ,
Privileged: , RealName:
s.marsh@example.com(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “s.marsh@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm 563
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
s.marsh@example.com => s.marsh@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 26 17:00:04 helpdesk RT: User creation failed in mailgateway: Could not
set user info (/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “s.marsh@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
s.marsh@example.com => s.marsh@example.com(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 26 17:00:04 helpdesk RT: Couldn’t load user ‘s.marsh@example.com’.giving
up (/opt/rt3/lib/RT/Interface/Email.pm:329)
Feb 26 17:00:04 helpdesk RT: User ‘s.marsh@example.com’ could not be
loaded in the mail gateway (/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:04 helpdesk RT: RT could not load a valid user, and RT’s
configuration does not allow for the creation of a new user for this email (
s.marsh@example.com). You might need to grant ‘Everyone’ the right
‘CreateTicket’ for the queue General.
(/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:04 helpdesk RT: RT could not load a valid user, and RT’s
configuration does not allow for the creation of a new user for your email.
(/opt/rt3/lib/RT/Interface/Email.pm:243)
Feb 26 17:00:05 helpdesk RT: Could not record email: Could not load a valid
user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)

As you can see, this person is in Active Directory and all of the
attributes required by my RT setup are correct.

helpdesk:~# ldapsearch -x -LLL -D example\Administrator -b
cn=Users,dc=internal,dc=example,dc=com (mail=s.marsh@example.com) mail
sAMAccountName displayName distinguishedName objectClass -W
Enter LDAP Password:

dn: CN=Removed Marsh,CN=Users,DC=internal,DC=example,DC=com
sAMAccountName: s.marsh
displayName: Removed Marsh
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
mail: s.marsh@example.com
distinguishedName: CN=Steven Marsh,CN=Users,DC=internal,DC=example,DC=com

6

Hello,
Just wanted to send a follow up. I’m really stumped one this and I
really am open to any ideas.

The information you sent is great, but for anyone to start to help,
you’re also going to need to provide detailed logs from RT and possibly
AD. Since you’re on an ancient RT version and not using a standard LDAP
auth solution for newer versions, I suggest you also provide the list
with the two customized files you noted.

Hello,
I’m not sure what changed, but “create on email” is consistently working.
I am still having a problem with users not being creating when assigning
someone as a requestor (using their email) or when a user tries logging into
the web interface. I have attached some log snippets of these three things
occurring, along with my RT_SiteConfig.pm. This is specifically confusing
(from create on login):

Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
(/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
(/opt/rt3/share/html/autohandler:251)

I then check MySQL and see this user was in fact, not created. Thank you
for your help.

Create on email (Working)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo called by
RT::User /opt/rt3/lib/RT/User_Overlay.pm 192 with: Comments: Autocreated on
ticket submission, Disabled: 0, EmailAddress: test.a.user@example.com, Name:
test.a.user@example.com, Password: , Privileged: 0, RealName: “Test A. User”
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
baseDN “cn=Users,dc=internal,dc=example,dc=com” and filter
sAMAccountName=test.a.user@example.com” by RT::User
/opt/rt3/lib/RT/User_Local.pm 394
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
cn=Users,dc=internal,dc=example,dc=com
sAMAccountName=test.a.user@example.com => EmailAddress: , Name: , RealName:
(/opt/rt3/lib/RT/User_Local.pm:563)
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo called with
baseDN “cn=Users,dc=internal,dc=example,dc=com” and filter
mail=test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm 394
Feb 22 14:08:05 helpdesk RT: RT::User::LookupExternalUserInfo :
cn=Users,dc=internal,dc=example,dc=com mail=test.a.user@example.com =>
Address1: , Address2: , EmailAddress: test.a.user@example.com,
ExternalAuthId: tauser, ExternalContactInfoId: CN=Test A.
User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
Organization: , RealName: Test A. User, WorkPhone:
(/opt/rt3/lib/RT/User_Local.pm:563)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Local.pm 403
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeUserInfo returning
Address1: , Address2: , Comments: Autocreated on ticket submission,
Disabled: 0, EmailAddress: test.a.user@example.com, ExternalAuthId: tauser,
ExternalContactInfoId: CN=Test A.
User,CN=Users,DC=internal,dc=example,DC=com, Gecos: tauser, Name: tauser,
Organization: , Password: , Privileged: 0, RealName: Test A. User,
WorkPhone: (/opt/rt3/lib/RT/User_Local.pm:412)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
196
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43219
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43220
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.a.user@example.com” by RT::CurrentUser
/opt/rt3/lib/RT/CurrentUser.pm 218
Feb 22 14:08:05 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.a.user@example.com => test.a.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:08:05 helpdesk RT: About to think about scrips for transaction
#43221
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43222
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43223
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43224
Feb 22 14:08:06 helpdesk RT: About to think about scrips for transaction
#43225
Feb 22 14:08:06 helpdesk RT: About to prepare scrips for transaction
#43225
Feb 22 14:08:06 helpdesk RT: Found 4 scrips
Feb 22 14:08:07 helpdesk RT: About to commit scrips for transaction #43225
Feb 22 14:08:07 helpdesk RT:
rt-3.6.5-6476-1361560086-1540.3155-3-0@example.com #3155/43225 - Scrip 3
(/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT:
rt-3.6.5-6476-1361560086-1540.3155-3-0@example.com sent To:
test.a.user@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
#43226
Feb 22 14:08:07 helpdesk RT:
rt-3.6.5-6476-1361560086-1904.3155-4-0@example.com #3155/43225 - Scrip 4
(/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT:
rt-3.6.5-6476-1361560086-1904.3155-4-0@example.com No recipients found.
Not sending. (/opt/rt3/lib/RT/Action/SendEmail.pm:264)
Feb 22 14:08:07 helpdesk RT:
rt-3.6.5-6476-1361560087-57.3155-15-0@example.com #3155/43225 - Scrip 15
NotifyByEmailOnCreate (/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:08:07 helpdesk RT:
rt-3.6.5-6476-1361560087-57.3155-15-0@example.com sent To:
removed@gmail.com,removed@gmail.com
(/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:08:07 helpdesk RT: About to think about scrips for transaction
#43227
Feb 22 14:08:07 helpdesk RT: Ticket 3155 created in queue ‘General’ by
tauser (/opt/rt3/lib/RT/Ticket_Overlay.pm:756)
Feb 22 14:08:13 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:08:30 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:09:28 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000
Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: About to prepare scrips for transaction
#43228
Feb 22 14:10:03 helpdesk RT: Found 2 scrips
Feb 22 14:10:03 helpdesk RT: About to commit scrips for transaction #43228
Feb 22 14:10:03 helpdesk RT:
rt-3.6.5-6276-1361560203-830.3155-10-0@example.com #3155/43228 - Scrip 10
(/opt/rt3/lib/RT/Action/SendEmail.pm:252)
Feb 22 14:10:03 helpdesk RT:
rt-3.6.5-6276-1361560203-830.3155-10-0@example.com sent To:
test.a.user@example.com (/opt/rt3/lib/RT/Action/SendEmail.pm:283)
Feb 22 14:10:03 helpdesk RT: About to think about scrips for transaction
#43229
Feb 22 14:10:50 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000

Create when added as a watcher (Not Working)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::Ticket
/opt/rt3/lib/RT/Ticket_Overlay.pm 1350
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:46 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
with: Comments: Autocreated when added as a watcher, Disabled: ,
EmailAddress: test.b.user@example.com, Name: test.b.user@example.com,
Privileged: , RealName: test.b.user@example.com
Feb 22 14:02:46 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 14:02:46 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
Autocreated when added as a watcher, Disabled: , EmailAddress:
test.b.user@example.com, Name: test.b.user@example.com, Privileged: ,
RealName: test.b.user@example.com
(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:02:46 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:02:51 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:02:51 helpdesk RT: Failed to create user
test.b.user@example.com: Could not set user info
(/opt/rt3/lib/RT/User_Overlay.pm:617)
Feb 22 14:02:51 helpdesk RT: Could not load create a user with the email
address ‘test.b.user@example.com’ to add as a watcher for ticket 3090
(/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::Ticket
/opt/rt3/lib/RT/Ticket_Overlay.pm 1350
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:42 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
with: Comments: Autocreated when added as a watcher, Disabled: ,
EmailAddress: test.b.user@example.com, Name: test.b.user@example.com,
Privileged: , RealName: test.b.user@example.com
Feb 22 14:05:42 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 14:05:42 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
Autocreated when added as a watcher, Disabled: , EmailAddress:
test.b.user@example.com, Name: test.b.user@example.com, Privileged: ,
RealName: test.b.user@example.com
(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:05:42 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
with “test.b.user@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm
563
Feb 22 14:05:47 helpdesk RT: RT::User::CanonicalizeEmailAddress
test.b.user@example.com => test.b.user@example.com
(/opt/rt3/lib/RT/User_Local.pm:346)
Feb 22 14:05:47 helpdesk RT: Failed to create user
test.b.user@example.com: Could not set user info
(/opt/rt3/lib/RT/User_Overlay.pm:617)
Feb 22 14:05:47 helpdesk RT: Could not load create a user with the email
address ‘test.b.user@example.com’ to add as a watcher for ticket 3090
(/opt/rt3/lib/RT/Ticket_Overlay.pm:1424)
Feb 22 14:07:46 helpdesk RT: RT::Date used date::parse to make 1970-01-01
18000

Create on login (Not Working)
Feb 22 13:23:02 helpdesk RT: Autohandler called ExternalAuth. Response:
(0, ExternalAuthPriority not defined, please check your configuration file.)
Feb 22 13:23:02 helpdesk RT: Transaction->Create couldn’t, as you didn’t
specify an object type and id (/opt/rt3/lib/RT/Record.pm:1481)
Feb 22 13:23:02 helpdesk RT: Trying LDAP authentication
Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword Found LDAP DN:
CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com
Feb 22 13:23:02 helpdesk RT: RT::User::IsLDAPPassword AUTH OK: tcuser
(CN=Test C. User,CN=Users,DC=internal,DC=example,DC=com)
(/opt/rt3/lib/RT/User_Local.pm:223)
Feb 22 13:23:02 helpdesk RT: RT::User::IsPassword auth method
IsLDAPPassword SUCCEEDED
Feb 22 13:23:02 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682
with: Disabled: , EmailAddress: , Gecos: tcuser, Name: tcuser, Privileged:
Feb 22 13:23:02 helpdesk RT: Attempting to get user info using this
external service:
Feb 22 13:23:02 helpdesk RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: , Gecos: tcuser, Name: tcuser, Privileged:
(/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
Feb 22 13:23:02 helpdesk RT: Autocreated authenticated user tcuser ()
(/opt/rt3/share/html/Callbacks/LDAP/autohandler/Auth:24)
Feb 22 13:23:02 helpdesk RT: FAILED LOGIN for tcuser from 192.168.100.191
(/opt/rt3/share/html/autohandler:251)

RT_SiteConfig.pm

/etc/request-tracker3.6/RT_SiteConfig.pm

Set($rtname, ‘helpdesk.example.com’);
Set($Organization, ‘example.com’);
Set($CorrespondAddress , ‘rt’);
Set($CommentAddress , ‘rt-comment’);
Set($Timezone , ‘US/Eastern’);
Set($DatabaseType, ‘mysql’); # e.g. Pg or mysql
Set($DatabaseUser , ‘rtuser’);
Set($DatabasePassword , ‘super_duper_secret_password’);
Set($DatabaseName , ‘rtdb’);
Set($WebPath , “/rt”);
Set($WebBaseURL , “https://helpdesk.example.com”);
Set($AuthMethods, [‘LDAP’, ‘Internal’]);
Set($LdapExternalAuth, 1);
Set($LdapExternalInfo, 1);
Set($LdapAutoCreateNonLdapUsers, 0);
Set($LdapAttrMap, {‘Name’ => ‘sAMAccountName’,
‘EmailAddress’ => ‘mail’,
‘Organization’ => ‘company’,
‘RealName’ => ‘displayName’,
‘ExternalContactInfoId’ => ‘distinguishedName’,
‘ExternalAuthId’ => ‘sAMAccountName’,
‘Gecos’ => ‘sAMAccountName’,
‘WorkPhone’ => ‘telephoneNumber’,
‘Address1’ => ‘streetAddress’,
‘Address2’ => ‘streetAddress’}
);
Set($LdapRTAttrMatchList, [‘Name’, ‘EmailAddress’]
);
Set($LdapEmailAttrMatchList, [‘mail’]
);
Set($LdapServer, ‘ldap://dc1.internal.example.com’);
Set($LdapBase, ‘cn=Users,dc=internal,dc=example,dc=com’);
Set($LdapFilter, ‘(objectclass=user)’);
Set($LdapUser, ‘cn=rtbind,cn=Users,dc=internal,dc=example,dc=com’);
Set($LdapPass, ‘super_secret_password’);
1;


RT training in Amsterdam, March 20-21:
http://bestpractical.com/services/training.html

Help improve RT by taking our user survey:
https://www.surveymonkey.com/s/N23JW9T

Hello,
It seems I was wrong about mail working 100% of the time. I have made no
changes since my last email and noticed the following when a user tried
submitting a request via email today. This person is a long-time employee
whose account existed before the Samba3 + OpenLDAP to Samba4 (Active
Directory) migration, but had never used RT. Based on what I’m seeing now,
it appears that create-on-email works for domain users who have been created
since the migration, while those who existed previously are having problems.
However, it could also be complete coincidence. The inconsistency of this
problem has made it very difficult to pinpoint exact behavior and led to my
own confusion at times.

Feb 26 17:00:04 helpdesk RT: Converting ‘us-ascii’ to ‘utf-8’ for text/plain

  • VPN Connection Error
    Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
    with “s.marsh@example.com” by RT::CurrentUser /opt/rt3/lib/RT/CurrentUser.pm
    218
    Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
    s.marsh@example.com => s.marsh@example.com
    (/opt/rt3/lib/RT/User_Local.pm:346)
    Feb 26 17:00:04 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
    called by RT::Authen::ExternalAuth
    /opt/rt3/local/lib/RT/Authen/ExternalAuth.pm 682 with: Comments: Autocreated
    on ticket submission, Disabled: , EmailAddress: s.marsh@example.com, Name:
    s.marsh@example.com, Password: , Privileged: , RealName: s.marsh@example.com
    Feb 26 17:00:04 helpdesk RT: Attempting to get user info using this external
    service:
    Feb 26 17:00:04 helpdesk RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
    returning Comments: Autocreated on ticket submission, Disabled: ,
    EmailAddress: s.marsh@example.com, Name: s.marsh@example.com, Password: ,
    Privileged: , RealName: s.marsh@example.com
    (/opt/rt3/local/lib/RT/Authen/ExternalAuth.pm:665)
    Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
    with “s.marsh@example.com” by RT::User /opt/rt3/lib/RT/User_Overlay.pm 563
    Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
    s.marsh@example.com => s.marsh@example.com
    (/opt/rt3/lib/RT/User_Local.pm:346)
    Feb 26 17:00:04 helpdesk RT: User creation failed in mailgateway: Could not
    set user info (/opt/rt3/lib/RT/Interface/Email.pm:243)
    Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress : called
    with “s.marsh@example.com” by RT::CurrentUser /opt/rt3/lib/RT/CurrentUser.pm
    218
    Feb 26 17:00:04 helpdesk RT: RT::User::CanonicalizeEmailAddress
    s.marsh@example.com => s.marsh@example.com
    (/opt/rt3/lib/RT/User_Local.pm:346)
    Feb 26 17:00:04 helpdesk RT: Couldn’t load user ‘s.marsh@example.com’.giving
    up (/opt/rt3/lib/RT/Interface/Email.pm:329)
    Feb 26 17:00:04 helpdesk RT: User ‘s.marsh@example.com’ could not be loaded
    in the mail gateway (/opt/rt3/lib/RT/Interface/Email.pm:243)
    Feb 26 17:00:04 helpdesk RT: RT could not load a valid user, and RT’s
    configuration does not allow for the creation of a new user for this email
    (s.marsh@example.com). You might need to grant ‘Everyone’ the right
    ‘CreateTicket’ for the queue General.
    (/opt/rt3/lib/RT/Interface/Email.pm:243)
    Feb 26 17:00:04 helpdesk RT: RT could not load a valid user, and RT’s
    configuration does not allow for the creation of a new user for your email.
    (/opt/rt3/lib/RT/Interface/Email.pm:243)
    Feb 26 17:00:05 helpdesk RT: Could not record email: Could not load a valid
    user (/opt/rt3/share/html/REST/1.0/NoAuth/mail-gateway:75)

As you can see, this person is in Active Directory and all of the attributes
required by my RT setup are correct.

helpdesk:~# ldapsearch -x -LLL -D example\Administrator -b
cn=Users,dc=internal,dc=example,dc=com (mail=s.marsh@example.com) mail
sAMAccountName displayName distinguishedName objectClass -W
Enter LDAP Password:

dn: CN=Removed Marsh,CN=Users,DC=internal,DC=example,DC=com
sAMAccountName: s.marsh
displayName: Removed Marsh
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
mail: s.marsh@example.com
distinguishedName: CN=Steven Marsh,CN=Users,DC=internal,DC=example,DC=com

Hello,

We were never able to figure this out… It seems so random. I had
several people send emails today, one of which was created and the
others failed. I’m recieveing quite a few complaints from users
getting rejected, so I’m trying to thing of something. One option is
to manually add new users to the RT database, but I do not understand
how the user’s ‘id’ is generated. It’s not sequential as my last three
created users are 13712, 13718 and 13988. Does anyone know how RT
achieves these values when adding new users?