Re: [rt-users] Autoreply Template Script

[Nathan Cutler]

 So none of provide a web interface to view the status of there tickets?
If yes how do you do it?

We do provide our users access to the self-service web UI. We have the
usernames and
passwords in LDAP, and RT uses RT::Authen::ExternalAuth for
authentication. Of course,
the users must remember their credentials - however, this is not a
problem because
multiple services (not just RT) authenticate against the LDAP server.

HTH,
Nathan

[rt-users] Connecting to remote MySQL via SSL

[Nathan Cutler]

I have been tasked with migrating our RT database (MySQL) to a remote
server, connection between RT and the database server must be SSL
encrypted.

I see at [1] that DBD::mysql supports SSL, but the RT documentation
[2] seems to imply that RT only supports SSL with PostgreSQL:

$DatabaseRequireSSL

If you're using PostgreSQL and have compiled in SSL support, set
$DatabaseRequireSSL to 1 to turn on SSL communication with the
database.

What is the status of out-of-the-box support for SSL with MySQL in RT 4.2?

Thanks,
Nathan

[1] https://metacpan.org/pod/DBD::mysql#mysql_ssl
[2] https://www.bestpractical.com/docs/rt/4.2/RT_Config.html#DatabaseRequireSSL

[rt-users] MergeUsers patch

[Nathan Cutler]

Hi Ruslan:

Thanks for the MergeUsers patch you provided awhile back. Do I need to
do anything special (pull request, etc.) to get this accepted
upstream, or will you take care of it?

Thanks,
Nathan

Re: [rt-users] MergeUsers patch

[Nathan Cutler]

Thanks, guys.

On Wed, Sep 11, 2013 at 1:54 PM, Ruslan Zakirov r...@bestpractical.com wrote:
 What Thomas said.


 On Wed, Sep 11, 2013 at 1:24 PM, Thomas Bätzler t.baetz...@bringe.com
 wrote:

 Nathan Cutler asked:

  Hi Ruslan:
 
  Thanks for the MergeUsers patch you provided awhile back. Do I need to
  do anything special (pull request, etc.) to get this accepted
  upstream, or will you take care of it?

 He has already uploaded it to CPAN:

 rt:~/.cpan/build/RT-Extension-MergeUsers-0.11-MGX37G# head -5 Changes
 0.11 Tue Sep 10 14:42:46 MSK 2013

 * For every merged user in a collection one user at the end of
   the collection was skipped, for example in owners drop down,
   admin interface or in autocompletion lists.

 Cheers,
 Thomas




 --
 Best regards, Ruslan.

Re: [rt-users] CLI question

[Nathan Cutler]

In case anyone is interested, I patched the 'rt' script to fix the problem:

# diff -u rt.old rt
--- rt.old  2013-08-14 20:46:23.0 +0200
+++ rt  2013-09-09 16:06:20.0 +0200
@@ -1698,6 +1698,8 @@
 $mon = $month{$monstr} if exists $month{$monstr};
 } elsif ( /(\d{4})-(\d\d)-(\d\d)\s+(\d\d):(\d\d):(\d\d)/ ) {
 ($yr, $mon, $day, $hr, $min, $sec) = ($1, $2-1, $3, $4, $5, $6);
+} elsif ( /(\d{4})-(\d\d)-(\d\d)\s+(\d\d):(\d\d)/ ) {
+($yr, $mon, $day, $hr, $min, $sec) = ($1, $2-1, $3, $4, $5, 0);
 }
 if ( $yr and defined $mon and $day and defined $hr and defined $sec ) {
 return timelocal($sec,$min,$hr,$day,$mon,$yr);

Now the 'rt list' command works as expected.

Nathan


On Thu, Sep 5, 2013 at 4:40 PM, Nathan Cutler presnyprek...@gmail.com wrote:
 I'm trying to use the 'rt' command line script. It's working, except
 for an annoying error message:

 $ rt list status='new'
 Query:status='new'
 Ticket Owner QueueAge   Told Status Requestor Subject
 
 Unknown date format in parsedate: '2011-09-30 13:44'

 This Unknown date format error is written once for each line of output.

 Reading the code, I can see that RT is expecting the date format to
 include the seconds, yet in my case the seconds are missing.

 I can patch the code to add :00 on the end, but I'm curious to hear
 if others can reproduce this, or any ideas for a proper fix.

 Thanks!

 Nathan

Re: [rt-users] Recommendations for email validation portal

[Nathan Cutler]

 What I'm interested in is having some sort of frontend to RT that
 would, upon receiving an email, email the user back with a link they
 must click before the email is submitted to RT (and ticket generated).
 Bonus points if such a solution can track users who have validated in
 the past and let them bypass this validation.

 Has anyone done something like this that can offer recommendations?

If you have some proficiency in Perl, you can write a plug-in to rt-mailgate:

http://bestpractical.com/docs/rt/latest/rt-mailgate.html#CUSTOMIZATION

(I recently wrote and deployed one.) It's pretty easy to make it do
practically anything you want -- since it's just a Perl script. You
can set RT (in RT_SiteConfig.pm) to not automatically create new RT
users for all incoming emails, and then in the plug-in you can
validate the incoming emails against already existing RT users.
Although RT does not (AFAIK) allow you to assign multiple email
addresses to a single user, you can work around this with the
MergeUsers extension.

This is probably not the only way to approach the problem. It's also
possible to do stuff with CanonicalizeUserName(?), but I haven't tried
that.

Hope this helps.

Nathan

Re: [rt-users] Fwd: How to list all enabled users in Perl script?

[Nathan Cutler]

 I'm planning to look at it later tonight or tomorrow.

Thanks, Ruslan.

 Guys, please send version of DBIx::SearchBuilder, just in case it's not the
 latest.

I'm running 1.63.

[rt-users] CLI question

[Nathan Cutler]

I'm trying to use the 'rt' command line script. It's working, except
for an annoying error message:

$ rt list status='new'
Query:status='new'
Ticket Owner QueueAge   Told Status Requestor Subject

Unknown date format in parsedate: '2011-09-30 13:44'

This Unknown date format error is written once for each line of output.

Reading the code, I can see that RT is expecting the date format to
include the seconds, yet in my case the seconds are missing.

I can patch the code to add :00 on the end, but I'm curious to hear
if others can reproduce this, or any ideas for a proper fix.

Thanks!

Nathan

Re: [rt-users] Fwd: How to list all enabled users in Perl script?

[Nathan Cutler]

 Can you test the following patch?

I've applied the patch on both our testing and production instances.
It seems to work! Will keep an eye on it to see if there are any
undesired consequences.

Thanks alot!

Nathan

[rt-users] Fwd: Need Help on RT

[Nathan Cutler]

This got directed to my personal mail by mistake -- forwarding to the list.

-- Forwarded message --

Dear Concern,

I need help on RT.I am new to linux and RT we have previously have RT
3.6.5 now with the help of my friend I have upgraded it to 3.8.0

I am facing two issues.

1.While sending mail from RT to one time CC and BB they are not
getting mail. I have checked the notify scrips etc all are seem to be
right.

2.When I send any mail to user along with attachment at the user end
it will so message transition apper to have no context

Please help me on this. it would be realy help full for me.

I am stuck on this for last One Month

Thanks a lot in advance .

Alok
Sent from BlackBerry® on Airtel

[rt-users] Fwd: How to list all enabled users in Perl script?

[Nathan Cutler]

 Call `print $RT_enabled_users-BuildSelectQuery, \n;`, check SQL manually
 and it is correct then move to Next function.

Thanks, Ruslan. I tried your suggestion. It outputs the following
SELECT statement:

SELECT DISTINCT main.* FROM Users main JOIN Principals Principals_1
ON ( Principals_1.id = main.id )  WHERE (Principals_1.Disabled = '0')
AND (Principals_1.PrincipalType = 'User')  ORDER BY main.Name ASC

which I cut-and-pasted into the mysql prompt. This gives me 167 rows
in alphabetical order. The Perl script's output, however, shows only
151 rows.

I changed the SELECT statement to output just main.Name (into a file).
Then, I modified my script to output just the Name of each enabled
user (also to a file). And then I diffed the two resulting files. The
SELECT statement yields 16 more users than the Perl script does.

Here's my guess at what's happening: I'm using the MergeUsers
extension. The SELECT statement ignores the fact that some of the
users have been merged, and simply grabs them all. The Perl script, by
contrast, attempts to get only those users that have not been merged
into other users. But for some reason it fails to do this correctly,
leaving out more users than it should. Significantly, it leaves out 8
users at the end of the list. This would indicate that it's getting a
wrong count of the number of non-merged users. Once it reaches the end
of the count, it simply ignores the remaining users, even though they
are non-merged.

It's quite possible that I have merged 8 users. These 8 are not in the
list generated by the Perl script. In addition to these 8, another 8
(at the end of the alphabet) are also missing. It's very weird and it
definitely smells like a bug.

Any ideas appreciated.

Nathan

Re: [rt-users] Fwd: How to list all enabled users in Perl script?

[Nathan Cutler]

 Find `sub Next` in lib/RT/Extension/MergeUsers.pm, put logging or printing
 debug statements there to check what is going on.

OK, I'll try that. I ran some more tests on my testing RT instance.
Here's what I just found out:

When no users are merged, the script produces the same output (same
users, same number of users) as the SELECT statement. When I then go
and merge a single user into another user, the number of users
produced by the script decreases by *two* -- the merged user *plus*
the alphabetically last user.

For example: with no users merged, the SELECT and the script both
return 63 rows (users). After user X is merged into user Y, the script
returns 61 rows (users), instead of 62 that would be expected. The two
missing users are user X and user Z (the last user in the alphabetical
listing produced by SELECT).

In my production instance, I have 8 merged users and the number of
users produced by the script is 16 less than the SELECT listing. In
addition to the 8 merged users, the 8 users at the end of the alphabet
are missing.

So it looks like an off-by-one bug.

Nathan

[rt-users] How to list all enabled users in Perl script?

[Nathan Cutler]

Greetings:

RT 4.0.17.  In the web UI, when I list all enabled users by selecting
'%' I get a list of about 152 users (approximately). Now, I have
written a Perl script that is supposed to list all enabled RT users.
When I run it, it finds 147 users and lists them in alphabetical
order. But approximately 5 users at the end of the alphabet ('Name'
starting with 'v', 'w', 'x', 'y', or 'z') are missing. For the life of
me I can't figure out why. Any ideas?

use strict;
use warnings;

use RT;
use RT::User;
use RT::Users;

BEGIN {
RT-LoadConfig;
RT-Init;
}

my $RT_enabled_users = RT::Users-new($RT::SystemUser);
$RT_enabled_users-LimitToEnabled;

my $loop_count = 0;
while (my $current_user = $RT_enabled_users-Next) {

   $loop_count += 1;

   my $uid = $current_user-Name;
   my $real_name = $current_user-RealName;
   my $rt_email = $current_user-EmailAddress;

   print $loop_count: '$uid' -- $real_name -- $rt_email\n;

}

print Loop count: $loop_count\n;

Thanks alot,
Nathan

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

[Nathan Cutler]

Hi

 Is it possible that parameter $RTAddressRegexp interfers with
 RT::Authen::ExternalAuth ?

I doubt it.

 On Active directory side no error, only successes logs.

Are you saying that a user attempts to log in, you see successful LDAP
bind on the LDAP server, and RT login fails? If so, please send us the
relevant debug-level RT log excerpt. Also the LDAP server log excerpt
if possible.

 Do you no about any other debug options I could use ?

I did notice that, after upgrading to RT 4.0.17 and ExternalAuth 0.12,
I get much more detailed debug-level log messages for ExternalAuth.

Hope this helps.

Nathan

[rt-users] sendmailpipe returns EX_TEMPFAIL

[Nathan Cutler]

Greetings:

We are having an problem with Postfix sendmail returning code 75
(EX_TEMPFAIL) on outgoing emails from RT. I have been monitoring the
bug and can find no rhyme or reason to it. Most of the time, emails
leave RT without any trouble. But occasionally they fail
unreproducibly like this:

Aug 12 08:01:16 perelman RT:
rt-4.0.13-29527-1376287275-1791.35212-...@suse.de #35212/333905 -
Scrip 4 On Create Notify AdminCcs
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Action/SendEmail.pm:285)
Aug 12 08:01:16 perelman RT:
rt-4.0.13-29527-1376287275-1791.35212-...@suse.de:
`/usr/sbin/sendmail -oi -t` exited with code 75
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm:486)
Aug 12 08:01:16 perelman RT:
rt-4.0.13-29527-1376287275-1791.35212-...@suse.de: Could not send
mail with command `/usr/sbin/sendmail -oi -t`:
rt-4.0.13-29527-1376287275-1791.35212-...@suse.de:
`/usr/sbin/sendmail -oi -t` exited with code 75 at
/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm line 487.
Stack:   [/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm:487]
  [/usr/lib/perl5/vendor_perl/5.10.0/RT/Action/SendEmail.pm:292]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Action/SendEmail.pm:114]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/ScripAction.pm:232]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Scrip.pm:475]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Scrips.pm:188]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Transaction.pm:201]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Record.pm:1504]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Ticket.pm:682]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm:1569]
[/usr/share/request-tracker/html/REST/1.0/NoAuth/mail-gateway:61]
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm:491)

This is RT 4.0.13 and we are running it on a virtual machine with 8GB
of RAM. Free RAM is around 80%, so the problem is not memory-related.
There is one other mod_perl application running on the same machine,
but adding PerlOptions +Parent to the Apache vhost configuration
didn't help. (Do I need to add it to the vhost configuration of the
other mod_perl app, too?)

In RT_SiteConfig.pm I have:

Set($SendmailCommand, 'sendmailpipe');
Set($SendmailArguments, '-oi -t');

I'm running a fairly modern Postfix (v. 2.5.13) on a fairly modern OS
(SLES11-SP2). Here's apache2ctl -V:

# apache2ctl -V
Server version: Apache/2.2.12 (Linux/SUSE)
Server built:   Mar 27 2013 18:47:49
Server's Module Magic Number: 20051115:23
Server loaded:  APR 1.3.3, APR-Util 1.3.4
Compiled using: APR 1.3.3, APR-Util 1.3.4
Architecture:   64-bit
Server MPM: Prefork
  threaded: no
forked: yes (variable process count)
Server compiled with
 -D APACHE_MPM_DIR=server/mpm/prefork
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT=/srv/www
 -D SUEXEC_BIN=/usr/sbin/suexec2
 -D DEFAULT_PIDLOG=/var/run/httpd2.pid
 -D DEFAULT_SCOREBOARD=logs/apache_runtime_status
 -D DEFAULT_LOCKFILE=/var/run/accept.lock
 -D DEFAULT_ERRORLOG=/var/log/apache2/error_log
 -D AP_TYPES_CONFIG_FILE=/etc/apache2/mime.types
 -D SERVER_CONFIG_FILE=/etc/apache2/httpd.conf

What appears to be happening is this: for reasons unknown,
occasionally when RT goes to send an email, the sendmailpipe command
('/usr/bin/sendmail -oi -t') gets executed but nothing is piped in.
This causes sendmail to report:

postfix/sendmail[23352]: fatal: wwwrun(30): No recipient addresses
found in message header

and RT logs the code 75 error quoted above. In the web UI, when I
look at the transaction with headers, it says:

X-RT-Interface: API
MIME-Version: 1.0
X-Mailer: MIME-tools 5.502 (Entity 5.502)
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: ascii
RT-Message-ID: rt-4.0.13-29527-1376293428-636.35212-...@suse.de
Content-Length: 105

Sending the previous mail has failed.  Please contact your admin, they
can find more details in the logs.

Yesterday I added the '-v' switch to the sendmail command line, which
is causing mail delivery reports to be sent to a local user on the
machine. These mail delivery reports reproduce all the headers. I have
not managed to capture the bug in this way, yet, however. But as
soon as I do I will post the mail delivery report here.

Does anyone have any other ideas for debugging this issue? Especially
I am interested in how I could confirm or deny that it's related to
mod_perl cohabitation -- i.e. two different Perl applications in a
single mod_perl host?

Nathan

Re: [rt-users] sendmailpipe returns EX_TEMPFAIL

[Nathan Cutler]

 Does anyone have any other ideas for debugging this issue? Especially
 I am interested in how I could confirm or deny that it's related to
 mod_perl cohabitation -- i.e. two different Perl applications in a
 single mod_perl host?

I noticed that when I don't have PerlOptions +Parent in the apache
config, the Perl library search order on the System Configuration page
is different than when I do. Here's what it looks like _without_
PerlOptions +Parent (omitting the line numbers which do not
copy-paste):

Perl library search order

/usr/share/request-tracker/local/lib
/usr/share/request-tracker/local/plugins/RT-Extension-MergeUsers/lib
/usr/lib/perl5/vendor_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
/srv/www/perl-lib
/srv/www/vhosts/pdb/
/usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/5.10.0
.
/srv/www

Notice lines 5 and 6 which obviously come from the other mod_perl application.

Now, here's what it says _with_ PerlOptions +Parent:

Perl library search order

/usr/share/request-tracker/local/lib
/usr/share/request-tracker/local/plugins/RT-Extension-MergeUsers/lib
/usr/lib/perl5/vendor_perl/5.10.0
/usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0
/usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/5.10.0
.
/srv/www

So maybe the problem is solved? I did have PerlOptions +Parent in the
apache configuration before, but maybe not correctly? I checked the
other application's vhosts file and it _does_ have PerlOptions
+Parent.

Nathan

Re: [rt-users] Regex

[Nathan Cutler]

 Sorry back to the drawing board does not work if the city is two words.

Really, I would think that regex questions (especially if there are
going to be lots of them) will be considered off-topic here.

Have you considered asking your question at stackoverflow.com?
(Suggestion: tag your question perl and regex and specify whether
you want your regex to work on just this one string, or in general on
a class of strings.)

Re: [rt-users] Searching for a string

[Nathan Cutler]

 I am searching the content of an email for a string using.

 m/'Building: Walgreen Drug Store #\d+/  Does not find text.

 But

 index($t_subject, 'Building: Walgreen Drug Store #'); Does find text.

A few (hopefully helpful) questions:

1. Why do have a single-quote character before the word Building in
the first example, but not in the second?

2. Can you send an example string that you searching over?

3. Better yet, can you send a snippet of your code?

And a note: if you are trying to capture text, you need parentheses
around the text you intend to capture. Something like this:

CODE
#!/usr/bin/perl
use strict;
use warnings;

my $str=And suddenly, there were Building: Walgreen Drug Store
#235232343434324235521 flies in the tepid air;

my ($substr) = ($str =~ m/(Building: Walgreen Drug Store #\d+)/);
print $substr, \n;
/CODE

Also, you don't mention whether this string occurs only in the email
headers, or also in the body? If in the body, will you have to deal
with the possibility of a line break occuring inside the string?

Nathan

Re: [rt-users] Searching for a string

[Nathan Cutler]

Hi Bryon:

Perl regexes can be a bit tricky.

 Here is the codes being used.

 my $t_subject = $self-TransactionObj-ContentObj-Content ;
 my $match = Building: Walgreen Drug Store;

Here I would be to use \s+ after the colon, since there might be
multiple spaces or even a tab in the email. Unless you're sure it will
always be just a single space.

 if ( $t_subject !~ /$match/i)  {

This says if $t_subject does NOT match. Don't you want the opposite?
I'd suggest you try changing the !~ operator (does NOT match) in this
line to =~ (matches).

$RT::Logger-debug(Found Match\n);
return 0;
 }
 else {
$RT::Logger-debug(No Match Found Match string: $match content: 
 $t_subject\n);
return 1;
 }

Another thing to try is the s modifier, which explicitly tells Perl
to treat the entire email as a single line. But in my test it works
fine without.

Hope this helps.
Nathan

Re: [rt-users] Bad name after cn' when using LDAPImport

[Nathan Cutler]

 That corresponds with this line of my RT_SiteConfig.pm:

Look one line above that -- you appear to be missing a closing apostrophe.

 Set($LDAPGroupFilter, '(|(CN=dor-rt-admins)(CN=dor-rt-staff));

This is the offending line.

Re: [rt-users] LDAPImport succeds with user LDAP bind but fails with group

[Nathan Cutler]

Hi Kevin,

 I’ve confirmed
 that my filter works with ldapsearch.

Can you send the working ldapsearch command? Seems suspicious to me
that the initial search for the user comes up empty.

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

[Nathan Cutler]

 It binds because i receive all aditional fields and even creates the user
 with those .

Yes, it binds, but anonymously. All the information fields are first
retrieved that way. Only then does the authentication phase start,
when it attempts to bind as the user with the password that the user
enters in the login window.

 The problem is really focused on authentication step and i can't understand
 why :(

Yes, so the question is (once again): can you bind *as the user* and
*with the user's password* from the command line?

Re: [rt-users] Postfix sendmail returning status code 75

[Nathan Cutler]

 My guess is that you're running RT 4 under mod_perl with the wrong
 SetHandler value.  Read
 http://bestpractical.com/docs/rt/latest/web_deployment.html#mod_perl-2.xx and
 compare your config.

No, mine seems to check out. Here it is:

AddDefaultCharset UTF-8

PerlSetEnv RT_SITE_CONFIG /etc/request-tracker/RT_SiteConfig.pm

# You might need to alter references to /rt in this file (there are
# three) to match whatever base URL you are using for your RT site
Alias / /usr/share/request-tracker/html

Location /
  SetHandler modperl
  PerlResponseHandler Plack::Handler::Apache2
  PerlSetVar psgi_app /usr/sbin/rt-server
#  Options None
#  Order allow,deny
#  Allow from all
/Location

# Limit mail gateway access to localhost by default
Location /REST/1.0/NoAuth
Order Allow,Deny
Allow from 127.0.0.1
/Location

Perl
  use Plack::Handler::Apache2;
  Plack::Handler::Apache2-preload(/usr/sbin/rt-server);
/Perl

Today I have been keeping a close watch on the server's memory. So far
I haven't seen any less than 80% free, and no error so far, either.

Nathan

Re: [rt-users] Help with GNATT RT Extension: Doesn't show up!

[Nathan Cutler]

 However, there seems to be no option on the RT GUI to run the GNATT
 extension.

Just to be sure: did you clean the Mason cache and your browser's cache, too?

[rt-users] Postfix sendmail returning status code 75

[Nathan Cutler]

I'm having a devil of a time with this. We're running RT 4.0.13 on
SUSE Linux Enterprise Server 11 SP2. The MTA is Postfix.

Seemingly for no reason, outgoing emails from RT start failing.
Cleaning the Mason cache and restarting Apache2 seems to solve the
problem temporarily (some hours, but by the next morning at the latest
the problem returns).

Each time it drops an email in this way, RT writes the following two
log messages:

RT: rt-4.0.13-7424-1375250475-1273.35071-...@suse.de:
`/usr/sbin/sendmail -oi -t` exited with code 75
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm:486)

RT: rt-4.0.13-7424-1375250475-1273.35071-...@suse.de: Could not send
mail with command `/usr/sbin/sendmail -oi -t`:
rt-4.0.13-7424-1375250475-1273.35071-...@suse.de:
`/usr/sbin/sendmail -oi -t` exited with code 75 at /usr/lib
/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm line 487.  Stack:
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Email.pm:48
7]   [/usr/lib/perl5/vendor_perl/5.10.0/RT/Action/SendEmail.pm:292]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Action/SendEmail.pm
:114]   [/usr/lib/perl5/vendor_perl/5.10.0/RT/ScripAction.pm:232]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Scrip.pm:475]   [/usr
/lib/perl5/vendor_perl/5.10.0/RT/Scrips.pm:188]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Transaction.pm:201]
[/usr/lib/perl5/v
endor_perl/5.10.0/RT/Record.pm:1504]
[/usr/lib/perl5/vendor_perl/5.10.0/RT/Ticket.pm:682]
[/usr/lib/perl5/vendor_perl/5.10.
0/RT/Interface/Email.pm:1569]
[/usr/share/request-tracker/html/REST/1.0/NoAuth/mail-gateway:61]
(/usr/lib/perl5/vendor_perl/5
.10.0/RT/Interface/Email.pm:491)

I have the following options in RT_SiteConfig.pm:

Set($MailCommand, sendmailpipe);
Set($SendmailArguments, '-oi -t');

I read this thread where someone had a very similar problem:

http://requesttracker.8502.n7.nabble.com/sendmail-error-exited-with-code-75-RHEL6-td7144.html

In their case, adding PerlOptions +Parent to their vhost
configuration file solved the problem, but I did that and it doesn't
help in my case.

If I don't restart Apache, the problem seems to get worse over time.

I have prepared a wrapper for sendmail that will log the exact
messages that are causing this to happen, but I haven't deployed it
yet. (Still testing it.)

Since status code 75 is only a temporary error whereby Postfix is
(apparently) just saying that it is queuing the message to send later,
I'm wondering if I could just patch RT to ignore status code 75 and
treat it the same as success?

Any other ideas?

Nathan

Re: [rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

[Nathan Cutler]

 To be more specific, when i remove the user, at next login RT creates again
 the user with the right values ( i.e. Name, ZIP code, etc. ) but fails at
 authentication step.

IIRC you are using RT::Authen::ExternalAuth, right? That extension
authenticates by attempting to bind to the LDAP server with the
credentials entered by the user. But before it tries to bind, it first
looks up the user in LDAP anonymously. This is consistent with what
you are seeing. Here's what I see in my log when a known user attempts
to login and fails:

Jul 30 11:09:56 myserv RT: My_LDAP AUTH FAILED myuser (can't bind:
LDAP_INVALID_CREDENTIALS 49 )
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth/LDAP.pm:90)
Jul 30 11:09:56 myserv RT: FAILED LOGIN for myuser from 10.120.5.61
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Web.pm:753)

And this is the log when an unknown (to RT) user attempts to login and fails:
Jul 29 13:06:44 myserv RT:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: ,
EmailAddress: , Gecos: myuser, Name: myuser, Privileged:
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth.pm:665)
Jul 29 13:06:45 myserv RT: Autocreated external user myuser ( 988 )
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth.pm:254)
Jul 29 13:06:48 myserv RT: My_LDAP AUTH FAILED myuser (can't bind:
LDAP_INVALID_CREDENTIALS 49 )
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Authen/ExternalAuth/LDAP.pm:90)
Jul 29 13:06:48 myserv RT: FAILED LOGIN for myuser from 10.120.4.148
(/usr/lib/perl5/vendor_perl/5.10.0/RT/Interface/Web.pm:753)

Note that it first creates the user in RT. Only then does it attempt to bind.

Now, in my case the bind fails because the user's credentials are
wrong. But this is not the only possible failure modality. There are
any number of reasons why bind might be failing.

Can you bind to the LDAP server using the 'ldapsearch' command? If you
can get bind to work that way, first, that would be a start. In my
case, the successful ldapsearch command looked something like this:

ldapsearch -LLL -H ldaps://login.example.com -x \
  -D cn=myuser,ou=users,dc=example,dc=com -W \
  -b ou=users,dc=example,dc=com uid=myuser

(Note that you have to know myuser's password -- and enter it
correctly -- for this to work.)

Hope this helps.

Nathan

Re: [rt-users] Postfix sendmail returning status code 75

[Nathan Cutler]

Thanks for your reply, Kevin, and here are my answers to your questions.

 What kind of monitoring do you have on the box?  Often, this is a
 memory problem (the running out kind).

We are monitoring the box with Icinga. I will talk with my colleagues
to see if we can tweak the Icinga configuration so it complains
earlier when memory starts to get low. The box has 8Gb installed, but
it runs more stuff than just RT.

 PerlOptions +Parent was required because they ran two perl processes
 in a single mod_perl host.  Are you doing that?

Well, I'm certainly not. And it didn't make the problem go away, so I
assume this is a dead end and I will remove that option.

 What's in your postfix error logs when this happens?

postfix/sendmail[26576]: fatal: wwwrun(30): No recipient addresses
found in message header

My sendmail wrapper is now in place and I will be watching closely
tomorrow. Today from what I managed to capture it looked like nothing
(or only one byte?) was being piped from RT to sendmailpipe. This is
consistent with what was written to the log (No recipient addresses
found).

Thanks!

[rt-users] (RT::Authen::ExternalAuth) email exists problem authenticating trough AD

[Nathan Cutler]

 Any other idea ?

Yes. As Kevin indicated, I would start with your 'attr_match_list'. On
your testing/development RT instance, try running it with just:

'attr_match_list' = [ 'Name' ],

and see if the user can log in. Tell us what happens.

Also, judging from the Couldn't create user myuser : Email address in
use error I would guess some other user has that email address. Try
searching for users with that email address in RT and tell us what you find.

Good luck.

Nathan

[rt-users] Disabling system users

[Nathan Cutler]

I just managed (via a Perl script) to disable the system users Nobody and
RT_System. The script has been fixed and it appears no harm was done, but I
wanted to ask you guys if there is any real-life scenario where it would be
useful to delete or disable these two users? If not, wouldn't it be a good
idea to make it impossible to delete/disable them?

Re: [rt-users] Help with Apache2 CENTOS httpd.conf SSL setup

[Nathan Cutler]

When you say that port 80 doesn't work either - does the redirect
happen? In other words, does the address (in the browser) change to
https://...?

The general tactic is to get it working over http (port 80) first,
then add https.

Re: [rt-users] RT4 - preserve formatting when fetching email

[Nathan Cutler]

Can you provide specific examples? The more details, the better.

On Mon, Jul 15, 2013 at 12:28 PM, girardja...@yahoo.fr
girardja...@yahoo.fr wrote:
 Hello,

 I'm a beginner with RT, and I would like to know if this software allows to
 preserve formatting when fetching email.
 Cause when I attempting to fetch emails via POP3 from a mailbox, all
 generated tickets into RTloose their original format.

 Do you know a way to keep it safe?

 My applicative version is : rt-4.0.5

 Thanks in advance,

 Regards,

 James G.

 
 View this message in context: RT4 - preserve formatting when fetching email
 Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] LDAPImport size limit woes

[Nathan Cutler]

 You might contact the admins of the server and ask if they can enable
 the paging extension or something.  It's strange that it's not
 supported; it's been around for _ages_.

Thomas: OK, I will ask them. Is this the one:

http://www.rfc-editor.org/rfc/rfc2696.txt

?

Nathan

[rt-users] LDAPImport size limit woes

[Nathan Cutler]

Hello again!

I have the LDAPImport extension working. Our LDAP server uses an
aggressive size limit and I have a kludge in place to deal with it.

But today I noticed that LDAPImport has an LDAPSizeLimit parameter.
However, when I turn it on like this:

Set($LDAPSizeLimit, 100);

I get the following error:

[Wed Jul 10 09:10:42 2013] [error]: LDAP search failed Critical
extension not available
(/usr/lib/perl5/vendor_perl/5.16.2/RT/Extension/LDAPImport.pm:1237)
LDAP search failed Critical extension not available

when I run /usr/bin/rtldapimport

Could it be that the value of LDAPSizeLimit that I set in
RT_SiteConfig.pm must match the server's actual limit exactly? (I was
assuming it just had to be = the server's actual limit.)

Thanks in advance,
Nathan

Re: [rt-users] LDAPImport size limit woes

[Nathan Cutler]

 This is an error from your LDAP server saying that it doesn't support
 paged results (i.e. the first 100, the second 100, etc).

Thanks, Thomas. That makes perfect sense, now that you've said it :-)

 What LDAP server are you running?

I don't know. It (the server) is not under my control, so I'll just
have to stick with kludge I've been using until now.

By the way, do I understand the docs correctly that the LDAPImport
extension has no way of defining a chain of several LDAP servers,
similar to what the RT::Authen::ExternalAuth does?

Nathan

[rt-users] Merge tickets using Perl API?

[Nathan Cutler]

Greetings, RT enthusiasts!

I am trying to merge two pre-existing tickets by a stand-alone Perl script.

Here's the full script:

CODE
#!/usr/bin/perl

use strict;
use warnings;

use RT;
use RT::Ticket;

my $CurrentUser;

BEGIN {
# make STDERR unbuffered
binmode(STDERR, :unix)
|| die can't binmode STDOUT to :unix: $!;
print STDERR Initializing RT...;
RT-LoadConfig;
RT-Init;
# Become RT System User
$CurrentUser = RT::CurrentUser-new;
$CurrentUser-Load(RT-SystemUser);
die Could not become RT System User unless $CurrentUser;
print STDERR Done.\n;
}

my $TicketA_id = 33842;  #Ticket A
my $TicketB_id = 34497;  #Ticket B
my $TicketA_obj = new RT::Ticket(RT-SystemUser);
$TicketA_obj-Load($TicketA_id);
my ($val, $msg) = $TicketA_obj-AddLink(
   Type = 'MergedInto',
   Target = $TicketB_id,
);
print RT::Ticket::AddLink returned val '$val' and msg '$msg'\n;
/CODE

And here's the output:
Initializing RT...Done.
RT::Ticket::AddLink returned val '6' and msg 'Ticket 33842 merged into
Ticket 34497.'

In the web UI, I see the following transactions are created:

In ticket 33842:
The RT System itself - Merged into ticket #34497

In ticket 34497:
The RT System itself - Merged into ticket #33842

Needless to say, the tickets are not merged properly - they continue
to be displayed separately.

Advice, pointers how to do this properly?

Thanks in advance!
Nathan

Re: [rt-users] RT-Extension-LDAPImport vs RT External Auth plugin modules

[Nathan Cutler]

 Since I was unable to get the RT External Auth setup working with my Active
 Directory Environment

Seems to me that if you can get RT::Extension::LDAPImport to work,
then you'll have a fighting chance of getting RT::Authen::ExternalAuth
to work as well. Please post to the list your working LDAPImport
config along with your non-working ExternalAuth config.

For me, before I was able to get ExternAuth working, I first had to
figure out how to bind to the LDAP server as a user (by providing that
user's password). Once I was able to bind using 'ldapsearch' from the
Linux command line, configuring ExternAuth was suddenly very easy.

Once you have it set up, ExternalAuth will automatically create/update
internal RT users for the LDAP users it authenticates, according to
the attr_map setting.

Re: [rt-users] RT-Extension-LDAPImport vs RT External Auth plugin modules

[Nathan Cutler]

 The RT Server itself is bound by LDAP Authentication using libpam-ldap 
 modules. So Active Directory Authentication is defiantly working as I am 
 logging into this machine with my AD creds. It is binding using the same 
 username and password that I have in my RT External Auth config. I haven’t 
 setup the RT-Extension-LDAP module yet. I just wanted to get some insite on 
 how it worked compared to the other. Will this module work standalone or do 
 you have to use it in conjunction with the RT External Auth plugin?

Hi Jeff:

(Be sure to reply to the list)

As Kevin just wrote, LDAPImport is useless for authentication, so you
would only want to use it if you need to get info (not passwords) for
a bunch of users into the RT database all at once. The reason why I
recommended it was that bind w/password might be more difficult to
get working than anonymous bind, which is what LDAPImport uses. So
LDAPImport might be a stepping stone to ExternAuth.

Just an idea.

Re: [rt-users] External Auth config with RT on Debian

[Nathan Cutler]

 I have ran into a wits end situation
...

Apologize in advance if you've already looked into this possibility:

 'attr_match_list' = [
 'Name',
 'EmailAddress',
 'RealName',
 ],

Have you checked if this is really what you want? Quoting from Thomas
Sibley's documentation for the ExternAuth module at:

http://search.cpan.org/~tsibley/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm

 Once installed, you should view the file:

3.4/3.6 $RTHOME/local/etc/ExternalAuth/RT_SiteConfig.pm 3.8
$RTHOME/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm 

Quoting from that file:

## RT ATTRIBUTE MATCHING SECTION
# The list of RT attributes that uniquely identify a user
# This example shows what you *can* specify.. I recommend reducing this
# to just the Name and EmailAddress to save encountering problems later.

So, my question is: have you tried reducing attr_match_list?  (Again,
sorry if you did and I just missed it.)

Nathan

Re: [rt-users] External Auth config with RT on Debian

[Nathan Cutler]

 After opening up the permissions on the directory where the External Auth 
 Plugin lives (/usr/local/share/request-tracker4/) to my apache user I am now 
 able to get logged into RT with a AD user! Prior to doing this root owned 
 all these directories with only read permissions..

Excellent news.

 And looking at the logs I am now seeing a ton of chatter relating to this. 
 Thanks for all your help.

If you change the loglevel to info the amount of chatter goes way
down and you still get useful information.

Nathan

Re: [rt-users] [External] Re: Problem with RT_SiteConfig changes Showing on Web

[Nathan Cutler]

 Yes, sorry I had tried that and it also did not work.

 Thanks

Remember to include the list in replies :-)

[rt-users] Migrating certain tickets from one RT instance to another

[Nathan Cutler]

Hello everyone.

I'm about to embark on an RT migration from an existing instance
(running 4.0.13) to a new one (also 4.0.13). My use case is somewhat
specific in that:

1. the RT user ID values are different between the two instances
2. I only need to migrate open tickets (50) so some manual work is OK

So far I'm thinking along these lines: make a user ID mapping table
(old - new). Do the same for the queues. Export the open tickets as
SQL. Apply the mapping to the resulting text file (simple
search-and-replace). Apply the SQL to the new instance.

The only idea I have come up with (so far) to generate the SQL for a
particular ticket is Shredder. It seems like it might work, but before
I try it (on a copy of the database, of course), I thought I'd ask
here: Is this a reasonable course of action? Is there a better way to
achieve the same end?

Thanks,
Nathan


-- 
RT Training in Seattle, June 19-20: http://bestpractical.com/training