Re: [rt-users] PHPass and Request Tracker
Hi,
here is part of Set from RT_SiteConfig.pm, only here I could make mistake:
108 Set($ExternalSettings, { # AN EXAMPLE DB SERVICE
109 'My_MySQL' = { ##
GENERIC SECTION
110 # The
type of service (db/ldap/cookie)
111 'type'
= 'db',
112 # The
server hosting the service
113
'server'= '**',
114 ##
SERVICE-SPECIFIC SECTION
115 # The
database name
116
'database' = 'phpbb3',
117 # The
database table
118
'table' = 'phpbbusers',
119 # The
user to connect to the database as
120 'user'
= 'phpbb3',
121 # The
password to use to connect with
122 'pass'
= '*',
123 # The
port to use to connect with (e.g. 3306)
124 'port'
= '3306',
125 # The
name of the Perl DBI driver to use (e.g. mysql)
126
'dbi_driver'= 'mysql',
127 # The
field in the table that holds usernames
128
'u_field' = 'username',
129 # The
field in the table that holds passwords
130
'p_field' = 'user_password',
131 # The
Perl package subroutine used to encrypt passwords
132 # e.g.
if the passwords are stored using the MySQL v3.23 PASSWORD
133 #
function, then you will need Crypt::MySQL::password, but for the
134 #
MySQL4+ password function you will need Crypt::MySQL::password41
135 #
Alternatively, you could use Digest::MD5::md5_hex or any other
136 #
encryption subroutine you can load in your perl installation
137
'p_enc_pkg' = 'Authen::Passphrase::PHPass',
138
'p_enc_sub' = 'cost',
139
#'p_enc_pkg' = 'Crypt::MySQL',
140
#'p_enc_sub' = 'password41',
141 # If
your p_enc_sub takes a salt as a second parameter,
142 #
uncomment this line to add your salt
143
#'p_salt'= 'SALT',
144
145 #
146 # The
field and values in the table that determines if a user should
147 # be
disabled. For example, if the field is 'user_status' and the values
148 # are
['0','1','2','disabled'] then the user will be disabled if their
149 #
user_status is set to '0','1','2' or the string 'disabled'.
150 #
Otherwise, they will be considered enabled.
151
'd_field' = 'disabled',
152
'd_values' = ['0'],
153 ## RT
ATTRIBUTE MATCHING SECTION
154 # The
list of RT attributes that uniquely identify a user
155
'attr_match_list' = [ 'Gecos',
156
'Name'
157
],
158 # The
mapping of RT attributes on to field names
159
'attr_map' = { 'Name' = 'username',
160
'EmailAddress' = 'user_email',
161
'ExternalAuthId' = 'username',
162
'Gecos' = 'user_id'
163
}
164 },
Best
Adrian
2011/11/15 Zefram zef...@fysh.org:
Adrian
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi,
DBI.pm
this is the place with p_enc_sub:
sub GetAuth {
my ($service, $username, $password) = @_;
my $config = $RT::ExternalSettings-{$service};
$RT::Logger-debug( Trying external auth service:,$service);
my $db_table= $config-{'table'};
my $db_u_field = $config-{'u_field'};
my $db_p_field = $config-{'p_field'};
my $db_p_enc_pkg= $config-{'p_enc_pkg'};
my $db_p_enc_sub= $config-{'p_enc_sub'};
my $db_p_salt = $config-{'p_salt'};
Place where the password is submitted to that method as a string parameter.
In my opinion could be here:
# Get the user's password from the database query result
my $pass_from_db = $results_hashref-{$username}-{$db_p_field};
# This is the encryption package subroutine passed in by the config file
$RT::Logger-debug( Encryption Package:,
$db_p_enc_pkg);
$RT::Logger-debug( Encryption Subroutine:,
$db_p_enc_sub);
# Use config info to auto-load the perl package needed for
password encryption
# I know it uses a string eval - but I don't think there's a
better way to do this
# Jump to next external authentication service on failure
eval require $db_p_enc_pkg or
$RT::Logger-error(AUTH FAILED, Couldn't Load Password
Encryption Package. Error: $@) return 0;
my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub);
if (defined($encrypt)) {
# If the package given can perform the subroutine given, then
use it to compare the
# password given with the password pulled from the database.
# Jump to the next external authentication service if they don't match
if(defined($db_p_salt)) {
$RT::Logger-debug(Using salt:,$db_p_salt);
if(${encrypt}-($password,$db_p_salt) ne $pass_from_db){
$RT::Logger-info( $service,
AUTH FAILED,
$username,
Password Incorrect);
return 0;
}
} else {
if(${encrypt}-($password) ne $pass_from_db){
$RT::Logger-info( $service,
AUTH FAILED,
$username,
Password Incorrect);
return 0;
}
}
} else {
# If the encryption package can't perform the request subroutine,
# dump an error and jump to the next external authentication service.
$RT::Logger-error($service,
AUTH FAILED,
The encryption package you gave me (,
$db_p_enc_pkg,
) does not support the encryption method
you specified (,
$db_p_enc_sub,
));
return 0;
}
But i'm not shure where exactly. And how I can convert string to hash.
I'm not familiar with perl ;/
Best
Adrian
2011/11/15 Zordrak zord...@tpa.me.uk:
Adrian Stel wrote:
Hi,
Can't use string (user password) as a HASH ref while strict refs
in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm
line 278.
Problem is with type of user password.
Still need to know where I should search.
Search for the text p_enc_sub. There's only one place it should be
defined and it will be very close to where the password is submitted to
that method as a string parameter.
--
Zordrak
zord...@tpa.me.uk
--
Pozdrawiam
Adrian Stelmaszyk
RT Training Sessions (http://bestpractical.com/services/training.html)
* Barcelona, Spain November 28 29, 2011
[rt-users] how to edit email for an existing user from command line.
Hi all, I have installed RT on centos 5.6 and added 70 users. Their email address is blank, and I am trying to edit their users via rt command. I have tried to use: rt edit users/XXX set EmailAddress-XXX@yyy And rt edit users/XXX set mailAddress-XXX@yyy But both did not change the Email address of that user. What am I missing? Regards, Ronen RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] how to edit email for an existing user from command line.
Never mind. I found it out. I added an extra s in rt edit users (instead of rt edit user/xxx). Ronen From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Amity, Ronen Sent: Wednesday, November 16, 2011 11:03 To: rt-users@lists.bestpractical.com Subject: [rt-users] how to edit email for an existing user from command line. Hi all, I have installed RT on centos 5.6 and added 70 users. Their email address is blank, and I am trying to edit their users via rt command. I have tried to use: rt edit users/XXX set EmailAddress-XXX@yyy And rt edit users/XXX set mailAddress-XXX@yyy But both did not change the Email address of that user. What am I missing? Regards, Ronen RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] ModifySelf on a group?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, there are some privileges, like ModifySelf, that seem to be only grant-able to single users, where it would be convenient to do it on a per-group basis. Am I wrong? If not, I'd like to know what's the rationale behind this - - I'm trying to let a group of users edit their RT at a Glance, but possibly I'm not getting it right. Thanks, G - -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOw5I0AAoJEAqigArPBfJXtlsH/1pm7S6IV7SLALVnapON0uk8 SBXZSHf061spSGoTwjuuIfWf8xhhl1C0zfWQLPnvWQ7hQdGu6GQxgk7K+Rojlnow 8RYue9m3hsQG2Y6LYmReMxYfFoLDlba+FqYA1GhVQVpUjkq+h9SyxAs5TZH6GLwg ZsGhCqUw0NpuW6C73j+S6+k1AIHsDyjnRMUNOoIVXlhuqtYlViKH5Ogq7Wknqhh8 ahLpP3StEc+a14EXLxwKVcZRef6lPMjMusQJTz674CKs+k2qpAQInVhqXhxdEEbQ Qj0qzai5wPDRajsO1OqQkJKaK2E0cRqTLImv68kIDWJx2pTuCFlPaFT8BUQ4HF8= =Sobo -END PGP SIGNATURE- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] ModifySelf on a group?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please ignore it - I was checking in the wrong bit of configuration. Apologies! G On 16/11/11 10:36, Giuseppe Sollazzo wrote: Hi there, there are some privileges, like ModifySelf, that seem to be only grant-able to single users, where it would be convenient to do it on a per-group basis. Am I wrong? If not, I'd like to know what's the rationale behind this - I'm trying to let a group of users edit their RT at a Glance, but possibly I'm not getting it right. Thanks, G - RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011 - -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOw5K5AAoJEAqigArPBfJXtusH/A+v0DRJonBvk+W4XsxaZk+I FET2eTsTCRh0mhEP2Q8JuKqXaxZI1GgESE27i6sEplpY+buhTOAJsaQNu4DcFv44 9H9zCUwRzhLnsK9pnYtI8SMN/6EiNHgGMD1G/M1Srys9syPqjFhYZHcwW1U5zlAr 1ePxzVmqmeDhoV5aUXHEczm/UjbeDkwitpEODxusFi6XWBHdagDK8jKGrpgGDiA9 Vwca3xw7OgX+N33oLTTUFrkZyI+Nx+tJN6MGX4p8pnA+d+lRS3T1Yqpnx0eBdMO3 G+UgTSEBCLHFqN3nBTmAV9ds5tbZrSs+REMYy6GznGhv75qIERkdShCN+Ds/c+o= =hR82 -END PGP SIGNATURE- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] Logging query terms in RT
Hi, I'm supporting an instance of RT, and have a requirement to log all queries made in RT by our users, including all terms used to create the query. I can capture the terms used in Simple Searches as part of a POST request within the Apache logs, so that problem is solved. But I can't find any mechanism for logging the terms used to build more complex queries in the Query Builder. I've turned on the Statement log, and all other logging, at 'info' level. However, RT still doesn't capture the information I need. The only place I've found this information stored at all is within the a_session longblob in the sessions table on the database - but it's not that nice to extract the individual terms from that. I've also looked on the Wiki and the forums without luck. Is there anything I'm missing here, or will this involve some customisation? I'm using version 3.8.9, on a MySQL version 5.1.52. Many thanks in advance, Guy Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems plc details of which can be found at http://www.baesystems.com/Businesses/index.htm. Detica Limited is a BAE Systems company trading as BAE Systems Detica. Detica Limited is registered in England and Wales under No: 1337451. Registered office: Surrey Research Park, Guildford, Surrey, GU2 7YP, England. RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] PHPass and Request Tracker
2011/11/16 Adrian Stel adisa...@gmail.com:
Hi,
perhaps this is stupid question but I'm not sure where I should put
this wrapper function ;/
I found in /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm
This is the right place ?
=head1 SYNOPSIS
use Authen::Passphrase::PHPass;
$ppr = Authen::Passphrase::PHPass-new(
cost = 10, salt = NaClNaCl,
hash_base64 = ObRxTm/.EiiYN02xUeAQs/);
$ppr = Authen::Passphrase::PHPass-new(
cost = 10, salt_random = 1,
passphrase = passphrase);
$ppr = Authen::Passphrase::PHPass-from_crypt(
'$P$8NaClNaClObRxTm/.EiiYN02xUeAQs/');
$ppr = Authen::Passphrase::PHPass-from_rfc2307(
'{CRYPT}$P$8NaClNaClObRxTm/.EiiYN02xUeAQs/');
$cost = $ppr-cost;
$cost_base64 = $ppr-cost_base64;
$cost = $ppr-nrounds_log2;
$cost_base64 = $ppr-nrounds_log2_base64;
$salt = $ppr-salt;
$hash = $ppr-hash;
$hash_base64 = $ppr-hash_base64;
if($ppr-match($passphrase)) { ...
$passwd = $ppr-as_crypt;
$userPassword = $ppr-as_rfc2307;
=head1 DESCRIPTION
Best
Adrian
2011/11/16 Zefram zef...@fysh.org:
Adrian Stel wrote:
'p_enc_pkg' = 'Authen::Passphrase::PHPass',
'p_enc_sub' = 'cost',
The comment above, the example below, and a bit of googling all show that
p_enc_pkg and p_enc_sub are together meant to name a hash function.
Your password string will be passed through the function, and the
resulting hash value is then managed by RT. The clearest example:
#'p_enc_pkg' = 'Crypt::MySQL',
#'p_enc_sub' = 'password41',
Crypt::MySQL::password41() is a function to which you pass a password
string and it returns a hash. For example, password41(hunter2) returns
*58815970BE77B3720276F63DB198B1FA42E5CC02.
Authen::Passphrase::PHPass::cost is not a hashing function. It's
not meant to be called as a standalone function at all. It's the
implementation of the -cost method on the Authen::Passphrase::PHPass
class, and so expects to be passed an A:P:PHPass object, not a string.
A:P:PHPass doesn't actually expose the hash function on its own, so you
can't use it this way.
In fact, the PHPass hash algorithm *can't* be properly used by RT,
because it takes a salt input, and apparently RT can't perform salting.
(There's a p_salt parameter, which appears to be a *fixed* salt, defeating
the purpose.)
You could write a wrapper function around A:P:PHPass that creates a
recogniser for a supplied password and then just extracts the hash.
The wrapper would have to fix the cost parameter and the salt. It looks
like this:
use Authen::Passphrase::PHPass ();
sub phpass_10_($) {
return Authen::Passphrase::PHPass-new(
cost=10,
passphrase=$_[0],
salt=,
)-hash_base64;
}
phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/. *This*
is a hash function and could be used by RT via p_enc_pkg and p_enc_sub.
It's a bit of an abstraction inversion to use A:P:PHPass just for
its hash function. If A:P:PHPass were wrapping some other module
that just provides the hash then I'd point you at the other module.
Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL.
But A:P:PHPass implements the hash itself. Also, if there were a module
exposing the PHPass algorithm on its own, you'd still have to write a
wrapper, because of the cost parameter that RT has no idea how to handle.
-zefram
--
Pozdrawiam
Adrian Stelmaszyk
--
Pozdrawiam
Adrian Stelmaszyk
RT Training Sessions (http://bestpractical.com/services/training.html)
* Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi,
I get some info from PHPass but I don't know how use it ;/ any
sugestion from your site ?
'p_enc_pkg' = 'Authen::Passphrase::PHPass',
'p_enc_sub' = 'cost',
The comment above, the example below, and a bit of googling all show that
p_enc_pkg and p_enc_sub are together meant to name a hash function.
Your password string will be passed through the function, and the
resulting hash value is then managed by RT. The clearest example:
#'p_enc_pkg' = 'Crypt::MySQL',
#'p_enc_sub' = 'password41',
Crypt::MySQL::password41() is a function to which you pass a password
string and it returns a hash. For example, password41(hunter2) returns
*58815970BE77B3720276F63DB198B1FA42E5CC02.
Authen::Passphrase::PHPass::cost is not a hashing function. It's
not meant to be called as a standalone function at all. It's the
implementation of the -cost method on the Authen::Passphrase::PHPass
class, and so expects to be passed an A:P:PHPass object, not a string.
A:P:PHPass doesn't actually expose the hash function on its own, so you
can't use it this way.
In fact, the PHPass hash algorithm *can't* be properly used by RT,
because it takes a salt input, and apparently RT can't perform salting.
(There's a p_salt parameter, which appears to be a *fixed* salt, defeating
the purpose.)
You could write a wrapper function around A:P:PHPass that creates a
recogniser for a supplied password and then just extracts the hash.
The wrapper would have to fix the cost parameter and the salt. It looks
like this:
use Authen::Passphrase::PHPass ();
sub phpass_10_($) {
return Authen::Passphrase::PHPass-new(
cost=10,
passphrase=$_[0],
salt=,
)-hash_base64;
}
phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/. *This*
is a hash function and could be used by RT via p_enc_pkg and p_enc_sub.
It's a bit of an abstraction inversion to use A:P:PHPass just for
its hash function. If A:P:PHPass were wrapping some other module
that just provides the hash then I'd point you at the other module.
Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL.
But A:P:PHPass implements the hash itself. Also, if there were a module
exposing the PHPass algorithm on its own, you'd still have to write a
wrapper, because of the cost parameter that RT has no idea how to handle.
2011/11/16 Adrian Stel adisa...@gmail.com:
Hi,
DBI.pm
this is the place with p_enc_sub:
sub GetAuth {
my ($service, $username, $password) = @_;
my $config = $RT::ExternalSettings-{$service};
$RT::Logger-debug( Trying external auth service:,$service);
my $db_table = $config-{'table'};
my $db_u_field = $config-{'u_field'};
my $db_p_field = $config-{'p_field'};
my $db_p_enc_pkg = $config-{'p_enc_pkg'};
my $db_p_enc_sub = $config-{'p_enc_sub'};
my $db_p_salt = $config-{'p_salt'};
Place where the password is submitted to that method as a string parameter.
In my opinion could be here:
# Get the user's password from the database query result
my $pass_from_db = $results_hashref-{$username}-{$db_p_field};
# This is the encryption package subroutine passed in by the config file
$RT::Logger-debug( Encryption Package:,
$db_p_enc_pkg);
$RT::Logger-debug( Encryption Subroutine:,
$db_p_enc_sub);
# Use config info to auto-load the perl package needed for
password encryption
# I know it uses a string eval - but I don't think there's a
better way to do this
# Jump to next external authentication service on failure
eval require $db_p_enc_pkg or
$RT::Logger-error(AUTH FAILED, Couldn't Load Password
Encryption Package. Error: $@) return 0;
my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub);
if (defined($encrypt)) {
# If the package given can perform the subroutine given, then
use it to compare the
# password given with the password pulled from the database.
# Jump to the next external authentication service if they don't match
if(defined($db_p_salt)) {
$RT::Logger-debug(Using salt:,$db_p_salt);
if(${encrypt}-($password,$db_p_salt) ne $pass_from_db){
$RT::Logger-info( $service,
AUTH FAILED,
$username,
Password Incorrect);
return 0;
}
} else {
if(${encrypt}-($password) ne $pass_from_db){
$RT::Logger-info( $service,
AUTH FAILED,
$username,
Password Incorrect);
return 0;
}
}
} else {
# If the encryption
Re: [rt-users] Categories are based on... How to handle the same value for multiple parent categories
Just a final note on this - After doing some more investigation, it seems
that while Request Tracker doesn't restrict you from creating 2 (or more)
drop down values at the same level with the same string value, it also
does't use the record ID to filter subsequent drop downs either. - it uses
the string value to filter subsequent values. This means if you have 3
fields that filter you end up with a mess of child values that may not
relate to the parent value anyway.
So it seems that adding a prefix or suffix to the text of the drop down
value is the only way to achieve what I had wanted.
On Mon, Nov 14, 2011 at 8:28 PM, Josh Narins jnar...@seniorbridge.comwrote:
The array of names is get-at-able with keys %seen
*From*: Jim Lesinski [mailto:jim.lesin...@gmail.com]
*Sent*: Monday, November 14, 2011 08:19 PM
*To*: Josh Narins
*Cc*: rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com
*Subject*: Re: [rt-users] Categories are based on... How to handle the
same value for multiple parent categories
Right, but I think then I'd have to build an array of names and then
iterate through that second array to output the option values. I am not
sure which would be more efficient but there is probably a better way to do
it.
Either way the result of the code would be ideally added to the base code,
but not necessarily my personal code :)
Thanks,
Jim Lesinski
On Nov 14, 2011, at 7:10 PM, Josh Narins jnar...@seniorbridge.com wrote:
I don't know anything about your patch, but with Perl, it is more
common to write something like...
next if $seen{ $value-Name }++;
*From*: Jim Lesinski [mailto:jim.lesin...@gmail.com]
*Sent*: Monday, November 14, 2011 07:06 PM
*To*: rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com
*Subject*: Re: [rt-users] Categories are based on... How to handle the
same value for multiple parent categories
I had some time after work to code up a possible solution for the
searchbuilder. I am new to perl so feel free to correct me.
Below is a snippet of code from /html/Elements/SelectCustomFieldValue,
starting at line 48. I have added my name after the lines I added to make
the search builder drop down show only unique string values. It would be
super cool if this made it into the base code.
% $m-callback( Name = $Name, CustomField = $CustomField );
% if ($CustomField-Type =~ /Select/i) {
% my $values = $CustomField-Values;
% my %seen = ();# Jim Lesinski
select name=%$Name%
option value= selected=selected-/option
option value=NULL|/l(no value)//option
% while (my $value = $values-Next) {
%unless ($seen{$value-Name}){# Jim Lesinski
option value=%$value-Name%%$value-Name%/option
% $seen{$value-Name} = 1;# Jim Lesinski
%}# Jim Lesinski
% }
/select
% }
% else {
input name=%$Name% size=20 /
% }
On Mon, Nov 14, 2011 at 2:09 PM, Jim Lesinski jim.lesin...@gmail.comwrote:
I wouldn't think that the searchbuilder would show the same string value
though if you have the value occurring multiple times based on a parent
field. In my example below the value softwarename1.1 will show up in the
searchbuilder each time I have entered it for that field.
What I was suggesting is that one way to handle this would be to make the
searchbuilder page only add a string value if that string value doesn't
exist in the values already. That seems like the simplest was to avoid the
same value from showing up several times in the searchbuilder.
Right now what happens is, you end up with 4 Password Reset Values in
the example below. This also would create 4 Password Reset in the
searchbuilder dropdown, which works because the search is based on the
String value and not the ID of the record.
* Active Directory
* Password Reset
* TimeSheet
* Password Reset
* TestDomain
* Password Reset
* Whatever
* Password Reset
Just a suggestion... but an excellent way to handle it may be to add
functionality to the Categories are based on drop down so that you select
the parent field first, and then select each value that the current value
is visible for. This would let you have a more flexible relationship for
building the hierarchy.
Then you could select Field1 as the Parent for Field2, but also specify
that Field2.Value1 would be an option when you select Field1.Value1,
Field1.Value3, Field1.Value4, Field1.Value7 - etc.
On Mon, Nov 14, 2011 at 10:53 AM, Kevin Falcone
falc...@bestpractical.com wrote:
On Fri, Nov 11, 2011 at 03:01:18PM -0500, Jim Lesinski wrote:
Hi,
In request tracker, how would you recommend setting up your
dependent drop down lists that
have a consistent drop down value for multiple parent values?
Below, under the 1st level
Administration value, I show an example of what I am asking about.
If you use the 'Categories are based on' feature in later 3.8 and 4.0
you'll get much better search options than typing
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hello,
I didn't read full thread, but long time ago I talked with zordrak
about how password checking is wrong and not flexible. The current set
of options is not suitable for many cases. I've cooked a patch [1].
The following config with patched extension can check any format
supported by Authen::Passphrase framework:
...
p_check = sub {
my ($hash, $pass) = @_;
use Authen::Passphrase;
return Authen::Passphrase-from_crypt($hash || '*')-match($pass);
},
...
Above covers HASH schemes described in [2]. If stored hash doesn't
have $schema$ prefix then code needs a little bit of change.
However, I didn't test the patch.
[1]
https://github.com/bestpractical/rt-authen-externalauth/commit/22ba2bfa8d59a00354712e63daaa5d622e39cf4d
[2]
http://search.cpan.org/~zefram/Authen-Passphrase-0.007/lib/Authen/Passphrase.pm#CONSTRUCTORS
On Wed, Nov 16, 2011 at 4:27 PM, Adrian Stel adisa...@gmail.com wrote:
Hi,
I get some info from PHPass but I don't know how use it ;/ any
sugestion from your site ?
'p_enc_pkg' = 'Authen::Passphrase::PHPass',
'p_enc_sub' = 'cost',
The comment above, the example below, and a bit of googling all show that
p_enc_pkg and p_enc_sub are together meant to name a hash function.
Your password string will be passed through the function, and the
resulting hash value is then managed by RT. The clearest example:
#'p_enc_pkg' = 'Crypt::MySQL',
#'p_enc_sub' = 'password41',
Crypt::MySQL::password41() is a function to which you pass a password
string and it returns a hash. For example, password41(hunter2) returns
*58815970BE77B3720276F63DB198B1FA42E5CC02.
Authen::Passphrase::PHPass::cost is not a hashing function. It's
not meant to be called as a standalone function at all. It's the
implementation of the -cost method on the Authen::Passphrase::PHPass
class, and so expects to be passed an A:P:PHPass object, not a string.
A:P:PHPass doesn't actually expose the hash function on its own, so you
can't use it this way.
In fact, the PHPass hash algorithm *can't* be properly used by RT,
because it takes a salt input, and apparently RT can't perform salting.
(There's a p_salt parameter, which appears to be a *fixed* salt, defeating
the purpose.)
You could write a wrapper function around A:P:PHPass that creates a
recogniser for a supplied password and then just extracts the hash.
The wrapper would have to fix the cost parameter and the salt. It looks
like this:
use Authen::Passphrase::PHPass ();
sub phpass_10_($) {
return Authen::Passphrase::PHPass-new(
cost=10,
passphrase=$_[0],
salt=,
)-hash_base64;
}
phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/. *This*
is a hash function and could be used by RT via p_enc_pkg and p_enc_sub.
It's a bit of an abstraction inversion to use A:P:PHPass just for
its hash function. If A:P:PHPass were wrapping some other module
that just provides the hash then I'd point you at the other module.
Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL.
But A:P:PHPass implements the hash itself. Also, if there were a module
exposing the PHPass algorithm on its own, you'd still have to write a
wrapper, because of the cost parameter that RT has no idea how to handle.
2011/11/16 Adrian Stel adisa...@gmail.com:
Hi,
DBI.pm
this is the place with p_enc_sub:
sub GetAuth {
my ($service, $username, $password) = @_;
my $config = $RT::ExternalSettings-{$service};
$RT::Logger-debug( Trying external auth service:,$service);
my $db_table = $config-{'table'};
my $db_u_field = $config-{'u_field'};
my $db_p_field = $config-{'p_field'};
my $db_p_enc_pkg = $config-{'p_enc_pkg'};
my $db_p_enc_sub = $config-{'p_enc_sub'};
my $db_p_salt = $config-{'p_salt'};
Place where the password is submitted to that method as a string parameter.
In my opinion could be here:
# Get the user's password from the database query result
my $pass_from_db = $results_hashref-{$username}-{$db_p_field};
# This is the encryption package subroutine passed in by the config file
$RT::Logger-debug( Encryption Package:,
$db_p_enc_pkg);
$RT::Logger-debug( Encryption Subroutine:,
$db_p_enc_sub);
# Use config info to auto-load the perl package needed for
password encryption
# I know it uses a string eval - but I don't think there's a
better way to do this
# Jump to next external authentication service on failure
eval require $db_p_enc_pkg or
$RT::Logger-error(AUTH FAILED, Couldn't Load Password
Encryption Package. Error: $@) return 0;
my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub);
if (defined($encrypt)) {
# If the package given can perform the
[rt-users] Slowness when loading tickets created via a certain FAX to email service
Running RT4.0.2 with perl5.12.2, Oracle 10g, RHEL5 and httpd-2.2.16. Browser is IE7. We are using EasyLink's Fax to E-mail service and the faxes are attached as a PDF to an email which are sent to a queue. I'm looking at one ticket with 135b of email and 110k of a PDF attachment and the page is taking in excess of 40 seconds to load. It spends most of that time with the menubar, ticket number, the New Ticket button and search widget visible, and the rest of the screen is the blue gradient. Most operations on this ticket also take upwards of 40 seconds. For comparison, a normal ticket takes 2-3 seconds to load and render. We have other attachments, PDFs too, which are larger, but have no problems. This is a set of the headers from the bad ticket, maybe that's part of the problem? Everything in the tickets and transactions tables looks identical between regular and slow-loading tickets. I'm using [...] for some long digit phrases in the headers below. From opera...@netmoves.com Tue Nov 15 15:40:58 2011 MIME-Version: 1.0 X-PSTN-Levels: (S:99.9/99.9 CV: 3.9146 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) X-R5basetid: 0240445113197438900 Content-Type: multipart/mixed; boundary=Boundary-=_fiFHvHhtMAxqDVNRChqtZGovSJJn Message-ID: 0240201113197444900.[...]0.0240445113197438...@pfc1a.ps.easylink.com Reply-To: supp...@easylink.com X-Nva_ps: 3 X-PSTN-Addresses: from supp...@easylink.com forward (org good) [db-null] Received: from MS3.nyc.seniorbridgeinternal.com (ms.mycompany.com [192.168.0.13]) by mycompany.com (Postfix) with ESMTP id 038A2DD809E for account...@rt.mycompany.com; Tue, 15 Nov 2011 15:40:58 -0500 (EST) Received: from psmtp.com (74.125.149.94) by ms.mycompany.com (192.168.0.13) with Microsoft SMTP Server (TLS) id 8.3.159.2; Tue, 15 Nov 2011 15:40:58 -0500 Received: from ohrelay1.oh.easylink.com ([165.251.70.60]) (using TLSv1) by na3sys009amx168.postini.com ([74.125.148.10]) with SMTP; Tue, 15 Nov 2011 20:40:57 GMT Received: from pfc1a.ps.easylink.com (pfc1a.ps.easylink.com [165.251.35.5]) by ohrelay1.oh.easylink.com (8.14.3/8.14.3) with ESMTP id pAFKesXa021416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for account...@mycompany.com; Tue, 15 Nov 2011 15:40:55 -0500 (EST) Received: from pfc1a.ps.easylink.com (localhost [127.0.0.1])by pfc1a.ps.easylink.com (8.13.8/8.13.8) with ESMTP id pAFKescm030764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)for account...@mycompany.com; Tue, 15 Nov 2011 15:40:54 -0500 Received: (from operator@localhost) by pfc1a.ps.easylink.com (8.13.8/8.13.8/Submit) id pAFKespN030763; Tue, 15 Nov 2011 15:40:54 -0500 Delivered-To: account...@mycompany.com Subject: Fax From: 0240[...]900 Return-Path: opera...@netmoves.com X-Original-To: account...@mycompany.com X-PSTN-Neptune: 2/2/1.00/92 Date: Tue, 15 Nov 2011 15:39:49 -0500 X-PSTN-Settings: 2 (0.5000:0.5000) s CV gt3 gt2 gt1 To: account...@mycompany.com From: supp...@easylink.com Content-Length: 0 357362 content-type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: ascii Content-Length: 135 Josh Narins Director of Application Development SeniorBridge 845 Third Ave 7th Floor New York, NY 10022 Tel: (212) 994-6194 Fax: (212) 994-4260 Mobile: (917) 488-6248 jnar...@seniorbridge.com seniorbridge.comhttp://www.seniorbridge.com/ [http://www.seniorbridge.com/images/seniorbridgedisclaimerTAG.gif] SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you. RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] Disable merge feature for one queue
Dear community, I would like to know if there is a way to disable or avoid the merge tickets features in Request Tracker for one queue only ? Thanks for your help, Tanguy RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] ExternalAuth error messages in 4.0.4
On Tue, Nov 15, 2011 at 09:47:24AM +0200, Joosep wrote: I'm trying to install a ExternalAuth module in the test environment to prepare for the live system upgrade. Test environment is a snapshot of the live system that i have upgraded from 3.8.10 to 4.0.4(no problems there). Module installs and authentication works. Users are able to login, but there are following errors in the log: Those look like warnings, not errors. There are some warnings cleanups in the git repository that haven't been released yet. -kevin pgpGRLIuIgAp5.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Autocreate unprivileged users
On Tue, Nov 15, 2011 at 03:00:42PM -0800, Yan Seiner wrote: I have 4.0.2 set up to autocreate privileged users authenticated through LDAP. I'm pretty sure I had 3.8.10 set up to autocreate unprivileged users who did not authenticate through LDAP. I can't figure out how to do this in 4.0.2. In other words, the functionality I need is: A user tries to log on, RT authenticates him through LDAP, and the user is created as privileged. This works. An unknown user sends email in to the system, either in reply to an existing ticket or to one of the queues we have set up for external interaction. The system should accept the email and autocreate the user as unprivileged. This gets rejected with RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for this email [email follows] How do I do this? I can't find a setting for this. You might need to flip the config about AutoCreation which is part of RT-Authen-ExternalAuth -kevin pgpLvyeoilKTa.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Auto create externally authenticated users and put them into specific groups
On Tue, Nov 15, 2011 at 05:18:15PM -0700, Chris Robison wrote: Is there a way to put automatically created externally authenticated users and into specific groups as they are being created? You don't say how you're externally authenticating, but you can't do that with the $AutoCreate config unfortunately. If you're authenticating against LDAP, you could use RT-Extension-LDAPImport to bring in groups and users. -kevin pgpCBN8OwQKAC.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Slowness when loading tickets created via a certain FAX to email service
On Wed, Nov 16, 2011 at 10:26:19AM -0500, Josh Narins wrote: Running RT4.0.2 with perl5.12.2, Oracle 10g, RHEL5 and httpd-2.2.16. Browser is IE7. We are using EasyLink's Fax to E-mail service and the faxes are attached as a PDF to an email which are sent to a queue. I'm looking at one ticket with 135b of email and 110k of a PDF attachment and the page is taking in excess of 40 seconds to load. It spends most of that time with the menubar, ticket number, the New Ticket button and search widget visible, and the rest of the screen is the blue gradient. Most operations on this ticket also take upwards of 40 seconds. For comparison, a normal ticket takes 2-3 seconds to load and render. We have other attachments, PDFs too, which are larger, but have no problems. This is a set of the headers from the bad ticket, maybe that's part of the problem? Everything in the tickets and transactions tables looks identical between regular and slow-loading tickets. I'm using [...] for some long digit phrases in the headers below. You probably want to use MasonX::Profiler (as documented in the config) and StatementLog + Configuration - Tools - SQL Queries to determine what is actually slow on the page. -kevin From opera...@netmoves.com Tue Nov 15 15:40:58 2011 MIME-Version: 1.0 X-PSTN-Levels: (S:99.9/99.9 CV: 3.9146 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) X-R5basetid: 0240445113197438900 Content-Type: multipart/mixed; boundary=Boundary-=_fiFHvHhtMAxqDVNRChqtZGovSJJn Message-ID: 0240201113197444900.[...]0.0240445113197438...@pfc1a.ps.easylink.com Reply-To: supp...@easylink.com X-Nva_ps: 3 X-PSTN-Addresses: from supp...@easylink.com forward (org good) [db-null] Received: from MS3.nyc.seniorbridgeinternal.com (ms.mycompany.com [192.168.0.13]) by mycompany.com (Postfix) with ESMTP id 038A2DD809E for account...@rt.mycompany.com; Tue, 15 Nov 2011 15:40:58 -0500 (EST) Received: from psmtp.com (74.125.149.94) by ms.mycompany.com (192.168.0.13) with Microsoft SMTP Server (TLS) id 8.3.159.2; Tue, 15 Nov 2011 15:40:58 -0500 Received: from ohrelay1.oh.easylink.com ([165.251.70.60]) (using TLSv1) by na3sys009amx168.postini.com ([74.125.148.10]) with SMTP; Tue, 15 Nov 2011 20:40:57 GMT Received: from pfc1a.ps.easylink.com (pfc1a.ps.easylink.com [165.251.35.5]) by ohrelay1.oh.easylink.com (8.14.3/8.14.3) with ESMTP id pAFKesXa021416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for account...@mycompany.com; Tue, 15 Nov 2011 15:40:55 -0500 (EST) Received: from pfc1a.ps.easylink.com (localhost [127.0.0.1])by pfc1a.ps.easylink.com (8.13.8/8.13.8) with ESMTP id pAFKescm030764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)for account...@mycompany.com; Tue, 15 Nov 2011 15:40:54 -0500 Received: (from operator@localhost) by pfc1a.ps.easylink.com (8.13.8/8.13.8/Submit) id pAFKespN030763; Tue, 15 Nov 2011 15:40:54 -0500 Delivered-To: account...@mycompany.com Subject: Fax From: 0240[...]900 Return-Path: opera...@netmoves.com X-Original-To: account...@mycompany.com X-PSTN-Neptune: 2/2/1.00/92 Date: Tue, 15 Nov 2011 15:39:49 -0500 X-PSTN-Settings: 2 (0.5000:0.5000) s CV gt3 gt2 gt1 To: account...@mycompany.com From: supp...@easylink.com Content-Length: 0 357362 content-type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 7bit X-RT-Original-Encoding: ascii Content-Length: 135 Josh Narins Director of Application Development SeniorBridge 845 Third Ave 7th Floor New York, NY 10022 Tel: (212) 994-6194 Fax: (212) 994-4260 Mobile: (917) 488-6248 jnar...@seniorbridge.com [1]seniorbridge.com [2]SeniorBridge -- SeniorBridge Statement of Confidentiality: The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you. References Visible links 1. http://www.seniorbridge.com/ RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain ? November 28 29, 2011 pgpk8dhDv8Xyp.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain
Re: [rt-users] Autocreate unprivileged users
Yes, I simply overlooked this the other day as well. Just posted maybe two days back and then realized my overlook immediately: Set($AutoCreateNonExternalUsers,1); As Kevin rightfully stated, this is part of the RT-Authen-ExternalAuth plugin. I'm using LDAP, but have some requestors that aren't in our AD, so this fixed it for me. Hope this helps! -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone Sent: Wednesday, November 16, 2011 10:55 AM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Autocreate unprivileged users On Tue, Nov 15, 2011 at 03:00:42PM -0800, Yan Seiner wrote: I have 4.0.2 set up to autocreate privileged users authenticated through LDAP. I'm pretty sure I had 3.8.10 set up to autocreate unprivileged users who did not authenticate through LDAP. I can't figure out how to do this in 4.0.2. In other words, the functionality I need is: A user tries to log on, RT authenticates him through LDAP, and the user is created as privileged. This works. An unknown user sends email in to the system, either in reply to an existing ticket or to one of the queues we have set up for external interaction. The system should accept the email and autocreate the user as unprivileged. This gets rejected with RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for this email [email follows] How do I do this? I can't find a setting for this. You might need to flip the config about AutoCreation which is part of RT-Authen-ExternalAuth -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Disable merge feature for one queue
On Wed, Nov 16, 2011 at 04:03:17PM +, tanguy.lag...@bt.com wrote: I would like to know if there is a way to disable or avoid the merge tickets features in Request Tracker for one queue only ? Use a callback or overlay and use the current Ticket object to determine what queue you're operating in. -kevin pgp0srVL9nY17.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] External Auth (LDAP) and Mail Attribute
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone
Sent: Wednesday, November 16, 2011 11:54 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External Auth (LDAP) and Mail Attribute
On Tue, Nov 15, 2011 at 03:21:22PM -0500, Thomas Misilo wrote:
Also - to be clear, you're concentrating on the part of the code that checks
to see if a user exists. You're not looking at the later queries that
*actually* sync the data.
-kevin
Okay, I have looked through and checked everything but I cannot any
errors in rt.log
I see this line: [Tue Nov 15 20:19:22 2011] [debug]: Authentication
successful. Now updating user information and attempting login.
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:179)
but it doesn't talk about any of my mappings.
Unfortunately, we haven't seen a full config or log so it's really hard to
comment on what's happening.
-kevin
Full Config:
# Any configuration directives you include here will override
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
# perl -c /path/to/your/etc/RT_SiteConfig.pm
#
# You must restart your webserver after making changes to this file.
Set( $rtname, 'Evans Library');
Set($Organization, url.tld);
Set($WebDomain, url.tld);
Set($WebPort, 80);
Set($WebPath, /rt);
Set($DatabaseHost, sqlserver.tld);
Set($DatabaseRTHost, url.tld);
Set($DatabaseUser, rt4);
Set($DatabasePassword, q{hello});
Set($DatabaseName, q{rt4});
Set($OwnerEmail, 'ow...@url.tld');
Set($LogToSyslog, debug);
Set($LogToScreen, debug);
Set($LogToFile, debug);
Set($CanonicalizeOnCreate, 1);
Set($ValidateUserEmailAddresses, 1);
Set($AutoCreateNonExternalUsers,1);
Set($ExternalAuthPriority, [ 'AD'
]
);
Set($ExternalAuthPriority, [ 'AD'
]
);
Set($ExternalSettings, {
'AD' = {
'type' = 'ldap',
'server'= 'ad.tld',
'user' = 'CN=user,OU=Group User
Accounts,OU=Groups,DC=ad,DC=tld',
'pass'= 'bindingpassword',
'base' = 'DC=ad,DC=tld',
# The filter to use to match RT-Users
'filter'= '(objectClass=*)',
'd_filter' =
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
# Should we try to use TLS to encrypt connections?
'tls' = 0,
# SSL Version to provide to Net::SSLeay *if* using SSL
'ssl_version' = 3,
# What other args should I pass to
Net::LDAP-new($host,@args)?
'net_ldap_args' = [version = 3 ],
# Does authentication depend on group membership? What
group name?
#'group' = 'Internal Site Access',
# What is the attribute for the group object that
determines membership?
#'group_attr'= 'memberOf',
## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a
user
# This example shows what you *can* specify.. I
recommend reducing this
# to just the Name and EmailAddress to save
encountering problems later.
'attr_match_list' = ['Name',
'EmailAddress'
],
# The mapping of RT attributes on to LDAP attributes
'attr_map' = { 'Name' =
'sAMAccountName',
'EmailAddress' =
'mail',
'Organization' =
'physicalDeliveryOfficeName',
'RealName' =
'displayName',
'ExternalContactInfoId' = 'dn',
'ExternalAuthId' =
'sAMAccountName',
Re: [rt-users] External Auth (LDAP) and Mail Attribute
On Wed, Nov 16, 2011 at 12:28:05PM -0500, Thomas Misilo wrote: Set($ExternalAuthPriority, [ 'AD' ] ); Set($ExternalAuthPriority, [ 'AD' ] ); Those are the same config setting twice, you haven't set InfoPriority so it'll never sync data. -kevin pgp7f3wBk4PuX.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] External Auth (LDAP) and Mail Attribute
-Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone Sent: Wednesday, November 16, 2011 12:49 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] External Auth (LDAP) and Mail Attribute On Wed, Nov 16, 2011 at 12:28:05PM -0500, Thomas Misilo wrote: Set($ExternalAuthPriority, [ 'AD' ] ); Set($ExternalAuthPriority, [ 'AD' ] ); Those are the same config setting twice, you haven't set InfoPriority so it'll never sync data. -kevin Thanks Kevin. Didn't even realize I copied the same line twice. Everything seems to be working great now! Tom RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] Specify Default Requestor
Hello, Is it possible to set the requestor to the user submitting the ticket by default? As I am trying to use the self service page, but after submitting the ticket it doesn't show up, as there is no requestor set. Thanks, Tom RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] ExternalAuth error messages in 4.0.4
Hi Kevin! Thanks for the info. Joosep On Wed, Nov 16, 2011 at 6:53 PM, Kevin Falcone falc...@bestpractical.comwrote: On Tue, Nov 15, 2011 at 09:47:24AM +0200, Joosep wrote: I'm trying to install a ExternalAuth module in the test environment to prepare for the live system upgrade. Test environment is a snapshot of the live system that i have upgraded from 3.8.10 to 4.0.4(no problems there). Module installs and authentication works. Users are able to login, but there are following errors in the log: Those look like warnings, not errors. There are some warnings cleanups in the git repository that haven't been released yet. -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Specify Default Requestor
On 11/16/2011 01:35 PM, Thomas Misilo wrote: Hello, Is it possible to set the requestor to the user submitting the ticket by default? As I am trying to use the self service page, but after submitting the ticket it doesn’t show up, as there is no requestor set. The behaviour you want is the default. Your user probably doesn't have an email address. Thomas RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] fetchmailrc
Using fetchmail for 1st time to collect mail from an Exchange server. Exchange 2010 RT 4.0.1 Centos 5.7 fetchmail release 6.3.21+HESIOD+NLS. Here's my /opt/rt4/etc/fetchmailrc: poll mail.domain.com proto pop3: user trackrequests there with password 'cleverly removed' is kiss here mda /opt/rt4/bin/rt-mailgate --url http://xtracker.domain.com. --queue General --action correspond When I invoke fetchmail -f /opt/rt4/etc/fetchmailrc, it appends @mail.domain.com to the username, whereas the correct user is trackreque...@domain.commailto:trackreque...@domain.com. If I specify user trackreque...@domain.commailto:trackreque...@domain.com in the fetchmailrc file, then fetchmail turns it into trackreque...@domain.com@mail.domain.commailto:trackreque...@domain.com@mail.domain.com. For example: [root@xtracker ~]# fetchmail -f /opt/rt4/etc/fetchmailrc fetchmail: WARNING: Running as root is discouraged. fetchmail: Authorization failure on trackreque...@domain.com@mail.domain.com fetchmail: Query status=3 (AUTHFAIL) I've googled for an answer, but haven't stumbled across it yet. Thanks for any help, Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] fetchmailrc
On Wed, Nov 16, 2011 at 20:49, mja...@guesswho.com wrote: When I invoke fetchmail –f /opt/rt4/etc/fetchmailrc, it appends “@mail.domain.com” to the username, whereas the correct user is trackreque...@domain.com. ---SNIP--- [root@xtracker ~]# fetchmail -f /opt/rt4/etc/fetchmailrc fetchmail: WARNING: Running as root is discouraged. fetchmail: Authorization failure on trackreque...@domain.com@mail.domain.com That's just the logging, it doesn't actually pass the @mail.example.com as part of the username. It is there so you can differentiate problems logging in to multiple accounts on different mail servers. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Logging query terms in RT
On Wed, Nov 16, 2011 at 06:14:02PM -, Jeffery, Guy wrote: Thanks for the response, DB logging might be the way I have to go. Oddly, StatementLog doesn't log anything when submitting a query from Query Builder. Doesn't even log that the database was hit at all. I was equally curious about this! Setting it to 'info' requires you to have your log system set to log 'info'. Try temporarily setting it to 'error'. Also, keep in mind that StatementLog is a performance hit. On RT4 you can see the statement log for your session in the UI under Tools. -kevin -- From: rt-users-boun...@lists.bestpractical.com on behalf of Kevin Falcone Sent: Wed 16/11/2011 16:57 To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Logging query terms in RT On Wed, Nov 16, 2011 at 10:42:05AM -, Jeffery, Guy wrote: Hi, I'm supporting an instance of RT, and have a requirement to log all queries made in RT by our users, including all terms used to create the query. I can capture the terms used in Simple Searches as part of a POST request within the Apache logs, so that problem is solved. But I can't find any mechanism for logging the terms used to build more complex queries in the Query Builder. I've turned on the Statement log, and all other logging, at 'info' level. However, RT still doesn't capture the information I need. The only place I've found this information stored at all is within the a_session longblob in the sessions table on the database - but it's not that nice to extract the individual terms from that. I've also looked on the Wiki and the forums without luck. This would be easier to do at the database level. It'll be too many queries, but StatementLog will log too many queries also. I'm curious why StatementLog isn't sufficient. pgpVUdOTfxEEQ.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Public articles
On Wed, Nov 16, 2011 at 11:08:06AM -0700, Chris Robison wrote: Is there a way to make articles public? Unfortunately no Or, if not, is there a way to allow unprivileged users to see all articles available to them rather than have them search for something? Unfortunately no -kevin pgpFkmrnL6ogT.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] fetchmailrc
Thanks for the quick reply, now to figure out why I get the AUTHFAIL. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Rob MacGregor Sent: Wednesday, November 16, 2011 4:00 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] fetchmailrc On Wed, Nov 16, 2011 at 20:49, mja...@guesswho.com wrote: When I invoke fetchmail –f /opt/rt4/etc/fetchmailrc, it appends “@mail.domain.com” to the username, whereas the correct user is trackreque...@domain.com. ---SNIP--- [root@xtracker ~]# fetchmail -f /opt/rt4/etc/fetchmailrc fetchmail: WARNING: Running as root is discouraged. fetchmail: Authorization failure on trackreque...@domain.com@mail.domain.com That's just the logging, it doesn't actually pass the @mail.example.com as part of the username. It is there so you can differentiate problems logging in to multiple accounts on different mail servers. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] fetchmailrc
Shouldnt you have s around your user name? the only difference I have in mine is user username pass password to user here tho our mailserver auths with full domain. On 11/16/2011 12:49 PM, mja...@guesswho.com wrote: Using fetchmail for 1^st time to collect mail from an Exchange server. Exchange 2010 RT 4.0.1 Centos 5.7 fetchmail release 6.3.21+HESIOD+NLS. Here's my /opt/rt4/etc/fetchmailrc: poll mail.domain.com proto pop3: user trackrequests there with password 'cleverly removed' is kiss here mda /opt/rt4/bin/rt-mailgate --url http://xtracker.domain.com. --queue General --action correspond When I invoke fetchmail --f /opt/rt4/etc/fetchmailrc, it appends @mail.domain.com to the username, whereas the correct user is trackreque...@domain.com mailto:trackreque...@domain.com. If I specify user trackreque...@domain.com mailto:trackreque...@domain.com in the fetchmailrc file, then fetchmail turns it into trackreque...@domain.com@mail.domain.com mailto:trackreque...@domain.com@mail.domain.com. For example: [root@xtracker ~]# fetchmail -f /opt/rt4/etc/fetchmailrc fetchmail: WARNING: Running as root is discouraged. fetchmail: Authorization failure on trackreque...@domain.com@mail.domain.com fetchmail: Query status=3 (AUTHFAIL) I've googled for an answer, but haven't stumbled across it yet. Thanks for any help, Mike RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain --- November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] Multiple Groups to Check
Is it possible to check multiple groups in the LDAP configuration line group? Thanks, Tom RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] Scrip to check who updated a CustomField
I have scrips that will check the value of a custom field and perform actions based on it. But what I can't seem to figure out is how to show who made the custom field change. Specifically, I'm trying to compare who updated 2 custom fields. I have a case where I have a group of users allowed to change these 2 fields, but the same user isn't allowed to change both. So I need to compare who changed the 2 fields, and if they're the same user, perform an action (ie: set ticket stalled or email adminCC's or whatever). I'm pretty new to object oriented programming (especially under Perl), but it looks like I should be able to check LastUpdatedBy; I'm just not sure how. Thanks! RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Multiple Groups to Check
On Wed, Nov 16, 2011 at 05:13:00PM -0500, Thomas Misilo wrote: Is it possible to check multiple groups in the LDAP configuration line group? I assume you're talking about the RT-Authen-ExternalAuth extension. Someone submitted a patch for that, it's sitting in the rt.cpan.org queue with some comments from me. -kevin pgpmShn1UL9ku.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] RTx::BecomeUser for 4.x available
I posted a link to the updated BecomeUser extension on the wiki, but here is a direct download: http://cpan.perl.org/authors/id/C/CF/CFALLEN/RTx-BecomeUser-1.2_1.tar.gz The old extension for for 3.8 and wouldn't work at all in 4.x. This one is for 4.x only and will not work in 3.x. Allen RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] turning off automated e-mails
Tom, Also, you can disable ALL the Global notification scrips and just create what you want at the Queue level. The option to select whether you want an email to go out, with the default being NO, is not there, that I know of. However, if it is really that important, ask BP what it would cost to modify your version for you. Kenn LBNL On Tue, Nov 15, 2011 at 7:45 AM, Giuseppe Sollazzo gsoll...@sgul.ac.ukwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Tom, there's a much simpler way of dealing with it: I guess you want to have a look at Scrips and Templates. You can disable some of them. For example, Autoreply is the one triggered when a ticket is created, Correspond is the one triggered for any other reply except for a ticket resolution, Resolved is the resolution. Possibly, you want to leave just Autoreply and Resolved as active. Giuseppe On 15/11/11 15:24, Tom Hansen wrote: I am new to RT but I have done extensive searching on this and have not found what I am looking for. So, apologies if this is an FAQ that I have somehow missed. Basically, I want to set up RT4 so that it will only send e-mails upon explicit request. No e-mails on ticket creation, no e-mails on status change, no e-mails on adding comments/replies. I would just like, on every reply/comment, to have an e-mail this option so that an admin can very simply choose at the time of entering a reply or comment, to actually send as an e-mail. The DEFAULT would always be to NOT send any e-mails to anyone, and even if you choose to update a requestor on a particular reply or comment, I don't want that action to turn on the faucet for that user- I want the default to always be NO E-MAIL. Why is this? Because I know that my user base would be irritated by such e-mails. I know I am when I get automated replies like Your ticket #7546564 has been received. Our next available tech will respond. It's like calling an 800 number and getting the infamous your call is very important to us. Please hold and your call will be answered in the order it was received. I ultimately would like the user to receive usually just one e-mail when the ticket is closed, consisting of a personal message from one of us that also gets recorded in RT. That's it. And even that should be optional. Even if the problem had to be bounced between two techs, escalated, placed on hold for a day pending response from the vendor, before finally being resolved by a third tech, and the manager. I just don't want the user going on that roller-coaster ride with us unless they want to, and then we would only want to manually send out those pieces of information that we explicitly choose to share, at the time that we want to share it. I don't want RT sending out ANY e-mails automatically, EVER. But I still want the capability to manually choose to send any reply/comment from RT to a user if need be. But only on explicit manual request from the admin entering the information into RT. This sounds like such a simple, obvious scenario, yet I find support for it nowhere. Must I spend a week learning the internals of RT and write my own extension, to just set it so that it will only send e-mails manually? For now I have implemented a quick fix to allow me to use RT: I inserted an exit statement into the top of the Perl code routine that sends e-mails -- it was the top recommendation on the wiki -- and then I went in and, via a custom callback I got from the Wiki, suppressed the listing of those numerous e-mail sent entries that pollute the ticket history. But this solution means that I'm forever copying and pasting to and from e-mails to users. Which is fine, it's doable. But why does it need to be so hard to just turn off automatic e-mailing from RT? - -- Giuseppe Sollazzo Senior Systems Analyst Computing Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOwokzAAoJEAqigArPBfJXjWQH/27Vv8LtD96768Xd4zslR+i4 yqZV/zPSykPq2UOPKYQr6DkgrRPt4lqEfP+aeJ7djAJI8Q98tpSlB0srN6Y5CibI LpbwsXmvxCTD/qsG57w5A3Yt5mIQnNMJNboS9K3j06T6vbB+Zr1oWQo3Xs1I/xSq WmBf6Q3h95bLD7IWMpGPjA3nWgv9RjZzNROYznKppl/nVUscmAqkqy3ZrPWtxBZK 9XDaQ9jxCumaAB55GCf4LG+wmqLnR7jLD15WNM9aIVOYZcp/UQdWV86DE8LcFLFx 2zDYkfTAki/UihtEW26sz056tZ1SG4CAsnlUxHciDks/TyA0MaDVXQYqRArCYJA= =tHem -END PGP SIGNATURE- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
