Re: [rt-users] RT-External Auth RT 4.0

2011-06-10 Thread Guy Baxter 
070888 is the shortname for A Weetman - neither of these seem to work

I'm specifying the correct ldap attribute, it's just not working!

Has anyone succeeded in getting external auth working with open directory?

Regards,

Guy


This email and any attachments are confidential and are intended solely for the 
use of the individual to whom it is addressed. If you are not the intended 
recipient of this email and its attachments, you must take no action based upon 
them, nor must you copy or show them to anyone. Please contact the sender if 
you believe you have received this email in error.  Emails are not secure and 
cannot be guaranteed to be free of errors or viruses.  It is your 
responsibility to scan emails and attachments for viruses before opening them.

Any views or opinions expressed are solely those of the author and do not 
necessarily represent those of The Blackpool Sixth Form College.

#
Scanned by MailMarshal - Marshal's comprehensive email content security 
solution. 
Download a free evaluation of MailMarshal at www.marshal.com
#

Re: [rt-users] Ldap Import and Groups

2011-06-10 Thread Giuseppe Sollazzo 

Ah, ok.
The docs say prevents users from being added to any *additional* group 
I had supposed it was referring to auto creation of ldap groups. That 
additional is a bit misleading, if it could go in the next version 
that would be great.



Thanks,
G

On 09/06/11 17:18, Kevin Falcone wrote:

On Thu, Jun 09, 2011 at 05:06:15PM +0100, Giuseppe Sollazzo wrote:

Hi there,
I've tried the ldap import script which run smoothly except for one thing: 
the users weren't
put in the group specified.

The documentation could use some revising it seems
setting LDAPSkipAutogeneratedGroup to 1 means no users will be added
to LDAPGroupName

-kevin


As far as I understood,

  #The Group new users belong to (optional)
  #All new users will belong to the 'Imported from LDAP' group
  #You can change the name of this group using the $LDAPGroupName
  #variable
   Set($LDAPGroupName,'Imported Users');
  #If you would like to prevent users from being added to any
  #additional groups, you can set this to true:
   Set($LDAPSkipAutogeneratedGroup, 1);


  Set($LDAPUpdateUsers,1);


With this setting, the users should be put in a group called imported 
users. This didn't
happen. So I assumed the group needed to be created manually, which I did, 
but still no user
was put in the group (in the second try I had some new users, so there's no 
risk of an
overlapping problem of inability to move users).

Am I doing something wrong?

From another point of view: I can't find if there's a way to select users in the 
Users
interface other than by username match. It would be great to be able to 
select all
unprivileged users, or all users with no group membership.

Thanks,
Giuseppe

  --
  

  Giuseppe Sollazzo
  Senior Systems Analyst
  Computing Services
  Information Services
  St. George's, University Of London
  Cranmer Terrace
  London SW17 0RE

  Email: [1]gsoll...@sgul.ac.uk
  Direct Dial: +44 20 8725 5160
  Fax: +44 20 8725 3583

References

Visible links
1. mailto:gsoll...@sgul.ac.uk



--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] Errors in fixdeps

2011-06-10 Thread Ich Wersonst 
Thanks. It worked.

Now I'd like to install RT within the LAMPP environment so I used the following 
command to configure it:



./configure --prefix=/opt/rt3 --with-web-user=rt_user --with-web-group=rt 
--with-db-dat

ith-db-type=mysql --with-rt-group=rt 
--with-apachectl=/../opt/lampp/bin/apachectl



I also initialized the database, but the database instance rt3 was 
however installed in the other MySQL-Server which is located in 
/var/lib/mysql/mysql.



How can I configure the destination for the LAMPP-MySQL-Server I want to use to 
install the rt-database? 



Do I have to configure also any other files in order to use the Apache Server 
within LAMPP?



Regards






--- Kevin Falcone falc...@bestpractical.com schrieb am Mi, 8.6.2011:

Von: Kevin Falcone falc...@bestpractical.com
Betreff: Re: [rt-users] Errors in fixdeps
An: rt-users@lists.bestpractical.com
Datum: Mittwoch, 8. Juni, 2011 13:46 Uhr

On Wed, Jun 08, 2011 at 01:15:14PM +0100, Ich Wersonst wrote:
    Hello,
 
    I am using SUSE Linux Enterprise Server 11 (i586) and LAMPP 1.7.4.
 
    I tried to install RT 4.0.0.
 
    When I tried to fix the Perl dependencies via the command `make fixdeps`
    I got the following message:
        HTML::Mason ...MISSING
            Can't locate Class/Container.pm in @INC (@INC contains:
    /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0
    /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi 
/usr/lib/perl5/site_perl/5.10.0
    /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.10.0
    /usr/lib/perl5/vendor_perl /root/Desktop/rt-4.0.0) at
    /usr/lib/perl5/site_perl/5.10.0/HTML/Mason/Request.pm line 44.
        Digest::MD5 = 2.27 ...found
        JSON ...found

This error implies that you've got HTML::Mason installed without one
of the supporting modules (I'm not sure how you did that)

You should try cpan'ing Class::Container

-kevin

[rt-users] Further Theme Customisation in RT4.0

2011-06-10 Thread declaya 

Hi all,

I'm just want to know if there are more things I can customize at the RT
interface, not only Page, Header, Page content, Page title and the Buttons. 

Otherwise I will just edit the css files like I did RT3.8. But I am just
curious if I can do it directly from the interface. :)

Thank you in advance!
-- 
View this message in context: 
http://old.nabble.com/Further-Theme-Customisation-in-RT4.0-tp31816494p31816494.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

[rt-users] limit ticket list display on requestor login

2011-06-10 Thread Giuseppe Sollazzo 

Hi,
I guess I'm not getting this right.

I'd like that a user, upon login, were able to only see the tickets for 
which they are a requestor (in a given queue).


Let's say I have a group G and a queue Q. If rights for G on Q are 
Create tickets and View queue obviously they see all tickets in the 
queue, whereas Create tickets alone does not allow them to see any ticket.


To keep things tidy, I've also given the same rights to Everyone, 
Privileged, Unprivileged.


Is what I want to do feasible with just permissions management?

Thanks,
Giuseppe

--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Raed El-Hames 
Giuseppe,

I will not give the Everyone group rights other than Create Ticket and 
ReplyToTicket (and this is only to get the email side of things working 
properly).I also would not give any rights to the Unprivileged group.

For your purposes I would suggest you give the Requestor Role rights to 
ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged 
then their login will redirect them to the SelfService portal which is 
restricted.

Hope that helps;
Regards;
Roy 

 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
 boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
 Sent: 10 June 2011 10:43
 To: rt-users@lists.bestpractical.com
 Subject: [rt-users] limit ticket list display on requestor login
 
 Hi,
 I guess I'm not getting this right.
 
 I'd like that a user, upon login, were able to only see the tickets for
 which they are a requestor (in a given queue).
 
 Let's say I have a group G and a queue Q. If rights for G on Q are
 Create tickets and View queue obviously they see all tickets in the
 queue, whereas Create tickets alone does not allow them to see any
 ticket.
 
 To keep things tidy, I've also given the same rights to Everyone,
 Privileged, Unprivileged.
 
 Is what I want to do feasible with just permissions management?
 
 Thanks,
 Giuseppe
 
 --
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583

[rt-users] User creation failed in mailgateway: Name in use

2011-06-10 Thread Robert 
Hi,

Bugging me for days, I'm sending an email to RT to create a ticket,
the address already exists in the database.

I send it, it fails and I receive back 3 emails
1. User creation failed in mailgateway: Name in use
2. User 'xxx@xxx' could not be loaded in the mail gateway
3. RT could not load valid user

the log output 

Jun 10 11:28:29 eu-support RT: User creation failed in mailgateway: Name
in use (/opt/rt3/bin/../local/lib/RT/Interface/Email.pm:244)

RT_SiteConfig
Set($AutoCreateNonExternalUsers,1);  
Set($ValidateUserEmailAddresses,1); 
   



Globals-Group privs
Everyone-CreateTicket, ReplyToTicket
Privaleged-CreateTicket, ReplyToTicket
Unprivileged-CreateTicket, ReplyToTicket

this has happened on more than one occasion and ive been through quite a
few possible fixes? and have run out of ideas,

can anyone shed some light on exactly what is going on?

best
Saragan

Re: [rt-users] User creation failed in mailgateway: Name in use

2011-06-10 Thread declaya 


Robert-356 wrote:
 
 Hi,
 
 Bugging me for days, I'm sending an email to RT to create a ticket,
 the address already exists in the database.
 
 I send it, it fails and I receive back 3 emails
 1. User creation failed in mailgateway: Name in use
 2. User 'xxx@xxx' could not be loaded in the mail gateway
 3. RT could not load valid user
 
 the log output 
 
 Jun 10 11:28:29 eu-support RT: User creation failed in mailgateway: Name
 in use (/opt/rt3/bin/../local/lib/RT/Interface/Email.pm:244)
 
 RT_SiteConfig
 Set($AutoCreateNonExternalUsers,1);  
 Set($ValidateUserEmailAddresses,1);   
  
 
 
 
 Globals-Group privs
 Everyone-CreateTicket, ReplyToTicket
 Privaleged-CreateTicket, ReplyToTicket
 Unprivileged-CreateTicket, ReplyToTicket
 
 this has happened on more than one occasion and ive been through quite a
 few possible fixes? and have run out of ideas,
 
 can anyone shed some light on exactly what is going on?
 
 best
 Saragan
 
 


Hi Robert-356,

are you using the RT-ExternalAuth plugin? I got similar error massages when
it was not configured correctly. Have you tried to turn it off?  
I can only tell from my research, it doesn't need to be correct, but maybe
RT tries to check if the user already exists and - if we assume that you use
ExternalAuth and your config is somehow wrong - it can't get access to the
AD server. 
My second guess: Have you double-checked all users in your db at the
frontend? Try to search after a % in the name and you will find all
registered users.

Hope this helps!

-- 
View this message in context: 
http://old.nabble.com/User-creation-failed-in-mailgateway%3A-Name-in-use-tp31817312p31817513.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Giuseppe Sollazzo 

Uhm...
it seems not to behave like I would like to.

Basically I have a privileged user U that is part of group G.
On queue Q group G has right to show/modify/reply, whereas the system 
privileged group does not have any right on the queue.
Also, on queue Q role Requestor has right to show/modify/reply, 
whereas the system privileged group does not have any right on the queue.


Still, U can see all tickets in queue Q, even those he's not a requestor 
for.


So I'm still looking for a way to hide tickets for which a user in the 
group G is not a requestor for from the dashboard, if that's at all 
possible :)


G



On 10/06/11 12:06, Raed El-Hames wrote:

Giuseppe,

I will not give the Everyone group rights other than Create Ticket and 
ReplyToTicket (and this is only to get the email side of things working 
properly).I also would not give any rights to the Unprivileged group.

For your purposes I would suggest you give the Requestor Role rights to 
ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged 
then their login will redirect them to the SelfService portal which is 
restricted.

Hope that helps;
Regards;
Roy


-Original Message-
From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
Sent: 10 June 2011 10:43
To: rt-users@lists.bestpractical.com
Subject: [rt-users] limit ticket list display on requestor login

Hi,
I guess I'm not getting this right.

I'd like that a user, upon login, were able to only see the tickets for
which they are a requestor (in a given queue).

Let's say I have a group G and a queue Q. If rights for G on Q are
Create tickets and View queue obviously they see all tickets in the
queue, whereas Create tickets alone does not allow them to see any
ticket.

To keep things tidy, I've also given the same rights to Everyone,
Privileged, Unprivileged.

Is what I want to do feasible with just permissions management?

Thanks,
Giuseppe

--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583




--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] RT 3.8: questions on Kerberos, LDAP, and guest account setup

2011-06-10 Thread Kevin Falcone 
On Thu, Jun 09, 2011 at 09:57:49PM +0700, Ivan Shmakov wrote:
   I was able to successfully configure RT and Apache to use
   Kerberos for authentication, roughly as shown below.  However,
   now I'm somewhat concerned about the lack of authentication in
   rt-mailgate(1) (Debian Bug#615890 [1].)  Somehow, I feel that
   this issue could be resolved easily, and wonder if anyone's
   interested?

We'd certainly consider patches

   Also, I wonder, is it possible to make RT refer to LDAP for
   certain information (like: login name, real name, e-mail, etc.)
   about its users?  It could easily become a painful experience to
   either synchronize the RT user database with LDAP, or to
   maintain the informations in both of the places simultaneously.

Sounds like you want RT-Extension-LDAPImport

   Additionally, I have set up an Unprivileged “guest” account.
   However, this configuration results in the user being presented
   with a somewhat “limited” Web interface (in particular, it lacks
   the Search facility.)  Should I make this account Privileged
   instead, or is there another easy way of setting up a
   “read-only” account with the Search facility being active?

If you want the advanced search, you want a Privileged user.
Unprivileged users are only going to see tickets that they're the
Requestor of.

-kevin


pgpuQPyn90IBN.pgp
Description: PGP signature

Re: [rt-users] RT-External Auth RT 4.0

2011-06-10 Thread Kevin Falcone 
On Fri, Jun 10, 2011 at 08:13:34AM +0100, Guy Baxter wrote:
 070888 is the shortname for A Weetman - neither of these seem to work
 
 I'm specifying the correct ldap attribute, it's just not working!
 
 Has anyone succeeded in getting external auth working with open directory?

Please show the error logs when you have RT creating an account with a
non-numeric attribute.

-kevin


pgpZurGyv4guu.pgp
Description: PGP signature

Re: [rt-users] Ldap Import and Groups

2011-06-10 Thread Kevin Falcone 
On Fri, Jun 10, 2011 at 08:42:14AM +0100, Giuseppe Sollazzo wrote:
 Ah, ok.
 The docs say prevents users from being added to any *additional*
 group I had supposed it was referring to auto creation of ldap
 groups. That additional is a bit misleading, if it could go in the
 next version that would be great.

There is already a documentation clarification on github

 On 09/06/11 17:18, Kevin Falcone wrote:
 On Thu, Jun 09, 2011 at 05:06:15PM +0100, Giuseppe Sollazzo wrote:
 Hi there,
 I've tried the ldap import script which run smoothly except for one 
  thing: the users weren't
 put in the group specified.
 The documentation could use some revising it seems
 setting LDAPSkipAutogeneratedGroup to 1 means no users will be added
 to LDAPGroupName
 
 -kevin
 
 As far as I understood,
 
   #The Group new users belong to (optional)
   #All new users will belong to the 'Imported from LDAP' group
   #You can change the name of this group using the $LDAPGroupName
   #variable
Set($LDAPGroupName,'Imported Users');
   #If you would like to prevent users from being added to any
   #additional groups, you can set this to true:
Set($LDAPSkipAutogeneratedGroup, 1);
 
 
   Set($LDAPUpdateUsers,1);
 
 
 With this setting, the users should be put in a group called imported 
  users. This didn't
 happen. So I assumed the group needed to be created manually, which I 
  did, but still no user
 was put in the group (in the second try I had some new users, so 
  there's no risk of an
 overlapping problem of inability to move users).
 
 Am I doing something wrong?
 
 From another point of view: I can't find if there's a way to select 
  users in the Users
 interface other than by username match. It would be great to be able to 
  select all
 unprivileged users, or all users with no group membership.
 
 Thanks,
 Giuseppe
 
   --
   
 
   Giuseppe Sollazzo
   Senior Systems Analyst
   Computing Services
   Information Services
   St. George's, University Of London
   Cranmer Terrace
   London SW17 0RE
 
   Email: [1]gsoll...@sgul.ac.uk
   Direct Dial: +44 20 8725 5160
   Fax: +44 20 8725 3583
 
 References
 
 Visible links
 1. mailto:gsoll...@sgul.ac.uk
 
 
 -- 
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583
 
 


pgpM4566hLJuo.pgp
Description: PGP signature

Re: [rt-users] Further Theme Customisation in RT4.0

2011-06-10 Thread Kevin Falcone 
On Fri, Jun 10, 2011 at 02:33:33AM -0700, declaya wrote:
 I'm just want to know if there are more things I can customize at the RT
 interface, not only Page, Header, Page content, Page title and the Buttons. 
 
 Otherwise I will just edit the css files like I did RT3.8. But I am just
 curious if I can do it directly from the interface. :)

You can add your CSS right to the box, rather than editing files and
dealing with the upgrade hassle.


pgpkbfYZgtGTS.pgp
Description: PGP signature

Re: [rt-users] Errors in fixdeps

2011-06-10 Thread Kevin Falcone 
On Fri, Jun 10, 2011 at 09:01:50AM +0100, Ich Wersonst wrote:
Thanks. It worked.
 
Now I'd like to install RT within the LAMPP environment so I used the 
 following command to
configure it:
 
./configure --prefix=/opt/rt3 --with-web-user=rt_user --with-web-group=rt 
 --with-db-dat
ith-db-type=mysql --with-rt-group=rt 
 --with-apachectl=/../opt/lampp/bin/apachectl
 
I also initialized the database, but the database instance rt3 was 
 however installed in the
other MySQL-Server which is located in /var/lib/mysql/mysql.
 
How can I configure the destination for the LAMPP-MySQL-Server I want to 
 use to install the
rt-database?
 
Do I have to configure also any other files in order to use the Apache 
 Server within LAMPP?

I'm afraid I don't know what you mean by LAMPP but you may find the output
of ./configure --help useful if you need to tell RT to connect to a
remote database host.

-kevin


pgpjhZt3wuedk.pgp
Description: PGP signature

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Kevin Falcone 
On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote:
 Uhm...
 it seems not to behave like I would like to.
 
 Basically I have a privileged user U that is part of group G.
 On queue Q group G has right to show/modify/reply, whereas the
 system privileged group does not have any right on the queue.
 Also, on queue Q role Requestor has right to show/modify/reply,
 whereas the system privileged group does not have any right on the
 queue.
 
 Still, U can see all tickets in queue Q, even those he's not a
 requestor for.
 
 So I'm still looking for a way to hide tickets for which a user in
 the group G is not a requestor for from the dashboard, if that's at
 all possible :)


Sounds like you have some global rights getting in the way.

-kevin

 
 On 10/06/11 12:06, Raed El-Hames wrote:
 Giuseppe,
 
 I will not give the Everyone group rights other than Create Ticket and 
 ReplyToTicket (and this is only to get the email side of things working 
 properly).I also would not give any rights to the Unprivileged group.
 
 For your purposes I would suggest you give the Requestor Role rights to 
 ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are 
 Unprivileged then their login will redirect them to the SelfService portal 
 which is restricted.
 
 Hope that helps;
 Regards;
 Roy
 
 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
 boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
 Sent: 10 June 2011 10:43
 To: rt-users@lists.bestpractical.com
 Subject: [rt-users] limit ticket list display on requestor login
 
 Hi,
 I guess I'm not getting this right.
 
 I'd like that a user, upon login, were able to only see the tickets for
 which they are a requestor (in a given queue).
 
 Let's say I have a group G and a queue Q. If rights for G on Q are
 Create tickets and View queue obviously they see all tickets in the
 queue, whereas Create tickets alone does not allow them to see any
 ticket.
 
 To keep things tidy, I've also given the same rights to Everyone,
 Privileged, Unprivileged.
 
 Is what I want to do feasible with just permissions management?
 
 Thanks,
 Giuseppe
 
 --
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583
 
 
 
 -- 
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583
 
 


pgp47iGKWDwLY.pgp
Description: PGP signature

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Giuseppe Sollazzo 

Hi Kevin,
that was my first thought - however in global group rights all 
checkboxes in general/staff/admin rights are unticked for System, Roles, 
and for the given user group.


Or is it maybe how I shoudl manage this, by adding show ticket to the 
global one?


Just in case I have explained myself improperly, what I'm trying to 
achieve is that users in the G group are shown in the dashboard a list 
of tickets in the queue Q for which they are requestors; such list 
should exclude tickets in the same queue for which they are not requestors.


Thanks,
G

On 10/06/11 14:03, Kevin Falcone wrote:

On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote:

Uhm...
it seems not to behave like I would like to.

Basically I have a privileged user U that is part of group G.
On queue Q group G has right to show/modify/reply, whereas the
system privileged group does not have any right on the queue.
Also, on queue Q role Requestor has right to show/modify/reply,
whereas the system privileged group does not have any right on the
queue.

Still, U can see all tickets in queue Q, even those he's not a
requestor for.

So I'm still looking for a way to hide tickets for which a user in
the group G is not a requestor for from the dashboard, if that's at
all possible :)


Sounds like you have some global rights getting in the way.

-kevin


On 10/06/11 12:06, Raed El-Hames wrote:

Giuseppe,

I will not give the Everyone group rights other than Create Ticket and 
ReplyToTicket (and this is only to get the email side of things working 
properly).I also would not give any rights to the Unprivileged group.

For your purposes I would suggest you give the Requestor Role rights to 
ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are Unprivileged 
then their login will redirect them to the SelfService portal which is 
restricted.

Hope that helps;
Regards;
Roy


-Original Message-
From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
Sent: 10 June 2011 10:43
To: rt-users@lists.bestpractical.com
Subject: [rt-users] limit ticket list display on requestor login

Hi,
I guess I'm not getting this right.

I'd like that a user, upon login, were able to only see the tickets for
which they are a requestor (in a given queue).

Let's say I have a group G and a queue Q. If rights for G on Q are
Create tickets and View queue obviously they see all tickets in the
queue, whereas Create tickets alone does not allow them to see any
ticket.

To keep things tidy, I've also given the same rights to Everyone,
Privileged, Unprivileged.

Is what I want to do feasible with just permissions management?

Thanks,
Giuseppe

--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583



--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583





--


Giuseppe Sollazzo
Senior Systems Analyst
Computing Services
Information Services
St. George's, University Of London
Cranmer Terrace
London SW17 0RE

Email: gsoll...@sgul.ac.uk
Direct Dial: +44 20 8725 5160
Fax: +44 20 8725 3583

Re: [rt-users] User creation failed in mailgateway: Name in use

2011-06-10 Thread Robert 
hi, thnx for the quick reply


No we use RT::Authen::ExternalAuth rather than externalauth for ldap.
(internal users only)

the users have been created as valid users in the RT
database, RT just seems to have an issue locating them and allowing them
to
send the mail in.

Other mail users that are setup as both valid users and privileged are
fine
even though they don’t exist in ldap.


-Original Message-
From: declaya chocoboselp...@gmx.de
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User creation failed in mailgateway: Name in use
Date: Fri, 10 Jun 2011 05:28:15 -0700 (PDT)


Robert-356 wrote:
 
 Hi,
 
 Bugging me for days, I'm sending an email to RT to create a ticket,
 the address already exists in the database.
 
 I send it, it fails and I receive back 3 emails
 1. User creation failed in mailgateway: Name in use
 2. User 'xxx@xxx' could not be loaded in the mail gateway
 3. RT could not load valid user
 
 the log output 
 
 Jun 10 11:28:29 eu-support RT: User creation failed in mailgateway: Name
 in use (/opt/rt3/bin/../local/lib/RT/Interface/Email.pm:244)
 
 RT_SiteConfig
 Set($AutoCreateNonExternalUsers,1);  
 Set($ValidateUserEmailAddresses,1);   
  
 
 
 
 Globals-Group privs
 Everyone-CreateTicket, ReplyToTicket
 Privaleged-CreateTicket, ReplyToTicket
 Unprivileged-CreateTicket, ReplyToTicket
 
 this has happened on more than one occasion and ive been through quite a
 few possible fixes? and have run out of ideas,
 
 can anyone shed some light on exactly what is going on?
 
 best
 Saragan
 
 


Hi Robert-356,

are you using the RT-ExternalAuth plugin? I got similar error massages when
it was not configured correctly. Have you tried to turn it off?  
I can only tell from my research, it doesn't need to be correct, but maybe
RT tries to check if the user already exists and - if we assume that you use
ExternalAuth and your config is somehow wrong - it can't get access to the
AD server. 
My second guess: Have you double-checked all users in your db at the
frontend? Try to search after a % in the name and you will find all
registered users.

Hope this helps!

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Raed El-Hames 
The fist question Giuseppe , is user U privileged or not?

If not then by default he should have been redirected to 
SelfService/index.html, which again by default should only display 
/SelfService/Elements/MyRequests

If he is privileged (then I would ask why? -- because according to what you 
need below he does not need to be privileged),  if he has to be privileged then 
you may have to do some coding .. I do think there is a limitation in RT , you 
should need to give the SeeQueue permission to be able to see it in the 
dropdown ? I would have thought the CreateTicket permission should be enough.

As I suggested make user U unprivileged is the easiest solution.

Good luck 
Roy  


 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
 boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
 Sent: 10 June 2011 14:15
 To: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] limit ticket list display on requestor login
 
 Hi Kevin,
 that was my first thought - however in global group rights all
 checkboxes in general/staff/admin rights are unticked for System, Roles,
 and for the given user group.
 
 Or is it maybe how I shoudl manage this, by adding show ticket to the
 global one?
 
 Just in case I have explained myself improperly, what I'm trying to
 achieve is that users in the G group are shown in the dashboard a list
 of tickets in the queue Q for which they are requestors; such list
 should exclude tickets in the same queue for which they are not
 requestors.
 
 Thanks,
 G
 
 On 10/06/11 14:03, Kevin Falcone wrote:
  On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote:
  Uhm...
  it seems not to behave like I would like to.
 
  Basically I have a privileged user U that is part of group G.
  On queue Q group G has right to show/modify/reply, whereas the
  system privileged group does not have any right on the queue.
  Also, on queue Q role Requestor has right to show/modify/reply,
  whereas the system privileged group does not have any right on the
  queue.
 
  Still, U can see all tickets in queue Q, even those he's not a
  requestor for.
 
  So I'm still looking for a way to hide tickets for which a user in
  the group G is not a requestor for from the dashboard, if that's at
  all possible :)
 
  Sounds like you have some global rights getting in the way.
 
  -kevin
 
  On 10/06/11 12:06, Raed El-Hames wrote:
  Giuseppe,
 
  I will not give the Everyone group rights other than Create Ticket and
 ReplyToTicket (and this is only to get the email side of things working
 properly).I also would not give any rights to the Unprivileged group.
 
  For your purposes I would suggest you give the Requestor Role rights
 to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are
 Unprivileged then their login will redirect them to the SelfService portal
 which is restricted.
 
  Hope that helps;
  Regards;
  Roy
 
  -Original Message-
  From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
  boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
  Sent: 10 June 2011 10:43
  To: rt-users@lists.bestpractical.com
  Subject: [rt-users] limit ticket list display on requestor login
 
  Hi,
  I guess I'm not getting this right.
 
  I'd like that a user, upon login, were able to only see the tickets
 for
  which they are a requestor (in a given queue).
 
  Let's say I have a group G and a queue Q. If rights for G on Q are
  Create tickets and View queue obviously they see all tickets in
 the
  queue, whereas Create tickets alone does not allow them to see any
  ticket.
 
  To keep things tidy, I've also given the same rights to Everyone,
  Privileged, Unprivileged.
 
  Is what I want to do feasible with just permissions management?
 
  Thanks,
  Giuseppe
 
  --
  
 
  Giuseppe Sollazzo
  Senior Systems Analyst
  Computing Services
  Information Services
  St. George's, University Of London
  Cranmer Terrace
  London SW17 0RE
 
  Email: gsoll...@sgul.ac.uk
  Direct Dial: +44 20 8725 5160
  Fax: +44 20 8725 3583
 
 
  --
  
 
  Giuseppe Sollazzo
  Senior Systems Analyst
  Computing Services
  Information Services
  St. George's, University Of London
  Cranmer Terrace
  London SW17 0RE
 
  Email: gsoll...@sgul.ac.uk
  Direct Dial: +44 20 8725 5160
  Fax: +44 20 8725 3583
 
 
 
 
 --
 
 
 Giuseppe Sollazzo
 Senior Systems Analyst
 Computing Services
 Information Services
 St. George's, University Of London
 Cranmer Terrace
 London SW17 0RE
 
 Email: gsoll...@sgul.ac.uk
 Direct Dial: +44 20 8725 5160
 Fax: +44 20 8725 3583

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Raed El-Hames 
Sorry Giuseppe I don't have much knowledge of the LDAP plugin.
Under normal circumstances (ie RT auth), I would write script to go through the 
users need changing and set Privileged to 0
foreach $MyUserId (@my_users_to_change) {
  my $u=RT::User-new(RT::SystemUser);
  my ($id, $msg) = $u-Load($MyUserId);
  if ($id) {
   $u-SetPrivileged(0);
 }
}

Regards;
Roy
 -Original Message-
 From: Giuseppe Sollazzo [mailto:gsoll...@sgul.ac.uk]
 Sent: 10 June 2011 15:33
 To: Raed El-Hames
 Cc: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] limit ticket list display on requestor login
 
 Hi Raed,
 thanks a lot as that explains it. This user is Privileged. Removing the
 privilege everything works as expected.
 
 What puzzles me is the relationship between system groups and user
 defined groups. I would have expected to have the possibility of
 limiting permissions to Privileged users in a group rather then having
 them as Unprivileged.
 But never mind :-)
 
 Now the problem I have is that all my imported users are Privileged, and
 reimporting them does not seem to change this (even with
 $LDAPUpdateUsers=1).
 
 Do you reckon there's a way to bulk update users and make them
 Unprivileged?
 
 Thanks,
 Giuseppe
 
 
 
 
 On 10/06/11 14:50, Raed El-Hames wrote:
  The fist question Giuseppe , is user U privileged or not?
 
  If not then by default he should have been redirected to
 SelfService/index.html, which again by default should only display
  /SelfService/Elements/MyRequests
 
  If he is privileged (then I would ask why? -- because according to what
 you need below he does not need to be privileged),  if he has to be
 privileged then you may have to do some coding .. I do think there is a
 limitation in RT , you should need to give the SeeQueue permission to be
 able to see it in the dropdown ? I would have thought the CreateTicket
 permission should be enough.
 
  As I suggested make user U unprivileged is the easiest solution.
 
  Good luck
  Roy
 
 
  -Original Message-
  From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
  boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
  Sent: 10 June 2011 14:15
  To: rt-users@lists.bestpractical.com
  Subject: Re: [rt-users] limit ticket list display on requestor login
 
  Hi Kevin,
  that was my first thought - however in global group rights all
  checkboxes in general/staff/admin rights are unticked for System,
 Roles,
  and for the given user group.
 
  Or is it maybe how I shoudl manage this, by adding show ticket to the
  global one?
 
  Just in case I have explained myself improperly, what I'm trying to
  achieve is that users in the G group are shown in the dashboard a list
  of tickets in the queue Q for which they are requestors; such list
  should exclude tickets in the same queue for which they are not
  requestors.
 
  Thanks,
  G
 
  On 10/06/11 14:03, Kevin Falcone wrote:
  On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote:
  Uhm...
  it seems not to behave like I would like to.
 
  Basically I have a privileged user U that is part of group G.
  On queue Q group G has right to show/modify/reply, whereas the
  system privileged group does not have any right on the queue.
  Also, on queue Q role Requestor has right to show/modify/reply,
  whereas the system privileged group does not have any right on the
  queue.
 
  Still, U can see all tickets in queue Q, even those he's not a
  requestor for.
 
  So I'm still looking for a way to hide tickets for which a user in
  the group G is not a requestor for from the dashboard, if that's at
  all possible :)
  Sounds like you have some global rights getting in the way.
 
  -kevin
 
  On 10/06/11 12:06, Raed El-Hames wrote:
  Giuseppe,
 
  I will not give the Everyone group rights other than Create Ticket
 and
  ReplyToTicket (and this is only to get the email side of things working
  properly).I also would not give any rights to the Unprivileged group.
  For your purposes I would suggest you give the Requestor Role rights
  to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are
  Unprivileged then their login will redirect them to the SelfService
 portal
  which is restricted.
  Hope that helps;
  Regards;
  Roy
 
  -Original Message-
  From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
  boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
  Sent: 10 June 2011 10:43
  To: rt-users@lists.bestpractical.com
  Subject: [rt-users] limit ticket list display on requestor login
 
  Hi,
  I guess I'm not getting this right.
 
  I'd like that a user, upon login, were able to only see the tickets
  for
  which they are a requestor (in a given queue).
 
  Let's say I have a group G and a queue Q. If rights for G on Q are
  Create tickets and View queue obviously they see all tickets in
  the
  queue, whereas Create tickets alone does not allow them to see
 any
  ticket.
 
  To keep things tidy, I've also given the

Re: [rt-users] limit ticket list display on requestor login

2011-06-10 Thread Giuseppe Sollazzo 

Hi Raed,
thanks for your very kind help.

I was hoping for the capability of running bulk operations on users to 
be added to the user interface at some point :-)


G

On 10/06/11 16:12, Raed El-Hames wrote:

Sorry Giuseppe I don't have much knowledge of the LDAP plugin.
Under normal circumstances (ie RT auth), I would write script to go through the 
users need changing and set Privileged to 0
foreach $MyUserId (@my_users_to_change) {
   my $u=RT::User-new(RT::SystemUser);
   my ($id, $msg) = $u-Load($MyUserId);
   if ($id) {
$u-SetPrivileged(0);
  }
}

Regards;
Roy

-Original Message-
From: Giuseppe Sollazzo [mailto:gsoll...@sgul.ac.uk]
Sent: 10 June 2011 15:33
To: Raed El-Hames
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] limit ticket list display on requestor login

Hi Raed,
thanks a lot as that explains it. This user is Privileged. Removing the
privilege everything works as expected.

What puzzles me is the relationship between system groups and user
defined groups. I would have expected to have the possibility of
limiting permissions to Privileged users in a group rather then having
them as Unprivileged.
But never mind :-)

Now the problem I have is that all my imported users are Privileged, and
reimporting them does not seem to change this (even with
$LDAPUpdateUsers=1).

Do you reckon there's a way to bulk update users and make them
Unprivileged?

Thanks,
Giuseppe




On 10/06/11 14:50, Raed El-Hames wrote:

The fist question Giuseppe , is user U privileged or not?

If not then by default he should have been redirected to

SelfService/index.html, which again by default should only display

/SelfService/Elements/MyRequests

If he is privileged (then I would ask why? -- because according to what

you need below he does not need to be privileged),  if he has to be
privileged then you may have to do some coding .. I do think there is a
limitation in RT , you should need to give the SeeQueue permission to be
able to see it in the dropdown ? I would have thought the CreateTicket
permission should be enough.

As I suggested make user U unprivileged is the easiest solution.

Good luck
Roy



-Original Message-
From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
Sent: 10 June 2011 14:15
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] limit ticket list display on requestor login

Hi Kevin,
that was my first thought - however in global group rights all
checkboxes in general/staff/admin rights are unticked for System,

Roles,

and for the given user group.

Or is it maybe how I shoudl manage this, by adding show ticket to the
global one?

Just in case I have explained myself improperly, what I'm trying to
achieve is that users in the G group are shown in the dashboard a list
of tickets in the queue Q for which they are requestors; such list
should exclude tickets in the same queue for which they are not
requestors.

Thanks,
G

On 10/06/11 14:03, Kevin Falcone wrote:

On Fri, Jun 10, 2011 at 01:45:55PM +0100, Giuseppe Sollazzo wrote:

Uhm...
it seems not to behave like I would like to.

Basically I have a privileged user U that is part of group G.
On queue Q group G has right to show/modify/reply, whereas the
system privileged group does not have any right on the queue.
Also, on queue Q role Requestor has right to show/modify/reply,
whereas the system privileged group does not have any right on the
queue.

Still, U can see all tickets in queue Q, even those he's not a
requestor for.

So I'm still looking for a way to hide tickets for which a user in
the group G is not a requestor for from the dashboard, if that's at
all possible :)

Sounds like you have some global rights getting in the way.

-kevin


On 10/06/11 12:06, Raed El-Hames wrote:

Giuseppe,

I will not give the Everyone group rights other than Create Ticket

and

ReplyToTicket (and this is only to get the email side of things working
properly).I also would not give any rights to the Unprivileged group.

For your purposes I would suggest you give the Requestor Role rights

to ShowTicket/ModifyTicket/ReplyToTicket, and if your requestors are
Unprivileged then their login will redirect them to the SelfService

portal

which is restricted.

Hope that helps;
Regards;
Roy


-Original Message-
From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
boun...@lists.bestpractical.com] On Behalf Of Giuseppe Sollazzo
Sent: 10 June 2011 10:43
To: rt-users@lists.bestpractical.com
Subject: [rt-users] limit ticket list display on requestor login

Hi,
I guess I'm not getting this right.

I'd like that a user, upon login, were able to only see the tickets

for

which they are a requestor (in a given queue).

Let's say I have a group G and a queue Q. If rights for G on Q are
Create tickets and View queue obviously they see all tickets in

the

queue, whereas Create tickets alone does not allow them to see

any

ticket.

To keep

[rt-users] RT training options

2011-06-10 Thread Yan Seiner 
We're looking at getting some end-user training.  I've contacted Best
Practical, and I'm also looking for any organizations that might provide
webinars or other training.  Anyone know of any organizations in the
Pacific North West that might provide training?

How do people go about training their staff in RT use?


-- 
My daughter is racing a triathlon to raise money for her swim club.  Want
to help?

http://akari.seiner.com

Re: [rt-users] RT 3.8: questions on Kerberos, LDAP, and guest account setup

2011-06-10 Thread Ivan Shmakov 
 Kevin Falcone falc...@bestpractical.com writes:
 On Thu, Jun 09, 2011 at 09:57:49PM +0700, Ivan Shmakov wrote:

[…]

  Also, I wonder, is it possible to make RT refer to LDAP for
  certain information (like: login name, real name, e-mail, etc.)
  about its users?  It could easily become a painful experience to
  either synchronize the RT user database with LDAP, or to
  maintain the informations in both of the places simultaneously.

  Sounds like you want RT-Extension-LDAPImport

I'll check it, thanks.

  Additionally, I have set up an Unprivileged “guest” account.
  However, this configuration results in the user being presented with
  a somewhat “limited” Web interface (in particular, it lacks the
  Search facility.)  Should I make this account Privileged instead, or
  is there another easy way of setting up a “read-only” account with
  the Search facility being active?

  If you want the advanced search, you want a Privileged user.

Is it merely a limitation of the implementation, or something
deeper?

The inconvenience of setting up a Privileged guest account is
that it will be necessary to maintain a separate group, whose
members (which are all the Privileged users except the guest
account) are actually granted “write access” to the tickets.
With guest account now being Unprivileged, the Privileged group
fulfills this role.

  Unprivileged users are only going to see tickets that they're the
  Requestor of.

Apparently, it's not the case: I was able to see all the tickets
belonging to the queues for which Everyone is granted SeeQueue
and ShowTicket permissions.  (RT 3.8.8 debian 7.)

-- 
FSF associate member #7257