Re: [rt-users] New cert breaks mailgate
Microsoft had issues exporting all the parts of a root cert that was needed for working on computers not in the AD domain in Server 2003. I think they resolved this issue in Server 2008 and forward but we ended up having multiple CAs (one for MS and one for everything else) to resolve this back in the day. james On Tue, Feb 3, 2015 at 2:05 PM, Alex Vandiver ale...@bestpractical.com wrote: On Tue, 3 Feb 2015 16:27:02 -0500 Mitch Kyser mky...@albion.edu wrote: Thanks for the response. We tried that and could not get it to work either. Turns out our CA is pretty old and still running on a 2003 box. We were going to roll out RT to our staff first who all use domain machines that include our root CA cert already. The web portion worked fine. We were going to let our students eventually start sending requests and planned to get a commercial cert. This just pushed the time up a few months. So now we have a new project, upgrade our CA. Try upgrading the LWP::Protocol::https and the Net::SSLeay modules. - alex
Re: [rt-users] Autoreply Template Script
Am 03.02.2015 um 10:57 schrieb Vas: So none of provide a web interface to view the status of there tickets? If yes how do you do it? Because from the user side If I send requests on a regular basis and decided to see the status of them I would not remember the username and password that was generated on my first ever request which could be a long while ago. Vas -- View this message in context: http://requesttracker.8502.n7.nabble.com/Autoreply-Template-Script-tp59459p59509.html Sent from the Request Tracker - User mailing list archive at Nabble.com. Have a Look at how RSS feeds work [1]. Create a new page local/html/NoAuth/TicketStatus/dhandler which is mostly a copy of the RSS dhandler but instead generating an RSS feed displays a page where the user can see their tickets. Whenever a user create a ticket you can send them a link to the TicketStatus page which includes the auth token like here [2]. Chris [1] https://github.com/bestpractical/rt/tree/stable/share/html/NoAuth/rss [2] https://github.com/bestpractical/rt/blob/stable/share/html/Elements/Tabs#L846-861
[rt-users] Set Owner on Queue Change
Hi, I have 4 queues with staff being able to assign tickets between the queues. Sometimes when they get passed to a different queue people forgot to assign the ticket to someone who works on that queue. This messy when you run stats on that queue Does anyone have a script that requires users to set the owner of the ticket to someone who manages that queue ( group ) or set it to nobody ? -- View this message in context: http://requesttracker.8502.n7.nabble.com/Set-Owner-on-Queue-Change-tp59513.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] New cert breaks mailgate
On Tue, 3 Feb 2015 16:27:02 -0500 Mitch Kyser mky...@albion.edu wrote: Thanks for the response. We tried that and could not get it to work either. Turns out our CA is pretty old and still running on a 2003 box. We were going to roll out RT to our staff first who all use domain machines that include our root CA cert already. The web portion worked fine. We were going to let our students eventually start sending requests and planned to get a commercial cert. This just pushed the time up a few months. So now we have a new project, upgrade our CA. Try upgrading the LWP::Protocol::https and the Net::SSLeay modules. - alex
[rt-users] add a queue, missing something
I need to a queue to my existing rt system. I created the queue, and a group of users to go with it. However ticket email is not being sent to anyone but the requestor. Obviously missing something which is hopefully simple.
Re: [rt-users] rt-crontool EROR
On Tue, 03 Feb 2015 12:09:48 + Mauricio Leite Ferreira da Silva mauricio.le...@planalto.gov.br wrote: Does anybody Know what can be happening? Upgrading to 4.2.7 or higher will resolve https://issues.bestpractical.com/Ticket/Display.html?id=22991 and allow you to see the actual error. Alternately, you can apply https://github.com/bestpractical/rt/commit/625e7b99.patch to your bin/rt-crontool - Alex
Re: [rt-users] Problem with attachments
On Tue, 3 Feb 2015 15:43:05 + Guadagnino Cristiano guadagnino.cristi...@creval.it wrote: I did this: I took a backup of my production RT and restored it on our testing environment. I perused rt-validator till I had no more warnings (well, I still have a few warnings related to articles: it seems rt-validator cannot fix them). Then I created a test ticket and resolved it attaching a file. As in our production system, the attachment did not get sent, and the last line in RT's log was again this: [15371] [Tue Feb 3 15:28:32 2015] [warning]: Couldn't load object RT::Transaction #0 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:3026) Any hint? Try disabling the extensions you have installed and see if removing any of them fixes it. My suspicion is on CustomFieldsOnUpdate, from the previous list you gave. - Alex
Re: [rt-users] Maximum recipients allowed
Le 19/05/2014 15:02, k...@rice.edu a écrit : On Mon, May 19, 2014 at 02:41:19PM +0200, Olivier Lumineau wrote: Hi, we are using RT 3.8.7, and to filter spam more efficiently, I wanted to know if there was an easy way in RT to limit ticket recipients (to + cc + bcc) . I don't want more than 10 or 15 recipients by ticket, to prevent that a spam withs hundreds mail addresses pollute our RT. Thanks -- Olivier Hi Olivier, I used the following in Email_Local.pm. Maybe you can do something similar. Regards, Ken --- sub ParseCcAddressesFromHead { my %args = ( Head= undef, QueueObj= undef, CurrentUser = undef, @_ ); my @recipients = map lc $_-address, map Email::Address-parse( $args{'Head'}-get( $_ ) ), qw(To Cc); my @res; foreach my $address ( @recipients ) { $address = $args{'CurrentUser'}-UserObj-CanonicalizeEmailAddress( $address ); next if lc $args{'CurrentUser'}-EmailAddress eq $address; next if lc $args{'QueueObj'}-CorrespondAddress eq $address; next if lc $args{'QueueObj'}-CommentAddresseq $address; next if RT::EmailParser-IsRTAddress( $address ); push @res, $address; } # # Limit the number of Cc addresses that we add to a # ticket during the initial create to minimize damage # to our Email reputation when SPAM slips through DSPAM. $RT::Logger-debug($#res Ccs); if ( $#res 3 ) { my @riceCc; my @nonriceCc; @riceCc = grep /rice.edu/i, @res; @nonriceCc = grep !/rice.edu/i, @res; $RT::Logger-debug($#riceCc riceCcs, $#nonriceCc nonriceCcs); if ($#nonriceCc 1) { @res = (@riceCc, @nonriceCc[0]); } } return @res; } --- Hi, I upgraded my RT version to 4.2.5, and this hack Ken gave me to limit recipients number doesn't seem to work any more... (except if I missed something in my tests) I didn't find any other solution and I was wondering if there was a way to have this working in my RT version. Thanks -- Olivier
Re: [rt-users] Problem with attachments
Alex, I did this: I took a backup of my production RT and restored it on our testing environment. I perused rt-validator till I had no more warnings (well, I still have a few warnings related to articles: it seems rt-validator cannot fix them). Then I created a test ticket and resolved it attaching a file. As in our production system, the attachment did not get sent, and the last line in RT's log was again this: [15371] [Tue Feb 3 15:28:32 2015] [warning]: Couldn't load object RT::Transaction #0 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:3026) Any hint? Thank you in advance. Cris On 29/01/2015 21:06, Alex Vandiver wrote: On Wed, 28 Jan 2015 11:53:53 + Guadagnino Cristiano guadagnino.cristi...@creval.itmailto:guadagnino.cristi...@creval.it wrote: (...) [warning]: Couldn't load object RT::Transaction #0 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:3026) but I don't think this is a real problem, since we had have this type of message for a long time with no apparent symptoms (please reply if I'm wrong). That warning is extremely worrisome, and I expect the cause of your problem. You should run `/opt/rt4/sbin/rt-validator`. - Alex
Re: [rt-users] Autoreply Template Script
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/02/15 11:02, Sam Wilson wrote: As with Nathan, we use Shibboleth SP and apache to authenticate users via our internal SSO connected to LDAP. This will provision their accounts as well as provide them with up to date passwords. It sounds like external auth might be an option worth considering. Just to add one more voice and a slightly different way to do it...we use RT::Authen::ExternalAuth and authenticate users via a cosign/kerberos SSO service. - -- Iain Rae Computing Officer, School of Informatics Edinburgh University Tel:01316505202. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlTQtakACgkQPtE9aGlEHpFzcACfR8lnE+WwAGXaVIlginMhzlDu KYwAnRAKPgdDPdin9/Ja3ObpH9k3lAKI =MvMI -END PGP SIGNATURE- -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
[rt-users] rt-crontool EROR
Does anybody Know what can be happening? I am using rt-crontool Action: rt-crontool --search RT::Search::FromSQL --search-arg (Status='stalled' AND Queue=3 AND Priority!=75) --action MyAction::RT::Action::Verify I am having a critical ERROR: [Tue Feb 3 11:56:42 2015] [critical]: ERROR when loading MyAction::RT::Action::Verify. () at rt-crontool line 307. (/opt/rt3/bin/../lib/RT.pm:382) The rt-crontool line 307 is at rt-crontool load module: # {{{ load_module =head2 load_module Loads a perl module, dying nicely if it can't find it. =cut sub load_module { my $modname = shift; eval require $modname; if ($@) { die loc( Failed to load module [_1]. ([_2]), $modname, $@ ); # LINE 307 } } # }}} THANKS
Re: [rt-users] New cert breaks mailgate
Well we finally figured out that the mailgate did not like our local CA. Went and bought a Thawte cert for RT and now everything is working as it should. The lesson here is spend the money and get a real cert! -- View this message in context: http://requesttracker.8502.n7.nabble.com/New-cert-breaks-mailgate-tp59502p59519.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] New cert breaks mailgate
On 02/03/2015 12:09 PM, mkyser wrote: Well we finally figured out that the mailgate did not like our local CA. Went and bought a Thawte cert for RT and now everything is working as it should. The lesson here is spend the money and get a real cert! I wish I had gotten to this earlier. There's a better option in rt-mailgate. What we've done is add --ca-file to the rt-mailgate command in our postfix aliases. my-queue-address: |/path/to/rt/bin/rt-mailgate --queue 'My Queue' --action correspond --ca-file /path/to/your/root.crt --url https://rt.example.com; This of course means that you have to ship your root CA certificate with the application, but that shouldn't be a big deal.
Re: [rt-users] Autoreply Template Script
Thank you Alex for the reply. Do you think there is a way to make it instead to create an initial password for every ticket it receives? Regardless if the sender has send a request before? Thank you Vas -- View this message in context: http://requesttracker.8502.n7.nabble.com/Autoreply-Template-Script-tp59459p59507.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] Autoreply Template Script
As with Nathan, we use Shibboleth SP and apache to authenticate users via our internal SSO connected to LDAP. This will provision their accounts as well as provide them with up to date passwords. It sounds like external auth might be an option worth considering. Sam. On Tue, Feb 3, 2015 at 8:15 PM, Nathan Cutler presnyprek...@gmail.com wrote: So none of provide a web interface to view the status of there tickets? If yes how do you do it? We do provide our users access to the self-service web UI. We have the usernames and passwords in LDAP, and RT uses RT::Authen::ExternalAuth for authentication. Of course, the users must remember their credentials - however, this is not a problem because multiple services (not just RT) authenticate against the LDAP server. HTH, Nathan
Re: [rt-users] Autoreply Template Script
So none of provide a web interface to view the status of there tickets? If yes how do you do it? We do provide our users access to the self-service web UI. We have the usernames and passwords in LDAP, and RT uses RT::Authen::ExternalAuth for authentication. Of course, the users must remember their credentials - however, this is not a problem because multiple services (not just RT) authenticate against the LDAP server. HTH, Nathan
Re: [rt-users] Autoreply Template Script
I believe that what you're asking is not possible. RT doesn't store passwords, and so it can't retrieve previous passwords for display in an email. It can only display the initial password because it manages the creation of that initial password, and therefore can take a copy. On 3 Feb 2015 8:30 pm, Vas vk...@cam.ac.uk wrote: Has anyone else come across this ? Thank you Vas -- View this message in context: http://requesttracker.8502.n7.nabble.com/Autoreply-Template-Script-tp59459p59505.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] Autoreply Template Script
So none of provide a web interface to view the status of there tickets? If yes how do you do it? Because from the user side If I send requests on a regular basis and decided to see the status of them I would not remember the username and password that was generated on my first ever request which could be a long while ago. Vas -- View this message in context: http://requesttracker.8502.n7.nabble.com/Autoreply-Template-Script-tp59459p59509.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] Autoreply Template Script
Has anyone else come across this ? Thank you Vas -- View this message in context: http://requesttracker.8502.n7.nabble.com/Autoreply-Template-Script-tp59459p59505.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] Autoreply Template Script
And in the process reset user passwords on every ticket? That sounds wrong too On 3 Feb 2015, at 19:39, Vas vk...@cam.ac.uk wrote: Thank you Alex for the reply. Do you think there is a way to make it instead to create an initial password for every ticket it receives? Regardless if the sender has send a request before? Thank you Vas -- View this message in context: http://requesttracker.8502.n7.nabble.com/Autoreply-Template-Script-tp59459p59507.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] New cert breaks mailgate
Hi Tim Thanks for the response. We tried that and could not get it to work either. Turns out our CA is pretty old and still running on a 2003 box. We were going to roll out RT to our staff first who all use domain machines that include our root CA cert already. The web portion worked fine. We were going to let our students eventually start sending requests and planned to get a commercial cert. This just pushed the time up a few months. So now we have a new project, upgrade our CA. On Tue, Feb 3, 2015 at 3:26 PM, Tim Wiley t...@marchex.com wrote: On 02/03/2015 12:09 PM, mkyser wrote: Well we finally figured out that the mailgate did not like our local CA. Went and bought a Thawte cert for RT and now everything is working as it should. The lesson here is spend the money and get a real cert! I wish I had gotten to this earlier. There's a better option in rt-mailgate. What we've done is add --ca-file to the rt-mailgate command in our postfix aliases. my-queue-address: |/path/to/rt/bin/rt-mailgate --queue 'My Queue' --action correspond --ca-file /path/to/your/root.crt --url https://rt.example.com; This of course means that you have to ship your root CA certificate with the application, but that shouldn't be a big deal. -- Mitch Kyser Network Administrator Albion.College mky...@albion.edu