Re: [rt-users] RT as a service
I believe BestPractical offers Request Tracker managed hosting (http://bestpractical.com/services/hosting.html). -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Roy Sent: Tuesday, September 17, 2013 8:50 AM To: rt-users@lists.bestpractical.com Subject: [rt-users] RT as a service Hi, I am just wondering if anyone know of any service provider that offer RT as a service under shared environment or similar. A friend of mine has a very small company , with very low budget and looking for ticketing solution. UK based preferably Roy -- RT Training in New York, October 8th and 9th: http://bestpractical.com/training -- RT Training in New York, October 8th and 9th: http://bestpractical.com/training
Re: [rt-users] Can't load UntouchedInHours module
That was indeed the issue. Thanks. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone Sent: Thursday, August 29, 2013 12:35 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Can't load UntouchedInHours module On Thu, Aug 29, 2013 at 05:39:33PM +, Elliott, Kevin C (DOR) wrote: [Thu Aug 29 17:32:17 2013] [critical]: Failed to load module RT::Condition::UntouchedInHours. () at /usr/bin/rt-crontool line 307. (/usr/share/request-tracker4/lib/RT.pm:351) Failed to load module RT::Condition::UntouchedInHours. () at /usr/bin/rt- crontool line 307. root@DorJnuASD-RT:~/Bin# cat /usr/share/request- tracker4/lib/RT/Condition/UntouchedInHours.pm package RT::Condition::UntouchedInHours; require RT::Condition::Generic; use RT::Date; @ISA = qw(RT::Condition::Generic); At the very least, this line is wrong: http://bestpractical.com/docs/rt/latest/UPGRADING-4.0.html#Removals- and-updates You want to inherit from RT::Condition. -kevin use strict; use vars qw/@ISA/; sub IsApplicable { my $self = shift; if ((time()-$self-TicketObj-LastUpdatedObj-Unix)/3600 = $self-Argument) { return 1; } else { return 0; } } # The following could be omitted. They're there to allow overrides from Vendor and Local # but as this isn't a core module, they're just there for completeness :) eval require RT::Condition::UntouchedInHours_Vendor; die $@ if ($@ $@ !~ qr{^Can't locate RT/Condition/UntouchedInHours_Vendor.pm}); eval require RT::Condition::UntouchedInHours_Local; die $@ if ($@ $@ !~ qr{^Can't locate RT/Condition/UntouchedInHours_Local.pm}); 1;
Re: [rt-users] Can't load UntouchedInHours module
Good call. I've moved it over to /usr/local/share/request-tracker. -Original Message- From: Dominic Hargreaves [mailto:dominic.hargrea...@it.ox.ac.uk] Sent: Friday, August 30, 2013 1:17 AM To: Elliott, Kevin C (DOR) Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Can't load UntouchedInHours module On Thu, Aug 29, 2013 at 05:39:33PM +, Elliott, Kevin C (DOR) wrote: root@DorJnuASD-RT:~/Bin# ls -la /usr/share/request-tracker4/lib/RT/Condition/ total 60 drwxr-xr-x 2 root root 4096 Aug 29 09:24 . drwxr-xr-x 17 root root 4096 Jun 11 11:27 .. -rw-r--r-- 1 root root 2247 May 22 09:49 AnyTransaction.pm -rw-r--r-- 1 root root 2742 May 22 09:49 BeforeDue.pm -rw-r--r-- 1 root root 2677 May 22 09:49 CloseTicket.pm -rw-r--r-- 1 root root 2475 May 22 09:49 Overdue.pm -rw-r--r-- 1 root root 2351 May 22 09:49 OwnerChange.pm -rw-r--r-- 1 root root 2356 May 22 09:49 PriorityChange.pm -rw-r--r-- 1 root root 2325 May 22 09:49 PriorityExceeds.pm -rw-r--r-- 1 root root 2306 May 22 09:49 QueueChange.pm lrwxrwxrwx 1 root root9 Aug 29 08:37 RCS - /root/RCS -rw-r--r-- 1 root root 2829 May 22 09:49 ReopenTicket.pm -rw-r--r-- 1 root root 4593 May 22 09:49 StatusChange.pm -rw-r--r-- 1 root root 800 Aug 29 09:23 UntouchedInHours.pm -rw-r--r-- 1 root root 2458 May 22 09:49 UserDefined.pm Hi, Probably not related to your problem, but I really recommend not putting locally installed files in /usr/share as that space is reserved for the package manager (dpkg) and you could end up with overwritten files there (plus it's difficult to see what came from where). /usr/local/share/request-tracker4/lib exists for this purpose so you could move that file into /usr/local/share/request-tracker4/lib/RT/Condition/ Cheers, Dominic. -- Dominic Hargreaves, Systems Development and Support Section IT Services, University of Oxford, 13 Banbury Road, Oxford, OX2 6NN
[rt-users] Can't load UntouchedInHours module
I'm working with Request Tracker 4.0.7 on Debian Wheezy 7.0.1 and am attempting to configure rt-crontool and UntouchedInHours.pm as presented on the Wiki (http://requesttracker.wikia.com/wiki/UntouchedInHours) I'm running the following rt-crontool command: /usr/bin/rt-crontool \ --search RT::Search::FromSQL \ --search-arg Queue = '1' AND (Status = 'new' OR Status = 'open' ) AND Owner != 'Nobody' \ --condition RT::Condition::UntouchedInHours --condition-arg 4 \ --action RT::Action::SendEmail \ --template Custom - Untouched Ticket Notification \ --transaction 'last' \ --transaction-type 'Correspond,Comment,Status' \ --verbose echo Which returns the following result: [Thu Aug 29 17:32:17 2013] [critical]: Failed to load module RT::Condition::UntouchedInHours. () at /usr/bin/rt-crontool line 307. (/usr/share/request-tracker4/lib/RT.pm:351) Failed to load module RT::Condition::UntouchedInHours. () at /usr/bin/rt-crontool line 307. I'm taking that to mean that there is a programming pub in UntouchedInHours.pm that is preventing it from being called correctly but for the life of me I can't seem to find it anywhere. It was copied verbatim from the Wiki: root@DorJnuASD-RT:~/Bin# cat /usr/share/request-tracker4/lib/RT/Condition/UntouchedInHours.pm package RT::Condition::UntouchedInHours; require RT::Condition::Generic; use RT::Date; @ISA = qw(RT::Condition::Generic); use strict; use vars qw/@ISA/; sub IsApplicable { my $self = shift; if ((time()-$self-TicketObj-LastUpdatedObj-Unix)/3600 = $self-Argument) { return 1; } else { return 0; } } # The following could be omitted. They're there to allow overrides from Vendor and Local # but as this isn't a core module, they're just there for completeness :) eval require RT::Condition::UntouchedInHours_Vendor; die $@ if ($@ $@ !~ qr{^Can't locate RT/Condition/UntouchedInHours_Vendor.pm}); eval require RT::Condition::UntouchedInHours_Local; die $@ if ($@ $@ !~ qr{^Can't locate RT/Condition/UntouchedInHours_Local.pm}); 1; The permissions look appropriate as well: root@DorJnuASD-RT:~/Bin# ls -la /usr/share/request-tracker4/lib/RT/Condition/ total 60 drwxr-xr-x 2 root root 4096 Aug 29 09:24 . drwxr-xr-x 17 root root 4096 Jun 11 11:27 .. -rw-r--r-- 1 root root 2247 May 22 09:49 AnyTransaction.pm -rw-r--r-- 1 root root 2742 May 22 09:49 BeforeDue.pm -rw-r--r-- 1 root root 2677 May 22 09:49 CloseTicket.pm -rw-r--r-- 1 root root 2475 May 22 09:49 Overdue.pm -rw-r--r-- 1 root root 2351 May 22 09:49 OwnerChange.pm -rw-r--r-- 1 root root 2356 May 22 09:49 PriorityChange.pm -rw-r--r-- 1 root root 2325 May 22 09:49 PriorityExceeds.pm -rw-r--r-- 1 root root 2306 May 22 09:49 QueueChange.pm lrwxrwxrwx 1 root root9 Aug 29 08:37 RCS - /root/RCS -rw-r--r-- 1 root root 2829 May 22 09:49 ReopenTicket.pm -rw-r--r-- 1 root root 4593 May 22 09:49 StatusChange.pm -rw-r--r-- 1 root root 800 Aug 29 09:23 UntouchedInHours.pm -rw-r--r-- 1 root root 2458 May 22 09:49 UserDefined.pm Any idea what I'm missing here? Thanks. --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314
Re: [rt-users] A few general questions
1. How do you setup the manager account? Basically one that can delegate tickets to others, but still have it to where we can take ownership without their intervention if needed. Try configuring a global group called Staff (or something similar) and then assigning it global rights. This would represent your cross-queue staff members such as your IT staff who need these rights in any queue. Then you could create a group (e.g., $QUEUE-Staff) and then assign them appropriate rights to their queue. In a situation where you have many queues (Building Maintenance, Help Desk, Change Requests, etc), members of your global group would have rights to all of those queues and could act as queue independent staff. Members of the $QUEUE-Staff groups would have rights specific to their queue and would function in a similar manner. Just be aware that if you follow this scheme and you need to restrict the rights of the Staff group, you'll have to go back in after the fact and assign it per-queue rights. 2. Is there an easy way to get statistics of number of tickets worked by each individual staff member You should be able to look at charts in the search functionality. 3. Is there a good place to read up on the various permissions and such I would need to set to allow my staff and I to do stuff. I have found hit and miss documentation in the wikia but nothing all inclusive. Try reading the http://requesttracker.wikia.com/wiki/RightsQuickStart and the http://requesttracker.wikia.com/wiki/Group Wikis. Other than that, if your RT instance is in a virtualized environment - I'd recommend taking a snapshot and just playing around with Rights and Groups until you get a good feel for it and then just roll back when you're done.
Re: [rt-users] Bad name after cn' when using LDAPImport
That was indeed the failing line. Thank you. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Nathan Cutler Sent: Sunday, August 04, 2013 11:53 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Bad name after cn' when using LDAPImport That corresponds with this line of my RT_SiteConfig.pm: Look one line above that -- you appear to be missing a closing apostrophe. Set($LDAPGroupFilter, '(|(CN=dor-rt-admins)(CN=dor-rt-staff)); This is the offending line.
[rt-users] LDAPImport succeds with user LDAP bind but fails with group
Continuing onwards with my attempt to pull groups and their members from Active Directory into Request Tracker I've made some progress. However, I'm currently stymied - LDAPImport will successfully connect and search for users but when re-using the LDAP connection it fails to connect for the group search. Here's the debugging information from an rtldapimport run: Running test import, no data will be changed Rerun command with --import to perform the import Rerun command with --debug for more information connecting to ldap://domaincontroller.alaska.gov binding as CN=dor-requesttracker,OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov searching with: base = 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov' control = 'Net::LDAP::Control::Paged=HASH(0x524cd80)' filter = '((cn = users))' search found 0 objects No results found, no import Testing group import searching with: base = 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=soa,DC=alaska,DC=gov' control = 'Net::LDAP::Control::Paged=HASH(0x86973b8)' filter = '(|(CN=dor-requesttracker-admins)(CN=dor-asd-rt-staff))' [Mon Aug 5 17:10:47 2013] [error]: LDAP search failed Can't contact LDAP server (/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/lib/RT/Extension/LDAPImport.pm:1237) LDAP search failed Can't contact LDAP server search found 0 objects No results found, no group import Finished test Looking at the perl for LDAPImport.pm shows me that the _run_search method is generating the LDAP search failed part of the debugging output. I'm assuming this means that Net::LDAP is generating the Can't contact LDAP server from $result-code. I feel this hypothesis is further supported by the fact that a 'grep contact LDAPImport.pm' turn up nothing. It looks like Net:LDAP just gets the base and filter and off it goes. I've confirmed that my filter works with ldapsearch. I there something different I need to do get a successful LDAP bind when looking performing the group import? --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314
Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with group
Ah! That's it. I forgot to change and test the filter ($LDAPFilter) used for the User import - not enough coffee this morning, I guess. The example used in the documentation is not applicable to Active Directory. Changing it from '((cn = users))' to '((objectclass=person)(!(objectclass=computer)))' allowed the User import to run successfully followed by the Group Import. Thanks all! -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Nathan Cutler Sent: Monday, August 05, 2013 10:20 AM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with group Hi Kevin, I’ve confirmed that my filter works with ldapsearch. Can you send the working ldapsearch command? Seems suspicious to me that the initial search for the user comes up empty.
[rt-users] Bad name after cn' when using LDAPImport
I'm using Request Tracker 4.0.7 with LDAPImport 0.34 and Authen::ExternalAuth 10-4. I already have user creation and attribute mapping configured with ExternalAuth. I'm primarily interested in using LDAPImport to populate a half dozen or so Public Groups in Request Tracker with users from Active Directory. The idea is that separate divisions can just add their staff to that Active Directory group and when LDAPImport runs they'll be granted the appropriate rights to manage their division's queue in Request Tracker. I'm pulling from an Active Directory LDAP implementation at a functional level of Windows Server 2008. When I do a test run (/usr/local/share/request-tracker4/plugins/RT-Extension-LDAPImport/bin/rtldapimport --debug ldapimport.debug 21) I get the following: Couldn't load RT config file RT_SiteConfig.pm: Bad name after cn' at /etc/request-tracker4/RT_SiteConfig.pm line 91. Compilation failed in require at /usr/share/request-tracker4/lib/RT/Config.pm line 905. BEGIN failed--compilation aborted at ./rtldapimport line 26. That corresponds with this line of my RT_SiteConfig.pm: Set($LDAPGroupMapping, { Name = 'cn', I've configured LDAPImport as follows: ## LDAP Import ## Set($LDAPHost, 'ldaps://dc.alaska.gov'); Set($LDAPUser, 'CN=dor-requesttracker,OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=alaska,DC=gov'); Set($LDAPPassword ,'Password); Set($LDAPBase, 'ou=DOR,ou=State Departments,dc=alaska,dc=gov'); Set($LDAPGroupBase, 'OU=Security Groups and Accounts,OU=IT,OU=Divisions,OU=DOR,OU=State Departments,DC=alaska,DC=gov'); Set($LDAPGroupFilter, '(|(CN=dor-rt-admins)(CN=dor-rt-staff)); Set($LDAPGroupMapping, { Name = 'cn', Member_Attr = 'member', Member_Attr_Value = 'sAMAccountName', Description = 'description'}); Set($LDAPSizeLimit, 1000); I feel like I'm missing something real simple here. Can someone lend another set of eyes to this problem? Thanks! --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314
Re: [rt-users] Configure Role Rights Globally?
-Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users- boun...@lists.bestpractical.com] On Behalf Of Tim Wiley Sent: Thursday, July 11, 2013 1:50 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Configure Role Rights Globally? On 07/11/2013 02:42 PM, Elliott, Kevin C (DOR) wrote: I have a new install of Request Tracker 4.0.7 and am working through the very granular Rights structure. I'm planning on implementing a number of queues, some of which will be managed by IT personnel in departments other than my own. I'm wondering how people configure their Role (AdminCC, Cc, Owner and Requestor) rights - specifically whether or not they configure them on a per-queue basis or globally? To me, it makes conceptual sense to configure Role rights globally because regardless of what queue someone is working in, Requestors will need ReplyToTicket and ShowTicket and so on for each Role. Is there any obvious drawback to this approach? It seems unnecessarily tedious to assign the same Rights to each Role for each Queue. I would appreciate the input from someone more experienced with Request Tracker. Thank you. This is precisely how we do those roles. Requestor Cc: * ReplyToTicket * ShowTicket AdminCc: * CommentOnTicket * ReplyToTicket * ShowTicket * ShowTicketComments As for owner, they'll already have rights in the queue by virtue of being a worker in it. At least in my setup they do. It seems to work pretty well for giving permissions to users that have a vested interest in a given ticket, but not having specific permissions in the queue. Excellent. That makes sense. Do you handle Rights for the builtin Systems groups (Everyone, Unprivileged, Privileged) the same way? Again, it doesn't make sense to me to configure these on a queue by queue basis. --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314
[rt-users] Configure Role Rights Globally?
I have a new install of Request Tracker 4.0.7 and am working through the very granular Rights structure. I'm planning on implementing a number of queues, some of which will be managed by IT personnel in departments other than my own. I'm wondering how people configure their Role (AdminCC, Cc, Owner and Requestor) rights - specifically whether or not they configure them on a per-queue basis or globally? To me, it makes conceptual sense to configure Role rights globally because regardless of what queue someone is working in, Requestors will need ReplyToTicket and ShowTicket and so on for each Role. Is there any obvious drawback to this approach? It seems unnecessarily tedious to assign the same Rights to each Role for each Queue. I would appreciate the input from someone more experienced with Request Tracker. Thank you. --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314
[rt-users] ExternalAuth - attr_map used to populate Custom Fields?
This is a simple question that I suspect probably has a complicated answer: Can I use the attr_map to map Active Directory attributes to Request Tracker for Custom Fields? I would like to pull in some additional attributes such as 'company' and 'title' and populate some Custom Fields that I created for Users. Any advice? --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314 -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Configure RT for Intergration with Active Directory
Hello all. I'm working with a brand new Request Tracker 4.07 install on Debian 7.0.0 (Wheezy) and I have some very general questions about configuring Request Tracker for integration with Active Directory. I would like our Window clients to be able to access Request Tracker using the SSO functionality of Internet Explorer, have their Request Tracker accounts created and relevant details pulled from Active Directory's LDAP. The more seamless this is the better. I have a very basic high-level conceptual understanding of how this is all supposed to fit together but am a bit lost on the specifics. Please bear with me. If I understand this correctly I need to do three things: - Configure External Authentication for Request Tracker - Configure NTLM /SSO, either in Apache via mod_ntlm, mod_ntlm_winbind or mod_pam - Configure an LDAP overlay so that authenticated RT users get their information fields populated with the relevant data # External Authentication: http://requesttracker.wikia.com/wiki/ExternalAuthentication # There seem to be two common ways to do this - either use WebExternalAuth which pushes the authentication requirement to Apache or use the RT::Authen::ExternalAuth module and have RT do the authentication directly. Which one should I use? I kind of get the impression that RT::Authen::ExternalAuth is someone what out of date and that WebExternalAuth is the recommend way to handle authentication. Is this correct? What criteria should I use to make the determination between the two methods? # Configure NTLM /SSO, either in Apache via mod_ntlm, mod_ntlm_winbind, mod_kerb or mod_pam # This is really more a question about the RT ecosystem but presuming I'm using WebExternalAuth correctly I then need to use an Apache module so Apache can make the determination as to whether or not a client is authenticated. Lots of advice points to mod_ntlm, which as far as I can tell does *not* require Samba and can directly do the NTLM challenge/response. On the other hand it seems like people recommend the use of Samba's t ntml_auth helper as more up to date way to handle NTLM authentication. I imagine you could also use mod_kerb if you have Kerberos setup or mod_pam if Samba is functioning appropriately. Again, I'm not really sure what authentication I should have Apache2 attempt to do for my clients nor how to configure the SSO cookies. # LDAP Overlays - http://requesttracker.wikia.com/wiki/LdapSummary There's lots of information here but I can't pick out which stuff is relevant and up to date. The ExternalAuth plug again seems to be popular. The AutoCreateFromExternalUserInfo and AutoCreateAndCanonicalizeUserInfo Wiki page appear to do just what I want but are preferenced by warning saying that they're out of date. Where can I find the relevant documentation to pull information about Active Directory Users with LDAP and have it auto-populate their RT user's fields. Some assistance in finding the right documentation on how to accomplish Active Directory integration would be very helpful. Thanks. --- Kevin Elliott Networking Specialist II Alaska Department of Revenue, ASD-IT (907) 465-2314 -- RT Training in Seattle, June 19-20: http://bestpractical.com/training