Re: [rt-users] RT 4.4.1 - ExternalAuth intermittently failing
Hi, It happened again today. Our AD admin didn't see anything unusual in the logs. I'm getting him to see if successful bind attempts show up anywhere, and if so... if RT is actually successful and the error message is just not appropriate(ie something else behind the scenes is going on and it's just reported as a failed bind). Anyone have any thoughts on this? We have multiple other LDAP authenticated, and Windows authenticated systems on campus using this AD service(different usernames) and we haven't had reports of any of these failing. The things that have changed from what it was working: - OS: CentOS 7.2.15.11 - perl 5.16.3 - RT version 4.4.1 I can't recall the previous OS version or perl version, but it was at least on Redhat 4 or 5, and RT was 3.8.X using ExternalAuth extension(on 3.8 it wasn't rolled into baseline yet). Any thoughts are appreciated! Mike. On Tue, Nov 22, 2016 at 4:40 PM, Kenneth Marshall <k...@rice.edu> wrote: > On Tue, Nov 22, 2016 at 04:13:46PM -0500, Mike Johnson wrote: > > We just went live with RT 4.4.1 and it seems that LDAP authentication is > > failing. > > > > It has now died 2 days in a row, at approximately the same time. > > > > The RT log is showing the following error: > > 2819] [Mon Nov 21 21:10:28 2016] [critical]: > > RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: > > LDAP_INVALID_CREDENTIALS 49 > > (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678) > > > > This seems like a generic LDAP error, and it's not pointing us to a > > specific issue. > > > > The user that we are binding with is a user that was in-use on our RT > 3.8.X > > environment that hadn't had an issue in years (3?). > > > > Restarting apache resolves the immediate issue, but clearly there is > > something else going on that we should be able to fix permanently. Anyone > > have any ideas on where to look? > > > > This didn't come up in our testing, but I don't believe we had the volume > > of credential testing that we do in prod. > > > > Any help would be great! > > > > P.S. The LDAP server is a Microsoft Active Directory server. This same > > server was being used for ExternalAuth extension in 3.8. > > > > Mike. > > Hi Mike, > > You probably will need to check your AD logs as well. We have seen issues > with AD authentication when an account is locked out by a bad password > login attempt. Since it is about the same time of day, maybe something > else is trying to login with those credentials and causing it to lock. > > Regards, > Ken > -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
[rt-users] RT 4.4.1 - ExternalAuth intermittently failing
We just went live with RT 4.4.1 and it seems that LDAP authentication is failing. It has now died 2 days in a row, at approximately the same time. The RT log is showing the following error: 2819] [Mon Nov 21 21:10:28 2016] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_CREDENTIALS 49 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:678) This seems like a generic LDAP error, and it's not pointing us to a specific issue. The user that we are binding with is a user that was in-use on our RT 3.8.X environment that hadn't had an issue in years (3?). Restarting apache resolves the immediate issue, but clearly there is something else going on that we should be able to fix permanently. Anyone have any ideas on where to look? This didn't come up in our testing, but I don't believe we had the volume of credential testing that we do in prod. Any help would be great! P.S. The LDAP server is a Microsoft Active Directory server. This same server was being used for ExternalAuth extension in 3.8. Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
Re: [rt-users] Anyone know how to create a clickable link like this?
Hmm, If it's trying to use a script tag... I'm guessing the emails being sent must be sent as HTML? i'm going to have to give this a try... much appreciated Dustin! On Fri, Jun 17, 2016 at 11:41 AM, Dustin Graves <dus...@bestpractical.com> wrote: > Hi Mike, > > This is a pretty neat idea. I looked into it a bit and it seems to be what > Gmail calls a ‘Go-To Action’ > https://developers.google.com/gmail/markup/reference/go-to-action > > I couldn’t get it to work in my first pass, but Gmail was also flagging my > test RT as spam so I don’t know if that has something to do with the link > not showing up. > > I’ll play around with it a little more when I get the chance. > > Thank you, > Dustin > > On Jun 17, 2016, at 11:15 AM, Mike Johnson <mike.john...@nosm.ca> wrote: > > So, easy to create a link in the emails triggered by scrips... but, I see > Zendesk(another ticketing system) that I interact with for another software > we run onsite sends emails that show up in GMail with this cool little > button... > > > > Anyone know what creates this and has anyone tried making something like > this within RT templates? > > -- > Mike Johnson > Datatel Programmer/Analyst > Northern Ontario School of Medicine > 955 Oliver Road > Thunder Bay, ON P7B 5E1 > Phone: (807) 766-7331 > Email: mike.john...@nosm.ca > ----- > RT 4.4 and RTIR Training Sessions https://bestpractical.com/training > * Los Angeles - September, 2016 > > > -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
[rt-users] Anyone know how to create a clickable link like this?
So, easy to create a link in the emails triggered by scrips... but, I see Zendesk(another ticketing system) that I interact with for another software we run onsite sends emails that show up in GMail with this cool little button... [image: Inline image 1] Anyone know what creates this and has anyone tried making something like this within RT templates? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
[rt-users] resolving stalled tickets after X amount of time
I tried googling and found an unanswered email to this list from 2006. I also found a bunch of links relating to RT's Lifecycle functionality, but I wasn't able to figure out if there was a built in way for RT to auto-resolve/reject/(some other status) tickets that have been stalled for a period of time. Ideally, I would like to set tickets to stalled when we are waiting for feedback from the requestor, and if that requestor does not respond after a given time period(configurable by queue preferrably), the system automatically resolves. It would be best if when we resolve in this fashion, that the requestor gets notified of the automatic resolve... which is why I suggested another status, as it would be easy to set a scrip/template for this. From what I read in the Lifecycles functionality, it only applies to transactions as they are happening. I'm looking to kick off a transaction automatically. I'm assuming this is a cron + executing a saved query of some sort, then actioning on it all. Is this built into RT somehow, or do I have to piece it together like I've stated above using cron/perl scripting? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Couldn't find plugin 'Tickets' when using Shredder RT v3.8.10
Sorry all, I know that's an old version!! Was there something fixed in 3.8.17 that resolved this issue, or am I doing something wrong? I'm getting the error even when trying to run the help on the Tickets plugin. Couldn't find plugin 'Tickets' Plugins list: Objects Users Attachments Summary Tickets SQLDump Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Any webinars that exist showing the articles functionality in RT?
As the subject line says, I'd love to see any recordings of how people utilize the Articles functionality in RT. This was previously RTFM. I am currently running 3.8.10, and am not able to do an upgrade right now. I installed RTFM and fiddled around with it, but I can't really see a fluid use of it, and I'm thinking I'm just simply missing the point... or thinking it should be doing something that it doesn't. Anyway, if anyone knows of a webinar, or demo of that portion of RT, could you point me in the right direction? I have a very hard time web searching for RT related content with the term articles, and well RTFM just brings up what I want to tell people when they submit tickets to RT :P Youtube has a handful of videos that are useful, but none that I've watched so far (I've watched 1/2 of the 24 video playlist that pops up when searching) Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Handful of users showing up in owner dropdown but have no access
I did that query and it returned 26 rows. All of the returned rows say the PrinicpalType is Group, which I would assume means the 'OwnTicket' right is not granted to a specific user anywhere in RT. I didn't want to make that assumption, just in case it was incorrect, so I took a look at the data schema for 3.8.10, which I believe is here: http://bestpractical.com/rt/3.4-schema.png (note** My SQL skills are extremely rusty... been working in a Unidata database for 13-14 yrs) It looks like ACL.PrincipalId is a foreign key to Principals, and id is the primary key for Principals and Users? With that scenario, I ran a query linking them all together and attempting to return user info for any of the 26 rows from the original query. No user info is returned for any of them (query used below) mysql select p.id,p.PrincipalType,u.Name,u.EmailAddress,u.RealName - from Principals p - left join ACL a on a.PrincipalId = p.id - left join Users u on u.id = p.id - where a.RightName='OwnTicket'; Just for a wild attempt at getting what I was expecting based on Kevin's response (I wanted to see 5 users that had the 'OwnTicket' right) I tried switching to ACL.id as a foreign key. It returned only 9 rows, only 2 of which were users, but neither were the users that are showing up in the Owner dropdown that shouldn't be. I believe this was just chance, garbage data, as I believe the first query showed the real results, but I was fishing... With this information I did some more investigating to understand the symptom better. It looks like these users only show up in the owner dropdown of Queues that existed prior to our upgrade from 3.2.1 - 3.8.10. Could there have been something missed in this upgrade? Thanks! Mike. On Tue, Oct 14, 2014 at 12:56 PM, Kevin Falcone falc...@bestpractical.com wrote: On Fri, Oct 10, 2014 at 01:47:59PM -0400, Mike Johnson wrote: I look at the list of owners for a queue, and there are 5 users that show up in that list(that shouldn't be there), but when I go to their account, they aren't part of any groups, and they don't have any rights assigned to them specifically that I can see(at the user level, or at any queue level). Generally this means some queue granted OwnTicket to Unprivileged, check all your queues, even your disabled ones. Alternately, select * from ACL where RightName = 'OwnTicket' and work the other way. RT 4.2 explicitly excludes Unprivileged users from the OwnTicket dropdown because of this someone common mistake. -kevin -- RT Training November 4 5 Los Angeles http://bestpractical.com/training -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
Re: [rt-users] Emails to Queue Alias, still merge to other queue
This may not be the best solution, but it would be a solution. If you had each queue in it's own instance, or at least grouping the queues into their own instances of RT in which each queue in RTinstance1 would never have an email forwarded to any other queue in RTinstance1... Again, probably isn't what you'd like to do, but it is possible to prevent the problem you are having by doing this. Mike. On Wed, Oct 15, 2014 at 4:23 AM, Emmanuel Lacour elac...@easter-eggs.com wrote: Le 09/10/2014 21:41, Root Kev a écrit : Hello, We have setup aliases for sendmail that route incoming emails to the correct queue: Example: #RT Mailgate user for it it: |/opt/rt4/bin/rt-mailgate --queue 'it' --action correspond --url http://tracker.company.net/rt; it-comment: |/opt/rt4/bin/rt-mailgate --queue 'it' --action comment --url http://tracker.company.net/rt/; #RT Mailgate user for production production: |/opt/rt4/bin/rt-mailgate --queue 'production' --action correspond --url http://tracker.company.net/rt; production-comment: |/opt/rt4/bin/rt-mailgate --queue production --action comment --url http://tracker.company.net/rt/; We have started having an issue when an internal user forwards an email with [ company.com http://company.com #1234] that they have been CCed on, to a production support queue by changing the To address to the email address for that queue, but RT is seeing the original ticket number in the subject and is merging the email with the comment to the original ticket. This has caused comments meant for internal users, ie: Is this a bug? to be sent to a customer unintentionally. Is there any way to force RT to respect the incoming email/queue from rt-mailgate over merging by the ticket numbers (when this type of thing occurs)? no, you have to patch RT (lib/RT/Interfaces/Email.pm:sub Gateway) or disallow the user to send a mail to a queue where the ticket doesn't belong to, by writing a MailPlugin (http://www.bestpractical.com/docs/rt/4.2/rt-mailgate.html#WRITING-PLUGINS ). -- Easter-eggs Spécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 43 35 00 76 mailto:elac...@easter-eggs.com - http://www.easter-eggs.com -- RT Training November 4 5 Los Angeles http://bestpractical.com/training -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Handful of users showing up in owner dropdown but have no access
I'm misunderstanding something with this I'm sure... I look at the list of owners for a queue, and there are 5 users that show up in that list(that shouldn't be there), but when I go to their account, they aren't part of any groups, and they don't have any rights assigned to them specifically that I can see(at the user level, or at any queue level). It seems that I can deselect Let this user access RT (Let this user be granted rights (Privileged) on them all are deselected already) and they drop from the list, but these users need to submit tickets still. They simply have moved in the organization to requestors only, not having access to RT for anything else. What am I missing? RT 3.8.10. Thanks in advance! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Custom Field values driving the contents of other custom fields
First, we are on RT 3.8.10 (I know, it's old!!!) and I searched google/listserv and the extensions list on BP's site and didn't find anything that looked like this... Is there functionality out there for RT that allows 1 custom field's value to dictate the values available in another custom field? I could see this being possible through some sort of customization, but I'm hoping not to have to go there Thoughts? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- RT Training - Boston, September 9-10 http://bestpractical.com/training
Re: [rt-users] help: using RT with a gmail acct
I have fetchmail sucking in emails from gmail, and pushing that to rt-mailgate. it's pretty easy to setup. Install fetchmail, get it running as per it's instructions and config it something like this poll imap.gmail.com proto imap port 993: username youracco...@gmail.com password yourpass ssl mda pathto/perl pathtort -mailgate --url urltort --queue yourqueue --action transaction type I am pretty sure you have to log into the gmail account and turn on imap for you to be able to use fetchmail in imap mode... Hope that helps! Mike. On Tue, Jun 17, 2014 at 11:11 AM, Al Joslin allen.jos...@gmail.com wrote: Hi All, I've managed to get RT to send emails using a gmail account, but now I'm trying to get it to read emails. If understand this [email/mta/mua/etc] all correctly then I have to have my own mta (as described here: http://www.spencerstirling.com/computergeek/email.html) so that the mail will be delivered properly to RT RT will not go out and read a mailbox -- is this correct? thanks al; -- RT Training - Boston, September 9-10 http://bestpractical.com/training -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- RT Training - Boston, September 9-10 http://bestpractical.com/training
Re: [rt-users] LDAP ExternalAuth - User Aliases
RT and External Auth requires a distinct user to be found when it looks up I believe. May I suggest you giving them a savedsearch on their RT At a Glance that shows all tickets created by all 3 users(and their own email address as the requestor)? When they send email out of RT it'll use user's name via RT and the email it's coming from will correspond to the queue's configuration. The external folks interacting with RT will never know the difference. Just a thought... Mike. On Thu, Apr 17, 2014 at 5:47 AM, Andreas Heinlein aheinl...@gmx.com wrote: Hello, I must say we're using RT for internal purposes only. We're not using Exchange or Mailing Lists, not even shared mailboxes in their real sense. It's just an IMAP account that is accessed from multiple Thunderbird instances at the same time - but it works for us. Actually, we would not need to be able to distinguish individual users within RT. It would be OK to have a single RT user dep1 with mail address d...@company.com. It's just that the users should not need to login with dep1 (or d...@company.com), since that would required them to remember an additional password. Instead, I'd like bob to be able to use bob/bobs-password to login as dep1, an alice could use alice/alices-password to login as dep1 as well. As long as the users use only mail for communicating with RT, all is well, since everyone sends and receives as d...@company.com. But sometimes users need access to the web interface as well. Thanks, Andreas Am 17.04.2014 09:49, schrieb Clancy, Keith: Hi Andreas, If everyone is using the same SMTP address then you cannot really distinguish individual users in an easy way . Are you using a Shared mailbox on Exchange or a Mailing list ? The way it should go: Customer -- Mailbox -- RT Picks up from here -- Placed in Queue -- Assigned to Owner Individual -- RT -- SMTP Server -- Customer If multiple users have the same SMTP Address then this is a problem since RT will just import this. Sounds like you need to fix the LDAP Details or use the LDAP importer and then correct the actual e-mail addresses afterwards. Keith -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-bounces@ lists.bestpractical.com] On Behalf Of Andreas Heinlein Sent: 15 April 2014 10:33 To: rt-users@lists.bestpractical.com Subject: [rt-users] LDAP ExternalAuth - User Aliases Hello, we have a setup where we're using RT with ExternalAuth to authenticate against an existing user database in LDAP, with auto-creating users when they first log in. We pull the uid as well as the e-mail address from LDAP. Now, we need to be able to somehow support multiple users with the same email address. That is, we have several people, say Alice, Bob and Pete, each logging in to their computer with their own login. But they share one common mailbox - departme...@company.com - through IMAP. These people should be able to log in to RT each with their personal login, which should be an 'Alias' to a RT user 'department1' with mail address ' departme...@company.com'. So no matter who logs in, he/she can see all tickets created by Alice, Bob or Pete. Is something like this possible? Thanks, Andreas -- RT Training - Dallas May 20-21 http://bestpractical.com/training -- RT Training - Dallas May 20-21 http://bestpractical.com/training -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- RT Training - Dallas May 20-21 http://bestpractical.com/training
[rt-users] privledged user forwarding someone else's email to create ticket
Has anyone created some way of a privileged user being able to forward an email to a queue, which will automatically set the requestor to the person that sent the original email to the privileged user? An example to help explain: John has an issue, he emails Jane directly. Jane looks at the email and realizes it is an incident that needs to be in a ticket for a given queue. She forwards John's email to RT. RT creates a ticket, with the requestor = John. Out-of-the-box, Jane has 2 options: 1. Jane forwards the email to RT, goes into the resulting ticket, and updates the requestor to John. 2. Jane copy/pastes the email into a new ticket through the web interface and puts in John as the requestor. Both options are very tedious. Any thoughts? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Could not load valid user - ExternalAuth
Hi all, I need some help with understanding my setup :D It works for a good majority of cases, but we want to do something new with AD and it's breaking, and I think I assumed something about our setup that isn't quite true... now I'm stuck on figuring out why my user isn't getting loaded. We used Best Practical to help setup our ExternalAuth so that our LDAP settings allowed emails from 2 types of emails to map to 1 RT account(don't get me started on why people are potentially emailing from 2 accounts). We had to ensure our AD had both email addresses listed, and we chose to put them in the attribute mail, and pager respectively. Both emails will end in @nosm.ca, but they are typically usern...@nosm.ca realn...@nosm.ca(ie. aliases). Anyway, our below $ExternalSettings works perfectly for the standard... However, when we put a n...@nosm.ca email into either mail or pager, we are getting a Could not load a valid user message and I'm not sure why... Here is my settings(removed non-essential stuff like connection info, and our ou structure/group names) Set($ExternalSettings, { 'NORMEDISA' = { 'type' = 'ldap', 'server'= 'XXX.XXX.XXX.XXX', 'user' = 'XX', 'pass' = 'XX', 'base' = 'XX', 'filter'= '((objectCategory=User) (ObjectClass=Person))', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3 ], 'group' = 'some_group', 'group_attr'= 'member', 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = ['mail', 'pager'], 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName' }, }, } ); The people that aren't getting in are ones that exist in AD, but don't have an RT account. The AD account either has mail or pager, or both, and one of them has a n...@nosm.ca value in one of those attributes. I'm not sure where it's breaking... Any thoughts? Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Cut and Paste from word with IE9
Has anyone else had an issue with cut/paste from a Word document into RT using IE9? Many of my users are reporting that the webpage freezes when they attempt to do this. It looks like it has something to do with the special character filter that pops up. If you switch IE9 to IE8 mode, it works fine(there is no way to force IE8 mode on restarts of IE9). Chrome works fine, haven't tested firefox yet. Has this been brought up before? I couldn't seem to find it googling. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Who is the owner.
In our case, the person that does the work, and the person that resolves the ticket are the same people, and they are the owner. However, if you require having multiple owners of work for a single request, you could always create children tickets of the original request. That way, the person responsible for solving the ticket, can review all work that is being done on the ticket by looking at the children. That person can also see who owns the children ticket to know who to contact if something is taking too long to solve. RT is quite flexible, and there is probably many ways to do this. I just explained the way we do it, and another way you could do it. Thanks! Mike. On Tue, Sep 11, 2012 at 9:33 AM, Albert Shih albert.s...@obspm.fr wrote: Hi everyone, Not exactly a technical question but in your configuration who is the owner of a ticket ? 1/ Is the owner is who solve the ticket, meaning who have do the «real job» or 2/ the owner is who have the responsibility to ask/do what necessary to make the problem solve ? In the first case who have the responsibility of solving the ticket ? And how can I make this person appear in the ticket. In the second case how can I use the «TimeWorked» ? Example : A ticket is owned by Alice Alice ask Bob to do the job. Bob use 30 minutes to solve the problem Alice use 15 minutes to complete the solution how can I have a TimeWorked in that case ? Regards. JAS -- Albert SHIH DIO bâtiment 15 Observatoire de Paris 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 xmpp: j...@jabber.obspm.fr Heure local/Local time: mar 11 sep 2012 15:24:39 CEST Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
[rt-users] ExternalAuth LDAP authenticating more than 1 group
Hi, I did a few types of searches through google, and on the wiki. I also looked at the readme for ExternalAuth and couldn't find the answer. I'm thinking not too many people do this so the question hasn't been asked. When defining an LDAP service for ExternalAuth, you are allowed to set the group that a user has to be a member of to authenticate to RT. We have a need to have 2 different groups authenticate. I think I could copy my LDAP service config, rename it, change the group, and then add it to the ExternalAuthPriority list, but is there a more elegant way of doing it all within 1 LDAP service definition? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Subject Tag Usage
That's what I thought you were talking about. Thank you very much. Also, thank you very much for that link, it has other useful bits of info too. I appreciate all the help the folks from Best Practical provide on this listserv. People don't say it enough, but you guys run a great company. Mike. On Tue, Aug 14, 2012 at 5:21 PM, Kevin Falcone falc...@bestpractical.comwrote: On Tue, Aug 14, 2012 at 02:48:09PM -0400, Mike Johnson wrote: Is this what you are referring to Kevin? This is from the Global Autoreply template There is no need to reply to this message right now. Your ticket has been assigned an ID of [{$rtname} #{$Ticket-id()}]. I'm assuming you would want that to be something else? Do you have a {$Ticket-Tag} or something like that? This is the 4.0 version of the Autoreply template, which has the relevant SubjectTag method in use that you can crib off https://github.com/bestpractical/rt/blob/stable/etc/initialdata#L218 On Tue, Aug 14, 2012 at 1:00 PM, Kevin Falcone [1] falc...@bestpractical.com wrote: On Tue, Aug 14, 2012 at 10:19:33AM -0400, Mike Johnson wrote: I just want to be sure I'm understanding the use of Subject Tag for a queue. I can put whatever I want in this, and it'll change the tag in the subject line of outgoing messages. By default rt puts the RT instance name [[1][2]rt.here.com#12345] If I put FOO in the subject tag for a queue, the tag would be [FOO #12345] If I change that tag to BAR, I have to put FOO in the regular expression in the Site config to ensure it recognizes the old tag. Is there any other things I should be aware of? I've tested a bunch, but I just want to make sure I'm not missing anything. This sounds like a good summary. If you've upgraded RT, ensure your templates are in sync with what we ship in the current version, otherwise it won't pull the subject tag. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] No mail is sent for AdminCC recepients
You need a scrip to do that action I believe. Mike. On Tue, Aug 14, 2012 at 9:23 AM, Jack Zabolotnyi jzabolot...@arces.netwrote: Hi everyone. I have a little trouble: recepients set in AdminCC don't receive any mails on ticket update (or any other events). Any other notification is doing well. Should there be some permissions defined for this, or i miss something else? Thanks in advance for any help. :) -- Jack Zabolotnyi Arces Network, LLC e: jzabolot...@arces.net w: http://www.arces.net PGP key: 2048R/7F2AB658 2012-07-02 PGP fingerprint: 4C7E 00A8 5210 F3D9 0509 C70E 87C8 666E 7F2A B658 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] No mail is sent for AdminCC recepients
I don't believe Best Practical built-in any actions. They leave it to clients to customize the RT instance to their own personal preferences. It is easy to put the scrips on to do what you are asking though. Mike. On Tue, Aug 14, 2012 at 10:43 AM, Jack Zabolotnyi jzabolot...@arces.netwrote: I thought it should be a default (built-in) action. Otherwise why is it called AdminCC? On Tue, Aug 14, 2012 at 4:24 PM, Mike Johnson mike.john...@nosm.cawrote: You need a scrip to do that action I believe. Mike. On Tue, Aug 14, 2012 at 9:23 AM, Jack Zabolotnyi jzabolot...@arces.netwrote: Hi everyone. I have a little trouble: recepients set in AdminCC don't receive any mails on ticket update (or any other events). Any other notification is doing well. Should there be some permissions defined for this, or i miss something else? Thanks in advance for any help. :) -- Jack Zabolotnyi Arces Network, LLC e: jzabolot...@arces.net w: http://www.arces.net PGP key: 2048R/7F2AB658 2012-07-02 PGP fingerprint: 4C7E 00A8 5210 F3D9 0509 C70E 87C8 666E 7F2A B658 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- Jack Zabolotnyi Arces Network, LLC e: jzabolot...@arces.net w: http://www.arces.net PGP key: 2048R/7F2AB658 2012-07-02 PGP fingerprint: 4C7E 00A8 5210 F3D9 0509 C70E 87C8 666E 7F2A B658 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Subject Tag Usage
Is this what you are referring to Kevin? This is from the Global Autoreply template There is no need to reply to this message right now. Your ticket has been assigned an ID of [{$rtname} #{$Ticket-id()}]. I'm assuming you would want that to be something else? Do you have a {$Ticket-Tag} or something like that? Thanks! Mike. On Tue, Aug 14, 2012 at 1:00 PM, Kevin Falcone falc...@bestpractical.comwrote: On Tue, Aug 14, 2012 at 10:19:33AM -0400, Mike Johnson wrote: I just want to be sure I'm understanding the use of Subject Tag for a queue. I can put whatever I want in this, and it'll change the tag in the subject line of outgoing messages. By default rt puts the RT instance name [[1]rt.here.com #12345] If I put FOO in the subject tag for a queue, the tag would be [FOO #12345] If I change that tag to BAR, I have to put FOO in the regular expression in the Site config to ensure it recognizes the old tag. Is there any other things I should be aware of? I've tested a bunch, but I just want to make sure I'm not missing anything. This sounds like a good summary. If you've upgraded RT, ensure your templates are in sync with what we ship in the current version, otherwise it won't pull the subject tag. -kevin -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Extension to allow queue change on creating child ticket
Greetings all, I searched for an answer to this, but couldn't come up with anything relevant. Is there an extension out there, or has someone customized their rt to allow you to pick the queue a child ticket gets created in? So we don't have to do a multi-step process to have children tickets on a parent that are in a different queue? Would there be some sort of scrip I could make to do this if there isn't an extension or customization? Any insight on this would be appreciated. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Anyway to make a Custom Field a checkbox list?
AS the subject states, is there anyway to change the default behaviour of the Custom Field set as select multiple into a checkbox list? Checkboxes are much more user friendly then a list that you have to ctrl+click multiple values. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] IE9 Compatibility needed to copy/paste
Hi all, One of my users is copy/pasting from a word document, that I guess has some sort of characters that RT does not like. When they copy/paste into RT, a pop up comes up to say to copy/paste into this window instead. It looks like that window cleans the text. If I do this in IE9, the pop up window doesn't actually work, the webpage is essentially stuck until I hit the back button to get to the state prior to that popup coming up. When I put IE9 in IE8 browser mode, it works as intended. The problem I have... My users are copying bits and pieces of a word document that is stored on a Sharepoint site. So they need to use IE9 for ease of use... but IE9 doesn't stay in compatibility mode, which means they have to set that each time they visit RT. Is there anything anyone can think of that doesn't involve a major change to them, but could fix this problem? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] RT3 - login history recorded?
At the httpd or OS level there is some information that could help you... although I don't know if it's the information you are looking for but check out your httpd log file and your access/error/message log files at the OS level Mike. On Thu, May 3, 2012 at 1:37 PM, Ruslan Zakirov r...@bestpractical.comwrote: On Thu, May 3, 2012 at 2:50 AM, Joseph Spenner joseph85...@yahoo.com wrote: I'm using RT 3.8.8 and am curious whether RT records login history of users logging into the web interface. ? No, RT doesn't track such thing and I don't recall extensions that do this. You can use Creator and Created columns in Transactions table to figure out last activity on tickets or other objects. Thanks! If life gives you lemons, keep them-- because hey.. free lemons. -- Best regards, Ruslan. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Corrupt attachments
The .docx/.xml thing is related to apache's MIME-Type settings. You essentially have to add all the microsoft 2007/10 extensions. It's something to do with .docx files being zipped xml files or something like that... I don't recall the details, but Google will help you. Mike. On Wed, May 2, 2012 at 5:26 PM, Jennings, Barbara bjje...@sandia.govwrote: Folks – we are running 4.0.1 RT and 5.8.8 red hat perl. Larger attachments are getting corrupted when they are sent out. And from time to time we get .docx files that are label as .xml and come through burst into sub dirs. Has anyone else come across this problem? Thanks Barbara Jennings Sandia National Laboratories - Albuquerque Organization 6924 - Policy and Decision Analytics (505)845-8554 bjje...@sandia.gov -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] How to shred old queues completely
Hi all, I'm looking at shredding everything with respect to a few older queues. I've read the documentation on the wiki and I'm not entirely sure I understand all the things I need to look for to essentially clean up everything to do with these old queues. What other things should I be shredding besides the following: - tickets with Queue='queuename'? - users with no_tickets=1 Specifically, how can I grab all the objects that are not being used anymore after the ticket cleanup, and user cleanup(ie custom fields, groups, the queue record itself etc)? Do I have to know them by name? Is there something like Objects with no reference or something like that? I'm guessing it is more complex than that... but I figured I would see what the list has to say, maybe some folks have found a good way of scripting something :D Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Un deleting tickets
Would this be possible?? Do an advanced search for status='deleted', and the date it was deleted on, and do a bulk update on all those tickets to make them another status? Just a thought, but I always tend to favor doing large updates through the tools provided... I just don't know if what I mentioned above is possible... Mike. On Thu, Apr 26, 2012 at 12:44 PM, Chris Preston ch...@thetrafalgartravel.com wrote: Hello all, I had set the status to deleted for thousands of records in a particular queue. I have now found out that we still need them. So I went into the tickets table and updated the records that were set to deleted and put them to new. I also changed the date of a tickets and set it to an earlier date. ** ** Is this all that I needed to do or what does the system actually do when a record is set to deleted. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] Better way to create a dialog on submit?
I want to be able to catch form submits to ask various are you sure? questions to users as they do their work in RT. The only way I could think of is inserting javascript into the various forms. For example(this is only an example): Only change queue if no work is done in your area, if you need work from another area to help complete this ticket, please create a child ticket Are you sure you want to change queue? Yes | No If I could do something like the above, I'd be able to put a fair bit more business logic/rules into RTs hands and take it away from the users(who tend to by-pass the rules half the time...). Is there any better way then actually editing the code to include javascript? I would love to have a modular way of doing it so I could replace the functionality quickly after upgrading. Thanks for your insight! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] ParseNewMessageForTicketCCs - confirm how it works
Hmm, So, ParseNewMessageForTicketCCs looks at the To and Cc block and adds any address that doesn't match the regular expression to the ticket. So To: RTQueue;Tom;Sue Cc:Jerry From: Bob With ParseNewMessageForTicketCCs off Result is a ticket with Bob as the requestor, and Tom, Sue, Jerry aren't attached to the ticket in anyway. With it on Result is a ticket with Bob as the requestor, Tom, Sue and Jerry all are Cc's on the ticket? Thanks Ruslan! Mike. On Mon, Dec 12, 2011 at 11:38 AM, Ruslan Zakirov r...@bestpractical.comwrote: On Mon, Dec 12, 2011 at 19:06, Mike Johnson mike.john...@nosm.ca wrote: HI everyone, I just wanted to get confirmation on how the ParseNewMessageForTicketCCs work. http://requesttracker.wikia.com/wiki/EmailInterface Specifically, ParseNewMessageForTicketCcs (boolean) - when $ParseNewMessageForTicketCcs is true, RT automatically adds email addresses found in the Cc header to the ticket's Cc at creation. If a new message comes in that is To: foo1, foo2, fooN Cc: bar1 From: bar2 And foo1, and foo2 go to 2 different queues RT will: - create a ticket in foo1's queue - create a ticket in foo2's queue Right, as RT would receive two emails actually. - add bar1 as a CC on both tickets - make the requestor of both tickets bar2 RT will not add foo2 - fooN as anything to foo1's ticket as these addresses are in the To block, not the Cc block. It would use To actually, but skip all RT addresses. To do the latter RT should be properly configured to know all its addresses. I don't have a good testing bed right now, and was hoping someone had tested this already or can confirm that is how it works before I flip the switch :P Looked into code. Grep fro option name, it's only used in one place. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston — March 5 6, 2012 -- Best regards, Ruslan. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
[rt-users] Shredder - some tips
Hi everyone, I'm looking at shredding a ton of old data from our system and I want to make sure I am understanding the steps involved to ensure everything is cleaned up properly. I have shredder setup and have shredded some tickest through the WebUI to test things out. All is working in that aspect. My RT instance has had a fairly long lifecycle where queues have come and gone. I want to clean up the mess. I want to shred all the stuff that isn't related to anything recent. I'm thinking I have to do the following: - shred all the tickets that aren't in the active queues - shred all users that aren't attached to anything On the Shredder page of the Wiki it talks about running rt-validator. Do I have to run this at all after I've done the shredding? This is going to shred about 30,000 tickets, and a huge number of Users. Does the shredding have to be done on a quiet system? I've shred a few tickets while we were live without issue... I'm just worried that I kick off a process to shred a large volume and it chokes my server out. Any experience/input is appreciated. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] ExternalAuth Installed but not working
Hmm, Have you set ExternalAuth in your @Plugins? Have you set your logging level to debug? On Sat, Dec 10, 2011 at 12:16 PM, Ryan Backman rback...@georgefox.eduwrote: Thanks Mike and Kenn for the replies... Kenn, I was a little overzealous when redacting out of the my example config... my actual config has the double parenthesis at the end. Mike, I've tried the both your example and a '(objectClass=DoesntExist)' with no change. Does anyone have any ideas about why I can't see any log information from ExternalAuth. It looks like its installed but the only log info I get is about Web.pm. =+=+=+=+=+=+=+=+=+ Ryan Backman Programmer / Analyst George Fox University 503.554.2576 =+=+=+=+=+=+=+=+=+ RT Training Sessions (http://bestpractical.com/services/training.html) * Boston — March 5 6, 2012 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] RT could not load a valid user
I looked deeper into the issue and the LDAP account doesn't have anything in the pager attribute. I'm wondering if ExternalAuth is getting confused on that... I'll try to populate the pager attribute and get the user to attempt send a new email... I'll report back. Thanks! Mike. On Fri, Dec 9, 2011 at 4:32 PM, k...@rice.edu k...@rice.edu wrote: On Fri, Dec 09, 2011 at 04:18:29PM -0500, Mike Johnson wrote: Greetings everyone, I've done a few searches on this and found various individuals that have come across similar problems, but none of these individuals had a resolution that fit my situation. RT 3.8.10 ExternalAuth0.08 (latest is 0.09 but I don't believe the changes between these versions are causing the issue) I have a person in our LDAP that is attempting to send an email in as their first interaction with RT(that I can tell). The email is rejected and they get the could not load user email response. I've had RT running in debug mode for a while so I have all the logging in our rt.log file. The basics of our LDAP setup (shortened to the important info from our RT_SiteConfig) 'filter'= '((objectCategory=User) (ObjectClass=Person))', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'group' = 'cn=Staff,ou=Groups,' . 'dc=mydomain' , 'group_attr'= 'member', 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = ['mail', 'pager'], 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName' Set($AutoCreateNonExternalUsers,1); So essentially, anyone that is an enabled user, in the Staff group is allowed to actually login to RT(this person is sending an email, not logging, but I thought it was relevant). attr_map has mail and pager in there because our users could be sending emails from either usern...@nosm.caor al...@nosm.ca (mjohnson|mike.johnson @nosm.ca) and Ruslan helped us so that ExternalAuth would map an email from either address to 1 user in RT provided the AD account had mail = usern...@nosm.ca and pager = al...@nosm.ca With that said... I'm getting the following error messages in RT's log [Thu Dec 8 20:42:19 2011] [crit]: User creation failed in mailgateway: Name in use (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) [Thu Dec 8 20:42:20 2011] [warning]: Couldn't load user 'someb...@nosm.ca'.giving up (/opt/rt3/bin/../lib/RT/Interface/Email.pm:962) [Thu Dec 8 20:42:20 2011] [crit]: User 'someb...@nosm.ca' could not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) [Thu Dec 8 20:42:21 2011] [error]: RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for this email (someb...@nosm.ca). You might need to grant 'Everyone' the right 'CreateTicket' for the queue Helpdesk. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) [Thu Dec 8 20:42:21 2011] [error]: RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for your email. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) I used the RT configuration interface to search for anything with partial match of the username/alias (4 characters that I know exist in either email address) and RT's interface didn't bring back anything matching for Real Name, Email Address, or Username. I decided to do a query at the database level on the Users table on those 3 fields(even though that's what the RT interface does...), attempting in some way to find what RT was finding as the Name in use error indicates, but nothing was returned. I have already granted our Everyone the CreateTicket right. Can anyone tell me what I'm missing? Ruslan, if you read this, can you let me know if you did any customization to ExternalAuth to allow for the above mentioned matching, or if ExternalAuth did that already? Thanks! Mike. Hi Mike, We had a similar problem to this that was caused by our CanonicalizeEmailAddress function and its interraction with updated LDAP directory information and I suspect that your problem has similar roots. In our case, we change the Email address for incoming tickets for any of a user's mailaltname address to their preferred Email address. The RT information is however only updated at night so if a user changed their preferred Email address and created a ticket before the nightly LDAP sync, it would canonicalize their Email address to their old preferred address and then would try to create a new user. Of course a user already existed with their old choice of preferred Email address as their Email address which led to the same error you received and the failure
[rt-users] ParseNewMessageForTicketCCs - confirm how it works
HI everyone, I just wanted to get confirmation on how the ParseNewMessageForTicketCCs work. http://requesttracker.wikia.com/wiki/EmailInterface Specifically, *ParseNewMessageForTicketCcs* (boolean) - when *$ParseNewMessageForTicketCcs * is true, RT automatically adds email addresses found in the Cc header to the ticket's Cc at creation. If a new message comes in that is To: foo1, foo2, fooN Cc: bar1 From: bar2 And foo1, and foo2 go to 2 different queues RT will: - create a ticket in foo1's queue - create a ticket in foo2's queue - add bar1 as a CC on both tickets - make the requestor of both tickets bar2 RT will not add foo2 - fooN as anything to foo1's ticket as these addresses are in the To block, not the Cc block. I don't have a good testing bed right now, and was hoping someone had tested this already or can confirm that is how it works before I flip the switch :P Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
[rt-users] RT could not load a valid user
Greetings everyone, I've done a few searches on this and found various individuals that have come across similar problems, but none of these individuals had a resolution that fit my situation. RT 3.8.10 ExternalAuth0.08 (latest is 0.09 but I don't believe the changes between these versions are causing the issue) I have a person in our LDAP that is attempting to send an email in as their first interaction with RT(that I can tell). The email is rejected and they get the could not load user email response. I've had RT running in debug mode for a while so I have all the logging in our rt.log file. The basics of our LDAP setup (shortened to the important info from our RT_SiteConfig) 'filter'= '((objectCategory=User) (ObjectClass=Person))', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'group' = 'cn=Staff,ou=Groups,' . 'dc=mydomain' , 'group_attr'= 'member', 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = ['mail', 'pager'], 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName' Set($AutoCreateNonExternalUsers,1); So essentially, anyone that is an enabled user, in the Staff group is allowed to actually login to RT(this person is sending an email, not logging, but I thought it was relevant). attr_map has mail and pager in there because our users could be sending emails from either usern...@nosm.caor al...@nosm.ca (mjohnson|mike.johnson @nosm.ca) and Ruslan helped us so that ExternalAuth would map an email from either address to 1 user in RT provided the AD account had mail = usern...@nosm.ca and pager = al...@nosm.ca With that said... I'm getting the following error messages in RT's log [Thu Dec 8 20:42:19 2011] [crit]: User creation failed in mailgateway: Name in use (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) [Thu Dec 8 20:42:20 2011] [warning]: Couldn't load user 'someb...@nosm.ca'.giving up (/opt/rt3/bin/../lib/RT/Interface/Email.pm:962) [Thu Dec 8 20:42:20 2011] [crit]: User 'someb...@nosm.ca' could not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) [Thu Dec 8 20:42:21 2011] [error]: RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for this email (someb...@nosm.ca). You might need to grant 'Everyone' the right 'CreateTicket' for the queue Helpdesk. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) [Thu Dec 8 20:42:21 2011] [error]: RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for your email. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244) I used the RT configuration interface to search for anything with partial match of the username/alias (4 characters that I know exist in either email address) and RT's interface didn't bring back anything matching for Real Name, Email Address, or Username. I decided to do a query at the database level on the Users table on those 3 fields(even though that's what the RT interface does...), attempting in some way to find what RT was finding as the Name in use error indicates, but nothing was returned. I have already granted our Everyone the CreateTicket right. Can anyone tell me what I'm missing? Ruslan, if you read this, can you let me know if you did any customization to ExternalAuth to allow for the above mentioned matching, or if ExternalAuth did that already? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] ExternalAuth Installed but not working
I'm by no means an expert at this at all but I see you are using sAMAccountName which leads me to believe you are connecting to Active Directory. I had to use the bitmask version of the d_filter for the ldap search to filter out disabled users... not sure if this has anything to do with why you aren't able to login, but it's just something that stood out to me. My d_filter line is below 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', Ken is also accurate in that you are missing a right parenthesis on your filter line. My filter line is below(so you can see how to use the ( stuff more stuff) 'filter'= '((objectCategory=User) (ObjectClass=Person))', Hope that helps! Mike. On Thu, Dec 8, 2011 at 7:41 PM, Ryan Backman rback...@georgefox.edu wrote: I'm having a bit of trouble getting ExternalAuth to work. I've scoured the archives and the net and found many suggestions, but none have made any changes. - I've setup logging to go to a seperate file, but all I get is a Login Failure message in this file when I try to login: [Thu Dec 8 23:38:32 2011] [error]: FAILED LOGIN for rbackman from xx.xx.xx.xx (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:424) - I'm seeing correct values in the online configuration view inside RT indicating that ExternalAuth is loaded as a Plugin and that ExternalAuthPriority is My_LDAP. - I can use the ldapsearch tool with the same variables on the same box successfully Any help is much appreciated. Below is my configuration: Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set ( $ExternalAuthPriority, [ 'My_LDAP' ] ); Set ( $ExternalInfoPriority, [ 'My_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS,0); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'server.domain.edu', 'user' = 'CN=user,OU=admin...', 'pass' = 'pass', 'base' = 'dc=domain,...', 'filter'= '((objectClass=user)(memberOf=CN=Staff...)', 'd_filter' = '(userAccountControl=514)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3 ], 'group' = 'CN=All Users,...', 'group_attr'= 'member', 'attr_match_list' = ['Name', 'EmailAddress' ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName' } } } ); 1; =+=+=+=+=+=+=+=+=+ Ryan Backman Programmer / Analyst George Fox University 503.554.2576 =+=+=+=+=+=+=+=+=+ RT Training Sessions (http://bestpractical.com/services/training.html) * Boston — March 5 6, 2012 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] What right gives Configuration in the left hand menu
Hi Kenn, Yes, that is what I was trying to accomplish. I wasn't giving SuperUser to the group, the group name was queuename Super Users meaning they have elevated privleges over a typical queuename Users member. I just couldn't find the ShowConfigTab I remember reading about that change when we moved from 3.2.1 -- 3.8.10 but for whatever reason I couldn't find it. I obviously didn't look at the global group rights... :( Thanks for your responses guys. Mike. On Wed, Nov 30, 2011 at 4:46 PM, Kenneth Crocker kenn.croc...@gmail.comwrote: Mike, Unless you trust those user with EVERYTHING, I wouldn't grant SuperUser to a lot of people. You can grant ShowConfigTab to the group you mentioned and then grant them rights like ModifyACL, ModifyScrips, ModifyTemplates, etc. without giving away the store. Hope this helps. Kenn On Wed, Nov 30, 2011 at 12:49 PM, Mike Johnson mike.john...@nosm.cawrote: Hi folks, I'm having some difficulties figuring out why my users can't get to the Configuration menu in RT. I've attempted to google/search the rt-users list, but am having a difficult time getting what I want. I'm trying to allow a group of users to have access to configure their queue specific custom fields. I am probably going about this wrong... and need some direction... Let's say I have a queue called Support, I create a group called Support Users and use that to assign the rights to be able to update tickets, own tickets, etc etc for that queue. I create a group called Support Super Users and this group I want to have the ability to edit the queue's templates, scrips, custom fields etc. I thought you would just go into the configuration tab, select the queue, and give the Support Super Users group access to things like Modify Custom Field, Modify Scrips Modify Template, etc. This doesn't add the configuration menu item on the user's interface... How does that happen? Are they supposed to go through something else to modify the custom field attributes of a queue? Or the scrips of a queue? etc? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston — TBA -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston TBA
[rt-users] What right gives Configuration in the left hand menu
Hi folks, I'm having some difficulties figuring out why my users can't get to the Configuration menu in RT. I've attempted to google/search the rt-users list, but am having a difficult time getting what I want. I'm trying to allow a group of users to have access to configure their queue specific custom fields. I am probably going about this wrong... and need some direction... Let's say I have a queue called Support, I create a group called Support Users and use that to assign the rights to be able to update tickets, own tickets, etc etc for that queue. I create a group called Support Super Users and this group I want to have the ability to edit the queue's templates, scrips, custom fields etc. I thought you would just go into the configuration tab, select the queue, and give the Support Super Users group access to things like Modify Custom Field, Modify Scrips Modify Template, etc. This doesn't add the configuration menu item on the user's interface... How does that happen? Are they supposed to go through something else to modify the custom field attributes of a queue? Or the scrips of a queue? etc? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Boston TBA
Re: [rt-users] Search Format - Take button
Much appreciated to both of you. I didn't think to click on that edit and steal it from there. The search I was wanting to add it to was indeed a search of Owner = Nobody, so Take will always work... But thinking along those lines... could probably add a steal button to searches that show tickets with owners... 'a href=__WebPath__/Ticket/Display.html?Action=Stealamp;id=__idloc(Steal)__/a/TITLE:NBSP' I haven't tested the above, just took what Christopher wrote and adjusted it. Thanks folks! Mike. On Mon, Aug 29, 2011 at 11:55 AM, Andrew Wagner aawag...@wisc.edu wrote: Mike, I think you have to do that through the advanced view. If you look at the default unowned ticket search in advanced view. To do this, click on Edit, then click on the link next to Edit the Predefined Search Itself, then click on the advanced link. The Take feature should be implemented at the bottom of the format window. From there, you can see how they define the location of the Take link and how it is formatted. It looks to use a special location defined specifically for the Take link: __loc(Take)__ Andrew Wagner Assistant Network administratoraawag...@wisc.edu 265-5710 Room 370B Wisconsin Center for Education Research (WCER)www.wcer.wisc.edu On 8/29/2011 10:40 AM, Mike Johnson wrote: Hi everyone, So I'm trying to build a search that I'll put on a dashboard and on my RT At a Glance. I want to have the Take button in it just like the 10 newest unowned widget that is delivered with RT. How do I do that in the query builder? I know I can make the ticket id a link to take it... but I want a seperate button as my users are used to that Take button... Is it possible? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA — September 26 27, 2011 * San Francisco, CA, USA — October 18 19, 2011 * Washington DC, USA — October 31 November 1, 2011 * Melbourne VIC, Australia — November 28 29, 2011 * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA — September 26 27, 2011 * San Francisco, CA, USA — October 18 19, 2011 * Washington DC, USA — October 31 November 1, 2011 * Melbourne VIC, Australia — November 28 29, 2011 * Barcelona, Spain — November 28 29, 2011 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Search Format - Take button
Hi everyone, So I'm trying to build a search that I'll put on a dashboard and on my RT At a Glance. I want to have the Take button in it just like the 10 newest unowned widget that is delivered with RT. How do I do that in the query builder? I know I can make the ticket id a link to take it... but I want a seperate button as my users are used to that Take button... Is it possible? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Right to allow individual to modify owner of a ticket they don't own.
Great!! Thanks Kevin, that is exactly what I was talking about and exactly what I thought. Much appreciated. Mike. On Fri, Aug 12, 2011 at 9:38 AM, Kevin Falcone falc...@bestpractical.comwrote: On Thu, Aug 11, 2011 at 09:50:36PM -0400, Mike Johnson wrote: I'm just curious if there are plans to create a right that can be given out to allow an individual to change the owner on a ticket that is owned by somebody else? I've found some workarounds when googling and searching the listserv... just wondering if it's got enough exposure that it'll make it on the features list eventually or if there is a good reason why it's not there? One of the supervisors that have a queue in our RT is asking. Your description isn't clear, but presumably you mean something other than stealing the ticket and then reassigning the owner? It's been tossed around a few times, but isn't currently a work in progress anywhere. -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA — September 26 27, 2011 * San Francisco, CA, USA — October 18 19, 2011 * Washington DC, USA — October 31 November 1, 2011 * Melbourne VIC, Australia — November 28 29, 2011 * Barcelona, Spain — November 28 29, 2011 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Right to allow individual to modify owner of a ticket they don't own.
I'm just curious if there are plans to create a right that can be given out to allow an individual to change the owner on a ticket that is owned by somebody else? I've found some workarounds when googling and searching the listserv... just wondering if it's got enough exposure that it'll make it on the features list eventually or if there is a good reason why it's not there? One of the supervisors that have a queue in our RT is asking. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] User not visible in RT UI but preventing usage
Hi all, We are using LDAP integration and I'm not able to create an RT account for an LDAP user to give them RT access(non-priv, just to create tickets and use SelfService). RT keeps telling me the account exists, but I can't see it in UI to give it access to RT. In the SQL side, I can see the record in the Users table in the RT database... Any thoughts on why RT won't show me that record on the UI page? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
[rt-users] Updating RT's name
HI all, I'm going through a conversion right now. We are upgrading from 3.2.1 to 3.8.11. We are also updating the hardware... and URL to RT. Old.rt.com new.rt.com So the issue I need to resolve... active tickets from old.rt.com will have emails coming in to update those active tickets. their subject line will have [old.rt.com #ticketid] I need those emails to update the ticket in new.rt.com. But, new.rt.comdoesn't recognize [ old.rt.com #ticketid] it's looking for [new.rt.com #ticketid] There has to be a way to trick RT... Thoughts? Thanks in advance for any input! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] JSGantt Patch Issue
Just a thought... Maybe try 3.8.11 Maybe JSGantt will work there? Good luck! Mike. On Fri, Jul 22, 2011 at 8:47 AM, john s. firesk...@gmx.de wrote: Hello Everybody RT-Extension-JSGantt vers. 0.12 I tried to install JSGannt on rt 3.8.8 . it works tried to install on rt 3.8.9 . doesn't work tried to install on rt 4.0.1 works due to individual cicrumstances we decide to use the rt 3.8.9 version so... steps i have done : 1. installed via readme instruction 2. patch the js file 3. update the css und js file with patching the jsgantt.js and jsgantt.css files .. but due to this process there come severel errors Command: patch -p1 jsgantt.diff Hunk #1 FAILED at 49. 1 out of 1 hunk FAILED -- saving rejects to file html/NoAuth/css/jsgantt.css.rej patching file html/NoAuth/js/jsgantt.js Hunk #1 FAILED at 573. Hunk #2 FAILED at 1113. Hunk #3 FAILED at 1132. Hunk #4 FAILED at 1159. Hunk #5 FAILED at 1247. Hunk #6 FAILED at 1910. Hunk #7 FAILED at 1984. Hunk #8 FAILED at 1992. Hunk #9 FAILED at 2019. 9 out of 9 hunks FAILED -- saving rejects to file html/NoAuth/js/jsgantt.js.rej So whats going wrong here ? best regards john -- View this message in context: http://old.nabble.com/JSGantt-Patch-Issue-tp32115025p32115025.html Sent from the Request Tracker - User mailing list archive at Nabble.com. 2011 Training: http://bestpractical.com/services/training.html -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] Updating RT's name
Hi folks, After googling some more, I have found the solution.. Set($EmailSubjectTagRegex, qr/(?:old RT name|new RT name)/i ); Sorry for the list chatter... hopefully this just makes it easier to find though :D Thanks! Mike. On Fri, Jul 22, 2011 at 9:57 AM, Mike Johnson mike.john...@nosm.ca wrote: HI all, I'm going through a conversion right now. We are upgrading from 3.2.1 to 3.8.11. We are also updating the hardware... and URL to RT. Old.rt.com http://old.rt.com/ new.rt.com So the issue I need to resolve... active tickets from old.rt.com will have emails coming in to update those active tickets. their subject line will have [old.rt.com #ticketid] I need those emails to update the ticket in new.rt.com. But, new.rt.comdoesn't recognize [ old.rt.com #ticketid] it's looking for [new.rt.com #ticketid] There has to be a way to trick RT... Thoughts? Thanks in advance for any input! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] New Queue won't accept requestor replys
Much appreciated Kenn, You were absolutely correct... when looking at it closer... found the simple thing I was missing. The email I was generating was from the autoreply from the ticket creation, which uses the Queue's email address setup in the config of the queue. That email address was missing a character(booking instead of bookings) was throwing me for a loop, I knew it was something simple but I looked at it 1000 times and couldn't see it :( Very much appreciated... if I had hair it would be gone... but your response would allow it to grow back :D Thanks! Mike. On Mon, Jun 27, 2011 at 4:11 PM, Kenneth Crocker kfcroc...@lbl.gov wrote: Mike, On first glance, I'd say the Requestor did NOT include a RT::Queue address when responding. Either the To: or a Cc: or even a Bcc: needs to have the RT Queue address in order for RT to get the response. On TOP of that, the ticket number needs to be referenced in the subject line or RT will create a new ticket with that response instead of putting it into ticket history. That's at First Glance. Hope this helps. Kenn LBNL On Mon, Jun 27, 2011 at 8:32 AM, Mike Johnson mike.john...@nosm.cawrote: Hi folks, I'm missing something simple, but cannot find it. I've setup a new queue. I've set permissions to what I believe most of my other queues have. For some reason a reply by email from a requestor isn't showing up in the ticket. In my testing, I've added the ReplyToTicket right to both places now... Configuration - Global - Group Rights Role - requestor and Configuration - Queue - Group Rights Role - requestor Is there something that would trump this? can you think of something I missed? I've tested a privileged user, existing non-privileged user, and a freshly created(auto by email submission) non-privileged user. In all cases they can create a ticket, can reply to tickets that they are not the requestor of just fine but can't reply to tickets they are the requestor on. Any thoughts on where to look would be appreciated. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html 2011 Training: http://bestpractical.com/services/training.html -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
[rt-users] New Queue won't accept requestor replys
Hi folks, I'm missing something simple, but cannot find it. I've setup a new queue. I've set permissions to what I believe most of my other queues have. For some reason a reply by email from a requestor isn't showing up in the ticket. In my testing, I've added the ReplyToTicket right to both places now... Configuration - Global - Group Rights Role - requestor and Configuration - Queue - Group Rights Role - requestor Is there something that would trump this? can you think of something I missed? I've tested a privileged user, existing non-privileged user, and a freshly created(auto by email submission) non-privileged user. In all cases they can create a ticket, can reply to tickets that they are not the requestor of just fine but can't reply to tickets they are the requestor on. Any thoughts on where to look would be appreciated. Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] RT error “Couldn't load user ''
There is a check box on the user select page that says to search disabled users A non-privileged user is synonymous with a disabled user. I'm not sure of how it's worded on RT4, but in RT3.8.10, at the top of the user select page it says Privileged Users, and at the bottom of the page, where you can enter search criteria Include disabled users in search. I believe the issue that you are running into is that you are attempting to create an RT user with information that matches a currently disabled or non-privileged user, which isn't listed on the user select form as that form only shows Privileged Users. HTH. Mike. On Wed, Jun 22, 2011 at 6:21 AM, Asanka Gunasekera asanka_gunasek...@yahoo.co.uk wrote: Hi Guys, for question 2, when I select the option “Let this user be granted rights (Privileged)” then the user appears on the list through user select page. So is there a privilege that I need to set for user to be listed under user select -- *From:* Asanka Gunasekera asanka_gunasek...@yahoo.co.uk *To:* rt-users@lists.bestpractical.com *Sent:* Wed, 22 June, 2011 15:33:16 *Subject:* Re: [rt-users] RT error “Couldn't load user '' Hi I was playing with the user creation and what I found was, if I don’t have the user that I am going to create in the AD I am getting this error. If I have the user name in the AD the account gets created with out any errors but I don’t see these new users from the RT select user screen. But if I logged on to the from the backend, I can query the users table and I can see them 1. 1. Any idea why I am unable to create any users which are not already in the AD 2. 2. Once I create the user in AD I can created the users without errors, but I am unable to list these new users from RT web interface. (by running select * from rtdb1.users I can list newly created users) -- *From:* Asanka Gunasekera asanka_gunasek...@yahoo.co.uk *To:* rt-users@lists.bestpractical.com *Sent:* Wed, 22 June, 2011 13:55:03 *Subject:* Re: [rt-users] RT error “Couldn't load user '' Hi Kevin, yes I did checked for users and I have tried few users which currently not configured in the Oracle db or AD with the same result that is giving the error RT error “Couldn't load user '' Thanks and Regards -- *From:* Kevin Falcone falc...@bestpractical.com *To:* rt-users@lists.bestpractical.com *Sent:* Tue, 21 June, 2011 18:30:31 *Subject:* Re: [rt-users] RT error “Couldn't load user '' On Tue, Jun 21, 2011 at 04:38:53AM +0100, Asanka Gunasekera wrote: Hi I have installed RT4 and when I try to create a user I am getting an error RT error Couldn't load user '' Are you sure the user doesn't already exist? Go to Tools - Configuration - Users - Select and use either the Go To User box or the search to see if the user you're creating already exists as an unprivileged user. -kevin I read in one of your mailing list replies saying that user was got over this issue by removing Authen::ExternalAuth from plugging. But in my case I am unable to do so since AD authentication is my primary method of authentication. http://lists.fsck.com/pipermail/rt-users/2009-December/062628.html I don't want RT to create users in AD but to create new users in oracle DB Can someone tell me how to get over this problem? Thanks regards 2011 Training: http://bestpractical.com/services/training.html 2011 Training: http://bestpractical.com/services/training.html -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] How you manage cc.
Hi Albert, I thought up a way you could stop some of the chaos that occurs... but this involves a shift in how tickets are created. Form based ticket submission and a hidden RT ticket creation email address - have a seperate email address that actually creates tickets and only allow a form email that address... so end-users can't email it directly, have end-users email another address... and that address check for the RT tag in the subject... if it doesn't find it, dump the email and reply to the end-user saying they have to fill our your form. Not really an out-of-the-box way of doing it, but it would get the job done... Maybe this will spark some ideas on a better way... Good luck! Mike. On Mon, May 16, 2011 at 5:46 AM, Albert Shih albert.s...@obspm.fr wrote: Hi all. I would like to known how you manage your ticket when some user send a message to our-rt-alias and put in cc: lot of users. so when the «lot of users» answer the first mail (not the second one) rt create lots of tickets (each answer). Regards. -- Albert SHIH DIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: lun 16 mai 2011 11:45:39 CEST -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] RTx::EmailCompletion - LDAP setup error and RDBMS not disabling
Typos get me again!! I swear I'm dyslexic... Anyway, I've changed that and I'm still getting the debug line that it's selecting users from the RT database. Set($EmailCompletionLdapServer, 'XX.XX.XX.XX'); Set($EmailCompletionLdapBase, 'dc=mydomain,dc=local'); Set($EmailCompletionLdapUser, 'distinguishedName of user'); Set($EmailCompletionLdapPass, 'pass'); Set($EmailCompletionLdapFilter, '(objectClass=person)'); Set($EmailCompletionLdapAttrSearch, [qw/mail cn/]); Set($EmailCompletionLdapAttrShow, mail); Set($EmailCompletionLdapMinLength, 4); Set($EmailCompletionRdbmsDisable, 1); As you can see, I've simplified my settings a fair bit more to try and get it to work... Still no LDAP values returned(not sure if the extension puts a debug line in showing the bind/search in the logs but that isn't there either), and the RT database is still being used. I restarted httpd after I made the changes, also tried using a completely new browser(in case there was client side caching going on)... is there a cache that needs cleaning on the server? Thanks! Mike. On Tue, May 24, 2011 at 10:11 PM, Roedel, Mark markroe...@letu.edu wrote: Might $EmailCompletionRdbmsDisable be the variable you want here? From: Mike Johnson mike.john...@nosm.camailto:mike.john...@nosm.ca Date: Tue, 24 May 2011 16:34:54 -0400 To: rt-users@lists.bestpractical.commailto: rt-users@lists.bestpractical.com Subject: [rt-users] RTx::EmailCompletion - LDAP setup error and RDBMS not disabling Set($EmailCompletionRdmbsDisable, 1); I have 2 issues I'm seeing now 1. the EmailCompletionRdmbsDisable doesn't seem to effect the lookup on RT's database. In the debug logs I see this [Tue May 24 19:30:01 2011] [debug]: SELECT DISTINCT main.* FROM Users main JOIN Principals Principals_1 ON ( Principals_1.id = main.id http://main.id/ ) WHERE (main.EmailAddress LIKE '%lori%') AND (Principals_1.PrincipalType = 'User') ORDER BY main.Name ASC (/opt/rt3/local/plugins/RTx-EmailCompletion/lib/RTx/EmailCompletion.pm:23) It's still searching RT's database. Now this could be linked to if the LDAP is successful or not... but I would think the LDAP search would show up at least? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Attachments in Resolution email
When you hit resolve, switch the dropdown box on the form from Comment(not sent to requestors) to Reply to requestors. Sounds like this is your only issue. Mike. On Wed, May 25, 2011 at 2:26 AM, Miroslav Horvath aveng...@atlas.sk wrote: Hi Russlan I'm not the programmer, so I'm not very famous with the codes in the 2nd link you've provided. But if you remember, we have bough a single contract in the past for helping us with some incident within company (EON.IThttp://eon.it/ Slovakia - Viktor Franik was the technician on our side) But, we need to have all 3 buttons: Comment, Reply, Resolve within ticket. Comment - using for internal comments within ticket, works with attachment. Reply - when contacting the user without closing ticket, works with attachment. Resolve - closing ticket with a resolution message (we need to have here also attachments). The email templates for Reply and Resolve are different. So if you can navigate me, what to do, to make possible that attachments will be send also with Resolve email template. Ruslan Zakirov-2 wrote: Hi, See the following in FAQ: The 'resolve' Transaction has no content http://requesttracker.wikia.com/wiki/FAQ May be you just need reply on resolve, not comment: http://requesttracker.wikia.com/wiki/ResolveSendsReply In the last case requestors recieve reply and everything attached to it. On Fri, May 20, 2011 at 9:43 AM, Miroslav Horvath aveng...@atlas.sk wrote: Hello I want to ask for help. We are running RT version 3.8.4 and we have problem, that attachments are not sent out with resolution emails. They only work when you make Reply from the ticket. But in more cases we need this option, that when some support agent is closing ticket(RESOLVE), he needs to send with that email also some attachment, and here it doesnt work. Is there any kind of hint or fix ? Q2: Is this needs added in version 4.0 ? BR, Miroslav -- View this message in context: http://old.nabble.com/Attachments-in-Resolution-email-tp31661517p31661517.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- Best regards, Ruslan. -- View this message in context: http://old.nabble.com/Attachments-in-Resolution-email-tp31661517p31696328.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] New RT installation on CentOS
I actually used imap and it worked fine This is an education email account... but I believe it works with all gmail accounts. poll imap.gmail.com proto imap port 993: username user password pass ssl mda /path/to/perl /path/to/rt-mailgate --url http://url.to.rt --queue General --action correspond HTH Mike. On Wed, May 25, 2011 at 5:11 AM, nanastasiou n.anastas...@gmail.com wrote: Thank you. Any idea what I need to change below to configure it with gmail ? # .fetchmailrc poll mail.yourdomain.com proto pop3: username rt password * mda /path/to/perl \ /path/to/rt-mailgate --url http://localhost/ \ --queue general --action correspond Mark Jenks-2 wrote: You would have to enable pop on gmail, and setup fetchmail. http://requesttracker.wikia.com/wiki/POP3Mailgate -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of nanastasiou Sent: Tuesday, May 24, 2011 11:12 AM To: rt-users@lists.bestpractical.com Subject: [rt-users] New RT installation on CentOS Hi, I've been trying to install RT on a new CentOS Server following this guide. http://requesttracker.wikia.com/wiki/CentOS5InstallPlusSome http://requesttracker.wikia.com/wiki/CentOS5InstallPlusSome When comes to the EMAIL section I am not sure how to proceed. We don't use exchange but Gmail to handle all our emails. Can I still use Gmail for emails with RT ? Thanks -- View this message in context: http://old.nabble.com/New-RT-installation-on-CentOS-tp31691158p31691158.html Sent from the Request Tracker - User mailing list archive at Nabble.com. Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation -- View this message in context: http://old.nabble.com/New-RT-installation-on-CentOS-tp31691158p31697173.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] RTx::EmailCompletion - LDAP setup error and RDBMS not disabling
Hi all, Thanks to Kevin for pointing out the EmailCompletion extension. I had a user ask me if I could do this and I hadn't had time to look for it, rt-users list saved me that time! I installed it and got it running, works great with default setup. I'm attempting the LDAP setup and want it NOT to search RT's list(got a bunch of junk emails I don't want anyone to ever use). Here is my config settings... Set($EmailCompletionLdapServer, 'XX.XX.XX.XX'); Set($EmailCompletionLdapBase, 'dc=mydomain,dc=local'); Set($EmailCompletionLdapUser, 'svc_rt'); #Set($EmailCompletionLdapUser, 'cn=service rt,ou=Users,dc=mydomain,dc=local'); Set($EmailCompletionLdapPass, '**'); Set($EmailCompletionLdapFilter, '(objectClass=person)'); Set($EmailCompletionLdapAttrSearch, [qw/mail cn/]); Set($EmailCompletionLdapAttrShow, mail); Set($EmailCompletionLdapMinLength, 4); Set($EmailCompletionRdmbsDisable, 1); I have 2 issues I'm seeing now 1. the EmailCompletionRdmbsDisable doesn't seem to effect the lookup on RT's database. In the debug logs I see this [Tue May 24 19:30:01 2011] [debug]: SELECT DISTINCT main.* FROM Users main JOIN Principals Principals_1 ON ( Principals_1.id = main.id ) WHERE (main.EmailAddress LIKE '%lori%') AND (Principals_1.PrincipalType = 'User') ORDER BY main.Name ASC (/opt/rt3/local/plugins/RTx-EmailCompletion/lib/RTx/EmailCompletion.pm:23) It's still searching RT's database. Now this could be linked to if the LDAP is successful or not... but I would think the LDAP search would show up at least? 2. My LDAP bind fails with the setup above. I get a bind error(below) [Tue May 24 19:30:01 2011] [crit]: Unable to bind to XX.XX.XX.XX: LDAP_INVALID_CREDENTIALS (/opt/rt3/local/plugins/RTx-EmailCompletion/lib/RTx/EmailCompletion/Ldap.pm:24) I put in distinguishedName, as that's what ExternalAuth uses as well. I ran another test now nothing shows up in the error log... so I guess it's binding... but it still doesn't show any results from my LDAP in the popup list, only the ones from RT's database. I also ensured there wasn't a limit on size of the popup and searched for something that only has 1 result from both RT and LDAP databases. Any thoughts? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] How you manage cc.
Albert is actually referring to the email that creates the ticket. John Doe types up an email... To: rt Cc: myboss, hisboss, cio, cao, cfo, grandma, grandpa, thedogdownthestreet Subject: my computer is broken Body: yup it's broken myboss receives 1 or more emails(depending on your scrip setup) The one Albert is saying he gets replies from is From:John Doe To: rt Cc: myboss,hisboss,cio,cao,cfo,grandma,grandpa,thedogdownthestreet Subject: My computer is broken myboss hits reply-all on this email... this creates a new ticket in RT. There is no way for RT to know that the email from John Doe, and the follow email from myboss are actually all in 1 ticket. Now... think down the road, say myboss's reply-all is to hisboss, and hisboss hits reply-all to myboss and asks the cio,cao, AND cfo a question each... and they reply-all to that email. All this communication is being sent to rt, as emails without any [rt#number] in the subject... and each email creates a new duplicate ticket that all needs to be merged in the end... My above example will create 7 tickets... each with 1 correspondence transaction that should all be in 1 ticket a nightmare to manage... The only thing my brain can think of besides education of the users... repeatedly(and that still doesn't work that well), would be to have some sort of scrip that looks at subject lines and original recipent lists and does an auto-merge... that would be one crazy scrip and if anyone writes a working one let me know! Sorry I couldn't be of any help Albert... Mike. On Mon, May 16, 2011 at 12:27 PM, Kenneth Crocker kfcroc...@lbl.gov wrote: Albert, We put instructions in our template that says to NOT use Reply All because RT will take care of all other correspondence. Another way would be to make sure the ticket number is in the subject line. If there is a reference to the ticket number in the subject line [ie. Subject: Request Titled: {$Ticket-Subject} has been created], then RT puts the correspondence with that ticket and doesn't create a new one. If RT doesn't have a ticket number to refer to, it creates a new one. So . if they hit Reply All and there* is a reference *to the ticket number (url+ticket) in the subject line, RT will NOT create a new ticket. Hope this helps. Kenn LBNL On Mon, May 16, 2011 at 2:46 AM, Albert Shih albert.s...@obspm.fr wrote: Hi all. I would like to known how you manage your ticket when some user send a message to our-rt-alias and put in cc: lot of users. so when the «lot of users» answer the first mail (not the second one) rt create lots of tickets (each answer). Regards. -- Albert SHIH DIO batiment 15 Observatoire de Paris Meudon 5 Place Jules Janssen 92195 Meudon Cedex Téléphone : 01 45 07 76 26/06 86 69 95 71 Heure local/Local time: lun 16 mai 2011 11:45:39 CEST -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Name in Use
Services Information Services St. George's, University Of London Cranmer Terrace London SW17 0RE Email: gsoll...@sgul.ac.uk Direct Dial: +44 20 8725 5160 Fax: +44 20 8725 3583 -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] HTTP/HTTPS bug in 4.0?
Hi everyone, I notice this in our 3.8.10 instance of RT as well. Our redirection of all traffic to https picks it up and you continue to browse on port 443. Ruslan mentions that it is a config issue, Searching the Wiki and RT_Config.pm, I found that Set($WebBasedURL, 'https://yourrtinstance.com'); Is what you need to set to ensure your links are formed correctly. I've tested, works as expected. Thanks! Mike. On Wed, May 4, 2011 at 5:06 PM, Stoned Elipot stoned.eli...@gmail.comwrote: Hi, On Wed, May 4, 2011 at 9:49 PM, Alex Vandiver ale...@bestpractical.com wrote: On Wed, 2011-05-04 at 14:27 -0500, Dario Landazuri wrote: We are running an RT instance under https only. I just noticed a small issue - when you're looking at a ticket, the links for a requestor's other tickets are non-https (http://...). On our system, that leads to a 404. Other links in the ticket (creating links, last ticket transaction, etc) all properly go to https://... This does look to be a bug; I'll bounce your mail into the issues.bestpractical.com to track it. - Alex Playing around with a 4.0.0 test clone of a 3.8.10 RT instance I noticed the same thing, both for the requestor's other tickets links and for the related tickets links. Then I noticed that the 3.8.10 instance also exhibits the same behaviour, only it was masqueraded by the web server doing HTTP to HTTPS redirection :-} Cheers, Stoned. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] HTTP/HTTPS bug in 4.0?
Hi, First, apparently I typed it wrong in the config.(added the 'd' to it). The Wiki (http://requesttracker.wikia.com/wiki/ManualInstallation) says $WebBaseURL = http://not.configured:80 http://not.configured/; A variable used to help RT construct URLshttp://requesttracker.wikia.com/index.php?title=URLsaction=editredlink=1that point back to RT. $ WebBaseURLhttp://requesttracker.wikia.com/index.php?title=WebBaseURLaction=editredlink=1is the base of the URL. it should usually include the scheme, the host, and the port if non-standard. That is what led me to the suggestion of setting WebBaseURL.(by the way I tested WebBasedURL as well... that actually works,) although both of these are probably not recommended :D as stated by Ruslan. I then removed the above and set WebPort to 443. Based on Ruslan's comment, this sounds like the recommended way of doing it :D Thanks Ruslan. On Fri, May 6, 2011 at 10:30 AM, Ruslan Zakirov r...@bestpractical.comwrote: Hi, Set WebDomain, WebPath and WebPort properly. In simple case (like yours) you shouldn't set WebBaseURL (it's WebBaseURL, not WebBasedURL). Don't know what you found on the wiki, but information is probably out of date. On Fri, May 6, 2011 at 5:17 PM, Mike Johnson mike.john...@nosm.ca wrote: Hi everyone, I notice this in our 3.8.10 instance of RT as well. Our redirection of all traffic to https picks it up and you continue to browse on port 443. Ruslan mentions that it is a config issue, Searching the Wiki and RT_Config.pm, I found that Set($WebBasedURL, 'https://yourrtinstance.com'); Is what you need to set to ensure your links are formed correctly. I've tested, works as expected. Thanks! Mike. On Wed, May 4, 2011 at 5:06 PM, Stoned Elipot stoned.eli...@gmail.com wrote: Hi, On Wed, May 4, 2011 at 9:49 PM, Alex Vandiver ale...@bestpractical.com wrote: On Wed, 2011-05-04 at 14:27 -0500, Dario Landazuri wrote: We are running an RT instance under https only. I just noticed a small issue - when you're looking at a ticket, the links for a requestor's other tickets are non-https (http://...). On our system, that leads to a 404. Other links in the ticket (creating links, last ticket transaction, etc) all properly go to https://... This does look to be a bug; I'll bounce your mail into the issues.bestpractical.com to track it. - Alex Playing around with a 4.0.0 test clone of a 3.8.10 RT instance I noticed the same thing, both for the requestor's other tickets links and for the related tickets links. Then I noticed that the 3.8.10 instance also exhibits the same behaviour, only it was masqueraded by the web server doing HTTP to HTTPS redirection :-} Cheers, Stoned. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- Best regards, Ruslan. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] Reply not sending email
This could be related to the NotifyActor config setting. If this person was updating the ticket and was the only person that was to receive correspondence, and NotifyActor was set to off, it wouldn't send any emails... HTH Mike. On Thu, May 5, 2011 at 6:08 AM, Matti Taina matti.ta...@otaverkko.fiwrote: Hi everyone. I tried googling for this for a while, so I hope it's not something as trivial as R'ing TFM. What could be the cause for RT not sending email when replying to a ticket? What happened is, that a helpdesk person was trying to reply to a ticket several times, but only on their third try RT sent out the actual email message and printed Outgoing email recorded on the ticket history. The first two trys only resulted in the correspondence entry being printed on the ticket history, but no email was sent and no message of outgoing email was printed. The helpdesk person says that every try was identical and no changes were made on the reply page, other than a change in ticket status (between stalled and open). The RT version is 3.8.8. Thanks in advance, Matti -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for
I agree with Raphael on this one, The error you are seeing is basically saying it cannot find the user based on the searching parameters you used. A useful troubleshooting tool for this would be an LDAP Browser(I used Softerra's). The browser allows you to test your Base DN. My gut feeling is your Base DN is wrong. Good luck! Mike. 2011/4/26 Raphaël MOUNEYRES raphael.mouney...@sagemcom.com Hello, the LDAP answer is clear : User not found in your config you search in this Base: ou=User,dc=xxx,dc=xxx,dc=local are you sure the xxx.xxx.local domain exist in your AD configuration ? or did you change company values to hide from the list ? it looks like you don't have the good parameters between RT and your AD config so you can match and find the USER Raphaël *john s. firesk...@gmx.de* Envoyé par : rt-users-boun...@lists.bestpractical.com 26/04/2011 10:44 A rt-users@lists.bestpractical.com cc Objet Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for Turn your RT debug logging on and check that log to see what it's doing.# Hello mike the rt.log says the following: username: USER , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)pr 26 06:58:11 2011] [debug]: LDAP Search === Base: ou=User,dc=xxx,dc=xxx,dc=local == Filter: ((ObjectClass=*)(sAMAccountName=User)) == Attrs: cn,sAMAccountName (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304) [Tue Apr 26 06:58:11 2011] [debug]: User Check Failed :: ( My_LDAP ) USER User not found (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:318) So sth goes awry Any further hints,clues or advices would be helpfully best regards john s. -- View this message in context: http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31476578.html Sent from the Request Tracker - User mailing list archive at Nabble.com. http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31476578.html # Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés. ** This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. # -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] submit ticket through web interface
Slight hi-jacking... sorry(but it fits the conversation) Has there been an extension developed that customizes the SelfService into a question/answer(database driven) that funnels the ticket to a given queue/owner while populating custom fields? We are currently developing an external form that will do this for us(with the use of ExtractCustomFieldValues), but would love to use something built in RT itself. Thanks! Mike. On Tue, Apr 26, 2011 at 10:57 AM, Kevin Falcone falc...@bestpractical.comwrote: On Tue, Apr 26, 2011 at 04:19:08PM +0200, Albert Shih wrote: Hi all I want open my RT to my user (meaning requestor not owner) to allow them to submit a new ticket. So for the authentication I can use RT::Authen::ExternalAuth to connect our LDAP. But how can I create a special RT at glance for my user ? What I want is : For every user not in a small group (or list that's not important), after they log-on in RT I want a very simple interface to allow user see the ticket they submit and a form to submit a new one. If it's possible to have custom field in this form that's better. And on contrary of the Quick Ticket I don't want to allow the user chose the Owner. Don't make them Privileged, they'll be redirected to http://your.rt.server/SelfService/ which is a very simple UI -kevin -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for
One thing that stands out in your config is your d_filter. I read on the RT wiki somewhere that d_filter for an AD you needed to put what I have below: 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', Read these 2 microsoft support KB to learn more on why http://support.microsoft.com/kb/305144 http://support.microsoft.com/kb/269181 Also, you have tls, ssl_version, group and group_attr commented out. Someone else can correct me, but I believe you need to define those in your settings. Best I can do with my limited knowledge. Good luck! Mike. On Thu, Apr 21, 2011 at 5:31 AM, john s. firesk...@gmx.de wrote: Is it clear what i want? No? okay i try to describe a litte bit more exaclty as far as possible from myself okay my ldapseach command which runs perfectly is: sudo ldapsearch -h xxx.xxx.local -D xxx\User -w password -b 'dc=xxx, dc=local -s sub sAMAccountName=USER So here are my RT Config Parameter again: Set($ExternalSettings,{'My_LDAP' ={ ## GENERIC SECTION 'type' = 'ldap', 'server' = '192.168.123.45', 'user' = 'USER', 'pass' = 'password', 'base' = 'ou=companyou,ou=User,dc=xxx,dc=xxx,dc=local', 'filter' = '(ObjectClass=*)', 'd_filter' = '(userAccountControl=514)' # 'tls'= 0, # 'ssl_version' = 3, 'net_ldap_args' = [version = 3 ], # 'group' = 'Benutzer', # 'group_attr' = 'GROUP_ATTR', 'attr_match_list' = ['Name', #'EmailAddress', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'RealName' = 'cn', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' } } I'll try to find out, which parameter doesn't match with the ldap one ... cause if i try to authorize on rt with an ad user my AD gives the following message out: xxx.xxx.xxx.xxx:2799 NTDS NoneTCP4 32 NonDSE Can't find object 0.0 0 best regards john s. -- View this message in context: http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31448102.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] RT-Authen-ExternalAuth-0.08 which packages i need for
Turn your RT debug logging on and check that log to see what it's doing. I believe the debug log shows you the actual LDAP call it's doing... then you can verify what is failing based on that. Good luck! Mike. On Thu, Apr 21, 2011 at 10:55 AM, john s. firesk...@gmx.de wrote: @Raphael so are you using the good login on RT screen ? Waht do you mean with an good login? @Mike Hello Mike I have readed the 2 Articles and modified my config in such way ... but the same error occurs ... but i have found sth... on my AD, i 'll try to copy the infos which should be necessary ... xxx.xxx.xxx.xxx:2206 NTDS None TCP 4 32 NonDSE Can't find Objekt 0.0 0 0.0 xxx.xxx.xxx.xxx:2200 NTDS None TCP 4 32 NonDSE Can't find Objekt 0.0 0 0.0 thats one of it ... xxx.xxx.xxx.xxx:2200 NTDS None TCP 1 0 NonDSE Sucess 0.0 1 0.0 xxx.xxx.xxx.xxx.2206 NTDS None TCP 1 0 NonDSE Sucess 0.0 1 0.0 This is the same log but i comes a litte bit later i wonder why success And now it comes really strange: Thats the search log Client Instanz Objektname Filtername Reply/s Response Time (ms) CPU% Internal NTDS [](displayName=RT-USER) 0 0 0 0 Internal NTDS [] (displayName=RT-USER) 0 0 00 I don't understand it looks like , that he can't resolve the objectname. best regards john. -- View this message in context: http://old.nabble.com/Re%3A-RT-Authen-ExternalAuth-0.08-which-packages-i-need-for-tp31388437p31450244.html Sent from the Request Tracker - User mailing list archive at Nabble.com. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] can't locate XXX
The Set(@Plugins line was the problem... I had a spelling mistake. Now I'm seeing a different error [Wed Apr 20 08:20:25 2011] [error] Can't call method require without a package or object reference at /opt/rt3/bin/../lib/RT.pm line 670.\nCompilation failed in require at (eval 2) line 1.\n [Wed Apr 20 08:20:25 2011] [error] Can't load Perl file: /opt/rt3/bin/ webmux.pl for server myserver.mydomain.com:0, exiting... By looking at the code in RT.pm, and my very limited Perl knowledge... it seems when it's reading through trying to find all the Plugins defined in the RT_SiteConfig.pm it hiccups on the newly corrected Set(@Plugins...); line for ExtractCustomFieldValues. My Set line is as follows: Set(@Plugins,qw(... RT::Extension::ExtractCustomFieldValues)); As indicated on the wiki page for ExtractCustomFieldValues. I'm trying to figure out exactly what the Set(@Plugins line means(till now, I've simply used what was posted on the wiki, without understanding what each piece of the config line actually means...) but I'm having a hard time googling/searching wiki or rt-users for that information. This page http://requesttracker.wikia.com/wiki/SiteConfig tells you a little bit of the Plugins line, but doesn't define what it means. I'm assuming I'd inherently know this if I knew more about Perl itself... On Wed, Apr 20, 2011 at 1:17 AM, Ruslan Zakirov r...@bestpractical.comwrote: On Tue, Apr 19, 2011 at 9:29 PM, Mike Johnson mike.john...@nosm.ca wrote: When the apache error_log shows an error stating it can't locate a given .pm file in @INC what are my steps to resolve this? Specifically, when I insert the line Set(@Plugins,qw(... RT::Extension::ExtractCustomFieldValues)); into my site config, apache won't start up and complains it cannot find the ExtractCustomFieldValues.pm I searched the lists, and some have said the path to the pm is not in the @INC environment variable and to move the .pm to a place that is. In the error it lists the @INC variable, and /opt/rt3/local/lib or /opt/rt3/lib exist in it In 3.8 @INC should be rt3/local/lib rt3/local/plugins/X/lib rt3/local/plugins/Y/lib rt3/local/plugins/Z/lib rt3/lib If you have set @Plugins to (X Y Z) in the config, but ... * ..., but only some plugins' paths are in the @INC - check config for double Set(@Plugins, ...) * ..., but only some plugins' paths are in the @INC - check above and check permissions on dirs * ..., but none of rt3/local/plugins/.../lib is in the @INC - check above, may be you have earlier 3.8.x release with a bug, upgrade to the latest , so I attempted to move the .pm in question to one of those areas with no luck... Strikes me as odd that I'd have to move this considering I've installed 2 other extensions prior to this one that fired up with out any issues... 100% there is no need in moving files around. Pretty good chances to break things further or complicate future upgrades. Anyone give me a few steps to troubleshoot or try out? Thanks! Mike. -- Best regards, Ruslan. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] can't locate XXX
Ok bare with the long email! Yes, I have a literal ... It's quite amazing how far you can get with an RT setup based on wiki pages and rt-users listserv history without actually knowing ANY Perl what so ever :D I have ExternalAuth and RT-FM setup as other plugins... and all I did with those was follow step by step on the wiki pages/READMEs. For both, I copied and pasted the Set line for the RT_SiteConfig.pm directly from there. So being 100% honest, I never thought of what it is or how it's works, just that the README or wiki told me it was required. Once Ruslan pointed to that line being a potential problem, I realized RTFM wasn't ACTUALLY working... only the RTFM data was there, the functionality wasn't working. I attempted to search for more information on what that line is actually doing, but all I found was the wiki page mentioned in the previous email. Which on that page specifically states you can't have 2 @Plugin sets... that's why RTFM wasn't working... Now with that knowledge, I understand my config line should read Set(@Plugins,qw( RT::Authen::ExternalAuth RT:Extension::ExtractCustomFieldValues )); The original information from Ruslan makes more sense now. I have corrected that, and the new error is back to the Can't locate the .pm in @INC. So now, what I believe that error is telling me is ...RT:Extension::ExtractCustomFieldValues is an abstractual definition of where the ExtractCustomFieldValues.pm is located within one of the paths of the @INC variable. Taking the working ExternalAuth plugin string, which is 'RT::Authen::ExternalAuth', I understand that RT::Authen equates to RT/Authen and ExternalAuth is the .pm That means, as long as @INC has the path before RT/Authen/ExternalAuth.pm we're good! What I don't understand now is how @INC gets /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib I could do a hack, and get it to work with the knowledge I have built now, but I'm looking for the RIGHT way to do it. How do I tell get /opt/rt3/local/plugins/ExtractCustomFieldValues in @INC? And providing I can do the above, the way the tgz file untar's, the .pm file is in that directory, so my Set @Plugins line would look like Set(@Plugins,qw(CustomFieldValues RT:Authen:ExternalAuth)); Sorry for the long email, but I wanted to ensure my assumptions are correct all the way through the troubleshooting logic I've used. Thanks! Mike. On Wed, Apr 20, 2011 at 11:38 AM, Kevin Falcone falc...@bestpractical.comwrote: On Wed, Apr 20, 2011 at 08:45:44AM -0400, Mike Johnson wrote: The Set(@Plugins line was the problem... I had a spelling mistake. Now I'm seeing a different error [Wed Apr 20 08:20:25 2011] [error] Can't call method require without a package or object reference at /opt/rt3/bin/../lib/RT.pm line 670.\nCompilation failed in require at (eval 2) line 1.\n [Wed Apr 20 08:20:25 2011] [error] Can't load Perl file: /opt/rt3/bin/ webmux.pl for server myserver.mydomain.com:0, exiting... This implies you have some junk in your @Plugins, what else are you loading? Set(@Plugins,qw(... RT::Extension::ExtractCustomFieldValues)); Do you have a literal ... in there? Also, normally I recommend the README in an extension over something in the wiki which may be unfortunately out of date (since engineers tend to update the closest docs) When installing, did you run all the steps? Install and initdb (but only once). -kevin By looking at the code in RT.pm, and my very limited Perl knowledge... it seems when it's reading through trying to find all the Plugins defined in the RT_SiteConfig.pm it hiccups on the newly corrected Set(@Plugins...); line for ExtractCustomFieldValues. My Set line is as follows: Set(@Plugins,qw(... RT::Extension::ExtractCustomFieldValues)); As indicated on the wiki page for ExtractCustomFieldValues. I'm trying to figure out exactly what the Set(@Plugins line means(till now, I've simply used what was posted on the wiki, without understanding what each piece of the config line actually means...) but I'm having a hard time googling/searching wiki or rt-users for that information. This page http://requesttracker.wikia.com/wiki/SiteConfig tells you a little bit of the Plugins line, but doesn't define what it means. I'm assuming I'd inherently know this if I knew more about Perl itself... On Wed, Apr 20, 2011 at 1:17 AM, Ruslan Zakirov r...@bestpractical.com wrote: On Tue, Apr 19, 2011 at 9:29 PM, Mike Johnson mike.john...@nosm.ca wrote: When the apache error_log shows an error stating it can't locate a given .pm file in @INC what are my steps to resolve this? Specifically, when I insert the line Set(@Plugins,qw(... RT::Extension::ExtractCustomFieldValues)); into my site config, apache won't start up and complains it cannot find the ExtractCustomFieldValues.pm I searched the lists, and some have said the path
Re: [rt-users] can't locate XXX
Ah... that opens my eyes a bit more... How do I tell get /opt/rt3/local/plugins/ExtractCustomFieldValues in @INC? how did it end up there, that isn't the directory structure for RT plugins. I put it there trying to mimic how ExternalAuth worked. I've backed it out now and used the Makefile for it to place itself where it wants to. It placed the ExtractCustomFieldValues.pm in /opt/rt3/lib/RT/Action So now my Plugin's looks like this Set(@Plugins,qw( RT::Authen::ExternalAuth RT::Action::ExtractCustomFieldValues )); How did you install RT-Extension-ExtractCustomFieldValues I believe you missed a step from the README included with the extension. Please note, you do not ever just untar an extension into /opt/rt3 You untar it into your home or a source directory and follow the directions in the README which will ensure that it is placed into the proper location for RT. -kevin Thank you Kevin, I did not know that! I have backed out what I did, and followed the correct method and it seems my setup is no longer throwing errors and RT can run :D I appreciate the responses and knowledge that I've gained from them. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
Re: [rt-users] can't locate XXX
We are running RT 3.8.10. ExternalAuth is installed as you mentioned below. The version I got was from http://requesttracker.wikia.com/wiki/ExtractCustomFieldValues The link behind newest version always here It extracted to version 1.06 :( no wonder I'm having issues. I have downloaded and installed based on all your previous statements... everything worked smoothly. I wish I knew what I know now I thank you very much! Mike. On Wed, Apr 20, 2011 at 4:05 PM, Kevin Falcone falc...@bestpractical.comwrote: On Wed, Apr 20, 2011 at 03:51:57PM -0400, Mike Johnson wrote: Ah... that opens my eyes a bit more... How do I tell get /opt/rt3/local/plugins/ExtractCustomFieldValues in @INC? how did it end up there, that isn't the directory structure for RT plugins. I put it there trying to mimic how ExternalAuth worked. I've backed it out now and used the That isn't how ExternalAuth works either, it works with a standard make install and would be in local/plugins/RT-Authen-ExternalAuth Makefile for it to place itself where it wants to. It placed the ExtractCustomFieldValues.pm in /opt/rt3/lib/RT/Action That's wrong. What version of RT and the module are you running. 3.06 (newest on CPAN) and 3.8.10 install into local/plugins/RT-Extension-ExtractCustomFieldValues as expected. -kevin So now my Plugin's looks like this Set(@Plugins,qw( RT::Authen::ExternalAuth RT::Action::ExtractCustomFieldValues )); How did you install RT-Extension-ExtractCustomFieldValues I believe you missed a step from the README included with the extension. Please note, you do not ever just untar an extension into /opt/rt3 You untar it into your home or a source directory and follow the directions in the README which will ensure that it is placed into the proper location for RT. -kevin Thank you Kevin, I did not know that! I have backed out what I did, and followed the correct method and it seems my setup is no longer throwing errors and RT can run :D I appreciate the responses and knowledge that I've gained from them. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: [1]mike.john...@nosm.ca References Visible links 1. mailto:mike.john...@nosm.ca -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] can't locate XXX
When the apache error_log shows an error stating it can't locate a given .pm file in @INC what are my steps to resolve this? Specifically, when I insert the line Set(@Plugins,qw(... RT::Extension::ExtractCustomFieldValues)); into my site config, apache won't start up and complains it cannot find the ExtractCustomFieldValues.pm I searched the lists, and some have said the path to the pm is not in the @INC environment variable and to move the .pm to a place that is. In the error it lists the @INC variable, and /opt/rt3/local/lib or /opt/rt3/lib exist in it, so I attempted to move the .pm in question to one of those areas with no luck... Strikes me as odd that I'd have to move this considering I've installed 2 other extensions prior to this one that fired up with out any issues... Anyone give me a few steps to troubleshoot or try out? Thanks! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
[rt-users] 3.2.1 - 3.8.8 any major data schema changes?
Hi all, I'm sitting here with a clean 3.8.8 RT install, and I have our current 3.2.1 that is in use... I want to be kind to my users, and migrate data... but I don't want to spend too much time/resources doing so... Would a backup of the rt database in 3.2.1 and a restore onto 3.8.8 work? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] 3.2.1 - 3.8.8 any major data schema changes?
Is there anywhere on the wiki that documents which releases can be upgraded to from each? I guess basically what Im looking for is the shortest line from 3.2.1 --- 3.8.8 Is there a general rule of thumb? like every 3.x I should look at the UPGRADING? or would I have to dig into the point point releases? Thanks for the insight. I attempted to search the wiki, but I had a hard time even trying to figure out what that is called Mike. On Tue, Aug 10, 2010 at 9:33 AM, Kevin Falcone falc...@bestpractical.comwrote: On Tue, Aug 10, 2010 at 09:09:21AM -0400, Mike Johnson wrote: I'm sitting here with a clean 3.8.8 RT install, and I have our current 3.2.1 that is in use... I want to be kind to my users, and migrate data... but I don't want to spend too much time/resources doing so... Would a backup of the rt database in 3.2.1 and a restore onto 3.8.8 work? You want to have a look at the UPGRADING files. The database structure is not compatible and you will need to run the various scripts described in UPGRADING. -kevin Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Email notification question
After you checked the box, did you hit save at the VERY bottom of the page? That will refresh the page, and move those that you checked to the This message will not be sent to box. I forget to do that the odd time... makes for some interesting communication back... especially when I'm not so politically correct when I am not sending the end-users :P but they get it hahahaha. HTH Mike. On Tue, Aug 10, 2010 at 3:54 PM, Kenneth Crocker kfcroc...@lbl.gov wrote: To List, I have a question about a situation that occurred just recently in my (3.8.7) RT session. I have a scrip that notifies CC watchers on Correspondence along with one that notifies AdminCC and the Requestor. When I went to the Reply page to enter my text I saw the check boxes at the bottom of the screen that indicated who would get a notification due to what scrip. I checked the boxes for the CC watchers and yet they *still* got an email. Has anyone else had this problem? I checked that those recipients were not in any other group or role that was also to get a notification for that Queue/Ticket (*no other* Queue watchers or Ticket CC's) They were not. I'm stumped. Kenn LBNL RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] i cant see RTFM button
After installing RTFM, did you empty your Mason cache as instructed in the install instructions on the wiki? I think I had this problem when I forgot to do that. HTH Mike. On Sun, Aug 8, 2010 at 7:51 AM, armin imani armin.im...@gmail.com wrote: hi i completed the instalation readme file completly but i cant see RTFM button in rt for starting it how can i solve this? -- Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT 3.8 Active Directory integration and single sign-on
already been created within RT. Once in RT as root, I am unable to create a new user. I get the error *User could not be created: Could not set user info*. I've tried the solution mentioned in this thread -- http://www.gossamer-threads.com/lists/rt/users/94218 to get RT to auto-create users, but to no avail. Note that when I uncomment the statement Set($WebExternalAuto,1); and restart apache the RT login screen provides no login box in which to enter a username or a password. Any advice would be greatly appreciated. Below is my RT configuration. #Begin /opt/rt3/etc/RT_SiteConfig.pm tail ... # The following two statements support single sign-on. # but I have commented them out for now since they are # said to conflict with the ExternalAuth extension. # See http://wiki.bestpractical.com/view/ExternalAuth. # Tell RT to trust the webserver to handle authentication. # Set($WebExternalAuth, 3); # If the webserver hands RT a user RT is not # familiar with, RT should just go ahead and # create an account. # Set($WebExternalAuto, 1); ... # Include the configuration for the ExternalAuth extension. require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm; Set($AutoCreate,{Privileged = 0}); 1; #End /opt/rt3/etc/RT_SiteConfig.pm #Begin /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm in its entirety. Set($ExternalAuthPriority, [ 'Heapy_AD_LDAP' ] ); Set($ExternalInfoPriority, [ 'Heapy_AD_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS,0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'Heapy_AD_LDAP' = { 'type' = 'ldap', 'server'= 'serverxyz.domain.domainSuffix', 'user' = 'cn=ldap,ou=Services,dc= domain,dc=domainSuffix', 'pass' = 'the_ldap_password', 'base' = 'dc=domain,dc= domainSuffix', 'filter'= '((ObjectCategory=User)(ObjectClass=Person))', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', # 'tls' = 0, #'ssl_version' = 3, 'net_ldap_args' = [version = 3 ], 'group' = 'cn=group,ou=Services,dc= domain,dc=domainSuffix', 'group_attr'= 'member', 'attr_match_list' = [ 'Name', 'EmailAddress' ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' } } } ); Set(@Plugins, qw(RT::Authen::ExternalAuth)); 1; #End /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
filter is your LDAP query string to determine if a particular CN is a user. If you are connecting to an AD it would be ((objectCategory=User) (Object Class=Person)) d_filter is your LDAP query to determine disabled users. If you are connecting to an AD it would be a bitmask like so (userAccountControl:1.2.840.113556.1.4.803:=2) group is your LDAP CN that all your RT users would be a part of. This should be the full CN group_attr is the attribute of the user CN that determines what groups they are in. In AD this would be member One thing I would test is getting an LDAP browser and connecting using the same info you are attempting to connect with in RT, verify the user you are using works... Then troubleshoot from there.. Good luck! Mike. On Mon, Aug 2, 2010 at 8:08 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: And here, another logs generate with debug: [Mon Aug 2 12:05:00 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.blanked.fr(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) [Mon Aug 2 12:05:00 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:00 2010] [error]: FAILED LOGIN for anthony.brodard from 10.1.104.30 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) [Mon Aug 2 12:05:01 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92) [Mon Aug 2 12:05:01 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) [Mon Aug 2 12:05:01 2010] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Mon Aug 2 12:05:01 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (My_LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Mon Aug 2 12:05:01 2010] [debug]: UserExists params: username: anthony.brodard , service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) [Mon Aug 2 12:05:01 2010] [crit]: Apache2::RequestIO::rflush: (103) Software caused connection abort at /usr/local/share/perl/5.10.0/HTML/Mason/ApacheHandler.pm line 1020 (/opt/rt3/bin/webmux.pl:168) 2010/7/29 Mike Johnson mike.john...@nosm.ca make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.com wrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy
Re: [rt-users] ExternalAuth workaround? while waiting for 0.9
Would this also ensure that when LDAP finds the matching email in RT's users, it'll update the other info to what LDAP has?(essentially overwriting the email address as username that was set when a non-user emails RT) On Thu, Jul 29, 2010 at 9:46 AM, Kenneth Marshall k...@rice.edu wrote: On Thu, Jul 29, 2010 at 09:36:33AM -0400, Mike Johnson wrote: Greetings all, Has anyone that is using ExternalAuth developed a workaround for the new user creation issue with ExternalAuth? The issue was outlined in another rt-user message(I can't seem to find now). It relates to when non-privleged users are created through the creation of a ticket from an email, and then they login using LDAP. The email generates a user with username and email address as their email address. ExternalAuth throws an error when it attempts to create the new user, as a user already exists with the same email address. I need ExternalAuth to find the user that has the same email address, and change that user's info to the info it grabs from LDAP. If I was a perl programmer, I'd figure out how to customize it myself, but unfortunately, I'm just stepping into that world... most perl stuff i use, I've borrowed from the web :P Has anyone developed a workaround? The only thing I can think of, is taking all LDAP users, and loading them into RT with their info, and everytime a new user is created in LDAP, they get created in RT... but that seems like a fair amount of work Thanks! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Hi Mike, We use a customized version of the CanonicalizeEmailAddress() function which looks up the E-mail address in the LDAP directory and maps it to their primary E-mail address before creating the account. Then it does not conflict with the ExternalAuth process which will then pull the same information. Here is our version which should give you some ideas: sub CanonicalizeEmailAddress { my $self = shift; my $email = shift; # Leave some addresses intact if ( $email =~ /[\w-...@mysafe1.rice.edu$/ ) { return ($email); } if ( $email =~ /[\w-...@mysafe2.rice.edu$/ ) { return ($email); } # Example: the following rule would treat all email # coming from a subdomain as coming from second level domain # foo.com if ( my $match = RT-Config-Get('CanonicalizeEmailAddressMatch') and my $replace = RT-Config-Get('CanonicalizeEmailAddressReplace') ) { $email =~ s/$match/$replace/gi; } $email .= '@rice.edu' if ($email =~ /^[\w-]+$/); # # Now we should have an Email address that is of the form a...@rice.edu # Use LDAP to map this to the primary vanity Email alias. my $params = ( Name = undef, EmailAddress = undef); my $ldap = new Net::LDAP($RT::LdapServer) or $RT::Logger-critical(CanonicalizeEmailAddress: Cannot connect to LDAP\n), return ($email); my $mesg = $ldap-bind(); if ($mesg-code != LDAP_SUCCESS) { $RT::Logger-critical(CanonicalizeEmailAddress: Unable to bind to $RT::LdapServer: , ldap_error_name($mesg-code), \n); return ($email); } # First check to see if the E-mail address uniquely characterizes the # user. If so, update the information with the LDAP query results. my $filter = (mailAlternateAddress=$email); $mesg = $ldap-search(base = $RT::LdapBase, filter = $filter, attrs = [ $RT::LdapMailAttr ]); if ($mesg-code != LDAP_SUCCESS and $mesg-code != LDAP_PARTIAL_RESULTS) { $RT::Logger-critical(Unable to search in LDAP: , ldap_error_name($mesg-code), \n); return ($email); } # The search succeeded with just one match if ($mesg-count == 1) { $email = ($mesg-first_entry-get_value($RT::LdapMailAttr))[0]; } $mesg = $ldap-unbind(); if ($mesg-code != LDAP_SUCCESS) { $RT::Logger-critical(Could not unbind from LDAP: , ldap_error_name($mesg-code), \n); } undef $ldap; undef $mesg; return ($email); } You will also need these somewhere ahead of there use: use Net::LDAP; use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS); use Net::LDAP::Util qw (ldap_error_name); use Net::LDAP::Filter; We have them at the top under use strict. Cheers, Ken -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] ExternalAuth workaround? while waiting for 0.9
Ah, so this is called everytime a new user emails the system? (sorry, still learning how RT even works :P never mind how it's coded hehe) On Tue, Aug 3, 2010 at 11:08 AM, Kenneth Marshall k...@rice.edu wrote: On Tue, Aug 03, 2010 at 10:59:15AM -0400, Mike Johnson wrote: Would this also ensure that when LDAP finds the matching email in RT's users, it'll update the other info to what LDAP has?(essentially overwriting the email address as username that was set when a non-user emails RT) The function looks up the E-mail address in the LDAP directory and if it is found looks up the corresponding primary E-mail address and uses that instead. Then the rest of the ExternAuth piece populates the other information for the user from the directory using that E-mail address. Cheers, Ken -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. On Thu, Jul 29, 2010 at 4:04 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: Hi Mike, thanks to help me! I've turned on RT's debug mode ( addSet($LogToFile, '*debug*'); Set($LogDir, '/var/log/rt'); in my RT_Siteconfig.pm). Now, when I try to loggin with a LDAP account, this lines are written in my log file: [Thu Jul 29 07:46:08 2010] [debug]: Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14) [Thu Jul 29 07:46:08 2010] [debug]: Attempting to use external auth service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64) [Thu Jul 29 07:46:08 2010] [debug]: Calling UserExists with $username (anthony.brodard) and $service (LDAP) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105) [Thu Jul 29 07:46:08 2010] [debug]: UserExists params: username: anthony.brodard , service: LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274) *[Thu Jul 29 07:46:30 2010] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj : Cannot connect to ldap.[Blanked].fr (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:437) * [Thu Jul 29 07:46:30 2010] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26) [Thu Jul 29 07:46:30 2010] [error]: FAILED LOGIN for anthony.brodard from [IP] (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) I try a telnet on server: [rt-test]~ # telnet ldap.[Blanked].fr 636 Trying [IP]... Connected to ldap.[Blanked].fr. Escape character is '^]'. Maybe RT use the LDAP's default port (389), not the LDAPS (636). How can i see it or modify in RT_Siteconfig.pm ? Regards, Anthony 2010/7/28 Mike Johnson mike.john...@nosm.ca Hi, Try turning on RT's logging in debug mode. That helped me figure out what was going on with my ExternalAuth. In the log, before the FAILED line you should see a few lines showing you if it's connecting to your LDAP, finding user etc. Work from there! Mike. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] ExternalAuth workaround? while waiting for 0.9
Greetings all, Has anyone that is using ExternalAuth developed a workaround for the new user creation issue with ExternalAuth? The issue was outlined in another rt-user message(I can't seem to find now). It relates to when non-privleged users are created through the creation of a ticket from an email, and then they login using LDAP. The email generates a user with username and email address as their email address. ExternalAuth throws an error when it attempts to create the new user, as a user already exists with the same email address. I need ExternalAuth to find the user that has the same email address, and change that user's info to the info it grabs from LDAP. If I was a perl programmer, I'd figure out how to customize it myself, but unfortunately, I'm just stepping into that world... most perl stuff i use, I've borrowed from the web :P Has anyone developed a workaround? The only thing I can think of, is taking all LDAP users, and loading them into RT with their info, and everytime a new user is created in LDAP, they get created in RT... but that seems like a fair amount of work Thanks! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
make sure you reply to the list, very important to share all this so others can learn. The only thing I could think of is your LDAP settings are incorrect somewhere. Some things I found when I was setting things up 1. user = the fully qualified CN of the user(ie CN=Mike Johnson,OU=Users,OU=mycompany,OU=mydomain,OU=local 2. filter and d_filter have to have valid settings 3. Group/Group_Attr had to have settings. I was binding to an AD, so I'm not 100% on 3 if it isn't an AD... but 1 and 2 hold true for any LDAP. HTH Mike. On Thu, Jul 29, 2010 at 9:38 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: TLS argument is already sets to 1. I don't know how to see if it's the ldap's server which refuses the connection, or it's an other problem. 2010/7/29 Mike Johnson mike.john...@nosm.ca Oops, looking at it again, i was looking at the mysql config part, not ldap. i think the only way you can adjust what port you are connecting to through LDAP is specifying if it's TLS or not(I believe TLS is 636? google to confirm). You said you are supposed to be connecting on 636, so set the tls argument in your LDAP settings to 1. restart apache and give it a shot. Good luck! Mike. On Thu, Jul 29, 2010 at 8:48 AM, Mike Johnson mike.john...@nosm.cawrote: If you read the ExternalAuth's RT_SiteConfig.pm in /RTROOT/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm It shows you how to set the port you are connecting on. Set that to the port your LDAP server is listening to. Good luck MIke. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RTAddressRegexp - not clear to me
RT could do that, but that wouldn't catch any email addresses that forward stuff to an RT email address, or if using fetchmail, that forward stuff to an email address RT pulls from. On Tue, Jul 27, 2010 at 5:02 PM, Joseph Spenner joseph85...@yahoo.comwrote: If life gives you lemons, keep them-- because hey.. free lemons. --- On *Tue, 7/27/10, Mike Johnson mike.john...@nosm.ca* wrote: From: Mike Johnson mike.john...@nosm.ca Subject: Re: [rt-users] RTAddressRegexp - not clear to me To: Joseph Spenner joseph85...@yahoo.com Cc: rt-users@lists.bestpractical.com Date: Tuesday, July 27, 2010, 2:35 PM It's really a safeguard, because not everyone that uses your RT instance is smart enough to prevent loops from happening. And my example showed 2 queues... but you only need email address and a goofy user for a loop to happen that will cripple the system. I've had end-users reply to an email coming from Mike Johnson via RT(which the Reply-To: on those emails is helpd...@nosm.cahttp://mc/compose?to=helpd...@nosm.ca) and cc helpd...@nosm.ca http://mc/compose?to=helpd...@nosm.ca. If you use the ParseNewMessageForTicketCcs, the above can become quite troublesome without RTAddressRegexp, as it would append helpd...@nosm.cahttp://mc/compose?to=helpd...@nosm.caas a Cc email address, which would then email out to helpd...@nosm.ca http://mc/compose?to=helpd...@nosm.ca whenever you do correspondence that a Cc would see... Hope that helps! Mike. Why couldn't the application simply query the database to figure out what the queue email addresses are, and don't permit them to be a recipient? Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication with LDAPS
Hi, Try turning on RT's logging in debug mode. That helped me figure out what was going on with my ExternalAuth. In the log, before the FAILED line you should see a few lines showing you if it's connecting to your LDAP, finding user etc. Work from there! Mike. On Wed, Jul 28, 2010 at 3:23 AM, Anthony BRODARD brodard.anth...@gmail.comwrote: Hi, I've installed RT 3.8.7 on a debian lenny with the manual procedure listed here: http://wiki.bestpractical.com/view/ExternalAuth So, now i try to configure my RT_Siteconfig.pm to acces at RT via my LDAPS serveur. This is a part of my configuration: #PLUGINS: Set(@Plugins,(qw( RT::Extension::MandatorySubject RT::Extension::MandatoryRequestor RT::Extension::SearchResults::XLS RT::Extension::UserDetails RT::FM RT::IR RTx::Tags RT::Extension::WatchedQueues RT::Extension::ServiceUpdates RT::Authen::ExternalAuth ))); # AUTHENTICATION Set($ExternalAuthPriority, ['LDAP',] ); Set($ExternalInfoPriority, ['LDAP',] ); Set($ExternalServiceUsesSSLorTLS, 1); # DATABASES CONFIGURATION Set($ExternalSettings, { 'LDAP' = { 'type' = 'ldap', 'server'= 'ldap.BLANKED', 'user' = 'BLANKED', 'pass' = 'BLANKED', 'base' = 'dc=blanked,dc=fr', 'filter'= '(uid=*)', 'd_filter' = '(objectClass=foobar)', 'tls' = 1, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3 ], # 'group' = 'GROUP-NAME', # 'group_attr'= 'GROUP_ATTR', 'attr_match_list' = 'uid', 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', # 'Organization' = '', 'RealName' = 'cn', # 'ExternalAuthId' = '', # 'Gecos' = '', # 'WorkPhone' = 'telephonenumber', # 'Address1' = '', # 'City' = '', # 'State' = '', # 'Zip' = '', # 'Country' = '' } } }, ); 1; When i try to log on, i have a message which said that m'y username or my password isn't correct. In the log files (/var/log/apache2/error.log), i have only : [Tue Jul 27 14:35:28 2010] [error]: FAILED LOGIN for anthony.brodard from MY_IP (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424) Do you know where is the mistake? After that, i want to activate a session's timeout on RT with mod_perl. Do you know how can i do? Regards, Anthony BRODARD Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] ExternalAuth - is there a way to assign groups based on LDAP group when creating the RT user?
As the subject says, I'm looking for a way that ExternalAuth can assign groups when it creates the RT user based on group info in the LDAP. For example, in LDAP John Doe is part of a group called Supportstaff. in RT, when John Doe logs in, I want his user to be added to the group support so that he'll automatically get access to whatever support has access to in RT. I love that LDAP can be used to authenticate, but I don't see how I can setup permissions for LDAP users until they've logged into RT once, so the account is visible in RT to add to groups Any help would be appreciated. Thanks! -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] How to setup sendmail to use external SMTP
Greetings all, I figured I'd just post this to the listserv, so it's archived for others to search on. If you ever want to change sendmail to use an external SMTP so that RT can just be configured to use sendmail, and the rest will flow easily after... * Change directory to where your sendmail configuration files (sendmail.mc and sendmail.cf) are located, usually /etc/mail/. Create a safe subdirectory (suggested name auth/): # mkdir auth # chmod 700 auth Create a filehttp://www.linuxforums.org/forum/debian-linux-help/32459-how-set-up-sendmail-use-external-smtp.html#with your authentication information (suggested name auth/client-info): #cd auth #touch client-info INSIDE THAT FILE PLACE THE FOLLOWING: AuthInfo:your.isp.net U:root I:user Password filling in your ISP's mail server, your user name, and your password. (Note: Earthlink, and perhaps other ISP's, requires your full e-mail address as a user name.) Generate the authentication databasehttp://www.linuxforums.org/forum/debian-linux-help/32459-how-set-up-sendmail-use-external-smtp.html#and make both files readable only by root: # makemap hash client-info client-info # chmod 600 client-info* # cd .. Add the following lines to your sendmail.mc file, filling in your ISP's mail server: define(`SMART_HOST',`your.isp.net')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl Generate sendmail.cf: # m4 sendmail.mc sendmail.cf Restart the sendmail daemon, e.g., (this depends on your OS, this works for redhat and CentOS): # service sendmail restart This was from http://www.linuxforums.org/forum/debian-linux-help/32459-how-set-up-sendmail-use-external-smtp.html but I thought I'd copy/paste should the resource not exist in the future. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Configure Fetchmail to create tickets
In your fetchmail config, you tell fetchmail to send the emails it grabs to a specific process. For RT to create a ticket from an email, you need to give the email to rt-mailgate. You do this through the fetchmail config file. This is an example of one grabbing email from a google apps account and sending it to rt-mailgate poll imap.gmail.com proto imap port 993: username helpd...@mydomain.com password mypassword ssl mda /usr/bin/perl /opt/rt3/bin/rt-mailgate --url http://rt.mydomain.com --queue General --action correspond Hope that helps. Mike. On Wed, Jul 28, 2010 at 1:08 PM, George Simpson simpsongeorg...@gmail.comwrote: Hello again. We finally got fetchmail to work! thanks to everyone who helped, it now is up and running. However, we hit a snag while trying to set it up so that people just sent emails to helpd...@myurl.com and it creates a ticket. I think we have to set up aliases in fetchmail so that that email address is forwarded to the RT helpdesk queue, but I cannot seem to find out how to do it. Is there any documentation about doing this anywhere? I cannot seem to find it here nor with the all-powerful google. Thanks in advance, and I really appreciate everyones help! George Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Configure Fetchmail to create tickets
Yes, this all goes into the .fetchmailrc file for the user executing fetchmail, and yes, you'd have to adjust the settings to point to your various pieces like perl, mailgate, RT url(note mine doesn't end with /rt3), and obviously the email server you are needing to pull emails from. HTH. Mike. On Wed, Jul 28, 2010 at 2:24 PM, George Simpson simpsongeorg...@gmail.comwrote: Thanks for the reply! I am really new to all of this, I just became an Intern at this company after one year of college and they asked me to set up RT. The poll imap.gmail.com proto imap port 993: username helpd...@mydomain.com password mypassword ssl mda /usr/bin/perl /opt/rt3/bin/rt-mailgate --url http://rt.mydomain.com --queue General --action correspond goes in the fetchmail.conf file right? I can do something like that for the .fetchmailrc file, if that is the right one. The difference is that our rt-mailgate path is usr/sbin/rt-mailgate is that all I put for usr/bin/perl /opt/rt3/bin/rt-mailgate? Thanks for the help, and sorry for the complete lack of knowledge. George On Wed, Jul 28, 2010 at 11:09 AM, Mike Johnson mike.john...@nosm.cawrote: In your fetchmail config, you tell fetchmail to send the emails it grabs to a specific process. For RT to create a ticket from an email, you need to give the email to rt-mailgate. You do this through the fetchmail config file. This is an example of one grabbing email from a google apps account and sending it to rt-mailgate poll imap.gmail.com proto imap port 993: username helpd...@mydomain.com password mypassword ssl mda /usr/bin/perl /opt/rt3/bin/rt-mailgate --url http://rt.mydomain.com--queue General --action correspond Hope that helps. Mike. On Wed, Jul 28, 2010 at 1:08 PM, George Simpson simpsongeorg...@gmail.com wrote: Hello again. We finally got fetchmail to work! thanks to everyone who helped, it now is up and running. However, we hit a snag while trying to set it up so that people just sent emails to helpd...@myurl.com and it creates a ticket. I think we have to set up aliases in fetchmail so that that email address is forwarded to the RT helpdesk queue, but I cannot seem to find out how to do it. Is there any documentation about doing this anywhere? I cannot seem to find it here nor with the all-powerful google. Thanks in advance, and I really appreciate everyones help! George Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Configure Fetchmail to create tickets
If you copy/pasted, the error would be you are missing a / infront of your perl path... not sure if you just missed that when you copy/pasted or not... On Wed, Jul 28, 2010 at 3:21 PM, George Simpson simpsongeorg...@gmail.comwrote: Hi, It's still passing syntax errors, I have verified that the paths are right, but its finding problems with the perl path. Is there anything that I am doing wrong? I posted the line in my previous post. On Wed, Jul 28, 2010 at 12:02 PM, Mike Johnson mike.john...@nosm.cawrote: Yes, this all goes into the .fetchmailrc file for the user executing fetchmail, and yes, you'd have to adjust the settings to point to your various pieces like perl, mailgate, RT url(note mine doesn't end with /rt3), and obviously the email server you are needing to pull emails from. HTH. Mike. On Wed, Jul 28, 2010 at 2:24 PM, George Simpson simpsongeorg...@gmail.com wrote: Thanks for the reply! I am really new to all of this, I just became an Intern at this company after one year of college and they asked me to set up RT. The poll imap.gmail.com proto imap port 993: username helpd...@mydomain.com password mypassword ssl mda /usr/bin/perl /opt/rt3/bin/rt-mailgate --url http://rt.mydomain.com --queue General --action correspond goes in the fetchmail.conf file right? I can do something like that for the .fetchmailrc file, if that is the right one. The difference is that our rt-mailgate path is usr/sbin/rt-mailgate is that all I put for usr/bin/perl /opt/rt3/bin/rt-mailgate? Thanks for the help, and sorry for the complete lack of knowledge. George On Wed, Jul 28, 2010 at 11:09 AM, Mike Johnson mike.john...@nosm.cawrote: In your fetchmail config, you tell fetchmail to send the emails it grabs to a specific process. For RT to create a ticket from an email, you need to give the email to rt-mailgate. You do this through the fetchmail config file. This is an example of one grabbing email from a google apps account and sending it to rt-mailgate poll imap.gmail.com proto imap port 993: username helpd...@mydomain.com password mypassword ssl mda /usr/bin/perl /opt/rt3/bin/rt-mailgate --url http://rt.mydomain.com--queue General --action correspond Hope that helps. Mike. On Wed, Jul 28, 2010 at 1:08 PM, George Simpson simpsongeorg...@gmail.com wrote: Hello again. We finally got fetchmail to work! thanks to everyone who helped, it now is up and running. However, we hit a snag while trying to set it up so that people just sent emails to helpd...@myurl.com and it creates a ticket. I think we have to set up aliases in fetchmail so that that email address is forwarded to the RT helpdesk queue, but I cannot seem to find out how to do it. Is there any documentation about doing this anywhere? I cannot seem to find it here nor with the all-powerful google. Thanks in advance, and I really appreciate everyones help! George Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Configure Fetchmail to create tickets
All I can say is that there is something syntatically wrong with your fetchmailrc file... You have to figure out what you got wrong there. man fetchmail and read up on the file to ensure everything is sound in there. HTH Mike. On Wed, Jul 28, 2010 at 5:11 PM, George Simpson simpsongeorg...@gmail.comwrote: I found it, the path is correct. [r...@ec02 ~]# find / -name rt-mailgate -print /usr/sbin/rt-mailgate /tmp/rt-3.8.8/bin/rt-mailgate /etc/smrsh/rt-mailgate -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] ExternalAuth - loading fine but isn't authenticating to LDAP
Wow. 3 days of on/off debugging and getting frustrated, for a spelling mistake... hahahaha, Much appreciated Kevin. I can now login using an AD Account and it creates it properly in RT. Thanks! Mike. On Mon, Jul 26, 2010 at 5:03 PM, Kevin Falcone falc...@bestpractical.comwrote: On Mon, Jul 26, 2010 at 04:25:21PM -0400, Mike Johnson wrote: [Mon Jul 26 19:52:58 2010] [warning]: DBD::mysql::st execute failed: Unknown column 'Priviledged' in 'field list' at /usr/lib/perl5/site_perl/5.8.8/DBIx/SearchBuilder/Handle.pm The column is Privileged, not Priviledged. I'm going to assume you've misconfigured something, possibly the AutoCreate setting. Again, I am no perl wiz, and I'm just making guesses as to whats wrong based on these logs... RTFM might work with 3.8.8, I just can't get mine to work. RTFM has a bug with 3.8.8, I just failed to see what it had to do with your RT-Authen-ExternalAuth problems. You can pull a patch from the rtfm repo or wait for 2.4.3rc1 to be released. There should be links if you search the list archives. -kevin Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RTAddressRegexp - not clear to me
You need to include both, the queue email addresses, AND anything that forwards email to RT. That setting prevents RT from sending emails that will loop infinitely in your system. For example. RT is setup with the basic autoreply, and reply on correspondence etc. RT has 2 queues, supp...@here.com goes to general, and i...@here.com goes to IT queue. If i...@here.com emails supp...@here.com the general queue will autoreply to i...@here.com which will create a ticket and autoreply to supp...@here.comwhich will create a ticket and auto-reply to i...@here.com etc etc etc Big loop, never ending, blow up RT :P If you set the regular expression to supp...@here.com when RT emails out, it'll filter any emails going to supp...@here.com. This will ensure no loop happens. SO to recap, RTAddressRegexp has to be a regular expression that ALL email addresses that send stuff to RT will validate through. Hope this helps! Mike. On Tue, Jul 27, 2010 at 1:35 PM, Joseph Spenner joseph85...@yahoo.comwrote: Upon nearly completing my RT installation, and running: # make initialize-database I got the message: == [Tue Jul 27 17:12:29 2010] [error]: The RTAddressRegexp option is not set in the config. Not setting this option results in additional SQL queries to check whether each address belongs to RT or not. It is especially important to set this option if RT recieves emails on addresses that are not in the database or config. (/home/packages/rt-3.8.8/sbin/../lib/RT/Config.pm:343) Now inserting data Done inserting data Done. == If I have 3 queues, ie: support-h...@bob.domain.com sales-h...@bob.domain.com it-reque...@bob.domain.com Do I need to list all those addresses (and any future addresses) in that RTAddressRegexp option ? Or is this only if I have something at (ie:) h...@jack.somewhere.com forwarding to my RT system in which case I'd want to add: h...@jack.somewhere.com to the RTAddressRegexp option ? Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] ExternalAuth - process to give privleged users access
Greetings all, This is more of a process question to those that are using ExternalAuth with their LDAP, and needing to assign Group permissions within RT. How do you go about doing this? As of right now, the only way I can see, is making the end-user login once so they exist in RT for me to be able to assign permissions to that user. Is there a way that user can exist BEFORE they login using ExternalAuth and Auto create privleged? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Two RT installations
Based on the setup I just did for my new server, I would have to say yes... few things you'd need to do(just off the top of my head... probably more gotchas) - have mulitple install instances of RT ie /opt/rt3-live and /opt/rt3-test - have multiple mysql instances OR change the database name of RT before installation(I think having multiple mysql installs would be easier. IF multiple instances, obviously have to change the port for each - would have to have both RTs setup in your httpd.conf - can probably use the same fetchmail(if you are using fetchmail), if you aren't using fetchmail, I don't know how you'd do it. Everything else could probably be reused... good luck! Mike. On Mon, Jul 26, 2010 at 3:06 PM, foram goram foramgo...@yahoo.com wrote: Hi, Is it possible to have two RT installations on the same server? If yes, how?. Thanks Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] ExternalAuth - loading fine but isn't authenticating to LDAP
', 40, 'Priviledged', 1, 'RealName', 'Test User', 'EmailAddress', 'test.u...@normed.ca', ...) called at /opt/rt3/bin/../lib/RT/User_Overlay.pm line 195 RT::User::Create('RT::User=HASH(0x2b8876d75580)', 'Priviledged', 1, 'Name', 'testuser', 'Gecos', 'testuser') called at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm line 124 RT::Authen::ExternalAuth::DoAuth('HASH(0x2b88754ecc70)', 'testuser', 'password') called at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth line 25 HTML::Mason::Commands::__ANON__('pass', 'password', 'user', 'testuser') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135 HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x2b8875502fc0)', 'pass', 'password', 'user', 'testuser') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1297 eval {...} called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1292 HTML::Mason::Request::comp('undef', 'undef', 'pass', 'password', 'user', 'testuser') called at /opt/rt3/bin/../lib/RT/Interface/Web/Request.pm line 180 RT::Interface::Web::Request::callback('RT::Interface::Web::Request=HASH(0x2b8879903140)', 'pass', 'password', 'user', 'testuser', 'CallbackName', 'Auth', 'CallbackPage', '/autohandler', ...) called at /opt/rt3/bin/../lib/RT/Interface/Web.pm line 202 RT::Interface::Web::HandleRequest('HASH(0x2b88755d3130)') called at /opt/rt3/share/html/autohandler line 53 HTML::Mason::Commands::__ANON__('pass', 'password', 'user', 'testuser') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135 HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x2b88754e9dd0)', 'pass', 'password', 'user', 'testuser') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1297 eval {...} called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1292 HTML::Mason::Request::comp('undef', 'undef', 'undef', 'pass', 'password', 'user', 'testuser') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 481 eval {...} called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 481 eval {...} called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 433 HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x2b8879903140)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 168 HTML::Mason::Request::ApacheHandler::exec('RT::Interface::Web::Request=HASH(0x2b8879903140)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 825 HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x2b8875f5ae80)', 'Apache2::RequestRec=SCALAR(0x2b887622f770)') called at /opt/rt3/bin/ webmux.pl line 78 eval {...} called at /opt/rt3/bin/webmux.pl line 78 RT::Mason::handler('Apache2::RequestRec=SCALAR(0x2b887622f770)') called at -e line 0 eval {...} called at -e line 0 (/usr/lib/perl5/5.8.8/Carp.pm:272) [Mon Jul 26 19:52:58 2010] [error]: Could not create a new user - Priviledged-1-RealName-Test user-emailaddress-test.u...@normed.ca-gecos-testuser-password-*no-password*-name-testuser-externalauthid-testuser(/opt/rt3/bin/../lib/RT/User_Overlay.pm:201) [Mon Jul 26 19:52:58 2010] [error]: Couldn't create user testuser: Could not create user (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:129) Again, I am no perl wiz, and I'm just making guesses as to whats wrong based on these logs... RTFM might work with 3.8.8, I just can't get mine to work. Sorry if I mislead in my wording. Mike. On Mon, Jul 26, 2010 at 4:12 PM, Kevin Falcone falc...@bestpractical.comwrote: On Mon, Jul 26, 2010 at 04:09:01PM -0400, Mike Johnson wrote: Something is preventing the user from being created... based on the INSERT language I see, it looks like RTFM doesn't work with 3.8.8??? I dunno, it's trying to use a field called Priviledged in the User table... which doesn't exist? Please provide the actual failing code you're seeing. Privileged is a user attribute stored in a different table. Why do you believe that RTFM is causing conflicts with this? -kevin Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Fetchmail Headache
Hi, Our fetchmail setup is this... 1. fetchmailstart.sh script in the RT install location. This is just a 1 liner that has the fetchmail command, the fetchmailrc file we setup, the argument to tell fetchmail to start as a daemon. 2. fetchmailrc file which is setup based off of the documentation in the linux man file for fetchmail 3. Command to start fetchmail at system startup in the rc.local so when the server boots up, it's running. the fetchmailrc file is not delivered with fetchmail or rt but as I said the man pages tell you everything you need to know. USe those, and google fetchmailrc examples and you should be able to build one. I have queues pulling from both imap(Groupwise and google apps education), and pop3 from an external (unknown) email server. Let me know if you want anymore info... fetchmail I believe is the easiest part of the RT install. Monday I could send you some stuff to help ya out. Thanks! Mike. On Sat, Jul 24, 2010 at 4:10 AM, Rob MacGregor rob.macgre...@gmail.comwrote: On Fri, Jul 23, 2010 at 23:19, George Simpson simpsongeorg...@gmail.com wrote: The problem was that the fetchmailrc file wasn't in the install, so we made it. Neither could we find the fetchmail.conf from the install. Could we have done the yum command wrong for the installation? No, the fetchmailrc is unique to you. There's no way to provide you with a relevant one without you providing a lot of information. and a couple of questions: where do we run newaliases? On the host running postfix. where is the fetchmailrc file located, and what are the correct settings to point it to RT Wherever you want - if you don't specify it on the command line it needs to be in $HOME/.fetchmailrc of the user running fetchmail, which shouldn't be root. As for the correct settings, I just did a search for fetchmail on the RT wiki and found a large number of documents that are relevant, including: http://rt.bestpractical.com/view/POP3Mailgate http://rt.bestpractical.com/view/fetchmail http://rt.bestpractical.com/view/GoogleApps and the command with --queue is where we got our syntax errors. does there have to be single quotes around the queue name? thanks so much, sorry for my lack of knoledge, but I've been kind of flustered because all I've had to work on the entire RT configuration is a command line only CentOS installation running on a different computer... Do make use of the wiki - it's pretty much all we needed to get our RT install up and running (the book came in handy a few times too). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] ExternalAuth - loading fine but isn't authenticating to LDAP
Hi Haris, No go yet. Kenneth did send some info for me to check out, perhaps it may help you... **Kenneth's email cut/pasted** Mike, First off, check to see how you've set $WebExternalAuto. I'm not sure how that would affect LDAP if it was turned on. Second, I'll assume you've set your Plugins appropriately to include RT::Authen::ExternalAuth. Thirdly, you have to make sure certain LDAP parameters are consistent (ie. if you're using TLS, etc.). Below is what we use for our list of parameters: Set($ExternalAuthPriority, [ 'My_LDAP' ] ); Set($ExternalInfoPriority, [ 'My_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS, 1); Set($AutoCreateNonExternalUsers, 0); Set( $ExternalSettings, { 'My_LDAP' = { ‘type’= 'ldap', ‘server’ = 'ldap.lbl.gov’, ‘user’= ‘’, ‘pass’= ‘’, ‘base’= 'ou=People,o=name of our company,c=US’, ‘filter’ = '((status that equals active)(|(dicision code)))’, ‘d_filter’ = '(!(|(lblEmpStat=Staff)(lblEmpStat=Guest)))', ‘tls’= 1, ‘net_ldap_args’= [ version = 3], ‘attr_match_list’ = ['Name', 'EmailAddress', 'RealName', 'uid' ], ‘attr_map’= {'Name' = 'uid', 'EmailAddress'= 'mail', 'Organization' = ‘o’, 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'uid', 'WorkPhone' = 'telephonenumber', 'Address1' = 'lblmailstop', 'Address2' = 'postaladdress’ } } } ); 1; I don't think the attr_map would affect this, but your match list could. Anyway, check it all out cause if there are any inconsistencies (like TLS being used and on), it will fail. Hope this helps. Kenn LBNL *** end cut/paste** On Thu, Jul 22, 2010 at 7:23 PM, M.F.Haris mfha...@gmail.com wrote: hi Mike, I am also facing the same problem and i have checked my configuration over and over, also compared with some available on internet. in my case i didn't enter any attribute with blank value like 'group' attribute in your case. but rest of the things are similar to what i have entered. I get a message 'Failed to Login with user (myuser) ... ' do you get the same error message? please share your experience if you are able to solve this crap. thanks Haris On Thu, Jul 22, 2010 at 3:59 PM, Mike Johnson mike.john...@nosm.cawrote: Hi everyone, Where do I start debugging my setup?? I have CentOS5.5, RT3.8.8, ExternalAuth 0.8 attempting to connect to an Active Drectory LDAP. Everything loads fine(I get no errors from my config files). I've loaded the ExternalAuth plugin, but when I attempt to login to the UI with an LDAP user, I get an invalid user/pass. The only error/logging I can find anywhere is in syslog and that just tells me the same thing... I'm connecting to an Active Directory server, and with some googling/rt-users searching I found the following settings to use. 'filter'= '(objectCategory=User)', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', I've left group and group_attr blank(is that allowed?) as I want all users found under my base DN to be able to use RT. In the attr_match_list I have name and email address only In attr_map I have the sAMAccountName mail and cn mapped to their respective places in RT. I've tested the user/pass I'm using(our LDAP is setup to not allow anonymous unfortunately, so I have to use an account to bind. I can't seem to find where ExternalAuth would toss an error out for me to read if it's failling because of the arguments I've set... Any help would be appreciated. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http
Re: [rt-users] ExternalAuth - loading fine but isn't authenticating to LDAP
I found another guide that outlines how to setup ExternalAuth for AD on the wiki http://wiki.bestpractical.com/view/CentOS5InstallPlusSome Others following this thread might find it useful... I did learn that you're looking for the full cn/ou path for your user, not just a username...(I forgot that's how LDAP finds users) Haris you might want to check that in your config... didn't help me *shrug* but might help you. Thanks! Mike. On Fri, Jul 23, 2010 at 9:18 AM, Mike Johnson mike.john...@nosm.ca wrote: Hi Haris, No go yet. Kenneth did send some info for me to check out, perhaps it may help you... **Kenneth's email cut/pasted** Mike, First off, check to see how you've set $WebExternalAuto. I'm not sure how that would affect LDAP if it was turned on. Second, I'll assume you've set your Plugins appropriately to include RT::Authen::ExternalAuth. Thirdly, you have to make sure certain LDAP parameters are consistent (ie. if you're using TLS, etc.). Below is what we use for our list of parameters: Set($ExternalAuthPriority, [ 'My_LDAP' ] ); Set($ExternalInfoPriority, [ 'My_LDAP' ] ); Set($ExternalServiceUsesSSLorTLS, 1); Set($AutoCreateNonExternalUsers, 0); Set( $ExternalSettings, { 'My_LDAP' = { ‘type’= 'ldap', ‘server’ = 'ldap.lbl.gov’, ‘user’= ‘’, ‘pass’= ‘’, ‘base’= 'ou=People,o=name of our company,c=US’, ‘filter’ = '((status that equals active)(|(dicision code)))’, ‘d_filter’ = '(!(|(lblEmpStat=Staff)(lblEmpStat=Guest)))', ‘tls’= 1, ‘net_ldap_args’= [ version = 3], ‘attr_match_list’ = ['Name', 'EmailAddress', 'RealName', 'uid' ], ‘attr_map’= {'Name' = 'uid', 'EmailAddress'= 'mail', 'Organization' = ‘o’, 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'uid', 'WorkPhone' = 'telephonenumber', 'Address1' = 'lblmailstop', 'Address2' = 'postaladdress’ } } } ); 1; I don't think the attr_map would affect this, but your match list could. Anyway, check it all out cause if there are any inconsistencies (like TLS being used and on), it will fail. Hope this helps. Kenn LBNL *** end cut/paste** On Thu, Jul 22, 2010 at 7:23 PM, M.F.Haris mfha...@gmail.com wrote: hi Mike, I am also facing the same problem and i have checked my configuration over and over, also compared with some available on internet. in my case i didn't enter any attribute with blank value like 'group' attribute in your case. but rest of the things are similar to what i have entered. I get a message 'Failed to Login with user (myuser) ... ' do you get the same error message? please share your experience if you are able to solve this crap. thanks Haris On Thu, Jul 22, 2010 at 3:59 PM, Mike Johnson mike.john...@nosm.cawrote: Hi everyone, Where do I start debugging my setup?? I have CentOS5.5, RT3.8.8, ExternalAuth 0.8 attempting to connect to an Active Drectory LDAP. Everything loads fine(I get no errors from my config files). I've loaded the ExternalAuth plugin, but when I attempt to login to the UI with an LDAP user, I get an invalid user/pass. The only error/logging I can find anywhere is in syslog and that just tells me the same thing... I'm connecting to an Active Directory server, and with some googling/rt-users searching I found the following settings to use. 'filter'= '(objectCategory=User)', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', I've left group and group_attr blank(is that allowed?) as I want all users found under my base DN to be able to use RT. In the attr_match_list I have name and email address only In attr_map I have the sAMAccountName mail and cn mapped to their respective places in RT. I've tested the user/pass I'm using(our LDAP is setup to not allow anonymous unfortunately, so I have to use an account to bind. I can't seem to find where ExternalAuth would toss an error out for me to read if it's failling because of the arguments I've set... Any help would
[rt-users] ExternalAuth - loading fine but isn't authenticating to LDAP
Hi everyone, Where do I start debugging my setup?? I have CentOS5.5, RT3.8.8, ExternalAuth 0.8 attempting to connect to an Active Drectory LDAP. Everything loads fine(I get no errors from my config files). I've loaded the ExternalAuth plugin, but when I attempt to login to the UI with an LDAP user, I get an invalid user/pass. The only error/logging I can find anywhere is in syslog and that just tells me the same thing... I'm connecting to an Active Directory server, and with some googling/rt-users searching I found the following settings to use. 'filter'= '(objectCategory=User)', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', I've left group and group_attr blank(is that allowed?) as I want all users found under my base DN to be able to use RT. In the attr_match_list I have name and email address only In attr_map I have the sAMAccountName mail and cn mapped to their respective places in RT. I've tested the user/pass I'm using(our LDAP is setup to not allow anonymous unfortunately, so I have to use an account to bind. I can't seem to find where ExternalAuth would toss an error out for me to read if it's failling because of the arguments I've set... Any help would be appreciated. -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Adding CC's from an email as Watchers on Create Ticket
Hi, Make sure you set RTAddresRegexp in your config if you are going to use ParseNewMessageForTicketCCs. If you don't, terrible things can happen... P.S. Kenneth, sorry for the reply to you specifically :P we just switched email platforms and I wasn't paying attention to what I was doing :P Thanks! Mike. On Thu, Jul 22, 2010 at 10:53 AM, Kenneth Crocker kfcroc...@lbl.gov wrote: Alan, To do this universally, you want to set the following configuration: Set($ParseNewMessageForTicketCcs , 1); To do it on a Queue-by-Queue basis, I added a scrip for that to the wiki for both create's and on-going correspondence. Kenn LBNL On Thu, Jul 22, 2010 at 12:54 AM, Kevin Falcone falc...@bestpractical.com wrote: On Wed, Jul 21, 2010 at 11:22:48PM -0400, Jason A. Smith wrote: On Thu, 2010-07-22 at 12:42 +1000, Alan Deadman wrote: Hi Most of my tickets are created via emails to the RT system. When this happens, the CC's from the email are not automatically added as Watchers. Is this possible to change? Hi Alan, I wrote a custom scrip to do this many years ago, see the RT wiki: http://wiki.bestpractical.com/view/AddWatchersOnCorrespond For create there is a config option. The scrip is only really required for existing tickets -kevin Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] root/password combination doesn't work for first time logon
http://wiki.bestpractical.com/view/RecoverRootPassword This is what I did when I was too lazy to search for what RT's root password default is when you do a fresh install... worked like a charm. On Thu, Jul 22, 2010 at 2:01 PM, Max Bern bernma...@yahoo.com wrote: Hi all, We recently made a *working* RT install on CentOS, everything is configured properly and we can get to the localhost/rt3 logon page. That's where the nightmares start. We have tried every user/password combination we can think of, but always cannot log in. root/password doesn't work, neither does the database user/pass combination work. If someone could please please help, I would be most appreciative, we need to get RT up and running TODAY. Thanks in advance, Max Bern Zuora Inc. Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Quick Syntax check for $RTAddressRegexp setting
Hi everyone, I just want to make sure i'm understanding the wiki properly... If I want to make sure RT doesn't create tickets using the following email addresses, helpd...@here.ca myhelpd...@here.ca helpd...@there.ca myhelpd...@there.ca My config file setting should look like this, Set($RTAddressRegexp,'^(helpdesk | myhelpdesk)\@(here | there)\.ca$'); right? -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com