Re: [rt-users] RT::Authen::ExternalAuth
testwreq wreq wrote: To install ExternalAuth, I ran the following command ( cpan -i RT::Authen::ExternalAuth ); During installation, it asked for path to your RT.pm, which I entered as /data/rt3/lib Any ideas? On Mon, Aug 2, 2010 at 5:18 AM, Mike Peachey mike.peac...@jennic.com mailto:mike.peac...@jennic.com wrote: I ran the following command ( cpan -i RT::Authen::ExternalAuth ); Follow the manual install instructions. Follow the manual install instructions. NOT cpan. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Low Power RF Solutions (formerly Jennic Ltd.) NXP Semiconductors Furnival Street, Sheffield, S1 4QT, UK Tel: +44 114 281 2655 Fax: +44 114 281 2951 Comp Reg No: 3191371 - Registered In England http://www.nxp.com http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth
testwreq wreq wrote: Has anyone used RT::Authen::ExternalAuth for integrating with Active Directory? That's primarily what it's for. I ran the following command ( cpan -i RT::Authen::ExternalAuth ); During installation, it asked for path to your RT.pm, which I entered as /data/rt3/lib Follow the manual install instructions. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Low Power RF Solutions (formerly Jennic Ltd.) NXP Semiconductors Furnival Street, Sheffield, S1 4QT, UK Tel: +44 114 281 2655 Fax: +44 114 281 2951 Comp Reg No: 3191371 - Registered In England http://www.nxp.com http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] LDAP d filter question
Kevin Falcone wrote: On Thu, Jul 08, 2010 at 11:50:45AM -0700, Kenneth Crocker wrote: I noticed that the info for LDAP when using ExternalAuth mentions that you MUST have a d filter defined. My quick question is why? If my regular filter is working, anyone not meeting that specification will be denied anyway, so why the must for the d filter? It's just part of the way it's designed and the way LDAP filters are generated. It's not brilliant, but it works well. If you don't need it, make it the empty string -kevin Have you tested that? I haven't checked within living memory, but my general recommendation is to use something like (objectClass=ScoobyDoo) so you guarantee not to match. I'm not sure than an empty string won't cause a syntax failure on lookup. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] LDAP d filter question
Kevin Falcone wrote:
On Fri, Jul 09, 2010 at 08:55:11AM +0100, Mike Peachey wrote:
If you don't need it, make it the empty string
Have you tested that? I haven't checked within living memory, but my
general recommendation is to use something like (objectClass=ScoobyDoo)
so you guarantee not to match. I'm not sure than an empty string won't
cause a syntax failure on lookup.
unless ($d_filter) {
# If we don't know how to check for disabled users, consider them all
enabled.
$RT::Logger-debug(No d_filter specified for this LDAP service (,
$service,
), so considering all users enabled);
return 0;
}
-kevin
Ah yes.
--
Kind Regards,
__
Mike Peachey, IT Systems Administrator
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth - Update LDAP information
Kenneth Marshall wrote: On Fri, Jun 25, 2010 at 04:33:14PM +0200, Matthias Rieber wrote: Is it possible to refresh the information that has been pulled from LDAP? For instance if employees move to another department or get a new phone number? The information should be updated automatically each time the user logs in. This includes, for example, whether the user is disabled or not; when you set the user as disabled in your external source, it is only applied at next login as the user information is checked and updated and then login is blocked if the user is then considered disabled in RT. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT+ExternalAuth+LDAP+AD windows 2003
Bouzite, Radouan wrote: I am testing RT, and I Installed RT from : http://wiki.bestpractical.com/view/CentOS5InstallGuide No I am trying to setup RT+ExternalAuth+LDAP+AD windows 2003, I complete all steps in the following instructions : http://wiki.bestpractical.com/view/ExternalAuth When I connect to http://rt http://rt/ I still have to Enter my username and password , if you can help me to check my config and show me which log files where I can see what is wrong ? It does not provide single sign on. You still have to enter your Windows username and password to login. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT mysql / LDAP Auth
Julian Grunnell wrote:
Right, thanks - that makes sense now. I misunderstood the use of this
and thought you had to define ALL the authentication methods you wanted
to use. So I have removed the MySQL section completely from the config
and tried again with different results. Using my LDAP credentials I
still get Your username or password is incorrect BUT RT has created me
as a user, the Let this user be granted rights box is unchecked and
I'm NOT a member of any Groups. The logs created when this was done are:
1. It found you and loaded your information from LDAP just as it should.
2. ExternalAuth cannot currently add you to any internal RT groups based
on LDAP information, this must be done in the RT administration panels.
3. If you want LDAP users to be automatically assigned Let this user be
granted rights then you may do so with this config setting:
Set($AutoCreate, {Privileged = 1});
Otherwise it will need setting manually along with group membership.
The only thing that is now failing for you is authentication and the
reason is now obvious:
Your config
###
# Does authentication depend on group membership? What group name?
'group' = 'GROUP_NAME',
# What is the attribute for the group object that determines membership?
'group_attr' = 'GROUP_ATTR',
###
Your log
###
[Fri May 14 08:22:42 2010]
[critical]:
Search for (GROUP_ATTR=CN=Julian
Grunnell,OU=Technical,OU=Users,OU=Leeds,OU=Webfusion,OU=Hosting,OU=Corp,DC=internal,DC=hosteurope,DC=com)
failed: LDAP_INVALID_DN_SYNTAX 34
###
You have told ExternalAuth that all ldap users must be in an ldap group
named GROUP_NAME and that in order to confirm that the users are a
member of that group, the members should be in the GROUP_ATTR attribute
of that group.
If you simply comment out group and group_attr it should work fine. If
in future you wish to restrict access by group, ensure the group name is
specified in full ldap dn form.
--
Kind Regards,
__
Mike Peachey, IT Systems Administrator
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT mysql / LDAP Auth
Julian Grunnell wrote: -Original Message- From: Mike Peachey [mailto:mike.peac...@jennic.com] Sent: 10 May 2010 12:54 To: Julian Grunnell Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] RT mysql / LDAP Auth So at present users are just authenticating against RT's own DB for user access. What I'd like to do is keep this but also have LDAP. The reason being users now have multiple usernames / passwords for different services we run and I want to use LDAP as a way to simplify this - BUT in order for this to be done I also need to be able to keep the MySQL access for now and not break RT for all the users. The RT DB is on a different physical server and the fact that after I restarted httpd with the config above and could still login with my usual (mysql) credentials assumed that atleast part of it was working - is this not the case? No, you've misunderstood and it has massively complicated your debugging of the situation. ExternalAuth *only* adds to the available authentication mechanisms. It does not replace RT's own. The use of ExternalAuth MySQL authentication is if you want to be able to authenticate against some other MySQL source such as a custom website database or the database of another web-application. This is /in addition/ to checking against RT's own internal database (whether this is hosted locally or not). So, authentication happens in this order: 1. ExternalAuth 2. RT-Internal And you can have as many ExternalAuth sources as you wish. For your setup, what you want is to only specify the LDAP source which is then checked for a valid user. If there's no user in LDAP, RT's internal DB will be checked. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT mysql / LDAP Auth
james machado wrote: this is the part that is probably killing you on your LDAP authentication piece. Active Directory does not allow anonymous bind for LDAP authentication. Not true, you just have to configure it. I use anonymous bind - just means my own account has to not be a domain admin because anonymous bind doesn't seem to return privileged accounts. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT mysql / LDAP Auth
Julian Grunnell wrote: Hi – hoping someone can help me, I’m trying to get the RT::Authen::ExternalAuth plugin to work so I can use LDAP for authentication. Just using mysql at the moment, so want to keep this as well. Running RT 3.8.5 on Centos, I’d like mysql auth first and then LDAP next. I’ve managed to configure this without any errors and my mysql authentication still works after a httpd restart. However LDAP auth never works, I’m not that familiar with LDAP so am hoping if I provide my config and rt.log below someone might be able to point me in the right direction: Looks like the whole thing is dying during the MySQL check. 1. Provide the whole config 2. Are you sure you're supposed to be using ExternalAuth for MySQL auth? Are you actually using it to check against an external MySQL source, or are you trying to use MySQL to check RT's own database? -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Put LDAP info into Custom Fields of Users
Max McGrath wrote:
Hi everybody -
Running RT 3.8.7 and using LDAP to authenticate users.
There is this code available to set specific user information from LDAP:
# The mapping of RT attributes on to LDAP attributes
'attr_map'
= { 'Name' = 'uid',
'EmailAddress' = 'mail',
'RealName' = 'givenName',
'ExternalAuthId' = 'uid',
'Gecos' = 'uid',
I was wondering if there is a way to take LDAP info and put it into a
custom field.
I don't recall offhand how RT handles Custom Fields with respect to user
objects. The way the LDAP info is handled is that a user object is
pulled into a variable and the attribute hash is extracted to another,
then LDAP information is pulled and inserted into that hash and the
pushed right back into the user object, this way non-ldap-mapped
information is untouched, but all LDAP information is overwritten on
each lookup.
It is, then, easy to overwrite any existing user field with LDAP
information by adding it to the hash and pulling the specific field from
LDAP to write over it, but I don't know that Custom Fields are as
simple. Perhaps it can be done in the same way by referring to
{CustomField1} or similar. It's been a long time since I looked at CFs
that deeply.
Perhaps the way CommandByMail handles Custom Fields might provide useful
guidance.
--
Kind Regards,
__
Mike Peachey, IT Systems Administrator
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT LDAP not loging in
JEEVAN P K wrote: I'm not able to login even after disabling the ldap authentication. The below mentioned option is already enabled on RT_SiteConfig.pm file. ... then provide the relevant part of the debug log and the apache error log. -- Kind Regards, __ Mike Peachey, IT Systems Administrator Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Filling in custom fields from LDAP
Jeff Blaine wrote: I'm looking to fill in custom fields with data retrieved from an LDAP server. That is, someone with permission to modify an existing ticket will enter some data into a custom field, then save the modification. At save time, the code will use that custom field to populate another custom field with LDAP query results. Would this best be done as a plugin? A Scrip? Other? You will need a scrip to do it. I'm not aware of any plugin currently available that could do it for you. The basics of the scrip shouldn't be too hard, but you're going to need to set up an LDAP connection, do a valid search, parse the results save the results etc. There is LDAP code for RT in the ExternalAuth plugin that may be useful for copying and pasting, but I don't envy you your task. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com 2010 RT Training Sessions! San Francisco, CA, USA - Feb 22 23 Dublin, Ireland - Mar 15 16 Boston, MA, USA - April 5 6 Washington DC, USA - Oct 25 26 Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT-Authen-ExternalAuth User could not be created: Could not set user info
Brian Forquer wrote: I have done various modifications to by RT_SiteConfig.pm , I have done searching and read the README’s. I am having problems getting RT-Authen-ExternalAuth I am not sure if it is supposed to create logins in RT by default if it finds it in AD but I have tried just logging in and also creating a user neither works. [Wed Mar 10 23:24:00 2010] [debug]: ExternalInfoPriority not defined. User information (including user enabled/disabled cannot be externally-sourced (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:40) Set ExternalInfoPriority. Also, do not set anything that is empty. ie dont set group = '', just comment out or remove the group option. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com 2010 RT Training Sessions! San Francisco, CA, USA - Feb 22 23 Dublin, Ireland - Mar 15 16 Boston, MA, USA - April 5 6 Washington DC, USA - Oct 25 26 Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT-Authen-ExternalAuth build error
On 10 Mar 2010, at 18:05, Jeff Blaine jbla...@kickflop.net wrote: RT-Authen-ExternalAuth-0.08 Please see 'Cannot determine...' and Warning below. What are these? What is broken? ... Using RT configuration from /apps/rt/lib/RT.pm: ./etc = /apps/rt/local/plugins/RT-Authen-ExternalAuth/etc ./html = /apps/rt/local/plugins/RT-Authen-ExternalAuth/html ./lib = /apps/rt/local/plugins/RT-Authen-ExternalAuth/lib Cannot determine perl version info from lib/RT/Authen/ExternalAuth.pm Warning: prerequisite RT 0 not found. Writing Makefile for RT::Authen::ExternalAuth [r...@rtdev1 RT-Authen-ExternalAuth-0.08]# [r...@rtdev1 RT-Authen-ExternalAuth-0.08]# perl -v This is perl, v5.8.8 built for x86_64-linux-thread-multi I don't recall the reason why it complains about the version but as I recall it's of no consequence. The prereq line is because RT is a prereq for ExternalAuth, but because RT isn't installed in the perl tree it doesn't see it as installed and whinges. Again shouldn't matter. -- Mike Peachey mike.peac...@jennic.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com 2010 RT Training Sessions! San Francisco, CA, USA - Feb 22 23 Dublin, Ireland - Mar 15 16 Boston, MA, USA - April 5 6 Washington DC, USA - Oct 25 26 Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT external auth does not working
Praveen C wrote:
Hi
I installed RT 3.8 in debian lenny server. Installed plug-in
RT-Authen-ExternalAuth-0.08 but could not contact to my LDAP. Ldap
configuration in RT_SiteConfig.pm is like this. LDAP server ad RT are
installed in same machine
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server' = 'localhost',
'base' = 'ou=People,dc=example,dc=com',
'filter' = '(objectClass=*)',
'attr_match_list' = ['Name',
'EmailAddress'],
'attr_map' = { 'Name' = 'uid',
'EmailAddress' = 'mail',
'RealName' = 'cn',
'ExternalAuthId' = 'uid',
'Gecos' = 'gecos',
}
}
}
);
You have removed
'auth' = 1,
'info' = 1,
You have no d_filter.
Go back to the example config and read it thoroughly.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 23
Dublin, Ireland - Mar 15 16
Boston, MA, USA - April 5 6
Washington DC, USA - Oct 25 26
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] [Rt-devel] SSO without ExternalAuth module
. Basically a user is
considered disabled if there is a database field containing a specific
value. So, it could be a field called disabled with values of 0 or 1
in which case d_field would be disabled and d_values would just be
1 where 1 means the user is disabled. It could also be used so that if
the field contains any of an array of different possible values then the
user should be considered disabled.
'd_field'
= 'disabled',
'd_values'
= ['1'],
# The attr_match_list and attr_map are documented as well as I can
document them in the example config file that ships.
'attr_match_list' = [ 'Gecos',
'Name'
],
'attr_map'
= { 'Name' = 'username',
'EmailAddress' = 'email',
'ExternalAuthId' = 'username',
'Gecos' = 'userID'
}
},
# The MySQL details above would allow you to JUST authenticate users
against the website database, the Cookie section below is what allows
you to define cookies that the website sets to auth logins.
'WebsiteCookie' = { 'type' = 'cookie',
# The name of the cookie as taken from the browser:
'name'
= 'CustomCookie',
# The table in the database that stores users
'u_table'
= 'website_users',
# The field in the users table that stores usernames
'u_field'
= 'username',
# The field in the users table that is a foreign key in the cookies
table. You would probably want to specify the primary key i.e. the users
unique ID which would be the primary key for the users table and a
primary and foreign key in the cookies table. If you store the cookies
in the users table itself then you need to fudge this so that the u_ and
c_ options all match up to point to the same table, but this is set up
for the cookies being stored in an alternate table and as such allows
there to more than one cookie per user.
'u_match_key'
= 'userID',
# So this is that table that store the username/cookie combinations
'c_table'
= 'website_logins',
# The field that contains the cookie itself (in this case named the same
as the browser cookie is
'c_field'
= 'CustomCookie',
# The field in the cookie table that refers to users in the user table
as defined above, effectively a foreign key.
'c_match_key'
= 'loginUserID',
# The RT ExternalSettings database provider to tie these cookie
settings to (ie. the MySQL service defined above)
'db_service_name' = 'WebsiteMySQL'
}
}
);
Hopefully that clears it up a little. As I said, if you come back with
specific issues I can try to clean it up for you.
This really ought to live in RT-Users instead of RT-Devel and I have
CC'd that list. I think you ought to respond to that list instead.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 23
Dublin, Ireland - Mar 15 16
Boston, MA, USA - April 5 6
Washington DC, USA - Oct 25 26
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Undefined value using RT::Authen::ExternalAuth::LDAP
Matt Adams wrote:
Nick Kartsioukas wrote:
Check all your ExternalAuth settings in RT_SiteConfig.pm. Things like
'filter' and 'd_filter' cannot be empty, they must have some value. I
have filter set to '(objectClass=*)' to always match, and d_filter set
to '(objectClass=ThisWillNeverMatch)' to never match (as I have no such
attribute in LDAP).
Unfortunately both of those settings are configured properly. This
error just started appearing out of the blue. I haven't changed
anything recently.
It is definitely related to the filter. The problem is in UserExists
which ensures that the user actually exists in the user database, and is
run once for each specified database iirc.
Shortened for simpicity:
#
my $config = $RT::ExternalSettings-{$service};
my $filter = $config-{'filter'};
if ($filter eq ()) { undef($filter) };
if (defined($config-{'attr_map'}-{'Name'})) {
# Construct the complex filter
$filter = Net::LDAP::Filter-new(
'(' . $filter . '(' . $config-{'attr_map'}-{'Name'} . '=' .
$username . '))');
}
my @attrs = values(%{$config-{'attr_map'}});
# Check that the user exists in the LDAP service
$RT::Logger-debug( LDAP Search === ,
Base:,
$base,
== Filter:,
$filter-as_string,
== Attrs:,
join(',',@attrs));
my $user_found = $ldap-search( base= $base,
filter = $filter,
attrs = \...@attrs);
#
The filter information is taken directly from your config and used to
build a filter object. There is then a debug message that uses as_string
to print out the filter object. In your case, $filter is not a defined
object and so the as_string call is invalid.
Double, triple and then quadruple check your filter value in the config.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth processing question
boxy...@gmail.com wrote: Scenario: public_LDAP - university LDAP server dept_LDAP - departmental LDAP server I have RT::Authen::ExternalAuth configured to use dept_LDAP for authentication and public_LDAP for additional information via: Set($ExternalAuthPriority, [ 'dept_LDAP' ] ); Set($ExternalInfoPriority,[ 'public_LDAP' ] ); The problem/curiosity is that when authentication fails using dept_LDAP, RT::Authen::ExternalAuth still tries to retrieve additional information using public_LDAP. When authentication fails, I don't want/need additional information. This seems unnecessary. Am I missing something? Do I have RT::Authen::ExternalAuth incorrectly configured? It would depend on your setup as to whether it's truly necessary or not, but it does it so that certain information definitely gets updated. For example, IIRC whether the user is disabled or not is an Info thing not an Auth thing, so updating the Info is worth doing. It's not perfect and it's been a long time since I've touched it.. but if you want to change it, you know where the source is :) -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] LDAP with ExternalAuth, adding autocreated users to groups
Ivan Voras wrote:
Hi,
I'm trying to configure RT3.8 to authenticate via LDAP - which
apprently goes well, but the users from LDAP are autocreated in rt3
without some useful properties.
I'd like them to:
* Automatically be assigned to a specific group
Not currently possible unless you write the extra code.
* That the new user gets whatever the Let this user be granted
rights checkbox does in user management
This is done with:
Set($AutoCreate, {Privileged = 1});
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth error
Ben wrote: Hi, All, I have errors with RT 3.6.5 and RT-Authen-ExternalAuth-0.05 on my centos box. following are error messages: [Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/lib/rt3/lib/RT/User_Vendor.pm:1056) [Tue Sep 1 23:39:32 2009] [critical]: RT::User::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 The error is clear. You cannot bind to the server (Can't bind). The reason is that the username's DN Syntax is invalid (LDAP_INVALID_DN_SYNTAX 34). Use the valid DN Syntax for your LDAP server: 'user' = 'rt3', 'user' = 'cn=rt3,ou=People,dc=smith,dc=com', -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Is this English ? Notify Owner of their ticket has...
Thu 16 Jul 2009 10:31:43 GMT Michelle Konzack wrote: Hello Erwan, I am not native englisch speaker but... Sorry, I have to jump in to say that, while the sentences could perhaps be cleaner, they are perfectly good English. Translate at will. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] I am unable to use LDAP
Tue 14 Jul 2009 23:01:28 GMT Gary Greene wrote: On 7/14/09 2:41 PM, Eric Chatham echat...@broadvox.com wrote: Hello, I have had some problem getting LDAP to work on my version of RT. I am running RT version 3.8.2 and the version of RT::Authen::ExternalAuth I installed via CPAN is 0.08. RT is installed on a CentOS 5.1 OS. I tried using some examples from a Google search to try and modify RT_SiteConfig.pm, but when I try to log into the RT Webpage (with an LDAP user), it fails. Beforehand, I did create the user as a ³user² in RT, but left the password blank. Should I set a user up in RT first before trying to log the user into RT? Here is an example of my RT_SiteConfig.pm settings. Everytime I try to log in with an LDAP user, I get ³Your username or password is incorrect.² Can I setup a log file to track this as well? Please help and thank you for any assistance. [snip config] Are you using OpenLDAP, or Active Directory? The configuration you have is for AD and won't work for OpenLDAP. Also, if you have to bind for the directory access, you need to put in the complete Distinguished Name for it, eg: CN=secmanager,OU=USA,DC=broadvox,DC=local Further to the above, you should set LogToFile, LogToFileNamed, turn off LogStackTraces and set normal logging level to debug.. then you can actually watch what's going on. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Pubcookie auth
Tue 14 Jul 2009 21:00:49 GMT Peter Boguszewski wrote: Sorry about the lack of information. Here is the story. I have pubcookie installed and working with apache. I have Ubuntu 8.10.3 installed and RT 3.8.4 installed - both work. I installed RT::Authen::ExternalAuth via cpan successfully (shows up under the plugins dir). I then add Set(@Plugins,(qw(RT::Authen::ExternalAuth))); to my RT_SiteConfig.pm and apache2 goes boom. I get this error in the apache log: [error] Can't load Perl file: /opt/rt3/bin/webmux.pl for server :0, exiting... I am no perl wizard so I am sure I am just doing something stupid. Again, I remove the plugin from RT_SiteConfig.pm and it works. I am just missing something? Sorry, I misunderstood initially.. was not aware of pubcookie as a project. I've had a quick look at it, but I'm not certain at this point how it would integrate with externalauth. Having said that, I don't know why it wouldn't be able to live side-by-side with externalauth and so it oughtnt make apache go boom just by loading it. To be honest, I would have thought that your best route to success would be to use mod_pubcookie, in which case you don't want RT::Authen::ExternalAuth at all, but instead you'd want RT's inbuilt apache authentication system whereby it just listens to whatever apache tells it. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Pubcookie auth
Mon 13 Jul 2009 21:59:58 GMT Peter Boguszewski wrote: Hello all, I am trying to implement pubcookie authentication with mysql authorization. I could use some help. I am wondering if there is more information out there than the wiki and the example file in local/plugins/RT-Authen-ExternalAuth? I am running version 3.8.4 and have the authentication working before local authorization. I am trying to figure out how to have RT pull information from the cookie and use it. Any direction is appreciated. You need to be a little more clear. ExternalAuth already has that code built in. The code itself is in Cookie.pm. You just need to configure RT to use it. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Correct way of specifing multiple groups to authenticate in RT::Authen::ExternalAuth
Tue 07 Jul 2009 19:48:41 GMT Kevin Gagel wrote: I have multiple groups I wish to specify in my RT::Authen::ExternalAuth configuration. How do I specify more than a single group? Currently, you can't. You would need to modify the group membership code (which is actually only very very small). -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] import ldap users in RT with RT::Authen::ExternalAuth
Fri 03 Jul 2009 21:12:35 GMT Gary Greene wrote: On 7/3/09 1:06 PM, Kevin Gagel ga...@cnc.bc.ca wrote: To be clear.. users are imported by ExternalAuth when they log in. The import scripts are to have them all added at once. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT-Authen-ExternalAuth-0.08 , privileged user if in group otherwise unprivileged
Thu 02 Jul 2009 21:54:03 GMT Michael Ellis wrote: Hi, RT newbie here. I've got RT-Authen-ExternalAuth-0.08 set up and working against our eDirectory. What I'd like to do now, is have users created in RT as privileged if they are members of a specific group in the directory, and unprivileged if they exist but are not in the specific group. Not currently, you would have to make change to the code. Its LDAP group capability is currently limited to grant/deny access. Feel free to submit it as a feature request to rt.cpan.org, but I can't guarantee it will be done any time soon as my life is hectic at the moment, at work and at home. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] import ldap users in RT with RT::Authen::ExternalAuth
Fri 03 Jul 2009 13:52:27 GMT Natxo Asenjo wrote: hi, yesterday I got RT::Authen::ExternalAuth working (v.0.0.8 I think, the latest) with rt 3.8.4 and an openldap server. All according to the README and wiki instructions, thanks for the great extension. I was wondering if there is a way to import the users from the ldap server into the rt database before they log in. Visit the wiki and you shall find an rt-import-ldap (or is it rt-ldap-import) script. http://wiki.bestpractical.com -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Please Review this Export Script
Hi all.
I have written a little script to export an RT search as text tickets
and file attachments, but the thing is I know ridiculously little about
handling MIME objects and even less about character encoding.
I would really appreciate it if you could give this little script a
once-over and give me any pointers you think are necessary to make it
actually worth using.
eg. I'm not handling non-utf8 at all right now, perl just spits
complaints about wide characters, and my handling of mime is limited to
if it's plain/text or multipart/mixed then append to ticket text file,
otherwise save the content with the Filename.
All feedback is more than welcome.
Feel free to steal this script for your own use. Personally I'm using it
to archive a tiny little RT install. It's not going to be hosted any
more, but the content needs to be accessible for reference.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
#!/usr/bin/perl
use Error qw(:try);
use RT::Client::REST;
$directoryname = '/tmp/rt-export-test';
unless (-d $directoryname) {
print $directoryname is not a directory.\n;
exit(1);
}
my $rt = RT::Client::REST-new(
server = 'http://rt',
timeout = 30,
);
my $user = 'root';
my $pass = 'password';
try {
$rt-login(username = $user, password = $pass);
} catch Exception::Class::Base with {
die problem logging in: , shift-message;
};
# Get the tickets
my @ids = $rt-search(
type = 'ticket',
query = %,
orderby = '+id'
);
for my $id (@ids) {
open (TIX, ${directoryname}/${id}.txt);
my ($ticket) = $rt-show(type = 'ticket', id = $id);
print TIX Ticket: $id;
print TIX \nSubject: ;
print TIX $ticket-{Subject};
print TIX \nContent Follows\n;
my @attachments = $rt-get_attachment_ids(id = $id);
for my $attachid (@attachments) {
my $attachment = $rt-get_attachment(parent_id = $id, id = $attachid);
if($attachment-{ContentType} eq text/plain){
print TIX $attachment-{Content};
} elsif ($attachment-{ContentType} eq multipart/mixed){
print TIX $attachment-{Content};
} else {
mkdir ${directoryname}/${id};
open (ATTACH, ${directoryname}/${id}/$attachment-{Filename});
print ATTACH $attachment-{Content};
close (ATTACH);
}
}
close (TIX);
}
1;
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT-3.8.3, RT-Authen-ExternalAuth-0.08 login issue
Wed 03 Jun 2009 19:24:45 GMT Matt Millard wrote: I'm gonna keep this brief: 1. Remove ldap:// from the server URI, I don't know off the top of my head if it would work or not, but it certainly works without it. 2. As per the README, the ExternalAuth settings need to be pasted into your normal RT_SiteConfig.pm. If you leave them in the example file in the plugins directory, they will not be read. 3. You have a dead line in your config: Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDAP','Other-DB']); Set($ExternalAuthPriority,['My_LDAP']); Kill the first one. 4. The stack trace for the Failed Login message is of no use. You need to enable debug logging, and log to file. This will give you very verbose output as to precisely what is happening with the LDAP side of things. Have fun. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Anyway to autologin to RT 3.8.2 with LDAP?
Kevin Gagel wrote: Can anyone tell me if there is a way to autologin to RT when we're using LDAP? I have other web based utilities that I've managed to configure the browser to auto login to that console. I'd like to extend that to RT. Any pointers on how or any how to on that subject? Clarify what you mean. Do you mean by logging in to some other web system you can then login to RT without further authentication, or are you talking about certificate based login so the browser keeps a certificate and uses it to automagically authenticate? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Help with RT Groups and LDAP group.
Tue 02 Jun 2009 23:16:38 GMT
Kevin Gagel wrote:
I've got the ldap plug in working but I seem to have a disconnect
between root and ldap users. What I mean is that I can login to RT using
my ldap credentials but I have nothing available except tickets to open,
close and new tickets. The root account is still available and when I
login with that I can configure rights but my ldap users don't appear
unless I do a search for them specifically. Some rights cannot be
assigned because the ldap account does not appear in the list of choices
to add a right to.
Can someone point me in the right direction here please?
Your LDAP users are being auto-created as Unprivileged which means they
see the SelfService screen, not the staff/privileged user interface.
Also the default user list only shows privileged users. If you want to
see all users search for %
If you want LDAP users to be automatically created as privileged then
you need to set:
Set($AutoCreate, {Privileged = 1})
If you just want selected LDAP users to be privileged then search for
the user, go into their settings and set Allow this user to be granted
rights.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Problems getting LDAP authentication working...
Mon 01 Jun 2009 20:26:02 GMT Kevin Gagel wrote: I'm trying to setup LDAP through the RT-Authen-ExternalAuth plugin. I have gotten far enough to login as a user via LDAP but I want to restrict login's to a specific group within my Windows AD. Try these: # Does authentication depend on group membership? What group name? 'group' = 'cn=CSER,insert base', # What is the attribute for the group object that determines membership? 'group_attr'= 'member', -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] FW: Regular Authentication and ExternalAuth RT 3.8.1
Rob Munsch wrote: On Fri, May 22, 2009 at 4:18 PM, Eric Chatham echat...@broadvox.net mailto:echat...@broadvox.net wrote: On Friday, May 22, 2009 15:58, Rob Munsch wrote, Most likely in /var/log/ There is nothing listed in /var/log. er... I'm thinking you should probably tell us more about your system setup in general... No, instead, he should read through the RT_Config.pm file to find documentation on the logging options, and use the RT wiki and or RT Essentials for further information as logging is well documented. Also Eric, it would appear you don't have a d_filter. Although this will change in the future, at the moment a d_filter is absolutely required. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] FW: Regular Authentication and ExternalAuth RT 3.8.1
Thu 21 May 2009 18:38:45 GMT Eric Chatham wrote: On Thursday, May 21, 2009 10:39, Mike Peachey wrote, I'm still having a problem with this. Does anyone know how to get LDAP working on RT 3.8.2? Thank you. Absolutely. You don't mention actually *installing* RT::Authen::ExternalAuth into your RT install.. I did the CPAN install. Would you suggest the manual installation, using the tarball you provided in your e-mail? No, the CPAN install is just fine, it just wasn't clear what you had done. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] FW: Regular Authentication and ExternalAuth RT 3.8.1
/ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz Open the README and read it top to bottom. http://search.cpan.org/src/ZORDRAK/RT-Authen-ExternalAuth-0.08/README Open the example configuration file and read through. If it's not provided as an example entry there, you shouldn't have it in your RT_SiteConfig.pm. http://cpansearch.perl.org/src/ZORDRAK/RT-Authen-ExternalAuth-0.08/etc/RT_SiteConfig.pm Once done, strip your RT_SiteConfig.pm down to basics and add the directives you need from the example, modifying them to suit and work with your LDAP environment. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth (?) issue
Wed 06 May 2009 14:59:22 GMT Roy McMorran wrote: Hello all, Running RT 3.8.2 with RT::Authen::ExternalAuth 0.08. RT was just upgraded (from 3.6.6) and I have added LDAP authentication (users were all internal before). I'm seeing a situation where from time to time the user will be (apparently) logged out and returned to the login screen. When this happens I see the following in the rt.log: Do you find this happening when you go to access a ticket? I have always had a similar problem, but have never had a chance to sort it out as it's only really a niggle to me. I find that it's almost like there are two separate sections to RT, one based around the At a Glance page and one based around display of an individual ticket, sometimes after logging in and viewing At a Glance, I have to re-authenticate when going to view a ticket. Also, firefox's autocomplete suggestions for the uesrname box are different for one than they are for the other. Any of this sounding familiar? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth (?) issue
Wed 06 May 2009 16:06:28 GMT Roy McMorran wrote: Rob Munsch wrote: SSO refers to single sign-on, doesn't it? I think that's incidental to what's happening. Probably so. I'm not (knowingly) using the SSO feature. SSO is the cookie stuff integrated from RT::Authen::CookieAuth. I haven't had time to double-check, but you can probably ignore the output as it should just be a debug message advising it entered the loop to check for SSO and dropped out without finding it. The rest of it looks like rt forgot who your user was. No user to test with and 0, No User seems to support this. Is this happening after user is idle for a while? Do they not have refresh every blah set on the page? It does look like that. The idle time isn't the issue though, unless I've somehow inadvertently set an idle timeout of less than five seconds ;-) Yeah, I think idle time would be a red herring. Thanks for the feedback so far. I'm thinking of watching the LDAP traffic with Wireshark next. You can give it a whirl, but I think all you'll find is a lack of traffic, if it was trying to check LDAP it would succeed. The problem will be that somewhere, somehow either: 1. The session cookie is dying 2. Somehow there are two fighting session cookies Will look into it when I can myself, but I'm up to my eyeballs in work atm. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth (?) issue
Wed 06 May 2009 16:06:28 GMT Roy McMorran wrote: Stuff.. Just one thing Roy, when you did your upgrade to 3.8.2 can you confirm for absolute certainty that you ran the 4.0-4.1 schema upgrade bit from UPGRADING.mysql ? (It's a common bit people don't do because it looks like it's only meant for MySQL4.0 users, but it's actually meant for EVERYONE). -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] How to add Company logo
Fri 01 May 2009 16:29:05 GMT jmose...@corp.xanadoo.com wrote: We don't seem to have any problems using a 200x90 logo in our 3.8.2 install. For what it's worth, while I haven't had a lot of time to deal with it, the main problem I have had with setting our custom logo is that the size of the div the logo lives in is dependant upon the width of the text under the logo, which means that it's not possible to have a logo without a wide line of text under it. I'm sure it's a basic CSS thing, but because of the very complex way the CSS is sourced for RT I didn't get to the bottom of it before I ran out of time last time I was looking into it. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] URL-based queries?
Tue 28 Apr 2009 12:26:24 GMT Calvin Chiang wrote: Hi All, Just wondering if it's possible to do URL-based queries into the RT tickets database. e.g. http://rt.website.com/rt/search?Queue=GeneralStatus=Resolved etc. http://itsupport/Search/Simple.html?q=query Also, check a Show Results link for a complex URL. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] wiki home page spam!
Tue 28 Apr 2009 12:11:00 GMT Sven Sternberger wrote: Hello! and again http://wiki.bestpractical.com/recent/changes is only spam Don't complain, change it back. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] External Authentication
Thu 23 Apr 2009 21:26:12 GMT Jeff Lucas wrote: I’ve configured a DEV instance of RT 3.8.2 to test AD authentication but am getting the following in my rt.log… *[Thu Apr 23 19:37:58 2009] [error]: FAILED LOGIN for jeff from 10.x.x.x (/apps/rt-3.8.2-dev/share/html/autohandler:268)* You need to turn on debug logging, provide the debug log output, provide the version ExternalAuth you're using, and provide your Site_Config I do not admin and therefore do not have access to monitor things on the AD side. Is there any way I can further debug the issue via log files, etc. on my RT server? I never use the AD side for debugging, it can all be done from the RT server. I know AD is working as I can query it using ldapsearch, however, I’m unsure if I’ve configured my RT_SiteConfig.pm correctly based on the working query. Which is why you need to provide it. My ldapsearch command uses the following flags… -D CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com -w password -b OU=Eagle Access,DC=eagleinvsys,DC=com I’m unsure what my “base” should be set to in RT_SiteConfig.pm since I’m using different settings for –D and –b. This is an LDAP understanding issue. You need to know a little more. The above search says that your base is OU=Eagle Access,DC=eagleinvsys,DC=com and you do not have anonymous bind enabled on your AD server suggesting that you need to specify the user CN=RT User,OU=Eagle Access,DC=eagleinvsys,DC=com and the password for that user inside your external auth config. Also, does a user have to exist in RT (and have credentials) before the user can be authenticated via AD? No. The user is automatically created inside RT when successful AD authentication occurs. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Fwd: Failed use LDAP service
Thu 23 Apr 2009 03:10:30 GMT
Lachlan Webb wrote:
On 23/4/09 11:57 AM, nast linux wrote:
I see in error.log is like below:
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_INVALID_CREDENTIALS 49
What is the problem and what Should I do?
The error
Can't bind:
LDAP_INVALID_CREDENTIALS 49
Seems to be your problem. From memory, AD requires authenticated
credentials for ldap queries.
AD allows anonymous bind if it has been told to.
Set( $ExternalSettings, {
...
'user' = 'User goes here',
'pass'= 'Password here',
...
}
Precisely.
Either you have invalid bind credentials specified or you have none
specified but LDAP is not configured for anonymous bind.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] add MySQL authentication
Tue 21 Apr 2009 18:06:44 GMT Michael Mai wrote: Hi, I am using External Authentication with LDAP. But also would like to add MYSQL as another source for login. After created a table in rt3 database, I made following changes in RT_SiteConfig.pm: and.? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] LDAP Plugin
Tue 21 Apr 2009 07:15:03 GMT nast linux wrote: Dera All, I will use LDAP plugin, but while I installed it, got message below. Is it normally? Yes. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] What software is recommended for high-loaded RT3.8-latest?
Thu 02 Apr 2009 09:57:57 AM GMT Agnislav Onufrijchuk wrote: Hi all. I'm going to migrate our rt installation to latest version. We'll install clean RT on new hardware and them migrate DB and custom modifications. Some points about our rt installation: - db size - more than 30G; - mostly 10 tickets; - 4000 transactions per day. Can you please advice software for serving such high-loaded system: - FreeBSD or Linux? Slackware Linux. Perfect balance of security and stability and with a custom-generic kernel the RAM footprint is comparatively tiny and makes for a very responsive server. Whatever OS you choose, make sure you do a manual RT install, don't rely on someone's pre-packaged system. Also, I recommend making sure all of your perl modules are installed via CPAN not a packaging system to ensure no upstream modifications and a simple upgrade path. In Slackware both of the above are a given. - File system: Ext3/XFS/JFS/...? Debatable. I would probably say Ext3 myself, but then for the level of transactions you're talking about you are on the border where J/X/Reiser could prove themselves useful. Wouldn't hurt to do some benchmarking. For what it's worth, don't take recoverability into account in your decision, just make backups. Trying to perform file-system data recovery in that type of environment is a waste of time on any FS. - apache 2.2 or nginx? Apache. No Question. - MySQL or Postgresql? Debatable. I think for me it would depend on what is in use in the rest of your architecture. If you are a fully MySQL house, as we are here, then it makes sense to keep it all the same since you can share primary/failover servers and your people-processes are harmonious. If you don't really have a dependency on either then... well it's up to you. I'm used to MySQL and having it at the core of nearly all DB-dependant applications here has been useful, but many would argue that for a larger system like yours PG wouyld give you better performance. Again, a bit of benchmarking wouldn't go amiss. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] What software is recommended for high-loaded RT3.8-latest?
Thu 02 Apr 2009 14:51:06 GMT Agnislav Onufrijchuk wrote: Mike Peachey wrote: Slackware Linux. Perfect balance of security and stability and with a custom-generic kernel the RAM footprint is comparatively tiny and makes for a very responsive server. I have no enough experience with Slackware. AFAIK, it's simple as BSD. Is it true? It is the oldest and most unix-like and vanilla distributions of linux. Simplicity is at its heart along with security and stability. I use it on Servers, Desktops and Laptops alike. AFAIK, they're all provide good data safety. Now we're using MySQL InnoDB, I think XFS should be fast enough. But we may migrate to PostgreSQL. AFAIK it uses a number of files (I may be wrong) to serve its DB. So, there can be Reiser/JFS. Whatever you pick, build it into your kernel and you'll be fine :) - apache 2.2 or nginx? Apache. No Question. Why? nginx supports FastCGI too and it is recommended to use on dedicated projects. Let me put it this way.. when you run into trouble, you want to be on the same server that 99.9% of RT users are running. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] how to refresh the translation ?
Murat TAS wrote: Hi, We have RT 3.8.2 installed on Ubuntu Server 8.10 We have translate some words in /opt/rt3/lib/RT/I18N/tr.po file and restarted the rt-server But we did not see any change in the RT web interface.. Is there any other command to refresh the RT (i.e to reload the new po file) ? http://wiki.bestpractical.com/view/CleanMasonCache -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Email and LDAP authentication problems or rather issues
Steven McDonald wrote: Hi We are currently running an instance of RT 3.8.1. It has been setup to use LDAP for its authentications. For the most part people are instructed to use the web interface to submit tickets. However some people would prefer to use email, in addition to the web. This has been discouraged. It is being worked on for the next release of ExternalAuth, however at the moment, the only available system is to have everyone log in once to create their account in RT, and then ensure they always send e-mail to RT from the e-mail address associated with that account. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Email and LDAP authentication problems or rather issues
Steven McDonald wrote: Mike Peachey wrote: Steven McDonald wrote: Hi Mike Thanks that would be useful to us. We also discovered the module AutoCreateAndCanonicalizeUserInfo which looks like it was created to solve this problem against an Active Directory. We are looking to see if we can make use of this to solve our issue. You may well be able to. It is the same basic functionality that will be integrated into ExternalAuth, but in a different way. The main issue is the LoadByEmail bit. Currently EA doesn't overlay any of the e-mail stuff and so e-mail only works for accounts that already exist in RT. Good luck. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Email and LDAP authentication problems or rather issues
Steven McDonald wrote: Do you have some idea when this addition to ExternalAuth might be available? If you have an Alpha or Beta module we could test it against our LDAP on a development instance of RT Steve Fraid not.. I'm very busy at work and home at the moment and haven't got to it yet. I will mail the list when there's something to test. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Problems on RT-Authen-ExternalAuth
Eliezer E Chávez wrote: Mike: This is the debug log... Disable GraphViz and PGP. Your d_filter appears to be invalid, an = would be required somewhere. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Problems on RT-Authen-ExternalAuth
Eliezer E Chávez wrote: Sorry... This is my RT-Authen-ExternalAuth configuration in RT_SiteConfig.pm, i just wondering if you take a look and tell me if something is wrong... Delete the above. Set($WebExternalAuth , '1'); Set($WebFallbackToInternalAuth ,'1'); Set($WebExternalGecos , undef); Set($WebExternalAuto , '1'); Delete or comment out: 'ssl_version' = 3, Delete or comment out: 'group' = '', 'group_attr'= '', Other than that, without knowing the problem and seeing debug logs I can't help you further. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Problems on RT-Authen-ExternalAuth
Mike Peachey wrote: Delete the above. I meant below. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Problems on RT-Authen-ExternalAuth
Eliezer E Chávez wrote: Guys This errror is appearing after i log into rt Can't call method as_string on an undefined value at /opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 398, line 50 You are almost certainly missing some configuration directives. Check that you have a filter, d_filter, base, attr_map and attr_match_list for your LDAP source. Also valid values for ExternalAuthPriority and ExternalInfoPriority. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Plugins to Include in Main RT release
Andrea Perotti wrote: Hi all, I'd like to open a poll to list all the Plugins mostly used by RT users. This, I suppose, should be useful to both rt users and rt creators to deliver the best RT ever, by including features born outside upstream but included and used by a lot of people. I personally think this is a task being handled well by the BestPractical team already. When a plugin comes to maturity and has a proven wide user base it gets included into a release. Is it better maybe to have a wiki page for that? There is already a triplet of wiki pages relating to modifications/extensions/plugins. Excluding handmade plugins, could be interesting to post the output of : fgrep Plugins RT_SiteConfig.pm this is mine : #Set(@Plugins,(qw(Extension::QuickDelete))); Set(@Plugins,(qw(RT::Extension::ResetPassword))); Set(@Plugins,(qw(RT::Extension::MandatorySubject))); This is an invalid way to define extensions as each declaration will override the previous. You should use, for example: Set(@Plugins, qw(RT::Extension::ResetPassword RT::Extension::MandatorySubject)); Then, adding QuickDelete would give: Set(@Plugins, qw(RT::Extension::ResetPassword RT::Extension::MandatorySubject RT::Extension::QuickDelete)); -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Logging - Completely separating RT from Apache default
I've missed something somewhere and I'm not sure where.. some logging is still slipping through to my default Apache error_log. RT_SiteConfig.pm: Set($LogToSyslog, ''); Set($LogToFile, 'info'); Set($LogDir,'/opt/rt3/var/log'); Set($LogToFileNamed , 'rt.log'); Apache VHost Config File for RT: VirtualHost *:80 ServerName rt.example.com ServerAlias rt DocumentRoot /opt/rt3/share/html CustomLog /opt/rt3/var/log/apache-vhost-customlog common ErrorLog /opt/rt3/var/log/apache-vhost-errorlog ...snipped extraneous info... /VirtualHost Yet, the runtime [error] and [info] messages are going into /var/log/httpd/error_log (default for apache). e.g.: [Mon Feb 23 12:54:09 2009] [error]: WebRT: No ticket specified (/opt/rt3/share/html/Elements/Error:82) and [Mon Feb 23 13:08:12 2009] [info]: rt-3.8.2-12345-1234567890-111.-...@example.com #111/26875 - Scrip 7 On Correspond Notify Other Recipients (/opt/rt3/bin/../local/lib/RT/Action/SendEmail.pm:301) What have I missed? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Re quest Tracker 3.8.2 - Integration with Active Directory (Windows 2003)
Mtabanez wrote: I have installed, RT 3.8.2, on a RHEL5, and i have had problems to integrate RT with Active Directory. I hope that someone had a solution to my problem, there is my configuration. The example RT_SiteConfig.pm provided with ExternalAuth is not where you define the settings, it is just an example of the settings. You need to put them in your normal RT_SiteConfig.pm file. Copy Paste will do. Read the README. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Autocreated on ticket submission - Quert Builder
Bashir Jahed wrote: Man how did this happen, all user have ticked Allow user to access RT I am assuming this is the permission problem. Problem is how do i disable thisThousands of email addresses I think you're misunderstanding how the system works. In order to raise a ticket, the ticket must have a requestor. If the requestor doesn't exist as a user, the ticket can't be created. If you want someone to be able to create a ticket by email, it must auto-create an account for them based on the e-mail address. What you're seeing is normal behaviour. It would only be a problem if they were all being granted privileged user status (the checkbox for let this user be granted rights). In that case, then they would all show up in a user-selection combo box. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Autocreated on ticket submission - Quert Builder
Bashir Jahed wrote: I have done the following: Checked for a specific user in the search box as owner to confirm it shows up. Then went into the specific user and unchecked /users/Access Control/Let this user access RT checkbox and confirmed that the user no longer shows up in the search box in the Owner Field Because that user is now disabled and is unable to raise tickets from that e-mail address.. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Reloading RT::User in 3.8.2
Rob Munsch wrote:
I noticed this in ExternalAuth's .08 patchnotes:
* html/Callbacks/ExternalAuth/autohandler/Auth
Modified the log message regarding the RT-3.8.[01] plugin
bug from error level to debug level and modified the text
of the message to be more clear for RT-3.8.2+ users.
0.08 == Release Version and Authoritative.
and for .08_01:
* html/Callbacks/ExternalAuth/autohandler/Auth
Workaround for RT versions 3.8.0 and 3.8.1 removed.
RT::Authen::ExternalAuth v0.08 will be officially compatible
only with versions 3.8.2 and up.
0.08_01 was a development version and should be ignored and discarded.
However... I'm running .08 and RT 3.8.2, and while debugging something
else, i noticed this:
Feb 18 11:29:33 data RT: Reloading RT::User to work around a bug in
RT-3.8.0 and RT-3.8.1 Trace begun at /opt/rt3/bin/../lib/RT.pm line
289 Log::Dispatch::__ANON__('Log::Dispatch=HASH(0xc981ba0)',
'Reloading RT::User to work around a bug in RT-3.8.0 and RT-3.8.1')
It doesn't check if you're on 3.8.[01] it just reloads RT::User no
matter what. Just happens it only makes anything different if you're
using 3.8.[01].
You can safely ignore the message.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Hardware Config
Martin Maurer wrote: Has anyone tried running RT in a virtual machine? yes, we also have a ready to run virtual appliance, See http://pve.proxmox.com/wiki/RT_Request_Tracker snip I am working also with vmware since years (and also other virtualizations technologies) and the biggest issue is IO performance. We prefer OpenVZ for database intensive servers like RT as we have NO virtual disks here you get the best performance. On VMWare, you got virtual disks which costs performance. So if you want to go for VMware, I suggest you invest some money in a fast SAN. (Or, if you want to try fast and cost effective virtualization - try Proxmox VE) Just to mention: you can also install Proxmox VE inside your VMware and use the virtual appliance - then RT performs similar as you install it by hand in your VMWare environment. I don't know about anyone else, but I am getting a little uncomfortable with your posts (to RT-Users and to the Wiki) being little more than an advert for proxmox rather than a real contribution to the community. I'm not saying I don't want you mentioning it, but I personally would appreciate it if you could tone down the advertising. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] CanonicalizeUserInfo in Email.pm - Name in use
Lars Kristian Klykken wrote: Hi! RT 3.8.1 with RT::Authen::ExternalAuth 0.05 1. Upgrade to ExtrernalAuth 0.08. EA 0.05 is not supported for use on RT-3.8. 2. Multiple e-mail addresses for a user with the same username is not possible at the moment. Primarily because RT does not allow assigning multiple e-mail addresses to the same user. I will be working on functionality for EA 0.09 whereby it will lookup a user on reception of e-mail, determine if an account already exists with one of the available e-mail addresses in their LDAP service and if so log them in with that address, but it is not currently possible in 0.08. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] UI Patch - Add whitespace at top of MessageBox if it's a reply/comment
Jerrad Pierce wrote: I don't think this should be merged into base, as it promotes top-posting. Not to be a me-too or anything, but I want to whole-heartedly agree with the above. Top-posting has seriously gotten out of hand (thanks Outlook(!!)) and should be discouraged at all times. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Easy install guide for RT3.8.1 On Ubuntu 8.0.4 Server
Wikus Smit wrote: Hi, Does anyone have a easy to follow guide for installing RT 3.8.2 On ubuntu 8.0.4? I recommend following the ManualInstall instructions on the wiki (http://wiki.bestpractical.com/view/ManualInstallation) -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Easy install guide for RT3.8.1 On Ubuntu 8.0.4 Server
Alf Stockton wrote: Paul Walsh wrote: Wikus Smit wrote: Hi, Does anyone have a easy to follow guide for installing RT 3.8.2 On ubuntu 8.0.4? How about: I tried your suggestion but somewhere along the line you forgot to add how one, not being a Perl programmer, is to add all those Perl bits and bobs. That's not an RT installation issue, that's a System Administration issue. It depends on your system as to how most of the perl dependencies should be installed. As a Slackware user, I would simply use CPAN: `cpan -i PKG::Module PKG2::Module ETC::etc` For Red Hat users *shudder* you generally want: `rpm -Uvh perl-foo perl-bar perl-baz` Debian users no doubt want to apt-get them, or some other silly thing :) -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Easy install guide for RT3.8.1 On Ubuntu 8.0.4 Server
Derrick Smith wrote: Hello all, I recently setup RT and wanted to integrate it with my AD infrastructure. Through the use of these mailing lists, other forums, RT wiki and Google I've been able to get RT running and LDAP authentication working but I was under the impression that when a user logs into RT using their LDAP user/password a user is created within RT automatically. Is this incorrect? When I log in as a domain user I'm granted unprivileged access (which is okay) but the user does not show up in the user list if I then login as a privileged user (root). Has anyone else had this problem? I believe RT_SiteConfig is configured correctly but I've added it to this email for further review. I've also attached the ldap authentication log (rt.log). 1. You ought to make sure you're using ExternalAuth v0.08 - the configuration you supplied suggests a slightly older version as, for example, the 'auth' and 'info' lines in the LDAP config have been deprecated. 2. I'm willing to bet that you've come across the most simple of issue that confuses every new RT admin. The user list only every lists privileged users by default. If you want other users to show up you need to specify a search in which they would appear as a result. If you truly want to see ALL users in RT, I recommend the following search: Search for all users whose username isn't z. That should show up all your users (unless you have one with the username 'z' :) ). -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Easy install guide for RT3.8.1 On Ubuntu 8.0.4 Server
Derrick Smith wrote: I knew there was something simple I was missing. Running a search that way generated a list of all users that have accessed the site. Thanks so much for your help and I'll look into upgrading versions. IGNORE me! I wasn't paying enough attention to the fact you're using RT-3.6.x. RT-3.6.x = ExternalAuth v0.05 RT-3.8.x = ExternalAuth v0.08 While 0.08 ought to work on RT-3.6 I don't know anyone who's tried it and by no means expect it to work. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth v0.08 Released
Nehmer Torben wrote: Hello Mike, first, let me thank you for the impressive work you are doing here with this plugin. I have one question though: On the list there were repeated reports of problems with users created from LDAP on one side and from the mail gateway on the other. In our environment, both LDAP-created users and Mail Gateway Auto-created users naturally have the same E-Mail address, as we are using RT as an helpdesk system. Now let's say, j...@doe.org first submits a ticket via E-Mail. RT now creates both username and email set to this E-Mail address. If our John Doe later on tries to log on using LDAP (f.x. by clicking one of the ticket links) using his domain account (e.g. john), ExternalAuth does correctly authenticate him (according to the logs) but fails to create the user: ExternalAuth at this point tries to create a user john with the E-Mail address j...@doe.org, which RT refuses due to the duplicate E-Mail in the user base. I haven't found anything in the Changelog for 0.08 which indicates that this problem is fixed. However, it is a major problem at our site, as it makes the automatic LDAP user management mostly ineffective for us. Is there any way to solve this problem? This is currently a high-priority issue to be addressed for v0.09. Up to now ExternalAuth has only been concerned with managed environments in which users would be expected to log in once via the web-interface before use. I will post to the list when I can advise further about the solution and expected release. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] get name of current Loged user !!!
Tariq Doukkali wrote:
Hello,
how can I get the name of current loged user???
$currenLoggedUserName = ???;
$session{'CurrentUser'}-Name
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
[rt-users] RT::Authen::ExternalAuth v0.08 Released
I am delighted to announce the release RT::Authen::ExternalAuth v0.08. ExternalAuth now provides you with a simple method for authenticating your users and updating user information from external data sources such as LDAP and MySQL as well as providing the capability to use single sign-on cookie authentication with another web application such as your own custom website. All developer releases are now deprecated and unsupported; all users of ExternalAuth with RT-3.8 should use ExternalAuth v0.08 only. Users of RT-3.6 should consider upgrading to RT-3.8. For those who can't, ExternalAuth v0.08 *might* work but v0.05 is the recommended version and is still available on CPAN. How to get it: 1. Use the tarball attached to this e-mail 2. Install via CPAN (cpan -i RT::Authen::ExternalAuth) 3. Download the tarball from CPAN: http://www.cpan.org/authors/id/Z/ZO/ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz 4. Check-out from the subversion repository using the 0.08 version tag: http://code.bestpractical.com/bps-public/RT-Authen-ExternalAuth/tags/0.08 More information is available on the wiki: http://wiki.bestpractical.com/view/ExternalAuth Thank you to all those who helped test ExternalAuth to destruction and those who provided inspiration for feature development. Special thanks go to Kevin Falcone for his help in development. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ RT-Authen-ExternalAuth-0.08.tar.gz Description: GNU Zip compressed data ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Calling Beta Testers! - RT::Authen::ExternalAuth v0.08_01
Mike Peachey wrote: I'm very pleased to announce a new version of RT::Authen::ExternalAuth. I intend for 0.08_01 to become a stable release of version 0.08 before the end of next week, but I need your help to make sure it is as perfect as possible before I do. Given the absence of respondents pointing me at any bugs found, I would like to hear from anyone who is using v0.08_01 and whether it is working well for them or not. I may release 0.08 before the week is out if nothing seems awry. Changes to /trunk since 0.08_01: etc/RT_SiteConfig.pm * s/userSupportAccess/disabled/ in DBI example config * s/Crypt::MD5::md5_hex/Digest::MD5::md5_hex/ in DBI example config * Added ssl_version to the example LDAP configuration. * Added config example for DBI encryption salt. lib/RT/Authen/ExternalAuth/DBI.pm * Added ability to specify salt for DBI password encryption. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Calling Beta Testers! - RT::Authen::ExternalAuth v0.08_01
Jeff Voskamp wrote: Mike Peachey wrote: Given the absence of respondents pointing me at any bugs found, I would like to hear from anyone who is using v0.08_01 and whether it is working well for them or not. I may release 0.08 before the week is out if nothing seems awry. We're running it on our test system (fairly low usage unfortunately), but we haven't seen any problems in the last day. Ta Jeff. I get the feeling it is pretty stable and that's a good thing. Keep me posted :) -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Update tickets by mail
hanane ourdani wrote: hi all, please it is possible to update tickets by mail, i installed CommandByMail module but i don't know how do it Read the CommandByMail documentation and refer to the wiki. The instructions are pretty clear. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Update tickets by mail
hanane ourdani wrote: Please, i don't find the command that can update tickets that already exist, for example if i want change somme information in Ticket 5 how i can do it by mail. You use the CommandByMail pseudo-headers as normal when sending an e-mail with an appropriate subject such as [...@foobar #5]. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] FCKeditor Default
Anyone know if FCKeditor can be made to run with an expanded control bar by default? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Calling Beta Testers! - RT::Authen::ExternalAuth v0.08_01
Hi all, I'm very pleased to announce a new version of RT::Authen::ExternalAuth. The most astute of you will notice that 0.07_01 never made it to a stable release. The reason for this is that it was a release to get LDAP functionality for those who really needed it in RT-3.8 as soon as possible. It quickly became apparent that to produce a full stable module, further design changes would be necessary and so I present to you v0.08_01. I intend for 0.08_01 to become a stable release of version 0.08 before the end of next week, but I need your help to make sure it is as perfect as possible before I do. So please test the hell out of it and let me know what you find. As soon as 0.08 is released, 0.07_01 will be considered deprecated and unsupported. The ChangeLog should answer any questions you have about changes since 0.07_01, but to summarise: 1. Structural Redesign. 2. Integration of RT::Authen::CookieAuth for Single Sign-On (SSO) Cookie Authentication against a DBI back-end. 3. Change to allow use of LDAP server root as base dn. 4. Deprecation of 'auth' and 'info' per-config settings. 5. Extra sanity checking of configuration and minor bugfixes. v0.08_01 has been uploaded to CPAN, however as propagation will take time, you will also find it attached to this e-mail. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ RT-Authen-ExternalAuth-0.08_01.tar.gz Description: GNU Zip compressed data ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Upgrading from 3.6.7 to 3.8.2
George Beitis wrote: Hi everyone, i have a quick question regarding upgrading from 3.6.7 to the latest version. In the readme file it says i should use a fresh directory, does this mean do the installation in a new directory and change the apache hosts file to point to that? Can i keep the configuration files of the old installation? or should i edit the new ones again? New installation, new directory, then copy over your old configuration files and local changes. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Query ./configure parameters
Does anyone know whether you can query RT for the parameters it was configured with? Whether this be in the installation dir or the source dir. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Query ./configure parameters
Joop wrote: Mike Peachey wrote: Does anyone know whether you can query RT for the parameters it was configured with? Whether this be in the installation dir or the source dir. Yes head ./config.log ty -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT3 and ITIL
Jesse Vincent wrote: Does your boss know which of the ITIL areas/practices/functions he's looking to implement? Sorry.. I *HAVE* to chip in here having been on the receiving end before: Does your boss know what ITIL means? Or has he just been handed a buzzword from a more senior manager or (more likely) a corporate-sponsored newsletter/magazine? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT3 and ITIL
Rainer Duffner wrote: Mike Peachey schrieb: Does your boss know what ITIL means? Or has he just been handed a buzzword from a more senior manager or (more likely) a corporate-sponsored newsletter/magazine? I'm not sure. ;-) Maybe he just wants to go with a commercial package. I will try to figure out what he actually wants. Do exactly that. Before starting work on anything, ask that they provide (in writing) a clear definition of what it is they want and what standard they require that you follow. And if they refuse, advise them that your requirements analysis requires it and that you cannot produce a standards-compliant software design description without it. :D -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT 3.8.2 packages for Debian Lenny?
Martin Maurer wrote: Hi all, Andrew published well working Lenny packages for 3.8.1 (deb http://debian.etc.gen.nz lenny rt), also similar packages are available in Debian experimental. As Debian Lenny is the next stable, where can I get packages for the latest RT 3.8.2? anybody working already on this? Give it time.. it only came out yesterday :) -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT3.8.1-Custom Login Requires Code Changes?
Edward Bryan wrote: I've been tasked with finding a way to login to our RT system by validating our cookies against a local database and then submitting a valid user name as a login token to RT. The object is to write a single sign on plugin that validates against a secure database for a large number of diverse applications. RT has facilities to query LDAP and DBI databases with ExternalAuth and it also has the ability to read a cookie and validate it against a database of users and user IDs with CookieAuth but it doesn't seem to have a method for allowing me do to my own user validation and then simply submitting a user name as a valid login token. RT retains the power of the query for user validation. (Correct?) I think in order to do this I will need to do some major Mason-ary work and before I propose a project of that size to my customer, I wanted to get confirmation that this is the only way to get RT to follow our local login model. TBH CookieAuth is a fantastic example of how to build your own and although it's not *totally* clear what you're looking for I don't think you'd have to veer far from it. The whole validation path is quite simple.. you put in an Auth callback that runs whatever code you want it to when a user first vists and you can call any other methods you want at the same time, and all you need to have a logged in user is to put a user in the $session variable. If you want to do your own changes to validation of an actual password, you just gotta override isPassword in the USer object using a User_Vendor.pm or User_Local.pm. I can advise better if you can clarify a little what your intended result is. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT 3.8.2 RC1 and RT-Authen-ExternalAuth 0.07_01
Emmanuel Lacour wrote: On Wed, Dec 17, 2008 at 01:42:23PM +, Mike Peachey wrote: Pretty useless I'm afraid. No idea what would be different between 3.8.1 and 3.8.2 that would break the password check.. assuming the password it correct. Mike, I just ran into the same bug. The problem is with the code on top of autohandler/Auth that try to reload RT::User. It reloads it without User_Vendor.pm from this plugin and so the old IsPassword is called. I commented this code and my ldap auth is working again. I run a version of RT pre 3.8.2rc1 (checkout on 20081024). Huh. That code was supposed to be designed to only get issued if it's needed :/ or wa that taken out.. I can't remmeber? TBH I'm tempted to replace it with a hardcoded version check because it's ONLY required for 3.8.0 and 3.8.1 -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT 3.8.2 RC1 and RT-Authen-ExternalAuth 0.07_01
Alex Young wrote: Hi Mike. Rt.log contents: [Wed Dec 17 13:36:28 2008] [error]: Working around bug in RT and reloading RT::User (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu th/autohandler/Auth:12) [Wed Dec 17 13:36:28 2008] [debug]: $pass defined (CorrectPasswordHere), Running IsPassword (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu th/autohandler/Auth:69) [Wed Dec 17 13:36:28 2008] [debug]: Password Incorrect (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu th/autohandler/Auth:74) [Wed Dec 17 13:36:28 2008] [error]: FAILED LOGIN for ayoung from 10.1.1.108 (/opt/rt3/share/html/autohandler:268) O_o Pretty useless I'm afraid. No idea what would be different between 3.8.1 and 3.8.2 that would break the password check.. assuming the password it correct. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT 3.8.2 RC1 and RT-Authen-ExternalAuth 0.07_01
Alex Young wrote: Really? It seems to be working for me? I have successfully logged in using several LDAP users and haven't found any faults yet. Rt.log isn't showing any errors, Because you're not calling any LDAP/ExternalAuth code.. Is there a better way for me to fix this then? Can you provide the original errors? -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT 3.8.2 RC1 and RT-Authen-ExternalAuth 0.07_01
Alex Young wrote: I ran into a problem while upgrading RT3.8.1 to 3.8.2 RC1. If you install RT3.8.2 RC1 and RT-Authen-ExternalAuth 0.07_01 you won't be able to login and ExternalAuth contains a bug fix that is now included in RT3.8.2. If you receive this problem delete/rename the following file: /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAut h/autohandler/Auth This fixed my problem and everything looks to be working fine. But will completely break ExternalAuth -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Issue with RT 3.8.1 and Active Directory authentication
Bryan McLellan wrote: On Mon, Dec 8, 2008 at 10:44 AM, Elton S. Fenner [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I can login but get this message in browser: *Can't call method as_string on an undefined value at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 97, line 514. * This looks like it's the section of code checking the group. *'group' = 'DSI_Rede_Usu', 'group_attr'= '',* Either comment both out or use both. If group is set, group_attr MUST be set or you end up with broken code trying to build an LDAP filter. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Undefined subroutine RT::Authen::ExternalAuth::UserExists
gwen wrote: Hi, I'm trying to install RT (with Postgres and LDAP backends). I have gotten it working with Postgres so far, but I'm now quite stuck on the LDAP integration. Here is the snippet from RT_SiteConfig.pm for LDAP: Set($WebExternalAuth , '1'); Set($WebFallbackToInternalAuth , '1'); #Set(@Plugins,(qw(Extension::QuickDelete))); #Set(@Plugins,(qw(RT::FM))); Set(@Plugins, qw(RT::Authen::ExternalAuth)); #Set($LogToFileNamed , rt.log); #Set($LogToFile , 'debug'); Unless you are also using an apache authentication method, you shouldnt have WebExternalAuth on. When I try to log into RT, I get the following error in the browser: Undefined subroutine RT::Authen::ExternalAuth::UserExists called at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth line 39, line 323. Last time someone came across this (iirc) we never got to the bottom of it, but starting from scratch the problem went away :/ -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Undefined subroutine RT::Authen::ExternalAuth::UserExists
gwen wrote: On Thu, Dec 4, 2008 at 9:41 AM, Mike Peachey [EMAIL PROTECTED] wrote: Unless you are also using an apache authentication method, you shouldnt have WebExternalAuth on. That made that error go away, thanks! I will add that to the wiki page. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Bad AD or is it my config?
Robert Munsch wrote:
Thanks for the info. I see on the AD server that CNs are in the format
fname lname, space and all: but the returned object is checked with
sAMAccountName, the user's login name for the domain, so this
shouldn't matter. But it seems like it does.
I am assuming that at debug level, no news means 'it worked':
[Fri Nov 21 16:29:25 2008] [error]: Working around bug in RT and
reloading RT::User
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:12)
[Fri Nov 21 16:29:25 2008] [debug]: $pass defined (foobar), Running
IsPassword
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:69)
[Fri Nov 21 16:29:25 2008] [debug]: Password Incorrect
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAu
th/autohandler/Auth:74)
[Fri Nov 21 16:29:25 2008] [error]: FAILED LOGIN for munsch from
192.168.1.34 (/opt/rt3/share/html/autohandler:265)
The first messages seen after reloading ::User are about the password
check. This means the user lookup happened and the object was found,
doesn't it? 'password incorrect' means that a bind using that info
failed, yah?
ldapsearch -LLL -x -D CN=Robert Munsch,OU=Member
Services,DC=phillycarshare,DC=loc -w foobar -h
phillycarshare-dc.phillycarshare.loc -b dc=phillycarshare,dc=loc
(objectClass=person)
^ That succeeds. Web login still fails. Now, I'm using the full
ActiveD DN of CN=blah on ldapsearch, but whatever I enter into the
username field on the web login gets tried as the sAMAccountName,
doesn't it? Or no?
Is the CN being the fname lname of the user causing the issue? Should
it be identical to the sAMAccountName one-word domain login? And if so,
anyone know a good simple way to do that across the board without
breaking anything
It uses sAMAccountName to retrieve the actual full DN (including CN in
your case) and then uses the full DN that was retrieved to try to bind
to the server with the password provided. The space doesn't matter, it's
usual to have a space in a CN and usual in AD for the CN to be used as
the node name.
Looking at the log, it doesn't look like it's *really* checking the
password:
**
# If a password was given on the login page, validate it
if (defined($pass)) {
$RT::Logger-debug(\$pass defined ($pass), Running IsPassword);
$password_validated =
$session{'CurrentUser'}-UserObj-IsPassword($pass);
}
unless($password_validated) {
$RT::Logger-debug(Password Incorrect);
delete $session{'CurrentUser'};
}
**
You don't have one single debug statement between the output Running
IsPassword and Password Incorrect. I would expect a lot more debug
output between the two as the code passes into IsPassword().
I would recommend adding some debug statements to the IsPassword method
inside local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm and
see if they show up in the log, because I'm guessing the User_Vendor.pm
isn't getting used and it's just calling the normal RT IsPassword
method instead.
--
Kind Regards,
__
Mike Peachey, IT
Tel: +44 114 281 2655
Fax: +44 114 281 2951
Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK
Comp Reg No: 3191371 - Registered In England
http://www.jennic.com
__
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Bad AD or is it my config?
Robert Munsch wrote: Trying to simulate this via ldapsearch but can’t figure it out. All the docs I see say that ‘userpassword is only accepted for auth, and unicodepwd is not readable by ldap.’ I was hoping to run an ldapsearch to retrieve a given user’s password to see where this is breaking, but I’m not sure how. I’m binding ok and can run all sorts of searches, but nothing that will list or show me passwords. How does RT do it..? My perl-fu is weak L. LDAP authentication is not done the same way as unix authentication. It doesn't check the password you provided against the userPassword in LDAP, what it does is attempt to bind to LDAP using the credentials provided. If the bind is successful, the authentication is successful. 1. User provides username 2. username is turned into an LDAP filter using your config like this: ((filter)(usernamefield=$username_provided)) e.g. ((objectClass=Person)(sAMAccountName=foo)) 3. LDAP is searched using the filter by binding to the LDAP server and performing a search. If 'user' and 'pass' are set in the config then those credentials are used to bind to the server, otherwise an anonymous bind is done. 4. If the user is not found (after checking all name attributes and all external sources), authentication fails. 5. If an object IS found then RT attempts to bind to the LDAP server using the full DN of the object returned (i.e. saMAccountName=foo,ou=Users,dc=foo,dc=bar) and the password that was entered by the user. 6. IF bind was successful, user is authenticated. If not, then not. That should help understand what you're doing. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] ExternalAuth installation problems and can Authenticating RT against Active Directory be done with version 3.8?
Kevin Murphy wrote: Hi RT List, I attempted installing with CPAN, but that resulted in: Warning: Cannot install RT::Authen::ExternalAuth, don't know what it is. Try the command i /RT::Authen::ExternalAuth/ to find objects with matching identifiers. I don't know why this would be. But manual installation is just as good so it doesn't matter much. So, I followed the manual install instructions, but when I run Perl Makefile.PL The response is Cannot determine perl version info from lib/RT/Authen/ExternalAuth.pm Cannot determine author info from lib/RT/Authen/ExternalAuth.pm Cannot determine license info from lib/RT/Authen/ExternalAuth.pm Using RT configuration from /opt/rt3/lib/RT.pm: ./etc = /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc ./html = /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html ./lib = /opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib Cannot determine perl version info from lib/RT/Authen/ExternalAuth.pm Writing Makefile for RT::Authen::ExternalAuth I don't know what's causing the cannot determine warnings, I guess I just haven't yet accounted for a newer version. Can anyone inform me of what I am doing wrong here? Nothing, you just stopped too early. Once you've done `perl Makefile.PL` you need to do `make` and `make install`. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Win2k Native AD mode
Robert Munsch wrote: Hello list, I’ve been having Issues™ with my LDAP auth. I’ve only just checked and my predecessor has the DC running at Win2k Native functionality… not Win2k3. Would this affect ExternalAuth’s ability to do proper LDAP lookups against AD? There’re no NT or Win2k machines anywhere on this network. I’ve no idea why it’s set up like this. 1. It should have no effect, Win2k AD was as shoddy as Win2k3 at doing LDAP. The interface from outside should be the same. 2. Upgrade the base functionality to 2003. It only takes a few clicks and if you have no Win2k/NT machines it will make no difference to the network, it will simple give you extra functionality that you can choose to use or not. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Undefined subroutineRT::Authen::ExternalAuth::UserExists - Probably Resolved
Robert Munsch wrote: Ripped out everything, including perl, apache2, rt, and the equine companions they ambulated towards me with. Obliterated any file that looked like it was even thinking of the string authen. Put it all back very slowly. While i've made some mistakes in my LDAP config and I'm not successfully authenticating, I get a proper Your username or password is incorrect on the login page, not the horrible perl error from before. Glad to hear it. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] CALLING EXTERNALAUTH TESTERS - v0.07_01 nowavailable.
Robert Munsch wrote: Still experiencing this. Not sure what's going on. Any attempt at login for any user - root or otherwise - gets this: Undefined subroutine RT::Authen::ExternalAuth::UserExists called at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAut h/autohandler/Auth line 39. The difference being only that if I tried logging in as a user that doesn't exist yet and should be looked up in AD, refreshing the page gives me the login screen again: and if I tried logging in as root, it says line 89 instead of 39 and refreshing the page gives me RT at a glance successfully. Very confused. I would really like to help, but I'm having difficulty seeing where the problem might be. It's very much a perl/systemconfiguration/rt-core problem - I'm much better on ExternalAuth issues. You might want to try, as the user your web server runs as, not root: perl -I/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib - MRT::Authen::ExternalAuth -e1 Did that. No apparent output: just hangs until I ctrl-C. This could be telling.. though I'm not sure what of. I know this has probably been mentioned before, but just in case it's worth at least suggesting: chown -R apache:apache /opt/rt3 (or whatever is your web user, web group and $RTHOME). -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT::Authen::ExternalAuth selectable authentication service?
Kenneth Marshall wrote: That seems like a lot of work to save a couple of very light-weight LDAP queries. Plus, if anyone changes status, you will need to manually reset their fields to get them to authenticate correctly. My two cents. To be honest I have to agree. It would require a lot of work and would save only a small amount of resources and could render RT an administrative nightmare. Also, the extra lookups required inside RT would likely reduce the LDAP load at the expense of increasing the load on the RT server. Having said that, you are more than welcome to investigate coding it yourself, I just simply wouldn't find the time - as it is I've yet to get the chance to confirm the DB authentication in 0.07_01 so as to release it as stable. -- Kind Regards, __ Mike Peachey, IT Tel: +44 114 281 2655 Fax: +44 114 281 2951 Jennic Ltd, Furnival Street, Sheffield, S1 4QT, UK Comp Reg No: 3191371 - Registered In England http://www.jennic.com __ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
