Re: [rt-users] mysql sphinx
On Monday 29 of August 2011, Alex Vandiver wrote: Does that help to clarify the limitation? Yes, it does. Thanks. More questions follows. I see that sphinx is learning only attachments with ContentType = 'text/plain' entries which looks unfortunate since I have tons of html email. Did indexing text/html and having html_strip=1 [1] in sphinx produce any problems that caused only text/plain to be choosen for indexation in rt-setup-fulltext-index? 1. http://sphinxsearch.com/docs/current.html#conf-html-strip ps. here is my setup with delta indexes, could be useful for other prople source rt { type= mysql sql_host= localhost sql_db = rt3 sql_user= sql_pass= sql_query_pre = SET NAMES utf8 sql_query_pre = REPLACE INTO SphinxCounters SELECT 1, MAX(id) FROM Attachments sql_query = \ SELECT a.id, a.content FROM Attachments a \ JOIN Transactions txn ON a.TransactionId = txn.id AND txn.ObjectType = 'RT::Ticket' \ JOIN Tickets t ON txn.ObjectId = t.id \ WHERE a.ContentType = 'text/plain' AND t.Status != 'deleted' \ AND a.id=( SELECT max_doc_id FROM SphinxCounters WHERE counter_id=1 ) sql_query_info = SELECT * FROM Attachments WHERE id=$id } source rt_delta : rt { sql_query_pre = SET NAMES utf8 sql_query = \ SELECT a.id, a.content FROM Attachments a \ JOIN Transactions txn ON a.TransactionId = txn.id AND txn.ObjectType = 'RT::Ticket' \ JOIN Tickets t ON txn.ObjectId = t.id \ WHERE a.ContentType = 'text/plain' AND t.Status != 'deleted' \ AND a.id( SELECT max_doc_id FROM SphinxCounters WHERE counter_id=1 ) sql_query_info = SELECT * FROM Attachments WHERE id=$id sql_query_post_index= } index rt { source = rt path= /var/lib/sphinx/rt.index docinfo = extern charset_type= utf-8 charset_table = 0..9, A..Z-a..z, a..z, U+0143-U+0144, U+0104-U+0105, U+0106-U+0107, U+0118-U+0119, U+0141-U+0142, U+00D3-U+00F3, U+015A-U+015B, U+0179-U+017A, U+017B-U+017C, U+0105, U+0107, U+0119, U+0142, U+00F3, U+015B, U+017A, U+017C, U+0144 } (various charset_table are required for many non-english languages) index rt_delta : rt { source = rt_delta path= /var/lib/sphinx/rt.delta.index } CREATE TABLE `AttachmentsIndex` ( `id` int(10) unsigned NOT NULL, `weight` int(11) NOT NULL, `query` varchar(3072) NOT NULL, KEY `query` (`query`(255)) ) ENGINE=SPHINX DEFAULT CHARSET=utf8 CONNECTION='sphinx://127.0.0.1:3312/rt,rt_delta' (note, two indexes in CONNECTION) CREATE TABLE `SphinxCounters` ( `counter_id` int(11) NOT NULL, `max_doc_id` int(11) NOT NULL, PRIMARY KEY (`counter_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 all indexes updated daily, rt_delta updated every 15 minutes # cat /etc/cron.d/sphinx @daily root /usr/bin/indexer --quiet --rotate --all */15 * * * * root /usr/bin/indexer --quiet --rotate rt_delta -- Arkadiusz MiśkiewiczPLD/Linux Team arekm / maven.plhttp://ftp.pld-linux.org/ RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] can't unmark an bookmarked ticket
Hello everybody if i create a ticket and bokkmark it, i can't unmark this one why? is it deliberately from the main bookmark concept on RT? or is sth wrong with our RT-System ? best regards john s. -- View this message in context: http://old.nabble.com/can%27t-unmark-an-bookmarked-ticket-tp32355172p32355172.html Sent from the Request Tracker - User mailing list archive at Nabble.com. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Custom field relationships
We are running 3.8.8. We have some custom fields we would like to auto-populate using scripts. Basically, like so: customfield id = 1 - Client/Project customfield id = 2 - Task/Code In the create new ticket form, the data in Task/Code is dependent on what is chosen in Client/Project. I cannot for the life of me figure out how they are related within the database structure. I know it has to do with the sortorder in customfieldvalues, but I cannot see where they are related. We want to script on the backend updating the information based on data that pulls from another database. We hav the data to load, just need to figure out how to relate them. Any ideas? Thanks in advance! Joe RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT warning Couldn't enable user xxxx
I'm also getting this warning in RT 4.0.0 (an installation that has been upgraded since 3.8.8). It shows a different file and line number though: [warning]: Couldn't enable user 79 (/opt/rt4/sbin/../lib/RT/User.pm:1065) The user is already privileged and was added via LDAP, which is consistent with the above reports. -- View this message in context: http://old.nabble.com/RT-warning-%22Couldn%27t-enable-user-%22-tp29669037p32356955.html Sent from the Request Tracker - User mailing list archive at Nabble.com. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Captcha Extension on RT 4.0.2 fails to compile
On Sun, Aug 28, 2011 at 10:43:36AM +0300, Alex Rhys-Hurn wrote: Hello everyone, I am trying to install the captcha extention on RT 4.0.2. I use these commands from the README file: perl Makefile.PL make make install But when I use the first command perl Makefile.PL I get the following output: RTIR 2.4 and newer needs RT 3.8.1 at least, you have 4.0.2 at Makefile.PL line 10, STDIN line 1. And then the second command make fails with: make: *** No targets specified and no makefile found. Stop. According to the Best Practical RT Extensions page the extension is supposed to work with RT 4.x Looks like the Makefile.PL had a bad version check. You can try the current version on github and see if my checkin this morning fixes it. https://github.com/bestpractical/rt-extension-captcha -kevin pgp2k393nqJsM.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Custom field relationships
On Mon, Aug 29, 2011 at 06:37:10AM -0400, Joe Harris wrote: We are running 3.8.8. We have some custom fields we would like to auto-populate using scripts. Basically, like so: customfield id = 1 - Client/Project customfield id = 2 - Task/Code In the create new ticket form, the data in Task/Code is dependent on what is chosen in Client/Project. I cannot for the life of me figure out how they are related within the database structure. I know it has to do with the sortorder in customfieldvalues, but I cannot see where they are related. We want to script on the backend updating the information based on data that pulls from another database. We hav the data to load, just need to figure out how to relate them. Sounds like you may want an external custom field, which has documentation in docs, however I'm not sure that dependent custom fields that are external worked until later in the 3.8 series. -kevin pgpdO2YmZHXuk.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT warning Couldn't enable user xxxx
On Mon, Aug 29, 2011 at 06:42:47AM -0700, boourns wrote: I'm also getting this warning in RT 4.0.0 (an installation that has been upgraded since 3.8.8). It shows a different file and line number though: [warning]: Couldn't enable user 79 (/opt/rt4/sbin/../lib/RT/User.pm:1065) The user is already privileged and was added via LDAP, which is consistent with the above reports. It's a useless warning that will be removed in a future release of RT-Authen-ExternalAuth -kevin pgpx5iyLynuWG.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Create Database without Root
Great, thanks! Sorry for the late response. On Fri, Aug 19, 2011 at 10:43:39AM -0400, Christopher Lasater wrote: Hi, I am trying to use a database created for me by the DBAs at my company. I do not have root privileges, just a regular username and password. I have created the tables using schema.mysql but I can not populate the data. Are there instruction for creating the RT database when the Database has already been created and you do not have root rights? /opt/rt4/sbin/rt-setup-database --help search for --skip-create -kevin PGP.sig Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] mysql sphinx
On Mon, 2011-08-29 at 08:32 +0200, Arkadiusz Miskiewicz wrote: Did indexing text/html and having html_strip=1 [1] in sphinx produce any problems that caused only text/plain to be choosen for indexation in rt-setup-fulltext-index? With the caveats that you'll need additional html_strip=1 indexes for both the main and the delta index (otherwise tags will be stripped from text/plain content), and that we've not tested it locally, it should probably work, yes. We opted to provide the text/plain configuration as the default because most html mail has a text/plain alternative. But as rt-setup-fulltext-index states: Below is a simple Sphinx configuration which can be used to index all text/plain attachments in your database. This configuration is not ideal; you should read the Sphinx documentation to understand how to configure it to better suit your needs. - Alex RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Search Format - Take button
Hi everyone, So I'm trying to build a search that I'll put on a dashboard and on my RT At a Glance. I want to have the Take button in it just like the 10 newest unowned widget that is delivered with RT. How do I do that in the query builder? I know I can make the ticket id a link to take it... but I want a seperate button as my users are used to that Take button... Is it possible? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Search Format - Take button
Hey Mike, You need to do it using the Advanced Edit and add the following line, if its is not the last part you will need to add a comma at the end. The main problem is that it will not work well with tickets already owned, since you can not take an already taken ticket. 'a href=__WebPath__/Ticket/Display.html?Action=Takeamp;id=__idloc(Take)__/a/TITLE:NBSP' From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Mike Johnson Sent: Monday, August 29, 2011 11:41 AM To: rt-users@lists.bestpractical.com Subject: [rt-users] Search Format - Take button Hi everyone, So I'm trying to build a search that I'll put on a dashboard and on my RT At a Glance. I want to have the Take button in it just like the 10 newest unowned widget that is delivered with RT. How do I do that in the query builder? I know I can make the ticket id a link to take it... but I want a seperate button as my users are used to that Take button... Is it possible? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca PGP.sig Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1, 'server' = 'rt.mydomain.local', 'base' = 'OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' = '(objectclass=person)', # The filter that will only match disabled users 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' = 0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'Request-Tracker', # What is the attribute for the group object that determines membership? #'group_attr' = 'GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'displayName', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode',
Re: [rt-users] Using Scrips assign CustomFields to incoming Tickets (from a pre-defined list of Custom Fields)
Any feedback on this please? Thanks, Behzad On Aug 25, 2011, at 1:48 PM, Behzad Mahini wrote: Hi, RT 3.6.7 OS: Linux Purpose: Using a Scrip, I am trying to set/assign Custom Fields (from a list of pre-defined Custom Fields in Queue-A) to tickets being sent to Queue-A. My code below (Scrip) simply parses the Subject line of incoming tickets, and should attempt to create ( update) an incoming Ticket based on what shows up in the Subject line. Problem: Tickets do get created as I send my emails to RT, yet they do not get set with the Custom Field (from a pre-defined set of custom fields), and Custom Field stays as no value A) my Scrip parameters (using the web interface) == Scrip Description:OnCreateAddCF Condition:On Correspond Action: User Defined Template: Correspondence-XYZ Stage:TransactionCreate Custom condition: Custom action preparation code: my %cf_hash = ( some-text1 = 1, some-text2= 1, some-text3 = 1, ); my $cf_key; #Current Subject 'Queue Name' my $t_subject = $self-TicketObj-Subject; my $queue = $self-TicketObj-QueueObj-Name; #Not being used, as my Scrip is Queue-specific (being applied to Queue-A) #Custom Field Name to be Set my $cf = RT::CustomField-new(RT-SystemUser); #Set Ticket's CustomField, based on Subject line! foreach $cf_key (keys %cf_hash) if ( $t_subject =~ /$cf_key/i ) { $cf-LoadByName(Name= $cf_key; } } 1; Custom action cleanup code: B) My Tickets are sent via email to queu...@.com === Subject line of email to queu...@.com: Testing -- some-text2 NOTES: 1) Using the Web interface, when I try to Reply to the tickets that get created, my Scrip does not even show up as one of the Scrips that is being evaluated. Yet, other Scrips that I have personally created do show up as Scrips that will get triggered (shown below). 2) My User Status: -I am an end-user of RT, without any admin privileges on the RT system -I have the proper ACL to write, show, etc.for Queue-A -I can successfully create tickets in Queue-A (both through email web interface) -I can successfully create Scrips that will get triggered, based on Scrip Action being anything other than User Defined (i.e., AutoReply To Requestors) -I don't have access to RT::Logger (based on our shop setup) PastedGraphic-2.pdf Thanks, Behzad RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA ˜ September 26 27, 2011 * San Francisco, CA, USA ˜ October 18 19, 2011 * Washington DC, USA ˜ October 31 November 1, 2011 * Melbourne VIC, Australia ˜ November 28 29, 2011 * Barcelona, Spain ˜ November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl
Still struggling with trying to get RT externally authenticating with my 2008 Active Directory. I have been able to accomplish an ldapsearch with the following options successfully: ldapsearch -x -b dc=eiuad,dc=eiu,dc=edu -D CN=RT Auth,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu -h eiuad.eiu.edu -p 389 -W sAMAccountName=blmurphy I would like to use the blmurphy as my RT account name. When I execute the above ldapsearch and input the prompted for password I get back my account information from the Active Directory. I have the following set in my RT_SiteConfig.pm but continue to get the externalauth nouser response. Brian Set($ExternalSettings, { # EIUAD Active Directory 'EIUAD' = { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' = 'ldap', # The server hosting the service 'server' = 'eiuad.eiu.edu', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' = 'CN=RT Auth,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu', # The password RT should use to connect to the LDAP server 'pass' = 'x', # # The LDAP search base 'base' = 'dc=eiuad,dc=eiu,dc=edu', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter' = '(sAMAccountName=*)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' = '(objectclass=Foo)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' = 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' = 3, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'CN=RT_Access,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu', # What is the attribute for the group object that determines membership? 'group_attr' = 'memberOf', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user # This example shows what you *can* specify.. I recommend reducing this # to just the Name and EmailAddress to save encountering problems later.
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1, 'server' = 'rt.mydomain.local', 'base' = 'OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' = '(objectclass=person)', # The filter that will only match disabled users 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' = 0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'Request-Tracker', # What is the attribute for the group object that determines membership? #'group_attr' = 'GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'displayName', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' } } } ); smime.p7s Description: S/MIME Cryptographic Signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1, 'server' = 'rt.mydomain.local', 'base' = 'OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' = '(objectclass=person)', # The filter that will only match disabled users 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' = 0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'Request-Tracker', # What is the attribute for the group object that determines membership? #'group_attr' = 'GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'displayName', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' } } } ); RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011 -- View this message in context:
Re: [rt-users] rt4 and External Auth to AD 2008 non-ssl
Brian, In my RT_SiteConfig.pm we use group_attr = 'member' rather than memberOf. Might be worth a shot. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:32 AM, Brian Murphy wrote: Still struggling with trying to get RT externally authenticating with my 2008 Active Directory. I have been able to accomplish an ldapsearch with the following options successfully: ldapsearch -x -b dc=eiuad,dc=eiu,dc=edu -D CN=RT Auth,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu -h eiuad.eiu.edu -p 389 -W sAMAccountName=blmurphy I would like to use the blmurphy as my RT account name. When I execute the above ldapsearch and input the prompted for password I get back my account information from the Active Directory. I have the following set in my RT_SiteConfig.pm but continue to get the externalauth nouser response. Brian Set($ExternalSettings, { # EIUAD Active Directory 'EIUAD' = { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' = 'ldap', # The server hosting the service 'server' = 'eiuad.eiu.edu', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' = 'CN=RT Auth,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu', # The password RT should use to connect to the LDAP server 'pass' = 'x', # # The LDAP search base 'base' = 'dc=eiuad,dc=eiu,dc=edu', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter' = '(sAMAccountName=*)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' = '(objectclass=Foo)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' = 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' = 3, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'CN=RT_Access,OU=Sensitive,DC=eiuad,DC=eiu,DC=edu', # What is the attribute for the group object that determines membership? 'group_attr' = 'memberOf', ## RT ATTRIBUTE MATCHING SECTION
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Yes, Josh. That is correct. The ExternalAuthen checks all locations for users under the base OU. Either change your specified base in RT_SiteConfig.pm or move the users to the OU that you want RT to search. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:39 AM, josh.cole wrote: Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' ={ 'type' ='ldap', 'auth' =1, 'info' =1, 'server' ='rt.mydomain.local', 'base' ='OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' ='(objectclass=person)', # The filter that will only match disabled users 'd_filter' ='(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' =0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version =3 ], # Does authentication depend on group membership? What group name? 'group' ='Request-Tracker', # What is the attribute for the group object that determines membership? #'group_attr' ='GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' ={ 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'displayName', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' } } } ); RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL,
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Thank you very much for your feedback. I really appreciate it. Andrew Wagner-4 wrote: Yes, Josh. That is correct. The ExternalAuthen checks all locations for users under the base OU. Either change your specified base in RT_SiteConfig.pm or move the users to the OU that you want RT to search. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:39 AM, josh.cole wrote: Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' ={ 'type' ='ldap', 'auth' =1, 'info' =1, 'server' ='rt.mydomain.local', 'base' ='OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' ='(objectclass=person)', # The filter that will only match disabled users 'd_filter' ='(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' =0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version =3 ], # Does authentication depend on group membership? What group name? 'group' ='Request-Tracker', # What is the attribute for the group object that determines membership? #'group_attr' ='GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], # The mapping of RT attributes on to LDAP attributes 'attr_map' ={ 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'displayName', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode',
Re: [rt-users] Search Format - Take button
Mike, I think you have to do that through the advanced view. If you look at the default unowned ticket search in advanced view. To do this, click on Edit, then click on the link next to Edit the Predefined Search Itself, then click on the advanced link. The Take feature should be implemented at the bottom of the format window. From there, you can see how they define the location of the Take link and how it is formatted. It looks to use a special location defined specifically for the Take link: __loc(Take)__ Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 10:40 AM, Mike Johnson wrote: Hi everyone, So I'm trying to build a search that I'll put on a dashboard and on my RT At a Glance. I want to have the Take button in it just like the 10 newest unowned widget that is delivered with RT. How do I do that in the query builder? I know I can make the ticket id a link to take it... but I want a seperate button as my users are used to that Take button... Is it possible? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca mailto:mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA --- September 26 27, 2011 * San Francisco, CA, USA --- October 18 19, 2011 * Washington DC, USA --- October 31 November 1, 2011 * Melbourne VIC, Australia --- November 28 29, 2011 * Barcelona, Spain --- November 28 29, 2011 smime.p7s Description: S/MIME Cryptographic Signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
I think I am close now. I made those changes to the config. I am receiving an error when I try to login with my AD credentials. The error is: [Mon Aug 29 17:35:31 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to rt.mydomain.local (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) Do I need to specify an ldap port? I did add a username and password to authenticate. josh.cole wrote: Thank you very much for your feedback. I really appreciate it. Andrew Wagner-4 wrote: Yes, Josh. That is correct. The ExternalAuthen checks all locations for users under the base OU. Either change your specified base in RT_SiteConfig.pm or move the users to the OU that you want RT to search. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:39 AM, josh.cole wrote: Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' ={ 'type' ='ldap', 'auth' =1, 'info' =1, 'server' ='rt.mydomain.local', 'base' ='OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' ='(objectclass=person)', # The filter that will only match disabled users 'd_filter' ='(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' =0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version =3 ], # Does authentication depend on group membership? What group name? 'group' ='Request-Tracker', # What is the attribute for the group object that determines membership? #'group_attr' ='GROUP_ATTR', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], # The mapping
Re: [rt-users] SOLVED: Captcha Extension on RT 4.0.2 fails to compile
Dear Kevin, Thank you for the fix. I can confirm that the compilation works perfectly. The Extension is also working correctly. Alex - Original Message - From: Kevin Falcone falc...@bestpractical.com To: rt-users@lists.bestpractical.com Sent: Monday, 29 August, 2011 4:57:20 PM Subject: Re: [rt-users] Captcha Extension on RT 4.0.2 fails to compile On Sun, Aug 28, 2011 at 10:43:36AM +0300, Alex Rhys-Hurn wrote: Hello everyone, I am trying to install the captcha extention on RT 4.0.2. I use these commands from the README file: perl Makefile.PL make make install But when I use the first command perl Makefile.PL I get the following output: RTIR 2.4 and newer needs RT 3.8.1 at least, you have 4.0.2 at Makefile.PL line 10, STDIN line 1. And then the second command make fails with: make: *** No targets specified and no makefile found. Stop. According to the Best Practical RT Extensions page the extension is supposed to work with RT 4.x Looks like the Makefile.PL had a bad version check. You can try the current version on github and see if my checkin this morning fixes it. https://github.com/bestpractical/rt-extension-captcha -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA � September 26 27, 2011 * San Francisco, CA, USA � October 18 19, 2011 * Washington DC, USA � October 31 November 1, 2011 * Melbourne VIC, Australia � November 28 29, 2011 * Barcelona, Spain � November 28 29, 2011 This e-mail contains confidential information or information belonging to ITworX Limited and is intended solely for the addressees. The opinions therein, explicit or implied, are solely those of the author and do not necessarily represent those of ITworX Limited as a company. The unauthorized disclosure, use, dissemination or copying (either Whole or partial) of this e-mail, or any information it contains, is prohibited. E-mails are susceptible to alteration and their integrity cannot be guaranteed. ITworX Limited shall not be liable for this e-mail if modified or falsified. If you are not the intended recipient of this e-mail, please delete it immediately from your system and notify the sender of the wrong delivery and the e-mail deletion. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Enabled debugging and here is the output. I know I exist, I must have missed something somewhere when configuring the authentication method. I will also post my current RT_SiteConfig underneath the error log. [Mon Aug 29 18:57:19 2011] [debug]: Attempting to use external auth service: Active_Directory (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 29 18:57:19 2011] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Mon Aug 29 18:57:19 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [Mon Aug 29 18:57:23 2011] [debug]: Attempting to use external auth service: Active_Directory (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 29 18:57:23 2011] [debug]: Calling UserExists with $username (josh cole) and $service (Active_Directory) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 29 18:57:23 2011] [debug]: UserExists params: username: josh cole , service: Active_Directory (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 29 18:57:23 2011] [debug]: LDAP Search === Base: OU=ITS,DC=mydomain,DC=local == Filter: ((objectclass=person)(sAMAccountName=josh cole)) == Attrs: l,displayName,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304) [Mon Aug 29 18:57:23 2011] [debug]: User Check Failed :: ( Active_Directory ) josh cole User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:318) Current config: # This file was generated by running update-rt-siteconfig-3.8. # # While local modifications will not be overwritten without permission, # it is recommended the they are instead placed in # /etc/request-tracker3.8/RT_SiteConfig.d # # Note that modifications to the RT_SiteConfig.d directory won't # take effect until the update command mentioned above is run again. # start /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone # dynamically find out the current timezone my $zone = PST; $zone=`/bin/cat /etc/timezone` if -f /etc/timezone; chomp $zone; Set($Timezone, $zone); # end /etc/request-tracker3.8/RT_SiteConfig.d/40-timezone # start /etc/request-tracker3.8/RT_SiteConfig.d/50-debconf # THE BASICS: Set($WebDomain, 'rt.netman.mydomain.local'); Set($rtname, 'rt.netman.mydomain.local'); Set($Organization, 'netman.mydomain.local'); #Set($CorrespondAddress , 'rt@netman.mydomain.local'); #Set($CommentAddress , 'rt-comment@netman.mydomain.local'); Set($MaxAttachmentSize , 1000); Set($FriendlyFromLineFormat, \%s\ %s); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalServiceUsesSSLorTLS,0); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1, 'server' = '172.16.1.70', 'base' = 'OU=ITS,DC=fpu,DC=local', 'user' = 'rtauth', # The password RT should use to connect to the LDAP server 'pass' = 'xx', # The filter to use to match RT-Users 'filter' = '(objectclass=person)', # The filter that will only match disabled users 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' = 0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership?
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
I believe that if you specify SSL, Authen-External will automatically uses port 636 (LDAPS). TLS encryption uses 389. We used TLS as LDAPS is no longer officially supported. Is the user you are trying to authenticate with inside your base? Do you have the correct domain controller specified under server? Do you have the right domain specified and formatted under base? I assume you're replacing your domain information with placeholders in your config and are not actually using rt.mydomain.local. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 12:55 PM, josh.cole wrote: I think I am close now. I made those changes to the config. I am receiving an error when I try to login with my AD credentials. The error is: [Mon Aug 29 17:35:31 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to rt.mydomain.local (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) Do I need to specify an ldap port? I did add a username and password to authenticate. josh.cole wrote: Thank you very much for your feedback. I really appreciate it. Andrew Wagner-4 wrote: Yes, Josh. That is correct. The ExternalAuthen checks all locations for users under the base OU. Either change your specified base in RT_SiteConfig.pm or move the users to the OU that you want RT to search. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:39 AM, josh.cole wrote: Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1, 'server' = 'rt.mydomain.local', 'base' = 'OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' = '(objectclass=person)', # The filter that will only match disabled users 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', # Should we try to use TLS to encrypt connections? 'tls' = 0, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' =[version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'Request-Tracker',
[rt-users] Help with rtx-shredder cli?
I'm trying to delete all tickets from a queue using ./rtx-shredder --plugin Tickets=query, Queue = 'SpamQueue' --sqldump /var/backups/deletedtickets.sql and am receiving this somewhat terse error: SQL dump file is '/var/backus/deletedtickets.sql' Couldn't load plugin Error: Plugin doesn't support argument(s): queue = 'Spam' What am I doing wrong here? RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Fix e-mails in RTx::EmailCompletion
Hi All - I have installed and been using RTx::EmailCompletion for quite sometime now. One problem is; people can, and do, incorrectly enter e-mail addresses. Is there a way to go through and remove all the mis-spelling/typos of all e-mail addresses? Thanks! Max -- Max McGrath Asst. Network Admin/Systems Specialist Carthage College 262-552-5512 mmcgr...@carthage.edu RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Fix e-mails in RTx::EmailCompletion
On Mon, Aug 29, 2011 at 02:32:54PM -0500, Max McGrath wrote: I have installed and been using RTx::EmailCompletion for quite sometime now. One problem is; people can, and do, incorrectly enter e-mail addresses. Is there a way to go through and remove all the mis-spelling/typos of all e-mail addresses? Configuration - Users and search for the email addresses and then disable those users. Or fix the email addresses if the correct one does not exist in the system. -kevin pgpSfBClYoTd4.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Fix e-mails in RTx::EmailCompletion
Perfect! Thanks! -- Max McGrath Asst. Network Admin/Systems Specialist Carthage College 262-552-5512 mmcgr...@carthage.edu On Mon, Aug 29, 2011 at 2:43 PM, Kevin Falcone falc...@bestpractical.comwrote: On Mon, Aug 29, 2011 at 02:32:54PM -0500, Max McGrath wrote: I have installed and been using RTx::EmailCompletion for quite sometime now. One problem is; people can, and do, incorrectly enter e-mail addresses. Is there a way to go through and remove all the mis-spelling/typos of all e-mail addresses? Configuration - Users and search for the email addresses and then disable those users. Or fix the email addresses if the correct one does not exist in the system. -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA — September 26 27, 2011 * San Francisco, CA, USA — October 18 19, 2011 * Washington DC, USA — October 31 November 1, 2011 * Melbourne VIC, Australia — November 28 29, 2011 * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
I should have noticed this sooner - try specifying the full DN of your rtauth user. That is, CN=rtauth,OU=someOU,OU=anotherOU,DC=mine,DC=his,DC=hers,DC=com. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 2:18 PM, josh.cole wrote: The user is within the base. The user exists in a sub-OU inside of ITS. I have the correct DC, I have the ip entered for the DC/LDAP Server. Yes sir that is correct, I am using placeholders. I do not believe that SSL is being used based on the config I provided. All of the information is correct. I have used an ldap browser to verify connectivity on port 389 and to verify the information I've placed into the config. Andrew Wagner-4 wrote: I believe that if you specify SSL, Authen-External will automatically uses port 636 (LDAPS). TLS encryption uses 389. We used TLS as LDAPS is no longer officially supported. Is the user you are trying to authenticate with inside your base? Do you have the correct domain controller specified under server? Do you have the right domain specified and formatted under base? I assume you're replacing your domain information with placeholders in your config and are not actually using rt.mydomain.local. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 12:55 PM, josh.cole wrote: I think I am close now. I made those changes to the config. I am receiving an error when I try to login with my AD credentials. The error is: [Mon Aug 29 17:35:31 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to rt.mydomain.local (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) Do I need to specify an ldap port? I did add a username and password to authenticate. josh.cole wrote: Thank you very much for your feedback. I really appreciate it. Andrew Wagner-4 wrote: Yes, Josh. That is correct. The ExternalAuthen checks all locations for users under the base OU. Either change your specified base in RT_SiteConfig.pm or move the users to the OU that you want RT to search. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:39 AM, josh.cole wrote: Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1, 'server' = 'rt.mydomain.local', 'base' = 'OU=Users,DC=mydomain,DC=local', # The filter to use to match RT-Users 'filter' = '(objectclass=person)',
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Below is the result: [Mon Aug 29 20:04:21 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) Andrew Wagner-4 wrote: I should have noticed this sooner - try specifying the full DN of your rtauth user. That is, CN=rtauth,OU=someOU,OU=anotherOU,DC=mine,DC=his,DC=hers,DC=com. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 2:18 PM, josh.cole wrote: The user is within the base. The user exists in a sub-OU inside of ITS. I have the correct DC, I have the ip entered for the DC/LDAP Server. Yes sir that is correct, I am using placeholders. I do not believe that SSL is being used based on the config I provided. All of the information is correct. I have used an ldap browser to verify connectivity on port 389 and to verify the information I've placed into the config. Andrew Wagner-4 wrote: I believe that if you specify SSL, Authen-External will automatically uses port 636 (LDAPS). TLS encryption uses 389. We used TLS as LDAPS is no longer officially supported. Is the user you are trying to authenticate with inside your base? Do you have the correct domain controller specified under server? Do you have the right domain specified and formatted under base? I assume you're replacing your domain information with placeholders in your config and are not actually using rt.mydomain.local. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 12:55 PM, josh.cole wrote: I think I am close now. I made those changes to the config. I am receiving an error when I try to login with my AD credentials. The error is: [Mon Aug 29 17:35:31 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to rt.mydomain.local (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) Do I need to specify an ldap port? I did add a username and password to authenticate. josh.cole wrote: Thank you very much for your feedback. I really appreciate it. Andrew Wagner-4 wrote: Yes, Josh. That is correct. The ExternalAuthen checks all locations for users under the base OU. Either change your specified base in RT_SiteConfig.pm or move the users to the OU that you want RT to search. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:39 AM, josh.cole wrote: Thank you for your response. So just to make sure I understand, if the users I want to be able to authenticate in RT are not in the OU specified it will not work? So I should move those users to whatever the OU is that I specify in the base? Andrew Wagner-4 wrote: 1. For group_attr, you want the term to be 'member'. That checks for membership in the group. 2. For your base, you need to choose the next highest level of Active Directory beyond where your users are stored. This means you need to specify the OU where your users are, not just a random Users OU. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 11:26 AM, josh.cole wrote: I am trying to make this work. I installed the latest version of ExternalAuth. I am working with Request Tracker for the first time, just upgraded from 3.8.7 to 4.0.1. There are a few things that I think are off but I am not sure what the correct solution is. 1. I am not sure what to use for the group_attr I want to have users in the group Request-Tracker inside of AD be able to authenticate with their credentials when logging into RT and I believe the filter is set correctly other than what needs to be added for the group_attribute. I am not sure what that should be. 2. For my base statement. I am specifying the Users OU but none of my users are in that OU. I am not sure exactly what it's looking for there. Any help is appreciated! ExternalAuth config: I have added the following to my RT_SiteConfig.pm: @RT::MailPlugins = (RT::Authen::ExternalAuth); Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'Active_Directory' ] ); Set($ExternalInfoPriority, [ 'Active_Directory' ] ); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'Active_Directory' = { 'type' = 'ldap', 'auth' = 1, 'info' = 1,
Re: [rt-users] Resolve when ticket is from a certain email address
Solved, instead of searching of the full email address, changed it to find part of the user's email address from the headers, and resolve if found. On Mon, Aug 29, 2011 at 12:28 PM, Kevin Fox root@gmail.com wrote: Hi All, I am trying to get our old RT (3.4.5) to resolve tickets when a user replies, but am having some issues. The basic setup is this: external user emails to the help desk email which sends it to the helpdesk queue email and to a single customer facing user. That user refuses to user RT, so when he replies to the email he does a reply all (to both the customer and RT). RT is setup to merge tickets with similar names (RE:/FW:) so his response is merged to the original ticket, but when I attempt to get a scrip to resolve the ticket when the email is from this user it doesn't work as I want. Currently it will resolve the ticket, no matter who replys, which is definitely a no-no. I figure that the issue is my comparison of the $val to the email address. I had this as well and it didn't work either: /*resolveuseremail*\@ domain.com/g If someone could help me out I would greatly appreciate it. Below is the scrip as it currently sits, except for the time being the resolve by user part is commented out. Thanks, Kevin - my $notnagios_desc = undef; my $same_desc = undef; my $Transaction = $self-TransactionObj; my $subject = $Transaction-Attachments-First-GetHeader('Subject'); my $val = ($self-TicketObj-Requestors-MemberEmailAddressesAsString); if (($subject =~ m/^RE:/i) || ( $subject =~ m/^FW:/i )) { $notnagios_desc=substr($subject,4); if (($notnagios_desc =~ m/^FW:/i) || ($notnagios_desc =~ m/^RE:/i )) { $notnagios_desc=substr($notnagios_desc,4); if (($notnagios_desc =~ m/^FW:/i) || ($notnagios_desc =~ m/^RE:/i )) { $notnagios_desc=substr($notnagios_desc,4); } } } else { $notnagios_desc=$subject; } # look for same subject on existing tickets my $search = RT::Tickets-new($RT::SystemUser); $search-LimitQueue(VALUE = 'HelpDesk'); $search-LimitStatus(VALUE = 'new', OPERATOR = '=', ENTRYAGGREGATOR = 'or'); $search-LimitStatus(VALUE = 'open', OPERATOR = '='); if ($search-Count == 0) { return 1; } my $id = undef; while (my $ticket = $search-Next) { # Ignore this ticket that opened this transaction next if $self-TicketObj-Id == $ticket-Id; $same_desc=$ticket-Subject; if (($same_desc =~ m/^FW:/i) || ($same_desc =~ m/^RE:/i )) { $same_desc=substr($same_desc,4); if (($same_desc =~ m/^FW:/i) || ($same_desc =~ m/^RE:/i )) { $same_desc=substr($same_desc,4); if (($same_desc =~ m/^FW:/i) || ($same_desc =~ m/^RE:/i )) { $same_desc=substr($same_desc,4); } } } if ($notnagios_desc eq $same_desc) { # Found the same subject $id = $ticket-Id; $self-TicketObj-MergeInto($id); } } if ($val == 'resolveuserem...@domain.com') { ## Set Set owner to e-mail sender, status to 'resolved' my $Ticket = $self-TicketObj; my $Transaction = $self-TransactionObj; my $CreatorId = $Transaction-CreatorObj-Id; $Ticket-SetOwner($CreatorId); $Ticket-SetStatus('resolved'); } $id || return 1; 1; RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] infinite 302 redirects !
Hi, We did a RT 4.0.1 setup; created users, queues, tickets and SelfService logins for unprivileged users went fine. Used it for a couple of days ( did fine tuning, explored the front end ), and did some customization to front end, and changed Web.pm to do a simple change in the login mechanism. And now privileged users are able to login in both / and selfservice login without issue. But unprivileged users are having problems, while logging in 'infinite 302 redirect' happens ! Reverted changes to web.pm thinking it may caused the issue, but after that also the issue still exists ?! Can somebody help me in finding out the issue ?! In which case this kind of error is likely to happen ? Any pointers to solve the issue is highly appreciated. Thanks Sathiya RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] RT - UI View
Hello, I want to customize the interface view of my RT-4.0.2 installation. I would like to see all the metadata details side-by-side to the ticket details. That means two columns. One is meta data details with the headings and the other one is tickets details just like the one I have right now. How can I do this. Please help. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
I think I have made some progress. Still receiving an error. The error is: [Mon Aug 29 23:15:41 2011] [debug]: Attempting to use external auth service: Active_Directory (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 29 23:15:41 2011] [debug]: Calling UserExists with $username (josh cole) and $service (Active_Directory) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 29 23:15:41 2011] [debug]: UserExists params: username: josh cole , service: Active_Directory (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 29 23:15:41 2011] [debug]: LDAP Search === Base: DC=fpu,DC=local == Filter: ((objectclass=person)(sAMAccountName=josh cole)) == Attrs: mail,sAMAccountName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304) [Mon Aug 29 23:15:41 2011] [debug]: RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::Authen::ExternalAuth /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 553 with: Disabled: 0, EmailAddress: , Gecos: josh cole, Name: josh cole, Privileged: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to get user info using this external service: Active_Directory (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:458) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to use this canonicalization key: ExternalAuthId (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472) [Mon Aug 29 23:15:41 2011] [debug]: This attribute ( ExternalAuthId ) is null or incorrectly defined in the attr_map for this service ( Active_Directory ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:474) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to use this canonicalization key: EmailAddress (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472) [Mon Aug 29 23:15:41 2011] [debug]: LDAP Search === Base: DC=mydomain,DC=local == Filter: ((objectclass=person)) == Attrs: mail,sAMAccountName (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195) [Mon Aug 29 23:15:51 2011] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: 0, EmailAddress: , Gecos: josh cole, Name: josh cole, Privileged: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536) [Mon Aug 29 23:15:51 2011] [error]: Couldn't create user josh cole: Could not set user info (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:129) [Mon Aug 29 23:15:51 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [Mon Aug 29 23:15:51 2011] [error]: FAILED LOGIN for josh cole from 172.18.10.65 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655) josh.cole wrote: Below is the result: [Mon Aug 29 20:04:21 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) Andrew Wagner-4 wrote: I should have noticed this sooner - try specifying the full DN of your rtauth user. That is, CN=rtauth,OU=someOU,OU=anotherOU,DC=mine,DC=his,DC=hers,DC=com. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 2:18 PM, josh.cole wrote: The user is within the base. The user exists in a sub-OU inside of ITS. I have the correct DC, I have the ip entered for the DC/LDAP Server. Yes sir that is correct, I am using placeholders. I do not believe that SSL is being used based on the config I provided. All of the information is correct. I have used an ldap browser to verify connectivity on port 389 and to verify the information I've placed into the config. Andrew Wagner-4 wrote: I believe that if you specify SSL, Authen-External will automatically uses port 636 (LDAPS). TLS encryption uses 389. We used TLS as LDAPS is no longer officially supported. Is the user you are trying to authenticate with inside your base? Do you have the correct domain controller specified under server? Do you have the right domain specified and formatted under base? I assume you're replacing your domain information with placeholders in your config and are not actually using rt.mydomain.local. Andrew Wagner Assistant Network Administrator aawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER) www.wcer.wisc.edu On 8/29/2011 12:55 PM, josh.cole wrote: I think I am close now. I made those changes to the config. I am receiving an error when I try to login with my AD credentials. The error is: [Mon Aug 29 17:35:31 2011]
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
Josh, I have been just barely following this thread, so please forgive me if I'm off base here. I think an issue is this: 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], And your LDAP is failing because: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E xternalAuth.pm:458) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to use this canonicalization key: ExternalAuthId (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E xternalAuth.pm:472) [Mon Aug 29 23:15:41 2011] [debug]: This attribute ( ExternalAuthId ) is null or incorrectly defined in the attr_map for this service ( Active_Directory ) Your AD schema does not have an ExternalAuthID field in it. You have ExternalAuthID mapped to sAMAccountName. What happens if you try: 'attr_match_list' = [ 'sAMAccountName','EmailAddress' ], James Zuelow Systems Operations Manager City and Borough of Juneau MIS (907) 586-0236 RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?
On Mon, Aug 29, 2011 at 03:50:57PM -0800, James Zuelow wrote: Josh, I have been just barely following this thread, so please forgive me if I'm off base here. I think an issue is this: 'attr_match_list' = [ 'ExternalAuthId','EmailAddress' ], attr_match_list is documented as # The list of RT attributes that uniquely identify a user not an LDAP aatribute. The error message you point to means that the user was aunable to be canonicalized from LDAP. If it was supposed to be there, then the search args are wrong (or the user logging into RT doesn't have rights on LDAP to canonicalize themselves). If the user wasn't supposed to be in LDAP, but should be created, then the user wants to read the docs for AutoCreateNonExternalUsers. -kevin And your LDAP is failing because: (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E xternalAuth.pm:458) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to use this canonicalization key: ExternalAuthId (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E xternalAuth.pm:472) [Mon Aug 29 23:15:41 2011] [debug]: This attribute ( ExternalAuthId ) is null or incorrectly defined in the attr_map for this service ( Active_Directory ) Your AD schema does not have an ExternalAuthID field in it. You have ExternalAuthID mapped to sAMAccountName. What happens if you try: 'attr_match_list' = [ 'sAMAccountName','EmailAddress' ], pgpohQz4dxLv2.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] How to get rt-server to handle images correctly?
rt-server is choking on my images. Even the autohandler doesn't server them properly. Anyone know how to fix? Thanks! RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] quick delete extension with rt 4.02
I'm getting started with RT 4.02. From the Best Practical site (http://www.bestpractical.com/rt/extensions.html?J:V-region-extension-list.id=39) it says that the quick delete extension is built into RT since 4.0. Does that mean I don't need to invoke it from RT_SiteConfig.pm? I tried adding it -- then it looks for the extension and errors out. So I'm guessing not. However, after adding the default search parameters that include the quickdelete line item ... . . . Priority, QuickDelete, '__NEWLINE__', . . . I get a blank column for the quickdelete column. I tried adding the extension, but I get the same result and then a different error regarding the extension. Any ideas? Is this a bug? -- Thanks. RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011