Hey Ruslan,
I actually was able to get the time zone to switch properly for users, I had to
install the following two packages:
- Bundle::Apache2
- Apache2::Reload
I also made the following change to /etc/httpd/conf/httpd.conf:
PerlOptions +GlobalRequest
Once the httpd service was restarted I was immediately able to see the change -
so thanks for the suggestions they certainly helped.
I have one more issue, I am working on and this is enabling the full SSO
(auto-login) function of RT::Authen::LDAP, but I keep running into some issues.
AD users are able to authenticated against AD, but the RT interface won't
automatically log them in. I think my RT_SiteConfig.pm (the one located at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:
less /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Set($ExternalAuthPriority, [ 'My_LDAP' ] );
Set($ExternalInfoPriority, [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'IP-OF-SERVER',
'user' => 'cvi-mg\ldap',
#'cn=ldap,cn=Services,dc=domain,dc=com', <--nw
'pass' => 'userpassword',
'base' => 'dc=domain,dc=com',
'filter' =>
'(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' =>
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
# 'ssl_version' => 3,
'net_ldap_args' => [ version => 3
],
'group' =>
'cn=RTUsers,ou=Services,dc=cvi-mg,dc=com',
'group_attr' => 'member',
'attr_match_list' => [ 'Name', 'EmailAddress'
],
'attr_map' => { 'Name' =>
'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' =>
'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' =>
'sAMAccountName',
'Gecos' =>
'sAMAccountName',
'WorkPhone' =>
'telephoneNumber',
'Address1' =>
'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
However, when a user who is part of the 'RTUsersGroup' within AD attempts to
load the main RT page via any browser the following message gets generated by
rt.log:
[Tue Apr 26 22:38:24 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Tue Apr 26 22:38:24 2011] [debug]: Attempting to use external auth service:
My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Apr 26 22:38:24 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Tue Apr 26 22:38:24 2011] [debug]: Autohandler called ExternalAuth. Response:
(0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
I have looked at the files mentioned above (ExternalAuth.pm, Doauth.pm, etc,
etc) and have not been able to pinpoint the problem. My guess is that the
credentials are either not being passed from LDAP to RT via the SSO check
mentioned in this file
'/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm'
starting in line 71:
71 #############################################################
72 ####################### SSO Check ###########################
73 #############################################################
74 if ($config->{'type'} eq 'cookie') {
75 # Currently, Cookie authentication is our only SSO method
76 $username =
RT::Authen::ExternalAuth::DBI::GetCookieAuth($config);
77 }
78 #############################################################
79
80 # If $username is defined, we have a good SSO $username and can
81 # safely bypass the password checking later on; primarily
because
82 # it's VERY unlikely we even have a password to check if an SSO
succeeded.
83 $pass_bypass = 0;
84 if(defined($username)) {
85 $RT::Logger->debug("Pass not going to be checked,
attempting SSO");
86 $pass_bypass = 1;
87 } else {
88
89 # SSO failed and no $user was passed for a login attempt
90 # We only don't return here because the next iteration
could be an SSO attempt
91 unless(defined($given_user)) {
92 $RT::Logger->debug("SSO Failed and no user to test
with. Nexting");
93 next;
94 }
95
96 # We don't have an SSO login, so we will be using the
credentials given
97 # on RT's login page to do our authentication.
98 $username = $given_user;
So here is where it gets a bit dicey for me, I am not entirely certain if the
value for the $username variable (line 76) is being properly passed by our AD
server and fails the SSO check (line 92), and then immediately jumps to line 98
to wait for the authentication to be manually entered (this part works if
credentials are entered manually, LDAP authentication goes through normally).
So my question is why is it nexting (as per the rt.log), and not picking up the
user name from the operating environment (just as an FYI most of our users are
on Windows XP, 7 clients, running IE8 and Mozilla Firefox 3.6+), and
automatically picking up on the credentials for the user.
My guess is that I have something probably not set correctly within the
RT_SiteCOnfig.pm (for RT::Authen::LDAP), or the issue could be a missing Perl
component (probably not being called from httpd.conf) I have not thought of as
of yet. But as I said this are just initial guesses - any input anyone can
offer would be great.
Thanks,
Eli
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Ruslan Zakirov
Sent: Thursday, April 21, 2011 8:51 PM
To: Eli Guzman
Cc: [email protected]
Subject: Re: [rt-users] Is a time zone user preference available?
Hello,
Look into logs for additional info about blank page.
You have several options:
* switch over fcgi
* figure out why modperl handler doesn't work
* find/write patch for RT that uses Env::C in Date.pm
On Fri, Apr 22, 2011 at 4:27 AM, Eli Guzman <[email protected]> wrote:
> ----Original Message----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Eli
> Guzman Sent: Wednesday, April 20, 2011 9:10 PM To: Ruslan Zakirov
> Cc: [email protected]
> Subject: Re: [rt-users] Is a time zone user preference available?
>
>> ----Original Message----
>> From: [email protected] [mailto:[email protected]] On
>> Behalf Of Ruslan Zakirov Sent: Wednesday, April 20, 2011 7:43 PM To:
>> Eli Guzman
>> Cc: [email protected]
>> Subject: Re: [rt-users] Is a time zone user preference available?
>>
>>> Hello,
>>>
>>> Do you use mod_perl? Try "SetHandler modperl" instead of "SetHandler
>>> perl-script" in apache's config. Don't forget to stop/start the
>>> server.
>>>
>>> On Thu, Apr 21, 2011 at 12:14 AM, Eli Guzman
>>> <[email protected]> wrote:
>>>> ----Original Message----
>>>> From: [email protected]
>>>> [mailto:[email protected]] On Behalf Of
>>>> Kevin Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
>>>> [email protected] Subject: Re: [rt-users] Is a time
>>>> zone user preference available?
>>>>
>>>>> On Wed, Apr 20, 2011 at 01:25:41PM -0600, Eli Guzman wrote:
>>>>>>>> There's no need for elaborate schemes. Timezone, along with
>>>>>>>> language, is on the user About Me page.
>>>>>>>>
>>>>>>>> Thomas
>>>>>>>
>>>>>>> Hey Thomas,
>>>>>>>
>>>>>>> Thanks a bunch, somehow I missed that ;).
>>>>>>>
>>>>>>> Eli
>>>>>>
>>>>>> Not sure how common this issue is, but I have changed the 'About
>>>>>> Me' timezone preferences, however the change isn't reflected on
>>>>>> the interface. See images below:
>>>>>>
>>>>>> http://min.us/mDnN4uxnfqIBg#1
>>>>>
>>>>> You've neglected to say:
>>>>>
>>>>> What you set it to in About Me.
>>>>> What time you expect to see.
>>>>>
>>>>> I see something roughly 2 hours behind the current time, so assume
>>>>> it is showing in Mountain time
>>>>>
>>>>> -kevin
>>>>>
>>>>>> I had the $Timezone variable in RT_SiteConfig.pm set to the
>>>>>> following: Set($Timezone , 'US/Mountain'); but I commented this
>>>>>> out (restarted httpd services)to see if there was any change to
>>>>>> the interface, but nothing so far. Time is being synched via
>>>>>> NTPD/system clock is not currently set to UTC/and system TZ is
>>>>>> set to Denver TZ (-0700 GMT). Could I be missing something
>>>>>> obvious here?
>>>>>>
>>>>>> Thanks for any insights!
>>>>>>
>>>>>> Regards,
>>>>>> Eli
>>>>
>>>> Hey Kevin,
>>>>
>>>> Yes you are correct, it is showing that it is currently set
>>>> Mountain TZ (which was what the RT_SiteConfig was set to), and I
>>>> went ahead and changed the preference under the about me section to
>>>> 'Europe/London +0100', but for some reason the change has not taken
>>>> effect.
>>>>
>>>> Just not sure as to why, could this perhaps be related to the
>>>> database itself? Currently MySQL should be getting TZ data from the
>>>> OS itself, but I believe I can hard-set it in the my.ini file, not
>>>> sure if this is the preferred method for RT/or to be honest if it
>>>> should matter if the DB should be set to a specific TZ.
>>>>
>>>> Regards,
>>>> Eli
>>
>> Hey Ruslan,
>>
>> I can give that a try and let you know if it fixes the issue; thanks
>> for the input.
>>
>> Regards,
>> Eli
>
> Hey Ruslan,
>
> I have mod_perl installed on the system:
>
> [root@xxx ~]# yum list mod_perl
> Loaded plugins: rhnplugin, security
> Installed Packages
> mod_perl.x86_64 2.0.4-6.el5 installed
>
> However I was not using it directly with RT3, here is my
> /etc/httpd/conf.d/rt3.conf:
>
> Alias /ticket "/opt/rt3/share/html"
>
> PerlRequire /opt/rt3/bin/webmux.pl
>
> <Directory "/opt/rt3/share/html">
> AllowOverride All
> Options ExecCGI FollowSymLinks
>
> RewriteEngine On
> RedirectMatch permanent (.*)/$ $1/index.html
> AddDefaultCharset UTF-8
> SetHandler perl-script
> #SetHandler modperl <-- Interface did not load -- just a blank screen
> PerlHandler RT::Mason
>
> At first I tried reloading apache with the 'SetHandler modperl' line
> but this caused RT3 not to load (just a blank screen) so as you can
> see I commented out the line, and reloaded httpd services, the RT app
> was returned to normal at that point.
>
> So I am guessing that the RPM version I have installed of mod_perl is
> not compatible with RT3, so this leaves me with being able to use
> perl-script handler.
>
> I did change the system time to just use UTC:
>
> [root@xxx ~]# date
> Fri Apr 22 00:10:12 UTC 2011
>
> I reloaded MySQL services and this forced the database to use UTC
> instead of MDT:
>
> mysql> select distinct @@system_time_zone from user;
> +--------------------+
> | @@system_time_zone |
> +--------------------+
> | UTC |
> +--------------------+
> 1 row in set (0.00 sec)
>
> Now the database shows the time as UTC, and so do tickets on the RT
> interface as well. However, I am still unable to change to different
> timezones for any user.
>
> Could this be an inconsistency of using "SetHandler perl-script"
> rather than 'mod_perl' in my RT3 specific Apache configuration? And if
> this is the case, since I am unable to use the RPM version of
> mod_perl; should I just build mod_perl from source and see if this corrects
> the problem?
> Could something be missing from my main Apache configuration (meaning
> /etc/httpd/conf/httpd.conf)? At the moment I am still somewhat stumped
> on this one, if anyone has any other input I would appreciate it.
>
> Best Regards,
> Eli
>
>
>
>
>
--
Best regards, Ruslan.
