Re: [rt-users] Error Condition Unimplemented in RT::Handle migration from 3.6.5 to 4.0.5 database
My Database name is RT3. Execute the order to upgrade 3.7.19 and get this: Working with: Type: mysql Host: localhost Name: rt3 User: rt_user DBA:root [Wed Mar 21 07:57:27 2012] [debug]: RT's GnuPG libraries couldn't successfully read your configured GnuPG home directory (/opt/rt4/var/data/gpg). PGP support has been disabled (/opt/rt4/sbin/../lib/RT/Config.pm:595) [Wed Mar 21 07:57:27 2012] [debug]: The RTAddressRegexp option is not set in the config. Not setting this option results in additional SQL queries to check whether each address belongs to RT or not. It is especially important to set this option if RT recieves emails on addresses that are not in the database or config. (/opt/rt4/sbin/../lib/RT/Config.pm:454) Now inserting data. [Wed Mar 21 07:57:27 2012] [debug]: Going to load 'etc/upgrade/3.7.19/content' data file (/opt/rt4/sbin/../lib/RT/Handle.pm:759) Couldn't finish 'insert' step. ERROR: Couldn't load data from 'etc/upgrade/3.7.19/content' for import: ERROR:RT::Scrip::Condition Unimplemented in RT::Handle. (etc/upgrade/3.7.19/content line 27) Compilation failed in require at /opt/rt4/sbin/../lib/RT/Handle.pm line 760. My script table, i don´t know if i can post and attacchment. so i paste the SQL -- phpMyAdmin SQL Dump -- version 3.4.9 -- http://www.phpmyadmin.net -- -- Servidor: localhost -- Tiempo de generación: 21-03-2012 a las 08:53:29 -- Versión del servidor: 5.5.21 -- Versión de PHP: 5.3.10 SET SQL_MODE=NO_AUTO_VALUE_ON_ZERO; SET time_zone = +00:00; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Base de datos: `rt3` -- -- -- -- Estructura de tabla para la tabla `Scrips` -- CREATE TABLE IF NOT EXISTS `Scrips` ( `id` int(11) NOT NULL AUTO_INCREMENT, `Description` varchar(255) DEFAULT NULL, `ScripCondition` int(11) NOT NULL DEFAULT '0', `ScripAction` int(11) NOT NULL DEFAULT '0', `ConditionRules` text, `ActionRules` text, `CustomIsApplicableCode` text, `CustomPrepareCode` text, `CustomCommitCode` text, `Stage` varchar(32) DEFAULT NULL, `Queue` int(11) NOT NULL DEFAULT '0', `Template` int(11) NOT NULL DEFAULT '0', `Creator` int(11) NOT NULL DEFAULT '0', `Created` datetime DEFAULT NULL, `LastUpdatedBy` int(11) NOT NULL DEFAULT '0', `LastUpdated` datetime DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=24 ; -- -- Volcado de datos para la tabla `Scrips` -- INSERT INTO `Scrips` (`id`, `Description`, `ScripCondition`, `ScripAction`, `ConditionRules`, `ActionRules`, `CustomIsApplicableCode`, `CustomPrepareCode`, `CustomCommitCode`, `Stage`, `Queue`, `Template`, `Creator`, `Created`, `LastUpdatedBy`, `LastUpdated`) VALUES (1, 'On Correspond Open Tickets', 3, 17, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 1, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (2, 'On Owner Change Notify Owner', 7, 4, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 16, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (3, 'On Create Autoreply', 1, 1, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 13, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (4, 'On Create Notify AdminCcs', 1, 8, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 3, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (5, 'On Correspond Notify AdminCcs', 3, 8, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 4, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (6, 'On Correspond Notify Requestors and Ccs', 3, 10, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 5, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (7, 'On Correspond Notify Other Recipients', 3, 14, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 5, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (8, 'On Comment Notify AdminCcs as Comment', 4, 7, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 6, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (9, 'On Comment Notify Other Recipients as Comment', 4, 13, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 5, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (10, NULL, 0, 2, NULL, NULL, NULL, NULL, NULL, 'TransactionCreate', 0, 8, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (11, 'When an approval ticket is created, notify the Owner and AdminCc of the item awaiting their approval', 10, 4, NULL, NULL, '\n $self-TicketObj-Type eq ''approval''and\n $self-TransactionObj-Field eq ''Status''and\n $self-TransactionObj-NewValue eq ''open'' and\neval { $T::Approving = ($self-TicketObj-AllDependedOnBy( Type = ''ticket'' ))[0] }\n ', NULL, NULL, 'TransactionCreate', 2, 9, 1, '2007-11-05 15:40:29', 1, '2007-11-05 15:40:29'), (12, 'If an approval is rejected, reject the original and
[rt-users] Show images in ticket body / show html for transaction
Hi, I'm having toruble to show images which I have pasted to the reply text. The images are not showing in the ticket history, but if I click on show HTML, i can see that the image is in the code. Then i have to copy and paste the code to a html file and just thani can show it again. Is it possible to show the images in the ticket history, or at least if I click on the link show html to show the actual html page not just the html code? Thank you for your help. Lukas Loskot
Re: [rt-users] Renaming instance when no tickets
My bad, I made a mistake in fetchmail conf. Thanks for the tip. Guillaume Hilt Le 21/03/2012 01:36, Kevin Falcone a écrit : On Tue, Mar 20, 2012 at 06:19:21PM +0100, Guillaume Hilt wrote: Still with RT 3.8.7, I updated rtname and rt organisation from support.domain.tld to domain to match our company name. I don't have any tickets in the database. But, now, RT won't work, it fails to find the queue for the new emails I sent : temporary failure - RT couldn't find the queue: English Turn your RT logs up to debug and show the full logs. That looks like a mail log output. -kevin
Re: [rt-users] Custom fields description and REST API
I still have the option to simply create and send an email to RT using the customer data. Maybe it would be a better solution. Guillaume Hilt Le 21/03/2012 12:40, Guillaume Hilt a écrit : I have two more questions and I think my rt install will be completed. First of all, I added an OS dropbox field to tickets with values and description like win32 - Windows. When I create a ticket using the web interface, I only see values in the dropbox, the description isn't used as label. I'd hoped to have something like : option value=win32Windows/option On the other hand, when I'm creating a ticket using the api in PHP : $request= new HttpRequest( $url, HTTP_METH_POST ); $post_data = array( 'content' = Queue: Français\nRequestor: test\nOS: win32\nSubject: New ticket\nOwner: test\nText: This is a new ticket. Hope it works.\n ); I got 2 tickets created, the OS customer fields isn't recorded and if the message use multiple lines, only the first one is taken (This is a new ticket. in this case). Is it an api limitation ? Regards,
Re: [rt-users] Custom fields description and REST API
Ok, I got the multiple lines issue fixed. I need every new lines to begin with a space. 2 tickets issue is fixed too. I only need to find if and how I can use custom fields in my ticket. Guillaume Hilt Le 21/03/2012 12:40, Guillaume Hilt a écrit : I have two more questions and I think my rt install will be completed. First of all, I added an OS dropbox field to tickets with values and description like win32 - Windows. When I create a ticket using the web interface, I only see values in the dropbox, the description isn't used as label. I'd hoped to have something like : option value=win32Windows/option On the other hand, when I'm creating a ticket using the api in PHP : $request= new HttpRequest( $url, HTTP_METH_POST ); $post_data = array( 'content' = Queue: Français\nRequestor: test\nOS: win32\nSubject: New ticket\nOwner: test\nText: This is a new ticket. Hope it works.\n ); I got 2 tickets created, the OS customer fields isn't recorded and if the message use multiple lines, only the first one is taken (This is a new ticket. in this case). Is it an api limitation ? Regards,
Re: [rt-users] Custom fields description and REST API
Ok, so a custom field name must be prefixed by CF-. Good to know. Well, everything is fine now, except for the custom field values description but it's not big deal. Guillaume Hilt Le 21/03/2012 14:01, Guillaume Hilt a écrit : Ok, I got the multiple lines issue fixed. I need every new lines to begin with a space. 2 tickets issue is fixed too. I only need to find if and how I can use custom fields in my ticket. Guillaume Hilt Le 21/03/2012 12:40, Guillaume Hilt a écrit : I have two more questions and I think my rt install will be completed. First of all, I added an OS dropbox field to tickets with values and description like win32 - Windows. When I create a ticket using the web interface, I only see values in the dropbox, the description isn't used as label. I'd hoped to have something like : option value=win32Windows/option On the other hand, when I'm creating a ticket using the api in PHP : $request= new HttpRequest( $url, HTTP_METH_POST ); $post_data = array( 'content' = Queue: Français\nRequestor: test\nOS: win32\nSubject: New ticket\nOwner: test\nText: This is a new ticket. Hope it works.\n ); I got 2 tickets created, the OS customer fields isn't recorded and if the message use multiple lines, only the first one is taken (This is a new ticket. in this case). Is it an api limitation ? Regards,
Re: [rt-users] RT 3.8.8 to RT 4.0.5 DB Upgrade Warning
Thanks that did it. I now get the below warning but elsewhere in this forum it was reported that this is nothing to worry about. Enter RT version if you want to stop upgrade at some point, or leave it blank if you want apply above upgrades: IT'S VERY IMPORTANT TO BACK UP BEFORE THIS STEP Proceed [y/N]:y Processing 3.8.9 Now inserting data. [Wed Mar 21 12:55:07 2012] [warning]: Use of uninitialized value in string eq at /admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm line 627, line 1. (/admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm:627) [Wed Mar 21 12:55:07 2012] [warning]: Use of uninitialized value in string eq at /admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm line 627, line 1. (/admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm:627) Processing 3.9.1 Now inserting data. Processing 3.9.2 Now inserting data. Processing 3.9.3 Now populating database schema. Processing 3.9.5 Now populating database schema. Processing 3.9.6 Now populating database schema. Processing 3.9.7 Now populating database schema. Now inserting data. Processing 3.9.8 Now populating database schema. Now inserting data. [Wed Mar 21 12:55:39 2012] [error]: We found RTFM tables in your database. Checking for content. (./etc/upgrade/3.9.8/content:17) [Wed Mar 21 12:55:39 2012] [error]: You appear to have RTFM Articles. You can upgrade using the etc/upgrade/upgrade-articles script. Read more about it in UPGRADING (./etc/upgrade/3.9.8/content:22) Processing 4.0.0rc2 Now populating database schema. Processing 4.0.0rc4 Now populating database schema. Processing 4.0.0rc7 Now inserting data. Processing 4.0.1 Now inserting data. Processing 4.0.3 Now inserting data. Processing 4.0.4 Now inserting data. Done. Jeff Blaine-2 wrote: On 3/20/2012 5:17 PM, UnixMan wrote: Thanks - do you know how I can rename it ? UPDATE Queues SET Name = '___Approvals' WHERE Name = 'Approvals'; -- View this message in context: http://old.nabble.com/RT-3.8.8-to-RT-4.0.5-DB-Upgrade-Warning-tp33541424p33544575.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] RT 3.8.8 to RT 4.0.5 DB Upgrade Warning
Thanks that did it. I now get the below warning but elsewhere in this forum it was reported that this is nothing to worry about. Enter RT version if you want to stop upgrade at some point, or leave it blank if you want apply above upgrades: IT'S VERY IMPORTANT TO BACK UP BEFORE THIS STEP Proceed [y/N]:y Processing 3.8.9 Now inserting data. [Wed Mar 21 12:55:07 2012] [warning]: Use of uninitialized value in string eq at /admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm line 627, line 1. (/admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm:627) [Wed Mar 21 12:55:07 2012] [warning]: Use of uninitialized value in string eq at /admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm line 627, line 1. (/admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm:627) Processing 3.9.1 Now inserting data. Processing 3.9.2 Now inserting data. Processing 3.9.3 Now populating database schema. Processing 3.9.5 Now populating database schema. Processing 3.9.6 Now populating database schema. Processing 3.9.7 Now populating database schema. Now inserting data. Processing 3.9.8 Now populating database schema. Now inserting data. [Wed Mar 21 12:55:39 2012] [error]: We found RTFM tables in your database. Checking for content. (./etc/upgrade/3.9.8/content:17) [Wed Mar 21 12:55:39 2012] [error]: You appear to have RTFM Articles. You can upgrade using the etc/upgrade/upgrade-articles script. Read more about it in UPGRADING (./etc/upgrade/3.9.8/content:22) Processing 4.0.0rc2 Now populating database schema. Processing 4.0.0rc4 Now populating database schema. Processing 4.0.0rc7 Now inserting data. Processing 4.0.1 Now inserting data. Processing 4.0.3 Now inserting data. Processing 4.0.4 Now inserting data. Done. Jeff Blaine-2 wrote: On 3/20/2012 5:17 PM, UnixMan wrote: Thanks - do you know how I can rename it ? UPDATE Queues SET Name = '___Approvals' WHERE Name = 'Approvals'; -- View this message in context: http://old.nabble.com/RT-3.8.8-to-RT-4.0.5-DB-Upgrade-Warning-tp33541424p33544576.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] Custom fields description and REST API
On Wed, Mar 21, 2012 at 02:11:09PM +0100, Guillaume Hilt wrote: Well, everything is fine now, except for the custom field values description but it's not big deal. To clarify, the Description field on Custom Field Values is unused elsewhere in the RT UI at this time. -kevin pgpVfQDVZL434.pgp Description: PGP signature
Re: [rt-users] Set colour tickets by priority
I just updated to RT4.0.5 and managed to get it working. I used the 'Full featured ColumnMap script' from the wiki: http://requesttracker.wikia.com/wiki/ShowStatusInColor It's about a 3rd down the page, with a title of RT 3.8.x and written by me quite a while ago. Changes the paths to edit the new template and added a new colour for .statusstalled and that was all the changes needed on my install. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Tim Cutts Sent: 29 February 2012 10:35 To: Jeffery, Guy Cc: rt-users@lists.bestpractical.com; Daniel Garcia Mejia Subject: Re: [rt-users] Set colour tickets by priority On 29 Feb 2012, at 09:09, Jeffery, Guy wrote: Hi, The tutorial doesn't work for me on 4.0.5. I'm also trying to find an alternative. The code I'm putting in RTInstallationDir/local/html/Callbacks/MyCallbacks/Elements/RT__Ticket /ColumnMap/ColumnMap is being seen, because if I make a deliberate error it fails to compile, but it doesn't seem to make any difference. There must be people who have upgraded to 4.0.* who want to keep this feature, hopefully someone can help us. I've been struggling with that too. In fact, it *does* work, in my hands, but only on additional custom searches that I add to my home page or to a dashboard. It doesn't work on the default searches, which suggests that the code path for those is slightly different, but I haven't determined in what way they differ. One place that Wiki entry needs updating, if you look at the underlying code, is that ColumnMap is the old name for the callback. It's still being called for backward compatibility under the old name. If you want to use the new name, in RT 4 it's now called Once (for the simple reason that it only actually needs to be run once, when the perl code is compiling, to set up your column mappings). Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] Name in use
- Original Message - On Tue, Mar 20, 2012 at 12:15:01PM +0100, Diego Roccia wrote: I have RT4.0.5 with RT::Authen::ExternalAuth, and I'm experiencing exactly this problem http://lists.fsck.com/pipermail/rt-users/2011-May/070489.html 1 - u...@domain1.com send an email - the user is created and the ticket opened 2 - u...@domain2.com send an email - the user is not created and the ticket not opened, because of the Name in use problem my question is: is possible to have unprivileged users created without stripping the @domain.tld part? Please show a sanitized version of your RT-Authen-ExternalAuth configuration. Also, please show us Name, RealName and EmailAddress for user 1. -kevin Thanks Guys for your help. here's the configuration -cut---cut---cutcut--- Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($LdapAutoCreateNonLdapUsers, 0); Set($AutoCreateNonExternalUsers, 1); Set($CanonicalizeOnCreate, 0); Set($ExternalAuthPriority, [ 'My_LDAP' ] ); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalServiceUsesSSLorTLS,0); Set($AutoCreateNonExternalUsers,1); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'XX.XX.XX.XX', 'user' = 'uid=ldapuser,ou=people,dc=subito,dc=it', 'pass' = '***', 'base' = 'ou=people,dc=subito,dc=it', 'filter'= '(objectClass=organizationalPerson)', 'tls' = 1, 'ssl_version' = 3, 'net_ldap_args' = [version = 3 ], 'attr_match_list' = [ 'ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2'], 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', 'Organization' = 'ou', 'RealName' = 'cn', 'ExternalContactInfoId' = 'dn', 'ExternalAuthId' = 'uid', 'WorkPhone' = 'telephoneNumber', 'Signature' = 'zimbraPrefMailSignature'} } } -cut---cut---cutcut--- The problems is with emails coming from outside, not my domain. Thanks -- Diego Roccia - SystemNetwork Admin - Subito.it
Re: [rt-users] RT 3.8.8 to RT 4.0.5 DB Upgrade Warning
Thanks that did it. I now get the below warning but elsewhere in this forum it was reported that this is nothing to worry about. Enter RT version if you want to stop upgrade at some point, or leave it blank if you want apply above upgrades: IT'S VERY IMPORTANT TO BACK UP BEFORE THIS STEP Proceed [y/N]:y Processing 3.8.9 Now inserting data. [Wed Mar 21 12:55:07 2012] [warning]: Use of uninitialized value in string eq at /admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm line 627, line 1. (/admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm:627) [Wed Mar 21 12:55:07 2012] [warning]: Use of uninitialized value in string eq at /admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm line 627, line 1. (/admin/sgruber/Downloads/rt-4.0.5/sbin/../lib/RT/Template.pm:627) Processing 3.9.1 Now inserting data. Processing 3.9.2 Now inserting data. Processing 3.9.3 Now populating database schema. Processing 3.9.5 Now populating database schema. Processing 3.9.6 Now populating database schema. Processing 3.9.7 Now populating database schema. Now inserting data. Processing 3.9.8 Now populating database schema. Now inserting data. [Wed Mar 21 12:55:39 2012] [error]: We found RTFM tables in your database. Checking for content. (./etc/upgrade/3.9.8/content:17) [Wed Mar 21 12:55:39 2012] [error]: You appear to have RTFM Articles. You can upgrade using the etc/upgrade/upgrade-articles script. Read more about it in UPGRADING (./etc/upgrade/3.9.8/content:22) Processing 4.0.0rc2 Now populating database schema. Processing 4.0.0rc4 Now populating database schema. Processing 4.0.0rc7 Now inserting data. Processing 4.0.1 Now inserting data. Processing 4.0.3 Now inserting data. Processing 4.0.4 Now inserting data. Done. -- View this message in context: http://old.nabble.com/RT-3.8.8-to-RT-4.0.5-DB-Upgrade-Warning-tp33541424p33544588.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] Name in use
On Wed, Mar 21, 2012 at 06:50:03PM +0100, Diego Roccia wrote: - Original Message - 'attr_match_list' = [ 'ExternalContactInfoId', 'Name', 'EmailAddress', 'RealName', 'WorkPhone', 'Address2'], This tells RT that the RealName of any user must be unique. So, there can only be one Kevin Falcone at your company. This is unlikely to be what you want. I suggest you trim that down to Name and EmailAddress (since RT will enforce EmailAddress uniqueness anyway). -kevin pgphM4dFjS5Qa.pgp Description: PGP signature
[rt-users] ExternalAuth to active directory over SSL
I have ExternalAuth working fine over regular LDAP. But I need to run it over LDAPS for security reasons. We use an internal CA for our certs. I've added it to /etc/pki/tls/certs/ca-bundle.crt (which looks to be linked to /etc/ssl/certs/ca-bundle.crt) This runs successfully (used to error before I added the CA certs to the bundle): openssl s_client -connect dc.mydomain.local:636 -CApath /etc/ssl/certs I've also verified the cert/cert chain: openssl verify -CAfile /etc/ssl/certs/ca-bundle.crt dc.mydomain.local.pem dc.mydomain.local.pem: OK However, this errors out with a bad cert error (shortened -D, but it's the same string that works when using LDAP and ldapsearch over regular ldap works fine): ldapsearch -d 2 -LLL -v -x -H ldaps:// dc.mydomain.local:636 -b 'DC=mydomain,DC=local' -D 'CN=Apache,OU...,DC= mydomain,DC=local' -w '**pass**' '(sn=smith)' cn sn Results (snipped hex code): ldap_initialize( ldaps://dc.mydomain.local:636/??base ) tls_write: want=60, written=60 tls_read: want=3, got=3 tls_read: want=2, got=2 tls_read: want=2724, got=2724 TLS: certificate [CN= dc.mydomain.local] is not valid - error -8179:Unknown code ___f 13. tls_write: want=7, written=7 TLS: error: connect - force handshake failure: errno 21 - moznss error -8179 TLS: can't connect: TLS error -8179:Unknown code ___f 13. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Running LDP.exe on the domain controllers running in SSL mode works fine. RT's log gives the following: [Wed Mar 21 19:04:41 2012] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_OPERATIONS_ERROR 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:492) So I'm guessing it's probably getting that same is not valid error... but why? I've googled for hours looking for anything beyond making sure the CA cert was in the bundle. Does ldapsearch/RT externalAuth use a different CA bundle than /etc/pki/tls/certs/ca-bundle.crt (or the linked /etc/ssl/certs/ca-bundle.crt)? Any idea what I'm missing? Running centos 6 and openssl -1.0.0-20.el6_2.2.x86_64 (latest in yum repo... same thing when I ran 1.0.0-10 too). Brent
[rt-users] Which mandatory-fields extension to pick ?
I'd like to force requestors to fill out the Subject (and possibly Content) fields of a new request being opened via the Web U/I. I noticed several extensions for individual fields being mentioned (on CPAN *and* on http://bestpractical.com/rt/extensions.html): http://search.cpan.org/dist/RT-Extension-MandatorySubject/ and http://search.cpan.org/dist/RT-Extension-MandatoryRequestor/ I also found a generic Mandatory Fields extension: http://search.cpan.org/dist/RT-Extension-MandatoryFields/ However, the latter isn't mentioned anywhere on bestpractical.com. I wonder if anyone has any advice -- I'd naturally prefer the latter, general-purpose extension, unless the former two have some sort of privileged status, better support, a better chance of being integrated into RT-proper, etc. Thanks, --Gabriel
Re: [rt-users] ExternalAuth to active directory over SSL
I answered part of my question... I can successfully ldapsearch now. I added TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt To /etc/openldap/ldap.conf. But RT is still failing. If I set: 'tls' = 1, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3, port = 636, debug = 8 ], I get: [Wed Mar 21 21:05:14 2012] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_SERVER_DOWN 81 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:492) If I change to this: 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3, port = 636, debug = 8 ], I get: [Wed Mar 21 21:09:27 2012] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_OPERATIONS_ERROR 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:492) So I'm further, but still stuck. From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Brent Wiese Sent: Wednesday, March 21, 2012 12:23 PM To: rt-users@lists.bestpractical.com Subject: [rt-users] ExternalAuth to active directory over SSL I have ExternalAuth working fine over regular LDAP. But I need to run it over LDAPS for security reasons. We use an internal CA for our certs. I've added it to /etc/pki/tls/certs/ca-bundle.crt (which looks to be linked to /etc/ssl/certs/ca-bundle.crt) This runs successfully (used to error before I added the CA certs to the bundle): openssl s_client -connect dc.mydomain.local:636 -CApath /etc/ssl/certs I've also verified the cert/cert chain: openssl verify -CAfile /etc/ssl/certs/ca-bundle.crt dc.mydomain.local.pem dc.mydomain.local.pem: OK However, this errors out with a bad cert error (shortened -D, but it's the same string that works when using LDAP and ldapsearch over regular ldap works fine): ldapsearch -d 2 -LLL -v -x -H ldaps:// dc.mydomain.local:636 -b 'DC=mydomain,DC=local' -D 'CN=Apache,OU...,DC= mydomain,DC=local' -w '**pass**' '(sn=smith)' cn sn Results (snipped hex code): ldap_initialize( ldaps://dc.mydomain.local:636/??base ) tls_write: want=60, written=60 tls_read: want=3, got=3 tls_read: want=2, got=2 tls_read: want=2724, got=2724 TLS: certificate [CN= dc.mydomain.local] is not valid - error -8179:Unknown code ___f 13. tls_write: want=7, written=7 TLS: error: connect - force handshake failure: errno 21 - moznss error -8179 TLS: can't connect: TLS error -8179:Unknown code ___f 13. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Running LDP.exe on the domain controllers running in SSL mode works fine. RT's log gives the following: [Wed Mar 21 19:04:41 2012] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_OPERATIONS_ERROR 1 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:492) So I'm guessing it's probably getting that same is not valid error... but why? I've googled for hours looking for anything beyond making sure the CA cert was in the bundle. Does ldapsearch/RT externalAuth use a different CA bundle than /etc/pki/tls/certs/ca-bundle.crt (or the linked /etc/ssl/certs/ca-bundle.crt)? Any idea what I'm missing? Running centos 6 and openssl -1.0.0-20.el6_2.2.x86_64 (latest in yum repo... same thing when I ran 1.0.0-10 too). Brent
[rt-users] Some CFs display on ticket and update pages but not in query builder
Hello, We're running RT 3.8.9, and it appears I might have a permissions issue. The way I've organized permissions might be a factor, so I'll explain in brief. The user is in usergroupa, the queue level SeeCustomField and ModifyCustomField group rights are granted to rightsgroup1 usergroupa is a member of rightsgroup1. The strange thing is that some of the CF's show up in the Add Criteria box, but some do not. Previously, the Everybody group had SeeCustomField right globally, so we hadn't noticed this until I removed that. Has anyone seen this before? Thanks, Mike