Re: [rt-users] Deleting one attachment
Inline... On Wed, Oct 19, 2016 at 9:39 AM, Matt Zagrabelny wrote: > On Wed, Oct 19, 2016 at 11:28 AM, Ram wrote: > > Hi all, > > A user at work added an attachment that violates corporate policy to a > > ticket; the ticket itself is valid and must be kept. I need to delete the > > attachment. A quick look at the rt-shredder tool does not make it > apparent > > to me how to do this with rt-shredder. I can readily do it editing the > db in > > mysql but I'd rather use rt-shredder if it will do the job. > > any help? > > Then perhaps something like: > > /opt/rt4/sbin/rt-shredder --plugin > Attachments=files_only,1;file,some_secret_document.pdf > > > Thanks Matt. I did look at that - the problem is that DOC009.pdf is far from unique in our system. What I really need is to specify the ticket id, attachment id , or both. specifying a minimum size *might* work - I'd have to check and see if that's the only DOC009.pdf over 75kb but I wouldn't be surprised if there are others. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] Deleting one attachment
On Wed, Oct 19, 2016 at 11:28 AM, Ram wrote: > Hi all, > A user at work added an attachment that violates corporate policy to a > ticket; the ticket itself is valid and must be kept. I need to delete the > attachment. A quick look at the rt-shredder tool does not make it apparent > to me how to do this with rt-shredder. I can readily do it editing the db in > mysql but I'd rather use rt-shredder if it will do the job. > any help? Running 4.2.12 here... # /opt/rt4/sbin/rt-shredder --plugin list Plugins list: Objects SQLDump Summary Tickets Attachments Users So it looks like it can shred attachments. /opt/rt4/sbin/rt-shredder --plugin help-Attachments USAGE masks If any argument is marked with keyword `mask' then it means that this argument support two special characters: 1) `*' matches any non empty sequence of the characters. For example `*@example.com' will match any email address in `example.com' domain. 2) `?' matches exactly one character. For example `' will match any string four characters long. NAME RT::Shredder::Plugin::Attachments - search plugin for wiping attachments. ARGUMENTS files_only - boolean value Search only file attachments. file - mask Search files with specific file name only. Example: '*.xl?' or '*.gif' longer - attachment content size Search attachments which content is longer than specified. You can use trailing 'K' or 'M' character to specify size in kilobytes or megabytes. Then perhaps something like: /opt/rt4/sbin/rt-shredder --plugin Attachments=files_only,1;file,some_secret_document.pdf I didn't try the above and I would _for sure_ try it on a test system first - at least a test ticket with a test attachment. -m - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
[rt-users] Deleting one attachment
Hi all, A user at work added an attachment that violates corporate policy to a ticket; the ticket itself is valid and must be kept. I need to delete the attachment. A quick look at the rt-shredder tool does not make it apparent to me how to do this with rt-shredder. I can readily do it editing the db in mysql but I'd rather use rt-shredder if it will do the job. any help? thanks Ram - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] rt-crontool on condition x change queue
Hello, Indeed you are right, and I found a guy named Andy Smith in the UK that solved the problem, I've attached his solution to the email (not sure if attachments works). Put it in rt4/lib/RT/Action/QChange.pm and then call it with relevant query with: --action RT::Action::QChange --action-arg YOURQUEUE --template 'blank' Works like a charm, I use it in this way for SLA purposes to escalate a TT that passes over the defined ServiceAgreement: rt-crontool --transaction last --search RT::Search::FromSQL --search-arg "Queue = 'SLA' AND (Status='new' OR Status='open')" --condition RT::Condition::Overdue --action RT::Action::QChange --action-arg QUEUE --template 'SLA-escalation' Regards, Joel Från: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] För Emmanuel Lacour Skickat: den 18 oktober 2016 16:01 Till: rt-users@lists.bestpractical.com Ämne: Re: [rt-users] rt-crontool on condition x change queue Le 18/10/2016 à 11:03, Joel Bergmark a écrit : Hi, Just a quick one this time, is there any easy way to use rt crontool get something like this working: /opt/rt4/bin/rt-crontool --search RT::Search::FromSQL --search-arg "Queue = 'X' AND (Status='new' OR Status='open')" --condition RT::Condition::Overdue --action RT::Queue "Newqueue" I know its not really under rt::action but is there a way to call upon rt::queue from this? Tried a bunch of different syntax but get "RT::Queue::Prepare Unimplemented in main." there is no stock SetQueue RT action, you have to write it yourself. Just put the following content (untested) in rt/local/lib/RT/Action/SetQueue.pm and call it like this: /opt/rt4/bin/rt-crontool --search RT::Search::FromSQL --search-arg "Queue = 'X' AND (Status='new' OR Status='open')" --condition RT::Condition::Overdue --action SetQueue --action-arg "Newqueue" cut package RT::Action::SetQueue; use base 'RT::Action'; use strict; use warnings; sub Describe { my $self = shift; return (ref $self . " will set a ticket's queue to the argument provided."); } sub Prepare { return 1; } sub Commit { my $self = shift; $self->TicketObj->SetQueue($self->Argument); } 1; cut QChange.pm Description: QChange.pm - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?
Hi Malcolm, The output from rt-ldapimport is normal if no changes are required, as I've just tried it here in my lab and it is working. Incidentally LDAPImport doesn't currently support TLS, I've written a patch which you are welcome to have if you would like it. I'm afraid I haven't submitted it to BP yet, but intend too when I get some time. Best Regards Martin On 2016-10-19 14:21, Malcolm Galland wrote: Ah, yes. It looks like I had commented it out during testing, and that's what was causing the PeerHost error. Below is the section of SiteConfig dedicated to LDAPImport: Set($LDAPHost,'ggdc1.domain.int'); Set($LDAPUser,'LDAP_ACCOUNT'); Set($LDAPPassword,'LDAP_ACCOUNT_PASS'); Set($LDAPBase, 'dc=domain,dc=int'); Set($LDAPFilter, '(&(cn = users))'); Set($LDAPMapping, {Name => 'uid', # required EmailAddress => 'mail', RealName => 'cn', WorkPhone=> 'telephoneNumber', Organization => 'departmentName'}); # If you want to sync Groups from LDAP into RT Set($LDAPGroupBase, 'dc=domain,dc=int'); Set($LDAPGroupFilter, '(&(cn = Groups))'); Set($LDAPGroupMapping, {Name => 'cn', Member_Attr=> 'member', Member_Attr_Value => 'dn' }); Interesting follow up question though, when I run rt-ldapimport I don't get any errors, but the output doesn't exactly instill a feeling of sucess either: /opt/rt4/sbin/rt-ldapimport --debug Running test import, no data will be changed Rerun command with --import to perform the import Rerun command with --debug for more information Testing group import Finished test On Wed, 2016-10-19 at 14:09 +, Martin Wheldon wrote: Hi Malcolm, You are missing the LDAP import configuration, which is separate from the External auth config. The following will help: https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html Best Regards Martin On 2016-10-19 13:37, Malcolm Galland wrote: > > I've set up RT, and am testing it with rt-server. Everything seems > to > be going smoothly except LDAP with RT::Authen::ExternalAuth. I > read > the docs and have implemented the suggested changes in > /opt/rt4/etc/RT_SiteConfig.pm like so: > > Set( $ExternalAuthPriority, ["My_LDAP"] ); > Set( $ExternalInfoPriority, ["My_LDAP"] ); > Set($ExternalAuth, 1); > Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); > Set($AutoCreateNonExternalUsers, 1); > Set($ExternalSettings, { > 'My_LDAP' => { > 'type' => 'ldap', > 'server' => 'ggdc1.domain.int', > 'user' => 'LDAP_ACCOUNT', > 'pass' => 'LDAP_ACCOUNT_PASS', > 'base' => 'ou=Production,dc=domain,dc=int', > 'filter' => '(objectClass=inetOrgPerson)', > 'attr_match_list' => [ > 'Name', > 'EmailAddress', > ], > 'attr_map' => { > 'Name' => 'sAMAccountName', > 'EmailAddress' => 'mail', > 'RealName' => 'cn', > 'WorkPhone'=> 'telephoneNumber', > 'Address1' => 'streetAddress', > 'City' => 'l', > 'State'=> 'st', > 'Zip' => 'postalCode', > 'Country' => 'co', > }, > }, > } ); > > The issue is when I try to login the users aren't allowed access, > and I > get the following error from rt-server: > > [error]: FAILED LOGIN for username_redacted from IP_REDACTED > (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) > > Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug > I get: > [critical]: Expected 'PeerHost' at > /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164. > (/opt/rt4/sbin/../lib/RT.pm:390) > > Any ideas? I read every document I could find, but it's hard to > know > which non-official ones you can trust since RT has been around so > long > and ExternalAuth was just added to the core. Also, the official > docs > are a bit terse. > - > RT 4.4 and RTIR training sessions, and a new workshop day! > https://bestpractical.com/training > * Boston - October 24-26 > * Los Angeles - Q1 2017 - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?
Hi Malcolm, Are you able to get any results from the LDAP server when you try the same search using ldapsearch from the commandline on the Debian box? Something like: ldapsearch -D LDAP_ACCOUNT -x -w -ZZ -H ldap://ggdc1.domain.int/ -b ou=Production,dc=domain,dc=int "(objectClass=inetOrgPerson)" I'm guessing your LDAP server is MS AD so you will probably need to configure TLS. The following items come from my configuration. Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalAuth, 1); Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); Set($AutoCreateNonExternalUsers, 1); # Use TLS Set($ExternalServiceUsesSSLorTLS,1); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ggdc1.domain.int', # Configure TLS settings 'tls' => { 'verify'=> 'require', 'cafile'=> '/etc/ssl/certs/CACert.pem', # Path CA file }, 'user' => 'LDAP_ACCOUNT', 'pass' => 'LDAP_ACCOUNT_PASS', 'base' => 'ou=Production,dc=domain,dc=int', 'filter' => '(objectClass=inetOrgPerson)', 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'WorkPhone'=> 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State'=> 'st', 'Zip' => 'postalCode', 'Country' => 'co', }, }, } ); Best Regards Martin On 2016-10-19 13:37, Malcolm Galland wrote: I've set up RT, and am testing it with rt-server. Everything seems to be going smoothly except LDAP with RT::Authen::ExternalAuth. I read the docs and have implemented the suggested changes in /opt/rt4/etc/RT_SiteConfig.pm like so: Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalAuth, 1); Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); Set($AutoCreateNonExternalUsers, 1); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ggdc1.domain.int', 'user' => 'LDAP_ACCOUNT', 'pass' => 'LDAP_ACCOUNT_PASS', 'base' => 'ou=Production,dc=domain,dc=int', 'filter' => '(objectClass=inetOrgPerson)', 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'WorkPhone'=> 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State'=> 'st', 'Zip' => 'postalCode', 'Country' => 'co', }, }, } ); The issue is when I try to login the users aren't allowed access, and I get the following error from rt-server: [error]: FAILED LOGIN for username_redacted from IP_REDACTED (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug I get: [critical]: Expected 'PeerHost' at /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164. (/opt/rt4/sbin/../lib/RT.pm:390) Any ideas? I read every document I could find, but it's hard to know which non-official ones you can trust since RT has been around so long and ExternalAuth was just added to the core. Also, the official docs are a bit terse. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017 - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
Re: [rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?
Hi Malcolm, You are missing the LDAP import configuration, which is separate from the External auth config. The following will help: https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html Best Regards Martin On 2016-10-19 13:37, Malcolm Galland wrote: I've set up RT, and am testing it with rt-server. Everything seems to be going smoothly except LDAP with RT::Authen::ExternalAuth. I read the docs and have implemented the suggested changes in /opt/rt4/etc/RT_SiteConfig.pm like so: Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalAuth, 1); Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); Set($AutoCreateNonExternalUsers, 1); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ggdc1.domain.int', 'user' => 'LDAP_ACCOUNT', 'pass' => 'LDAP_ACCOUNT_PASS', 'base' => 'ou=Production,dc=domain,dc=int', 'filter' => '(objectClass=inetOrgPerson)', 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'WorkPhone'=> 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State'=> 'st', 'Zip' => 'postalCode', 'Country' => 'co', }, }, } ); The issue is when I try to login the users aren't allowed access, and I get the following error from rt-server: [error]: FAILED LOGIN for username_redacted from IP_REDACTED (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug I get: [critical]: Expected 'PeerHost' at /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164. (/opt/rt4/sbin/../lib/RT.pm:390) Any ideas? I read every document I could find, but it's hard to know which non-official ones you can trust since RT has been around so long and ExternalAuth was just added to the core. Also, the official docs are a bit terse. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017 - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017
[rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?
I've set up RT, and am testing it with rt-server. Everything seems to be going smoothly except LDAP with RT::Authen::ExternalAuth. I read the docs and have implemented the suggested changes in /opt/rt4/etc/RT_SiteConfig.pm like so: Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalAuth, 1); Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); Set($AutoCreateNonExternalUsers, 1); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ggdc1.domain.int', 'user' => 'LDAP_ACCOUNT', 'pass' => 'LDAP_ACCOUNT_PASS', 'base' => 'ou=Production,dc=domain,dc=int', 'filter' => '(objectClass=inetOrgPerson)', 'attr_match_list' => [ 'Name', 'EmailAddress', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'WorkPhone'=> 'telephoneNumber', 'Address1' => 'streetAddress', 'City' => 'l', 'State'=> 'st', 'Zip' => 'postalCode', 'Country' => 'co', }, }, } ); The issue is when I try to login the users aren't allowed access, and I get the following error from rt-server: [error]: FAILED LOGIN for username_redacted from IP_REDACTED (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug I get: [critical]: Expected 'PeerHost' at /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164. (/opt/rt4/sbin/../lib/RT.pm:390) Any ideas? I read every document I could find, but it's hard to know which non-official ones you can trust since RT has been around so long and ExternalAuth was just added to the core. Also, the official docs are a bit terse. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Boston - October 24-26 * Los Angeles - Q1 2017