Re: [rt-users] RT-External Auth RT 4.0
070888 is the shortname for A Weetman - neither of these seem to work I'm specifying the correct ldap attribute, it's just not working! Has anyone succeeded in getting external auth working with open directory? Regards, Guy This email and any attachments are confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone. Please contact the sender if you believe you have received this email in error. Emails are not secure and cannot be guaranteed to be free of errors or viruses. It is your responsibility to scan emails and attachments for viruses before opening them. Any views or opinions expressed are solely those of the author and do not necessarily represent those of The Blackpool Sixth Form College. # Scanned by MailMarshal - Marshal's comprehensive email content security solution. Download a free evaluation of MailMarshal at www.marshal.com #
Re: [rt-users] Ldap Import and Groups
Ah, ok. The docs say prevents users from being added to any *additional* group I had supposed it was referring to auto creation of ldap groups. That additional is a bit misleading, if it could go in the next version that would be great. Thanks, G On 09/06/11 17:18, Kevin Falcone wrote: On Thu, Jun 09, 2011 at 05:06:15PM +0100, Giuseppe Sollazzo wrote: Hi there, I've tried the ldap import script which run smoothly except for one thing: the users weren't put in the group specified. The documentation could use some revising it seems setting LDAPSkipAutogeneratedGroup to 1 means no users will be added to LDAPGroupName -kevin As far as I understood, #The Group new users belong to (optional) #All new users will belong to the 'Imported from LDAP' group #You can change the name of this group using the $LDAPGroupName #variable Set($LDAPGroupName,'Imported Users'); #If you would like to prevent users from being added to any #additional groups, you can set this to true: Set($LDAPSkipAutogeneratedGroup, 1); Set($LDAPUpdateUsers,1); With this setting, the users should be put in a group called imported users. This didn't happen. So I assumed the group needed to be created manually, which I did, but still no user was put in the group (in the second try I had some new users, so there's no risk of an overlapping problem of inability to move users). Am I doing something wrong? From another point of view: I can't find if there's a way to select users in the Users interface other than by username match. It would be great to be able to select all unprivileged users, or all users with no group membership. Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: [1]gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 References Visible links 1. mailto:gsoll...@sgul.ac.uk -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] Errors in fixdeps
Thanks. It worked. Now I'd like to install RT within the LAMPP environment so I used the following command to configure it: ./configure --prefix=/opt/rt3 --with-web-user=rt_user --with-web-group=rt --with-db-dat ith-db-type=mysql --with-rt-group=rt --with-apachectl=/../opt/lampp/bin/apachectl I also initialized the database, but the database instance rt3 was however installed in the other MySQL-Server which is located in /var/lib/mysql/mysql. How can I configure the destination for the LAMPP-MySQL-Server I want to use to install the rt-database? Do I have to configure also any other files in order to use the Apache Server within LAMPP? Regards --- Kevin Falcone falc...@bestpractical.com schrieb am Mi, 8.6.2011: Von: Kevin Falcone falc...@bestpractical.com Betreff: Re: [rt-users] Errors in fixdeps An: rt-users@lists.bestpractical.com Datum: Mittwoch, 8. Juni, 2011 13:46 Uhr On Wed, Jun 08, 2011 at 01:15:14PM +0100, Ich Wersonst wrote: Hello, I am using SUSE Linux Enterprise Server 11 (i586) and LAMPP 1.7.4. I tried to install RT 4.0.0. When I tried to fix the Perl dependencies via the command `make fixdeps` I got the following message: HTML::Mason ...MISSING Can't locate Class/Container.pm in @INC (@INC contains: /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /root/Desktop/rt-4.0.0) at /usr/lib/perl5/site_perl/5.10.0/HTML/Mason/Request.pm line 44. Digest::MD5 = 2.27 ...found JSON ...found This error implies that you've got HTML::Mason installed without one of the supporting modules (I'm not sure how you did that) You should try cpan'ing Class::Container -kevin
[rt-users] Further Theme Customisation in RT4.0
Hi all, I'm just want to know if there are more things I can customize at the RT interface, not only Page, Header, Page content, Page title and the Buttons. Otherwise I will just edit the css files like I did RT3.8. But I am just curious if I can do it directly from the interface. :) Thank you in advance! -- View this message in context: http://old.nabble.com/Further-Theme-Customisation-in-RT4.0-tp31816494p31816494.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
[rt-users] limit ticket list display on requestor login
Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the same rights to Everyone, Privileged, Unprivileged. Is what I want to do feasible with just permissions management? Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] limit ticket list display on requestor login
Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the same rights to Everyone, Privileged, Unprivileged. Is what I want to do feasible with just permissions management? Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
[rt-users] User creation failed in mailgateway: Name in use
Hi, Bugging me for days, I'm sending an email to RT to create a ticket, the address already exists in the database. I send it, it fails and I receive back 3 emails 1. User creation failed in mailgateway: Name in use 2. User 'xxx@xxx' could not be loaded in the mail gateway 3. RT could not load valid user the log output Jun 10 11:28:29 eu-support RT: User creation failed in mailgateway: Name in use (/opt/rt3/bin/../local/lib/RT/Interface/Email.pm:244) RT_SiteConfig Set($AutoCreateNonExternalUsers,1); Set($ValidateUserEmailAddresses,1); Globals-Group privs Everyone-CreateTicket, ReplyToTicket Privaleged-CreateTicket, ReplyToTicket Unprivileged-CreateTicket, ReplyToTicket this has happened on more than one occasion and ive been through quite a few possible fixes? and have run out of ideas, can anyone shed some light on exactly what is going on? best Saragan
Re: [rt-users] User creation failed in mailgateway: Name in use
Robert-356 wrote: Hi, Bugging me for days, I'm sending an email to RT to create a ticket, the address already exists in the database. I send it, it fails and I receive back 3 emails 1. User creation failed in mailgateway: Name in use 2. User 'xxx@xxx' could not be loaded in the mail gateway 3. RT could not load valid user the log output Jun 10 11:28:29 eu-support RT: User creation failed in mailgateway: Name in use (/opt/rt3/bin/../local/lib/RT/Interface/Email.pm:244) RT_SiteConfig Set($AutoCreateNonExternalUsers,1); Set($ValidateUserEmailAddresses,1); Globals-Group privs Everyone-CreateTicket, ReplyToTicket Privaleged-CreateTicket, ReplyToTicket Unprivileged-CreateTicket, ReplyToTicket this has happened on more than one occasion and ive been through quite a few possible fixes? and have run out of ideas, can anyone shed some light on exactly what is going on? best Saragan Hi Robert-356, are you using the RT-ExternalAuth plugin? I got similar error massages when it was not configured correctly. Have you tried to turn it off? I can only tell from my research, it doesn't need to be correct, but maybe RT tries to check if the user already exists and - if we assume that you use ExternalAuth and your config is somehow wrong - it can't get access to the AD server. My second guess: Have you double-checked all users in your db at the frontend? Try to search after a % in the name and you will find all registered users. Hope this helps! -- View this message in context: http://old.nabble.com/User-creation-failed-in-mailgateway%3A-Name-in-use-tp31817312p31817513.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] limit ticket list display on requestor login
Uhm... it seems not to behave like I would like to. Basically I have a privileged user U that is part of group G. On queue Q group G has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Also, on queue Q role Requestor has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Still, U can see all tickets in queue Q, even those he's not a requestor for. So I'm still looking for a way to hide tickets for which a user in the group G is not a requestor for from the dashboard, if that's at all possible :) G On 10/06/11 12:06, Raed El-Hames wrote: Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the same rights to Everyone, Privileged, Unprivileged. Is what I want to do feasible with just permissions management? Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] RT 3.8: questions on Kerberos, LDAP, and guest account setup
On Thu, Jun 09, 2011 at 09:57:49PM +0700, Ivan Shmakov wrote: I was able to successfully configure RT and Apache to use Kerberos for authentication, roughly as shown below. However, now I'm somewhat concerned about the lack of authentication in rt-mailgate(1) (Debian Bug#615890 [1].) Somehow, I feel that this issue could be resolved easily, and wonder if anyone's interested? We'd certainly consider patches Also, I wonder, is it possible to make RT refer to LDAP for certain information (like: login name, real name, e-mail, etc.) about its users? It could easily become a painful experience to either synchronize the RT user database with LDAP, or to maintain the informations in both of the places simultaneously. Sounds like you want RT-Extension-LDAPImport Additionally, I have set up an Unprivileged “guest” account. However, this configuration results in the user being presented with a somewhat “limited” Web interface (in particular, it lacks the Search facility.) Should I make this account Privileged instead, or is there another easy way of setting up a “read-only” account with the Search facility being active? If you want the advanced search, you want a Privileged user. Unprivileged users are only going to see tickets that they're the Requestor of. -kevin pgpuQPyn90IBN.pgp Description: PGP signature
Re: [rt-users] RT-External Auth RT 4.0
On Fri, Jun 10, 2011 at 08:13:34AM +0100, Guy Baxter wrote: 070888 is the shortname for A Weetman - neither of these seem to work I'm specifying the correct ldap attribute, it's just not working! Has anyone succeeded in getting external auth working with open directory? Please show the error logs when you have RT creating an account with a non-numeric attribute. -kevin pgpZurGyv4guu.pgp Description: PGP signature
Re: [rt-users] Ldap Import and Groups
On Fri, Jun 10, 2011 at 08:42:14AM +0100, Giuseppe Sollazzo wrote: Ah, ok. The docs say prevents users from being added to any *additional* group I had supposed it was referring to auto creation of ldap groups. That additional is a bit misleading, if it could go in the next version that would be great. There is already a documentation clarification on github On 09/06/11 17:18, Kevin Falcone wrote: On Thu, Jun 09, 2011 at 05:06:15PM +0100, Giuseppe Sollazzo wrote: Hi there, I've tried the ldap import script which run smoothly except for one thing: the users weren't put in the group specified. The documentation could use some revising it seems setting LDAPSkipAutogeneratedGroup to 1 means no users will be added to LDAPGroupName -kevin As far as I understood, #The Group new users belong to (optional) #All new users will belong to the 'Imported from LDAP' group #You can change the name of this group using the $LDAPGroupName #variable Set($LDAPGroupName,'Imported Users'); #If you would like to prevent users from being added to any #additional groups, you can set this to true: Set($LDAPSkipAutogeneratedGroup, 1); Set($LDAPUpdateUsers,1); With this setting, the users should be put in a group called imported users. This didn't happen. So I assumed the group needed to be created manually, which I did, but still no user was put in the group (in the second try I had some new users, so there's no risk of an overlapping problem of inability to move users). Am I doing something wrong? From another point of view: I can't find if there's a way to select users in the Users interface other than by username match. It would be great to be able to select all unprivileged users, or all users with no group membership. Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: [1]gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 References Visible links 1. mailto:gsoll...@sgul.ac.uk -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 pgpM4566hLJuo.pgp Description: PGP signature
Re: [rt-users] Further Theme Customisation in RT4.0
On Fri, Jun 10, 2011 at 02:33:33AM -0700, declaya wrote: I'm just want to know if there are more things I can customize at the RT interface, not only Page, Header, Page content, Page title and the Buttons. Otherwise I will just edit the css files like I did RT3.8. But I am just curious if I can do it directly from the interface. :) You can add your CSS right to the box, rather than editing files and dealing with the upgrade hassle. pgpkbfYZgtGTS.pgp Description: PGP signature
Re: [rt-users] Errors in fixdeps
On Fri, Jun 10, 2011 at 09:01:50AM +0100, Ich Wersonst wrote: Thanks. It worked. Now I'd like to install RT within the LAMPP environment so I used the following command to configure it: ./configure --prefix=/opt/rt3 --with-web-user=rt_user --with-web-group=rt --with-db-dat ith-db-type=mysql --with-rt-group=rt --with-apachectl=/../opt/lampp/bin/apachectl I also initialized the database, but the database instance rt3 was however installed in the other MySQL-Server which is located in /var/lib/mysql/mysql. How can I configure the destination for the LAMPP-MySQL-Server I want to use to install the rt-database? Do I have to configure also any other files in order to use the Apache Server within LAMPP? I'm afraid I don't know what you mean by LAMPP but you may find the output of ./configure --help useful if you need to tell RT to connect to a remote database host. -kevin pgpjhZt3wuedk.pgp Description: PGP signature
Re: [rt-users] limit ticket list display on requestor login
On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote: Uhm... it seems not to behave like I would like to. Basically I have a privileged user U that is part of group G. On queue Q group G has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Also, on queue Q role Requestor has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Still, U can see all tickets in queue Q, even those he's not a requestor for. So I'm still looking for a way to hide tickets for which a user in the group G is not a requestor for from the dashboard, if that's at all possible :) Sounds like you have some global rights getting in the way. -kevin On 10/06/11 12:06, Raed El-Hames wrote: Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the same rights to Everyone, Privileged, Unprivileged. Is what I want to do feasible with just permissions management? Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 pgp47iGKWDwLY.pgp Description: PGP signature
Re: [rt-users] limit ticket list display on requestor login
Hi Kevin, that was my first thought - however in global group rights all checkboxes in general/staff/admin rights are unticked for System, Roles, and for the given user group. Or is it maybe how I shoudl manage this, by adding show ticket to the global one? Just in case I have explained myself improperly, what I'm trying to achieve is that users in the G group are shown in the dashboard a list of tickets in the queue Q for which they are requestors; such list should exclude tickets in the same queue for which they are not requestors. Thanks, G On 10/06/11 14:03, Kevin Falcone wrote: On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote: Uhm... it seems not to behave like I would like to. Basically I have a privileged user U that is part of group G. On queue Q group G has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Also, on queue Q role Requestor has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Still, U can see all tickets in queue Q, even those he's not a requestor for. So I'm still looking for a way to hide tickets for which a user in the group G is not a requestor for from the dashboard, if that's at all possible :) Sounds like you have some global rights getting in the way. -kevin On 10/06/11 12:06, Raed El-Hames wrote: Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the same rights to Everyone, Privileged, Unprivileged. Is what I want to do feasible with just permissions management? Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] User creation failed in mailgateway: Name in use
hi, thnx for the quick reply No we use RT::Authen::ExternalAuth rather than externalauth for ldap. (internal users only) the users have been created as valid users in the RT database, RT just seems to have an issue locating them and allowing them to send the mail in. Other mail users that are setup as both valid users and privileged are fine even though they don’t exist in ldap. -Original Message- From: declaya chocoboselp...@gmx.de To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] User creation failed in mailgateway: Name in use Date: Fri, 10 Jun 2011 05:28:15 -0700 (PDT) Robert-356 wrote: Hi, Bugging me for days, I'm sending an email to RT to create a ticket, the address already exists in the database. I send it, it fails and I receive back 3 emails 1. User creation failed in mailgateway: Name in use 2. User 'xxx@xxx' could not be loaded in the mail gateway 3. RT could not load valid user the log output Jun 10 11:28:29 eu-support RT: User creation failed in mailgateway: Name in use (/opt/rt3/bin/../local/lib/RT/Interface/Email.pm:244) RT_SiteConfig Set($AutoCreateNonExternalUsers,1); Set($ValidateUserEmailAddresses,1); Globals-Group privs Everyone-CreateTicket, ReplyToTicket Privaleged-CreateTicket, ReplyToTicket Unprivileged-CreateTicket, ReplyToTicket this has happened on more than one occasion and ive been through quite a few possible fixes? and have run out of ideas, can anyone shed some light on exactly what is going on? best Saragan Hi Robert-356, are you using the RT-ExternalAuth plugin? I got similar error massages when it was not configured correctly. Have you tried to turn it off? I can only tell from my research, it doesn't need to be correct, but maybe RT tries to check if the user already exists and - if we assume that you use ExternalAuth and your config is somehow wrong - it can't get access to the AD server. My second guess: Have you double-checked all users in your db at the frontend? Try to search after a % in the name and you will find all registered users. Hope this helps!
Re: [rt-users] limit ticket list display on requestor login
The fist question Giuseppe , is user U privileged or not? If not then by default he should have been redirected to SelfService/index.html, which again by default should only display /SelfService/Elements/MyRequests If he is privileged (then I would ask why? -- because according to what you need below he does not need to be privileged), if he has to be privileged then you may have to do some coding .. I do think there is a limitation in RT , you should need to give the SeeQueue permission to be able to see it in the dropdown ? I would have thought the CreateTicket permission should be enough. As I suggested make user U unprivileged is the easiest solution. Good luck Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 14:15 To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] limit ticket list display on requestor login Hi Kevin, that was my first thought - however in global group rights all checkboxes in general/staff/admin rights are unticked for System, Roles, and for the given user group. Or is it maybe how I shoudl manage this, by adding show ticket to the global one? Just in case I have explained myself improperly, what I'm trying to achieve is that users in the G group are shown in the dashboard a list of tickets in the queue Q for which they are requestors; such list should exclude tickets in the same queue for which they are not requestors. Thanks, G On 10/06/11 14:03, Kevin Falcone wrote: On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote: Uhm... it seems not to behave like I would like to. Basically I have a privileged user U that is part of group G. On queue Q group G has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Also, on queue Q role Requestor has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Still, U can see all tickets in queue Q, even those he's not a requestor for. So I'm still looking for a way to hide tickets for which a user in the group G is not a requestor for from the dashboard, if that's at all possible :) Sounds like you have some global rights getting in the way. -kevin On 10/06/11 12:06, Raed El-Hames wrote: Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the same rights to Everyone, Privileged, Unprivileged. Is what I want to do feasible with just permissions management? Thanks, Giuseppe -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583
Re: [rt-users] limit ticket list display on requestor login
Sorry Giuseppe I don't have much knowledge of the LDAP plugin. Under normal circumstances (ie RT auth), I would write script to go through the users need changing and set Privileged to 0 foreach $MyUserId (@my_users_to_change) { my $u=RT::User-new(RT::SystemUser); my ($id, $msg) = $u-Load($MyUserId); if ($id) { $u-SetPrivileged(0); } } Regards; Roy -Original Message- From: Giuseppe Sollazzo [mailto:gsoll...@sgul.ac.uk] Sent: 10 June 2011 15:33 To: Raed El-Hames Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] limit ticket list display on requestor login Hi Raed, thanks a lot as that explains it. This user is Privileged. Removing the privilege everything works as expected. What puzzles me is the relationship between system groups and user defined groups. I would have expected to have the possibility of limiting permissions to Privileged users in a group rather then having them as Unprivileged. But never mind :-) Now the problem I have is that all my imported users are Privileged, and reimporting them does not seem to change this (even with $LDAPUpdateUsers=1). Do you reckon there's a way to bulk update users and make them Unprivileged? Thanks, Giuseppe On 10/06/11 14:50, Raed El-Hames wrote: The fist question Giuseppe , is user U privileged or not? If not then by default he should have been redirected to SelfService/index.html, which again by default should only display /SelfService/Elements/MyRequests If he is privileged (then I would ask why? -- because according to what you need below he does not need to be privileged), if he has to be privileged then you may have to do some coding .. I do think there is a limitation in RT , you should need to give the SeeQueue permission to be able to see it in the dropdown ? I would have thought the CreateTicket permission should be enough. As I suggested make user U unprivileged is the easiest solution. Good luck Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 14:15 To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] limit ticket list display on requestor login Hi Kevin, that was my first thought - however in global group rights all checkboxes in general/staff/admin rights are unticked for System, Roles, and for the given user group. Or is it maybe how I shoudl manage this, by adding show ticket to the global one? Just in case I have explained myself improperly, what I'm trying to achieve is that users in the G group are shown in the dashboard a list of tickets in the queue Q for which they are requestors; such list should exclude tickets in the same queue for which they are not requestors. Thanks, G On 10/06/11 14:03, Kevin Falcone wrote: On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote: Uhm... it seems not to behave like I would like to. Basically I have a privileged user U that is part of group G. On queue Q group G has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Also, on queue Q role Requestor has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Still, U can see all tickets in queue Q, even those he's not a requestor for. So I'm still looking for a way to hide tickets for which a user in the group G is not a requestor for from the dashboard, if that's at all possible :) Sounds like you have some global rights getting in the way. -kevin On 10/06/11 12:06, Raed El-Hames wrote: Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep things tidy, I've also given the
Re: [rt-users] limit ticket list display on requestor login
Hi Raed, thanks for your very kind help. I was hoping for the capability of running bulk operations on users to be added to the user interface at some point :-) G On 10/06/11 16:12, Raed El-Hames wrote: Sorry Giuseppe I don't have much knowledge of the LDAP plugin. Under normal circumstances (ie RT auth), I would write script to go through the users need changing and set Privileged to 0 foreach $MyUserId (@my_users_to_change) { my $u=RT::User-new(RT::SystemUser); my ($id, $msg) = $u-Load($MyUserId); if ($id) { $u-SetPrivileged(0); } } Regards; Roy -Original Message- From: Giuseppe Sollazzo [mailto:gsoll...@sgul.ac.uk] Sent: 10 June 2011 15:33 To: Raed El-Hames Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] limit ticket list display on requestor login Hi Raed, thanks a lot as that explains it. This user is Privileged. Removing the privilege everything works as expected. What puzzles me is the relationship between system groups and user defined groups. I would have expected to have the possibility of limiting permissions to Privileged users in a group rather then having them as Unprivileged. But never mind :-) Now the problem I have is that all my imported users are Privileged, and reimporting them does not seem to change this (even with $LDAPUpdateUsers=1). Do you reckon there's a way to bulk update users and make them Unprivileged? Thanks, Giuseppe On 10/06/11 14:50, Raed El-Hames wrote: The fist question Giuseppe , is user U privileged or not? If not then by default he should have been redirected to SelfService/index.html, which again by default should only display /SelfService/Elements/MyRequests If he is privileged (then I would ask why? -- because according to what you need below he does not need to be privileged), if he has to be privileged then you may have to do some coding .. I do think there is a limitation in RT , you should need to give the SeeQueue permission to be able to see it in the dropdown ? I would have thought the CreateTicket permission should be enough. As I suggested make user U unprivileged is the easiest solution. Good luck Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 14:15 To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] limit ticket list display on requestor login Hi Kevin, that was my first thought - however in global group rights all checkboxes in general/staff/admin rights are unticked for System, Roles, and for the given user group. Or is it maybe how I shoudl manage this, by adding show ticket to the global one? Just in case I have explained myself improperly, what I'm trying to achieve is that users in the G group are shown in the dashboard a list of tickets in the queue Q for which they are requestors; such list should exclude tickets in the same queue for which they are not requestors. Thanks, G On 10/06/11 14:03, Kevin Falcone wrote: On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote: Uhm... it seems not to behave like I would like to. Basically I have a privileged user U that is part of group G. On queue Q group G has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Also, on queue Q role Requestor has right to show/modify/reply, whereas the system privileged group does not have any right on the queue. Still, U can see all tickets in queue Q, even those he's not a requestor for. So I'm still looking for a way to hide tickets for which a user in the group G is not a requestor for from the dashboard, if that's at all possible :) Sounds like you have some global rights getting in the way. -kevin On 10/06/11 12:06, Raed El-Hames wrote: Giuseppe, I will not give the Everyone group rights other than Create Ticket and ReplyToTicket (and this is only to get the email side of things working properly).I also would not give any rights to the Unprivileged group. For your purposes I would suggest you give the Requestor Role rights to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged then their login will redirect them to the SelfService portal which is restricted. Hope that helps; Regards; Roy -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo Sent: 10 June 2011 10:43 To: rt-users@lists.bestpractical.com Subject: [rt-users] limit ticket list display on requestor login Hi, I guess I'm not getting this right. I'd like that a user, upon login, were able to only see the tickets for which they are a requestor (in a given queue). Let's say I have a group G and a queue Q. If rights for G on Q are Create tickets and View queue obviously they see all tickets in the queue, whereas Create tickets alone does not allow them to see any ticket. To keep
[rt-users] RT training options
We're looking at getting some end-user training. I've contacted Best Practical, and I'm also looking for any organizations that might provide webinars or other training. Anyone know of any organizations in the Pacific North West that might provide training? How do people go about training their staff in RT use? -- My daughter is racing a triathlon to raise money for her swim club. Want to help? http://akari.seiner.com
Re: [rt-users] RT 3.8: questions on Kerberos, LDAP, and guest account setup
Kevin Falcone falc...@bestpractical.com writes: On Thu, Jun 09, 2011 at 09:57:49PM +0700, Ivan Shmakov wrote: […] Also, I wonder, is it possible to make RT refer to LDAP for certain information (like: login name, real name, e-mail, etc.) about its users? It could easily become a painful experience to either synchronize the RT user database with LDAP, or to maintain the informations in both of the places simultaneously. Sounds like you want RT-Extension-LDAPImport I'll check it, thanks. Additionally, I have set up an Unprivileged “guest” account. However, this configuration results in the user being presented with a somewhat “limited” Web interface (in particular, it lacks the Search facility.) Should I make this account Privileged instead, or is there another easy way of setting up a “read-only” account with the Search facility being active? If you want the advanced search, you want a Privileged user. Is it merely a limitation of the implementation, or something deeper? The inconvenience of setting up a Privileged guest account is that it will be necessary to maintain a separate group, whose members (which are all the Privileged users except the guest account) are actually granted “write access” to the tickets. With guest account now being Unprivileged, the Privileged group fulfills this role. Unprivileged users are only going to see tickets that they're the Requestor of. Apparently, it's not the case: I was able to see all the tickets belonging to the queues for which Everyone is granted SeeQueue and ShowTicket permissions. (RT 3.8.8 debian 7.) -- FSF associate member #7257