Re: [rt-users] Autocreated users and ldap auth

2008-12-18 Thread Robert Munsch 
 

Subject: Re: [rt-users] Autocreated users and ldap auth

 

> I’m using Authen::ExternalAuth and it seems to be working.  If a user logs in 
> to RT using Active Directory credentials, they get in and get autocreated.  

> 

> However, if before RT login, they submit a ticket, they cannot log in: rt 
> complains that the email address is already in use (AD lookup finds the email 
> they submitted from) and says it’s in use.  I think I’ve misunderstood: I 
> thought RT would treat identical info as one account, and LDAP lookup would 
> take precedence.  How can I merge them so ldap lookup is always used, whether 
> they submitted a ticket or not..?

> 

> I’m not sure I’m asking this clearly.  Should I be turning off the 
> create-on-ticket-submit functionality to achieve this?

 

I just ran into this myself when setting up our LDAP authentication.  Our 
problem was that the LDAP server did not actually have the email address 
stored, so the username created in RT was the email address.  I had to go in 
and manually change the usernames of all the accounts with email addresses in 
the username field.

 

What’s the value of ‘attr_match_list’ and ‘attr_map’ in your RT_SiteConfig.pm 
file?

 

Haven’t altered them from initial values, since it seemed to work at first…

 

# The list of RT attributes that uniquely identify a user

 'attr_match_list'  => ['Name',

'EmailAddress',

   ],

 # The mapping of RT attributes on to LDAP attributes

  'attr_map' =>  {   'Name' => 'sAMAccountName',

   'EmailAddress' => 'mail',

   'Organization' => 
'physicalDeliveryOfficeName',

   'RealName' => 'cn',

'ExternalAuthId' => 
'sAMAccountName',

'Gecos' => 'sAMAccountName',

'WorkPhone' => 
'telephoneNumber',

'Address1' => 
'streetAddress',

'City' => 'l',

'State' => 'st',

'Zip' => 'postalCode',

'Country' => 'co'

 

Our AD has email values defined.  A ticket submitter gets created with account 
name “n...@address,” which of course also becomes that autocreated users’ email 
address.  The user then tries to log in, is checked on AD, their email address 
is the same, and it tells me “already a user with that email address.”  I want 
to tell it “yes, same person, if credentials match let them in!”

 

Thanks,

 

---

Rob Munsch

IT Administrator

http://www.PhillyCarShare.org <http://www.PhillyCarShare.org> 

Our wheels.  Your freedom.

215-730-0988 x131

BEGIN:VCARD
VERSION:2.1
N:Munsch;Robert
FN:Robert Munsch
EMAIL;PREF;INTERNET:mun...@phillycarshare.org
REV:20080605T213203Z
END:VCARD
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Autocreated users and ldap auth

2008-12-18 Thread Joe Hartley 
> I'm using Authen::ExternalAuth and it seems to be working.  If a user
logs in to RT using Active Directory credentials, they get in and get
autocreated.  

> 

> However, if before RT login, they submit a ticket, they cannot log in:
rt complains that the email address is already in use (AD lookup finds
the email they submitted from) and says it's in use.  I think I've
misunderstood: I thought RT would treat identical info as one account,
and LDAP lookup would take precedence.  How can I merge them so ldap
lookup is always used, whether they submitted a ticket or not..?

> 

> I'm not sure I'm asking this clearly.  Should I be turning off the
create-on-ticket-submit functionality to achieve this?

 

I just ran into this myself when setting up our LDAP authentication.
Our problem was that the LDAP server did not actually have the email
address stored, so the username created in RT was the email address.  I
had to go in and manually change the usernames of all the accounts with
email addresses in the username field.

 

What's the value of 'attr_match_list' and 'attr_map' in your
RT_SiteConfig.pm file?

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

[rt-users] Autocreated users and ldap auth

2008-12-18 Thread Robert Munsch 
I'm using Authen::ExternalAuth and it seems to be working.  If a user
logs in to RT using Active Directory credentials, they get in and get
autocreated.  

 

However, if before RT login, they submit a ticket, they cannot log in:
rt complains that the email address is already in use (AD lookup finds
the email they submitted from) and says it's in use.  I think I've
misunderstood: I thought RT would treat identical info as one account,
and LDAP lookup would take precedence.  How can I merge them so ldap
lookup is always used, whether they submitted a ticket or not..?

 

I'm not sure I'm asking this clearly.  Should I be turning off the
create-on-ticket-submit functionality to achieve this?

 



Rob Munsch

IT Administrator

http://www.PhillyCarShare.org  

Our wheels.  Your freedom.

215-730-0988 x131

 

BEGIN:VCARD
VERSION:2.1
N:Munsch;Robert
FN:Robert Munsch
EMAIL;PREF;INTERNET:mun...@phillycarshare.org
REV:20080605T213203Z
END:VCARD
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com