Unable to create users via rt-mailgate or web interface

Good Day!

I’m having a problem involving creation of internal users when a mail is
received through the rt-mailgate. I know this is a common problem but
I’ve not been able to find a solution that worked for me. If you have a
few minutes can you glance at my various configs and perhaps point out
my error?

The only big configuration change I’m using is running LDAP via
ExternalAuth, which may in fact be my configuration problem. I’m running
Request Tracker 3.8.7-1ubuntu2 on Ubuntu 10.04. I’ve set Everyone to
have CreateTicket privilege on the General queue, so that easy fix
wasn’t my problem.

Logging in via ExternalAuth works fine.

LOGS:

[Thu Jul 8 12:27:50 2010] [debug]: Guessed encoding: ascii
(/usr/share/request-tracker3.8/lib/RT/I18N.pm:419)
[Thu Jul 8 12:27:50 2010] [debug]: Guessed encoding: ascii
(/usr/share/request-tracker3.8/lib/RT/I18N.pm:419)
[Thu Jul 8 12:27:50 2010] [debug]: Converting ‘ascii’ to ‘utf-8’ for
text/plain - TEST (/usr/share/request-tracker3.8/lib/RT/I18N.pm:231)
[Thu Jul 8 12:27:50 2010] [debug]: Going to create user with address
’externalemail@FQDN’
(/usr/share/request-tracker3.8/lib/RT/Interface/Email/Auth/MailFrom.pm:94)
[Thu Jul 8 12:27:50 2010] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User
/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm
20 with: Comments: Autocreated on ticket submission, Disabled: 0,
EmailAddress: externalemail@FQDN, Name: externalemail@FQDN, Password: ,
Privileged: 0, RealName: FULLNAME
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)

[Thu Jul 8 12:27:50 2010] [debug]: Attempting to get user info using
this external service: DEPARTMENTAL_LDAP
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458)

[Thu Jul 8 12:27:50 2010] [debug]: Attempting to use this
canonicalization key: Name
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)

[Thu Jul 8 12:27:50 2010] [debug]: LDAP Search === Base:
ou=people,dc=department == Filter:
(&(objectClass=posixAccount)(uid=externalemail@FQDN)) == Attrs: uid,uid
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)

[Thu Jul 8 12:27:50 2010] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)

[Thu Jul 8 12:27:50 2010] [debug]: LDAP Search === Base:
ou=people,dc=department == Filter:
(&(objectClass=posixAccount)(uid=externalemail@FQDN)) == Attrs: uid,uid
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)

[Thu Jul 8 12:27:50 2010] [debug]: Attempting to use this
canonicalization key: uid
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)

[Thu Jul 8 12:27:50 2010] [debug]: This attribute ( uid ) is null or
incorrectly defined in the attr_map for this service ( DEPARTMENTAL_LDAP
)
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:474)

[Thu Jul 8 12:27:50 2010] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Comments:
Autocreated on ticket submission, Disabled: 0, EmailAddress:
externalemail@FQDN, Name: externalemail@FQDN, Password: , Privileged: 0,
RealName: FULLNAME
(/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)

[Thu Jul 8 12:27:50 2010] [crit]: User creation failed in mailgateway:
Could not set user info
(/usr/share/request-tracker3.8/lib/RT/Interface/Email.pm:244)
[Thu Jul 8 12:27:50 2010] [warning]: Couldn’t load user
’externalemail@FQDN’.giving up
(/usr/share/request-tracker3.8/lib/RT/Interface/Email.pm:932)
[Thu Jul 8 12:27:50 2010] [crit]: User ‘externalemail@FQDN’ could not
be loaded in the mail gateway
(/usr/share/request-tracker3.8/lib/RT/Interface/Email.pm:244)
[Thu Jul 8 12:27:50 2010] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for this email (externalemail@FQDN).

You might need to grant ‘Everyone’ the right ‘CreateTicket’ for the
queue General. (/usr/share/request-tracker3.8/lib/RT/Interface/Email.pm:244)
[Thu Jul 8 12:27:51 2010] [error]: RT could not load a valid user, and
RT’s configuration does not allow
for the creation of a new user for your email.
(/usr/share/request-tracker3.8/lib/RT/Interface/Email.pm:244)
[Thu Jul 8 12:27:51 2010] [error]: Could not record email: Could not
load a valid user
(/usr/share/request-tracker3.8/html/REST/1.0/NoAuth/mail-gateway:75)

CONFIGURATION FILES:

/etc/aliases:

rt3: "|/usr/bin/rt-mailgate --debug --queue ‘General’ --action
correspond --url http://localhost/rt/"
�

/etc/request-tracker3.8/RT_SiteConfig.pm:
my $zone = “UTC”;
$zone=/bin/cat /etc/timezone
if -f “/etc/timezone”;
chomp $zone;
Set($Timezone, $zone);

end /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone

start /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf

THE BASICS:

Set($rtname, ‘FQDN’);
Set($Organization, ‘FQDN’);

Set($CorrespondAddress , ‘rt@FQDN’);
Set($CommentAddress , ‘rt-comment@FQDN’);
Set($SendmailPath , “/usr/sbin/sendmail”);
Set($SendmailArguments , “-oi -t”);

Set($MaxAttachmentSize , 500000);
Set($FriendlyFromLineFormat, “”%s" <%s>");

Set($AutoCreateNonExternalUsers, true);

Set($NotifyActor, 1);

Absolute file name or relative to path in LogDir option.

Set($LogToFileNamed , “rt.log”);

Log level

Set($LogToFile , ‘debug’);
Set($LogToScreen , ‘error’);

THE WEBSERVER:

Set($WebPath , “/rt”);
Set($WebBaseURL , “https://FQDN”);

end /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf

start /etc/request-tracker3.8/RT_SiteConfig.d/51-dbconfig-common

THE DATABASE:

generated by dbconfig-common

map from dbconfig-common database types to their names as known by RT

my %typemap = (
mysql => ‘mysql’,
pgsql => ‘Pg’,
sqlite3 => ‘SQLite’,
);

Set($DatabaseType, $typemap{mysql} || “UNKNOWN”);

Set($DatabaseHost, ‘localhost’);
Set($DatabasePort, ‘3306’);

Set($DatabaseUser , ‘rtuser’);
Set($DatabasePassword , ‘password’);

SQLite needs a special case, since $DatabaseName must be a full pathname

my $dbc_dbname = ‘rtdb’; if ( “mysql” eq “sqlite3” ) { Set
($DatabaseName, ‘/var/lib/dbconfig-common/sqlite3/request-tracker3.8’ .
’/’ . $dbc_dbname); } else { Set ($DatabaseName, $dbc_dbname); }

end /etc/request-tracker3.8/RT_SiteConfig.d/51-dbconfig-common

Set($WebExternalAuto,1);
Set($AutoCreate,{Privileged=>0});

Set(@Plugins,(qw(RT::Authen::ExternalAuth)));

The order in which the services defined in ExternalSettings

should be used to authenticate users. User is authenticated

if successfully confirmed by any service - no more services

are checked.

Set($ExternalAuthPriority, [ ‘DEPARTMENTAL_LDAP’,
]
);

The order in which the services defined in ExternalSettings

should be used to get information about users. This includes

RealName, Tel numbers etc, but also whether or not the user

should be considered disabled.

Once user info is found, no more services are checked.

You CANNOT use a SSO cookie for authentication.

Set($ExternalInfoPriority, [ ‘DEPARTMENTAL_LDAP’
]
);

If this is set to true, then the relevant packages will

be loaded to use SSL/TLS connections. At the moment,

this just means “use Net::SSLeay;”

Set($ExternalServiceUsesSSLorTLS, 0);

If this is set to 1, then users should be autocreated by RT

as internal users if they fail to authenticate from an

external service.

Set($AutoCreateNonExternalUsers, 0);

These are the full settings for each external service as a HashOfHashes

Note that you may have as many external services as you wish. They will

be checked in the order specified in the Priority directives above.

e.g.

Set(ExternalAuthPriority,[‘My_LDAP’,‘My_MySQL’,‘My_Oracle’,‘SecondaryLDAP’,‘Other-DB’]);

Set($ExternalSettings, { # LDAP SERVICE
’DEPARTMENTAL_LDAP’ => { ##
GENERIC SECTION
# The type of
service (db/ldap/cookie)
‘type’
=> ‘ldap’,
# The server
hosting the service
’server’
=> ‘FQDN’,
SERVICE-SPECIFIC SECTION
# If you can
bind to your LDAP server anonymously you should
# remove the
user and pass config lines, otherwise specify them here:
# The username
RT should use to connect to the LDAP server
#‘user’
=> ‘rt_ldap_username’,
# The password
RT should use to connect to the LDAP server
#‘pass’
=> ‘rt_ldap_password’,

                                                     # The LDAP 

search base
’base’
=> ‘ou=people,dc=department’,
# ALL FILTERS
MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU MUST
SPECIFY A filter AND A d_filter!!
# The filter to
use to match RT-Users
’filter’
=> ‘(objectClass=posixAccount)’,
# A catch-all
example filter: ‘(objectClass=*)’
# The filter
that will only match disabled users
’d_filter’
=> ‘(objectClass=FooBarBaz)’,
# A catch-none
example d_filter: ‘(objectClass=FooBarBaz)’
# Should we try
to use TLS to encrypt connections?
‘tls’
=> 0,
# SSL Version
to provide to Net::SSLeay if using SSL
’ssl_version’
=> 3,
# What other
args should I pass to Net::LDAP->new($host,@args)?
‘net_ldap_args’
=> [ version => 3 ],
# Does
authentication depend on group membership? What group name?
#‘group’ => ‘’,
# What is the
attribute for the group object that determines membership?
#‘group_attr’ => ‘memberUid’,
## RT ATTRIBUTE
MATCHING SECTION
# The list of
RT attributes that uniquely identify a user
# This example shows what you can specify… I recommend
reducing this
# to just the
Name and EmailAddress to save encountering problems later.

‘attr_match_list’ => [ ‘Name’,

                  'EmailAddress' => 'uid'

              ],
                                                     # The mapping 

of RT attributes on to LDAP attributes
’attr_map’
=> { ‘Name’ => ‘uid’,

                  'EmailAddress' => 'uid'

              }
                                                 }
                             }

);

1;

Thanks for any assistance!

Michael

I’m having a problem involving creation of internal users when a
mail is received through the rt-mailgate. I know this is a common
problem but I’ve not been able to find a solution that worked for
me. If you have a few minutes can you glance at my various configs
and perhaps point out my error?

The only big configuration change I’m using is running LDAP via
ExternalAuth, which may in fact be my configuration problem. I’m
running Request Tracker 3.8.7-1ubuntu2 on Ubuntu 10.04. I’ve set
Everyone to have CreateTicket privilege on the General queue, so
that easy fix wasn’t my problem.

[Thu Jul 8 12:27:50 2010] [debug]: This attribute ( uid ) is null
or incorrectly defined in the attr_map for this service (
DEPARTMENTAL_LDAP ) (/usr/local/share/request-tracker3.8/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:474)

You probably want to fix this warning

[Thu Jul 8 12:27:50 2010] [crit]: User creation failed in
mailgateway: Could not set user info

This implies you haven’t set AutoCreateNonExternalUsers correctly

Set($AutoCreateNonExternalUsers, true);
Set($AutoCreateNonExternalUsers, 0);

And you haven’t, you want that line once, and you want it set to 1
not a random bareword.

-kevin