[rt-users] Hash not found?
After upgrading to 4.0.10, after authenticating RT is redirecting to: http://server.domain.com/HASH(0xhexadecimal) And the server is throwing a page not found error. If I click Home or just remove the Hash from the URL, everything is fine. Quick google searches came up blank... anyone else seeing this? -Rob -- RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T
[rt-users] Thx Best Practical Devs!
I upgraded my RT 4.0.4 install to 4.0.10 last night. I just wanted to give a tip of the hat to best-practical team for making that a very smooth process. 3.8.x to 4.0 was necessarily a bit of a bear - and even that was pretty darned smooth. But the dot-release upgrade was cake. Thanks guys! :) -Rob -- RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T
[rt-users] Extra new-lines in emails from RT
I'm running on RT 4.0.4. I thought I had this problem licked - but recently noticed the ticket system is sending me emails that have extra new-lines in them. I've reproduced this by: * Creating a ticket via email * Adding a reply to the ticket in RT - the email I receive is formatted correctly and is formatted as plaintext * I then respond to THAT email (Client = Outlook 2007, Format = Plaintext) and the response from the ticket system has added extra line-breaks to the message. Is there a patch for this or has this been fixed in a newer version? I'm not wanting to stop and upgrade RT right now. I'll do some more digging/searching but thought I'd poke my head in here and ask first. Thanks in advance for any help. -Rob -- RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T
Re: [rt-users] Extra new-lines in emails from RT
Should have searched more first I guess Looks like this is what I need. http://bestpractical.com/rt/docs/4.0/RT_Config.html#CheckMoreMSMailHeaders I don't see this option in my configs - would be nice if the docs showed the version these config settings first appeared in, though I suppose I could grep change logs for that too. Even so would be kind of nice. -Rob On Thu, Feb 21, 2013 at 10:07 AM, Robert Nesius nes...@gmail.com wrote: I'm running on RT 4.0.4. I thought I had this problem licked - but recently noticed the ticket system is sending me emails that have extra new-lines in them. I've reproduced this by: * Creating a ticket via email * Adding a reply to the ticket in RT - the email I receive is formatted correctly and is formatted as plaintext * I then respond to THAT email (Client = Outlook 2007, Format = Plaintext) and the response from the ticket system has added extra line-breaks to the message. Is there a patch for this or has this been fixed in a newer version? I'm not wanting to stop and upgrade RT right now. I'll do some more digging/searching but thought I'd poke my head in here and ask first. Thanks in advance for any help. -Rob -- RT training in Amsterdam, March 20-21: http://bestpractical.com/services/training.html Help improve RT by taking our user survey: https://www.surveymonkey.com/s/N23JW9T
Re: [rt-users] Web-UI navigation question
On Mon, Oct 22, 2012 at 11:54 AM, Kevin Falcone falc...@bestpractical.comwrote: On Fri, Oct 19, 2012 at 05:30:46PM -0500, Robert Nesius wrote: Both myself and fellow RT Users have noticed the following little quirk in navigating the UI. * While looking at a list of tickets (like My Tickets), we click on a ticket. * We resolve the ticket. * RT updates the view and says the ticket is solved. What would be mega handy is a link here Back to previous list view or something. But instead what we have to do is navigate to the top of RT and then click on My Tickets to get back to the list we had before. I'm on 4.0.3 - anyone know if this has been streamlined in later releases? Or if there's a way to accomplish this that I haven't figured out yet? I tried making a saved search and a dashboard, but I still need multiple clicks to get to the list view I want. If you click on the header for My Tickets to get a full listing and then click on a ticket, you'll tell RT This search is my current search and if you hover over Tickets, you'll see a number of links for next/prev first/last and for seeing the whole result again. Unfortunately, clicking on a ticket from the homepage isn't enough to trigger the this is my current search behavior. Thank you, Kevin! That's most of what I was looking for and will be very helpful! -Rob We're hiring! http://bestpractical.com/jobs
[rt-users] Web-UI navigation question
Both myself and fellow RT Users have noticed the following little quirk in navigating the UI. * While looking at a list of tickets (like My Tickets), we click on a ticket. * We resolve the ticket. * RT updates the view and says the ticket is solved. What would be mega handy is a link here Back to previous list view or something. But instead what we have to do is navigate to the top of RT and then click on My Tickets to get back to the list we had before. I'm on 4.0.3 - anyone know if this has been streamlined in later releases? Or if there's a way to accomplish this that I haven't figured out yet? I tried making a saved search and a dashboard, but I still need multiple clicks to get to the list view I want. Thanks in advance for any tips/suggestions. -Rob Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] rt-mailgate
On Mon, Jan 23, 2012 at 2:38 PM, Allen allen+rtl...@crystalfontz.comwrote: Landon wrote: We simply use mod_rewrite to redirect everyone *except* the server itself to https. This way when rt-mailgate calls http://rt.ourdomain/com it is not forced to use https while everyone else is. Landon - thank you for sharing those config lines. I had debated exactly that approach but had not dug into the mod-rewrite docs far enough to get that line on my own. Though - as I look at it - pretty simple regular expression. :) Thanks again! Thanks. That is an easy, maintainable solution until the next version of rt-mailgate that will let us specify the cert path, or until OpenSSL 1.x gets it's act together with LWP. But doesn't work for me. I solved some kind of mod-perl/apache redeclaration or some such problem (either spamming the logs or making apache not start -- cant remember which) that I solved by removing all RT apache configuration under regular http and just having the redirect to SSL. The SSL virtualhost container has the RT configs in it. One other thought crossed my mind reading your earlier comments about getting the environment variable into LWP::UserAgent via fetchmail configs. I think export VAR=VALUE is bash-specific syntax. If the fetchmailrc file is being read by /bin/sh, or bash running in /bin/sh compatibility mode, that syntax could cause a problem.You might try this: VAR=VALUE /opt/rt4/bin/rt-mailgate ... . That syntax works for me via my aliases file and is what I use in crontabs too. I did see you use that syntax with the env command - I've never tried that before myself but I've never needed it either. -Rob RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] rt-mailgate
I figured out a work around for this issue. I was suspicious that LWP::UserAgent could not reach the cert for the CA that signed the cert being presented by the web server. I learned there are some environment variables that I can leverage to influence where LWP::UserAgent looks even though it's being invoked down inside a program I don't want to touch. Adding my /etc/ssl/certs directory to the list of directories examined for certs solved the problem. *root@linux:/opt/rt4/bin# *./rt-mailgate --debug --action=correspond --queue=ToDo --url=https://request.domain.com ~/test.msg ./rt-mailgate: temp file is '/tmp/MqO8Gyi3SW/ILtfyOuDPb' ./rt-mailgate: connecting to https://request.domain.com/REST/1.0/NoAuth/mail-gateway An Error Occurred = 500 Can't connect to request.domain.com:443 (certificate verify failed) ./rt-mailgate: undefined server error *root@linux:/opt/rt4/bin# *export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs *root@linux:/opt/rt4/bin#* ./rt-mailgate --debug --action=correspond --queue=ToDo --url=https://request.domain.com ~/test.msg ./rt-mailgate: temp file is '/tmp/rn88yVfFtr/IVe9YYO9IY' ./rt-mailgate: connecting to https://request.domain.com/REST/1.0/NoAuth/mail-gateway okTicket: 7698Queue: ToDoOwner: ran1Status: newSubject: testRequestor: robert.nes...@domani.com Inspiration for the fix: http://colinnewell.wordpress.com/2011/03/11/ssl-host-checking-and-lwpuseragent/ Ultimately I suppose I can wrap rt-mailgate with a script that sets the environment variable and exec's rt-mailgate, or I could perhaps embed setting the environment variable along with the invocation of rt-mailgate in the aliases file. I'll figure something out. -Rob RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
Re: [rt-users] rt-mailgate
Thanks for the suggestions guys. I finally just turned off my re-write rule that was re-directing http to https and side-stepped the rt-mailgate ssl failure all together. Not ideal, but in practice very few of my users log into RT directly so it's a configuration I can live with short term while I figure out the real issue. I've configured postfix to hand messages to the aliases for my queues directly to rt-mailgate. It is rt-mailgate that cannot verify the ssl certificate that my web server is presenting it. None of my web browsers have trouble with it, so it feels like an rt-mailgate configuration issue. I can repro the issue on the command line root@linux:~# /opt/rt4/bin/rt-mailgate --debug --queue 'general' --action correspond --url https://request.domain.com/ ~/test.msg /opt/rt4/bin/rt-mailgate: temp file is '/tmp/XOCrOYAr8p/vkVDTmoszI' /opt/rt4/bin/rt-mailgate: connecting to https://request.domain.com//REST/1.0/NoAuth/mail-gateway An Error Occurred = 500 Can't connect to request.domain.com:443 (certificate verify failed) /opt/rt4/bin/rt-mailgate: undefined server error -Rob On Mon, Jan 9, 2012 at 4:08 PM, Izz Abdullah izz.abdul...@hibbett.comwrote: And if that doesn't work, since I have a certificate with a domain name (although signed by our internal CA which all of our PCs trust), I had to put in below where Mauricio put in https://localhost, I actually needed to use my dns name in which the certificate is assigned (e.g. https://MyRT ) My $0.02 worth as well. :) -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto: rt-users-boun...@lists.bestpractical.com] On Behalf Of Mauricio Tavares Sent: Monday, January 09, 2012 4:02 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] rt-mailgate On Mon, Jan 9, 2012 at 1:34 PM, Robert Nesius nes...@gmail.com wrote: I made a recently change to how my apache2 server was configured to redirect all requests through https. Now emails are not flowing through to RT - I tracked the issue down to rt-mailgate complaining about not being able to verify the certificate. I'm a little perplexed on how to proceed or how to verify what certs/CAs rt-mailgate is using, or if there is an issue with the Crypt::SSLeay module (which I had to force install due to a failing test). I only have one openssl install on the system, and I thought Crypt::SSLeay would reach through to those configs for things like CA certs, etc... Perhaps an easy workaround, since the mail server and apache2 server are on the same machine, would be to configure a localhost:80 virtual host within apache2 and bypass SSL when accessing RT via that url. Any helpful hints/suggestions would be greatly appreciated. I've been google-ing away but haven't had any luck yet. AFAIK, rt-mailgate connects to RT using RT's web interface; it should use whatever cert you have defined in the virtual host entry for RT. Here is how my fetchmailrc calls rt-mailgate: mda /usr/bin/perl /usr/bin/rt-mailgate --url https://localhost/rt \ --queue support --action correspond -Rob RT Training Sessions (http://bestpractical.com/services/training.html) * Boston - March 5 6, 2012 RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012 RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012 RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
[rt-users] rt-mailgate
I made a recently change to how my apache2 server was configured to redirect all requests through https. Now emails are not flowing through to RT - I tracked the issue down to rt-mailgate complaining about not being able to verify the certificate. I'm a little perplexed on how to proceed or how to verify what certs/CAs rt-mailgate is using, or if there is an issue with the Crypt::SSLeay module (which I had to force install due to a failing test). I only have one openssl install on the system, and I thought Crypt::SSLeay would reach through to those configs for things like CA certs, etc... Perhaps an easy workaround, since the mail server and apache2 server are on the same machine, would be to configure a localhost:80 virtual host within apache2 and bypass SSL when accessing RT via that url. Any helpful hints/suggestions would be greatly appreciated. I've been google-ing away but haven't had any luck yet. -Rob RT Training Sessions (http://bestpractical.com/services/training.html) * Boston March 5 6, 2012
[rt-users] BKM for deployment of RT's perl
Hi all, Just curious how some of you provision perl to RT. I am running over my server-distro's apache2/perl, and during a recent upgrade the system perl was moved forward and suddenly my modules disappeared. I was able to patch it up without too much trouble, but did find myself debating rolling my own perl/mod_perl so I could roll the distro forward in the future without having to worry about blowing up RT again. Just curious how some of you approach this detail. Thanks in advance, -Rob RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA October 31 November 1, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] BKM for deployment of RT's perl
On Thu, Oct 27, 2011 at 2:05 PM, Thomas Sibley t...@bestpractical.comwrote: perlbrew + a fastcgi deployment (so you don't need your own mod_perl) works great. Perlbrew looks exactly like what I should have used in the first place. I feel like a bit of a noob now - thanks for the pointers! Jok - thanks for your insightful tip about lib::local + modperl flags as well! Thanks again, all. :) -Rob RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA October 31 November 1, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Creating New User via web UI errors out (3.8.6)
My RT install is presently configured to authenticate against RT's mysql database, and two LDAP (AD, really) sources. I'm trying to create an account via the web U/I with the intention of adding a new user whose credentials are hosted in RT's mysql DB. I figured out I had a bad mapping for RT Attributes to Fields. I fixed that, but the new user creation process seems to fail because RT::ExternalAuth can't find the user. That seems odd, since I'm creating a user, so how can it exist yet? Thoughts? Here's the error logs from apache's error.log (anonymized). [Thu Feb 18 20:31:18 2010] [critical]: RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo Nothing to look-up given (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:144) [Thu Feb 18 20:31:18 2010] [info]: RT::Authen::ExternalAuth::DBI::CanonicalizeUserInfo INFO CHECK FAILED Key: Name Value: userFOO No User Found in External Database! (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:179) [Thu Feb 18 20:31:18 2010] [info]: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , Address2: , AuthSystem: , City: , Comments: , ContactInfoSystem: , Country: , Disabled: 0, EmailAddress: user...@example.com, EmailEncoding: , ExternalAuthId: , ExternalContactInfoId: , FreeformContactInfo: , Gecos: , HomePhone: , Lang: en, MobilePhone: , Name: foobar, NickName: Foo, Organization: , PagerPhone: , Privileged: 1, RealName: Foo Bar, Signature: , State: , WebEncoding: , WorkPhone: , Zip: (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536) Thanks in advance, -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com 2010 RT Training Sessions! San Francisco, CA, USA - Feb 22 23 Dublin, Ireland - Mar 15 16 Boston, MA, USA - April 5 6 Washington DC, USA - Oct 25 26 Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] ToDo example in 3.8
I decided to give the ToDo example a try under RT 3.8.6. I've successfully made a ScripAction that assigns the scrip to the submitter on creation - yay. However, I haven't found a combination of rights that allows the submitter to actually close the ticket. Before pounding my head on this any further, I'm suspicious that perhaps unprivileged users are not allowed to modify tickets even if they've been given the right... so just wanted to sanity check things before debugging further. The same set of rights given to privileged users does allow privileged users to close the ticket... -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] User Rights
I've been struggling to find the right combination of access control settings for a queue that will result in the following: * Users can submit tickets, and can see their own tickets. * Users cannot see other people's tickets. * Admins can see all tickets. The part I'm struggling with is that I can' find away to allow the queue to be visible in the drop-down box for the create a ticket interface without seemingly allowing all of the tickets in the queue to be visible. It strikes me I might be going against the grain of RT's design again, which means I should probably ask some for some experts to weigh in. Thanks so much, -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] User Rights
On Wed, Dec 2, 2009 at 11:56 AM, Jesse Vincent je...@bestpractical.comwrote: On Wed, Dec 02, 2009 at 11:54:40AM -0600, Robert Nesius wrote: The part I'm struggling with is that I can' find away to allow the queue to be visible in the drop-down box for the create a ticket interface without seemingly allowing all of the tickets in the queue to be visible. I believe you want to grant See Queue and Create Ticket but not Show Ticket Ah-ha. That lead me to the solution I was looking for. Thanks very much, Jesse! -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] User Rights
On Wed, Dec 2, 2009 at 1:19 PM, Ken Crocker kfcroc...@lbl.gov wrote: Robert, For that particular Queue, I would: 1) Grant CreateTicket to Everyone or Privileged, as you prefer. 2) Grant ShowQueue to Everyone or Privileged, as you prefer. 3) Grant ShowTicket to the role Requestor. 4) Grant ShowTicket and any other rights you want to the role AdminCc. That should do it. Thanks Ken, between you and Jesse I got most of the way there, and the final ah-ha just hit me. I'll share my learning/thoughts here in case it helps people in the future. Basically, all of my employees are privileged users, so they get the RT At A Glance (r...@ag) page. I have the quick create in the r...@ag page, so that seemed logical. But when a customer's ticket was assigned to an admin, it was no longer visible on the r...@ag page because I don't have show tickets turned on for the general queue. However, clicking on quick search and then typing general into the search box resulted in the correct list of tickets being presented - the tickets owned by the customer. However, expecting my end-users to jump through that many clicks is expecting too much. I tried finding away to enable a my tickets portal to r...@ag where my = submitter, but couldn't find it. It finally occurred to me the SelfService interface might have the view I'm looking for, and sure enough it does. I see some mods on the wiki to add If user can't own ticket redirect to self-service functionality, which is probably how I'll go. However, a LINK to the self service page on the r...@ag page would be handy. Even better - a portal/module for SelfService that I could add to r...@ag would be slick. In any case, I have a clear path to a usable end-state. Thanks again for your help and advice! -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] RT's model for privileged users
Originally when pre-populating my user database, I thought it made sense to make all of my users privileged so I could easily assign them to groups - I noticed unprivileged users were not displayed in the user-management interface by default. But what I'm seeing now is that there is a 'great divide' between privileged and unprivileged users in RT. Specifically, unprivileged users get the SelfService interface automatically, which is the interface most users would want most of the time. Being privileged in RT seems to inherently imply being a ticket resolver due to the dramatically different interface presented by RT. I was about to run off and modify RT to present the SelfService interface to privileged users who can't own tickets when it occurred to me What's the difference? Why not make the general user unprivileged?. On the one hand, in my present use-model I suspect it doesn't matter. On the other hand, I perceive there is functionality like dashboards that can't be exposed to people if they are unprivileged, though having dashboards publish themselves via an email address would work around that I suppose (I think they can do that?). In any case, is this the right paradigm? * privileged = ticket resolvers * Unprivileged = ticket submitters? I sense having all of my users be privileged is going against the design philosophy of RT, and would appreciate any clarification or insights from other RT admins. Thanks much! -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Lots of new lines....
In testing email interactions with RT, I'm observing the following behavior with 3.8.6: Original message: Testing html-ized mail -Rob What I see coming back from RT begin Testing html-ized mail. -Rob end Actually - I'm observing this with plaintext messages too. :( -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Pruning email responses
The environment I'm about to roll out RT into is pretty much 100% Outlook/Exchange. Something I'm noticing is that when I respond to a ticket via email, not only is my response included, but the entire thread underneath it. I'd like to RT to drop everything beginning from the pattern of: /^- Original Message - .*/ I'm having a hard time tracking down where exactly to do this trimming... I figured out rt-mailgate is just feeding a parsed mime object to the server, so somewhere in the server code that handles responses I'd need to prune that. I can't imagine I'm the first person to want this, but I can't find an extension or config option. Can someone point me in the right direction - either to the correct area in the source to consider, or to docs about config options I'm missed? Thanks in advance. -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] making sets of users priveleged
I just imported a bunch of users from ldap and realized after the fact I forgot to make sure they were imported as privileged users. I've been casting about for a recipe/tool to flip that sets that bit for lots of people at once and have struck out. Might someone be able to point me in the right direction? Thanks for your help, -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] LDAP with AD RT:3.8.4 ExternalAuth
Set(@Plugins,qw(RT::FM));
You need to turn on the extension by adding the
RT::Authen::ExternalAuth module to that quoted array.
Also, I saw this below:
# The username RT should use to connect to the LDAP server
'user' = 'AD_Info\\LDAP',
'pass' = 'pass',
That may or may not work. If your user is LDAP, you may actually need
to use: l...@domain.yourcompany.com, and you may need to add the
@domain.yourcompany.com as an auto-appended suffix so your users can
log on with their basic username.
-Rob
On Mon, Sep 21, 2009 at 10:48 AM, Beryl N. Snyder bsny...@tmcdesign.com wrote:
I am running RT 3.8.4 with the RT::Authen::ExternalAuth plugin. My Request
tracker server does not appear to be accessing the AD server for login. If
I run tcpdump I do not see a connection to the AD server being attempted
and the local logins still work. Is there another config file I need to
change? I would be grateful for any help.
The RT_SiteConfig.pm
Set($LogToSyslog,'debug');
# THE BASICS:
Set($rtname, 'support.example.org');
Set($Organization, 'example.org');
Set($CorrespondAddress , 'bsny...@domain.com');
Set($CommentAddress , 'comment-t...@domain.com');
Set($Timezone , 'US/Mountan'); # obviously choose what suits you
#LDAP
Set(@Plugins,qw(RT::Authen::ExternalAuth));
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalSettings, {'My_LDAP' = {
## GENERIC SECTION
# The type of service (db/ldap/cookie)
'type' = 'ldap',
# The server hosting the service
'server' = '10.x.x.x', #Ip Addy is correct
## SERVICE-SPECIFIC SECTION
# If you can bind to your LDAP server anonymously you should
# remove the user and pass config lines, otherwise specify them here:
#
# The username RT should use to connect to the LDAP server
'user' = 'AD_Info\\LDAP',
'pass' = 'pass',
#
# The LDAP search base
'base' = 'ou=*,dc=DCinfo,dc=local',
#
# ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
# YOU **MUST** SPECIFY A filter AND A d_filter!!
#
# The filter to use to match RT-Users
'filter' = '(objectClass=*)',
# A catch-all example filter: '(objectClass=*)'
#
# The filter that will only match disabled users
'd_filter' = '(objectClass=FooBarBaz))',
# A catch-none example d_filter: '(objectClass=FooBarBaz)'
#
# Should we try to use TLS to encrypt connections?
'tls' = 0,
# SSL Version to provide to Net::SSLeay *if* using SSL
'ssl_version' = 3,
# What other args should I pass to Net::LDAP-new($host,@args)?
'net_ldap_args' = [ version = 3 ],
'attr_match_list' = [ 'Name','EmailAddress'],
# The mapping of RT attributes on to LDAP attributes
'attr_map' = { 'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
}
}
}
);
Set($DatabaseType, 'mysql'); # e.g. Pg or mysql
Set($DatabaseUser , 'rtuser');
Set($DatabasePassword , 'password');
Set($DatabaseName , 'rt3'); # Ensure this is set to rt3!
Set($WebPath , /rt);
Set($WebBaseURL , http://support.example.org;);
Set(@Plugins,qw(RT::FM));
1;
Syslog
Sep 18 16:03:49 RequstTracker RT: FAILED LOGIN for testuser from 10.50.1.192
(/opt/rt3/share/html/autohandler:268)
Sep 18 16:04:17 RequstTracker RT: You've enabled GD, but we couldn't load the
module: Can't locate GD.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib
/opt/rt3/local/plugins/RT-FM/lib /opt/rt3/bin/../lib /etc/perl
/usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5
/usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
/usr/local/lib/site_perl . /etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm
line 365.
Sep 18 16:04:17 RequstTracker RT: You've enabled GraphViz, but we couldn't
load the module: Can't locate GraphViz.pm in @INC (@INC contains:
/opt/rt3/bin/../local/lib /opt/rt3/local/plugins/RT-FM/lib
/opt/rt3/bin/../lib /etc/perl /usr/local/lib/perl/5.10.0
/usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5
/usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .
/etc/apache2) at /opt/rt3/bin/../lib/RT/Config.pm line 352.
Sep 18 16:04:17 RequstTracker RT: RT's GnuPG libraries couldn't successfully
read your configured GnuPG home directory (/opt/rt3/var/data/gpg). PGP
support has been disabled
Beryl Snyder
IT Specialist
TMC Design Corporation
4325 Del Rey BLVD
Las Cruces, NM 88012
Phone: 575-382-4600
Fax: 575-523-8588
___
Re: [rt-users] User Provisioning from AD
On Fri, Aug 28, 2009 at 7:20 AM, Kevin Falcone falc...@bestpractical.comwrote: On Thu, Aug 27, 2009 at 02:59:03PM -0500, Robert Nesius wrote: I've installed RT-Extension-LDAPImport and was reading the README. What jumped out at me is that there is both a script to run (presumably to bulk-load identities) and a plug-in. I was expecting to see a script, but a plugin was unexpected, which lead me to wonder if this module is both a method for importing users from ldap, and an on-the-fly authentication and user-creation tool too? If so, that implies I don't need the 3rd party ldapauth plug-in I already have installed. (I'd rather use a module from Best Practical if I had a choice). If you look at the script, it is 23 lines long. The plugin is where the import code is stored and organized, the script is just a wrapper. I saw that and I get that the script is a wrapper. What I was wondering is why the import code is stored in a plug-in and loaded as a plug-in, but I think I figured it out. Basically the import code is working against the objects and subsystems in RT, and needs those objects to exist before it's loaded, so you load your import code indirectly via by simply loading the RT runtime via the RT Module, which inspects RT_SiteConfig.pm, initializes the environment, and then eventually loads your plug-in, thus making your code available to your script within the context of a complete RT runtime environment. Okay, so I get that now. Once I configured the script the first thing I wanted to do was test the config. I was extremely surprised to see there is no look before you leap flag. Rather, just a comment advising back up your database first, which has this sense of playing russian roulette with a revolver with no empty cylinders. Having looked at the code I can see some ways to work around that. Not cleanly, since fetch users and load users are sitting inside one api call but it shouldn't be hard to change that. -Rob You still need RT-Authen-ExternalAuth or apache LDAP authentication if you want to validate passwords against an external source -kevin Just trying to make sure I'm understanding things correctly. Thanks much! -Rob On Tue, Aug 18, 2009 at 12:52 PM, Robert Nesius [1]nes...@gmail.com wrote: On Tue, Aug 18, 2009 at 12:50 PM, Kevin Falcone [2] falc...@bestpractical.com wrote: Have you looked at RT-Extension-LDAPImport ? -kevin I had not found my way to it yet! Now that I read the cpan page, that looks very much like what I'm looking for. Thanks so much, Kevin. I'll play with this and see how it goes! ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Detecting differences between installs
On Mon, Aug 24, 2009 at 9:25 PM, Rich West rich.w...@wesmo.com wrote: That works as expected in the development environment. However, in the production environment, it gives up after the first command. Interestingly, when viewing the email within the RT web UI, every line (when submitted via the web form) has an extra carriage return in it, causing a blank line between each line. When I select to download the message (with headers), the message looks correct. I'm not convinced that this symptom isn't a red herring, but I thought it was worth mentioning. Extra carriage returns is a bit of a red flag. By chance, in your production environment are the emails being sourced from a windows client of some sort such that you get ^M^N end-of-line markers instead of ^N end-of-line markers (windows vs. unix)... If you washed the emails through dos2unix before feeding them to the mail command handlers, I suspect things would work normally again. Well.. maybe that's grasping at straws a little, but reading your email that's the first thing that came to mind for me. -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] User Provisioning from AD
On Tue, Aug 18, 2009 at 12:19 PM, Kevin Falcone
falc...@bestpractical.comwrote:
On Mon, Aug 17, 2009 at 04:16:40PM -0500, Robert Nesius wrote:
Slight correction:
On Mon, Aug 17, 2009 at 12:49 PM, Robert Nesius [1]nes...@gmail.com
wrote:
I'm looking at deploying RT (running over apache2 on GNU/Linux) into
an environment that is
windows-centric, and to ease administrative overhead I'd like to use
AD for authentication
and the provisioning of identities. I've successfully accomplished
AD-Authentication a few
different ways, but what I'm running into is that the users RT
creates based on AD
credentials
are not privileged within AD.
are not privileged within RT.
Set($AutoCreate, {Privileged = 1});
in your config
*blink* Thanks!I missed that one. :)
Pre-loading users is something I'd still like to do so I can configure
groups/queues before rolling out the service. I'll figure something out.
-Rob
-kevin
To ease service configuration (Group Creation/Rights Delegation) I'd
like to bulk-load
identities into RT from AD before rolling out the service, and have
a nightly cron catch any
new additions/changes (names changing due to state-changes in
marital status, etc..). I'm
guessing this is a solved problem, but have not stumbled my away
across a tool despite
numerous google searches.
Anyone out there who can point me in the right direction or share
their learnings?
Thanks very much!
-Rob
References
Visible links
1. mailto:nes...@gmail.com
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] User Provisioning from AD
On Tue, Aug 18, 2009 at 12:50 PM, Kevin Falcone falc...@bestpractical.comwrote: Have you looked at RT-Extension-LDAPImport ? -kevin I had not found my way to it yet! Now that I read the cpan page, that looks very much like what I'm looking for. Thanks so much, Kevin. I'll play with this and see how it goes! -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] User Provisioning from AD
I'm looking at deploying RT (running over apache2 on GNU/Linux) into an environment that is windows-centric, and to ease administrative overhead I'd like to use AD for authentication and the provisioning of identities. I've successfully accomplished AD-Authentication a few different ways, but what I'm running into is that the users RT creates based on AD credentials are not privileged within AD. To ease service configuration (Group Creation/Rights Delegation) I'd like to bulk-load identities into RT from AD before rolling out the service, and have a nightly cron catch any new additions/changes (names changing due to state-changes in marital status, etc..). I'm guessing this is a solved problem, but have not stumbled my away across a tool despite numerous google searches. Anyone out there who can point me in the right direction or share their learnings? Thanks very much! -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Migrating from Postgres to MySQL
On Tue, Jul 28, 2009 at 3:56 PM, Kenneth Marshall k...@rice.edu wrote: Kage, The main advantage is gained by avoiding I/O through the virtual disk. The layout of the virtual disk tends to turn most I/O into random I/O, even I/O that starts as sequential. The factor of 10 performance difference between random/sequential I/O causes the majority of the performance problem. I have not had personal experience with using an NFS mount point to run a database so I cannot really comment on that. Good luck with your evaluation. You're trading head-seeking latencies for network latencies, and those are almost certainly higher. Hosting your database server binaries and such forth in NFS is possible, though again, not optimal both from a performance and risk standpoint (NFS server drops, your DB binaries vanish, your DB server drops even though the machine hosting it was fine). I think hosting databases in NFS can cause serious problems - I seem to remember older versions of mysql wouldn't support that. I don't know if newer ones do...but I do know in the *very large* IT environment I worked in, all database servers hosted the DBs on their local disks or in filesystems hosted on disks (SANS?) attached via fibre-channel. Could solid-state drives side-step the random-access issue with virtualization, or at least make it suck less? Based on how many people I know who have said Wow, my SSD died. I thought those were supposed to be more reliable? ... I wouldn't bet my service uptime on it. ;) -Rob ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] RT for Project Management
Just a word of warning - I have seen ITIL Gone Wrong, and I'm not sure I've seen a bigger train wreck in my life than the implementation of ITIL at my former employer. ITIL isn't bad. Nor is it a silver bullet. It's a process model for running an IT organization within a business. Regards. -Rob On Thu, Jul 23, 2009 at 3:36 PM, William Graboyes william.grabo...@theportalgrp.com wrote: Bryan, I've one acronym for you ITIL. It works for supporting huge dotcoms, all the way to small projects. Typically you want queues that pertain to the type of project that is being managed, you can spawn child tickets from parent tickets for use if sending to different groups. etc... Google ITIL... you may thank me for it. Thanks, Bill Graboyes On Thu, Jul 23, 2009 at 12:00 PM, Bryan Ellinger ellin...@adi.com wrote: All, I would like to get started using RT for PM of a hardware, software integration project. There has been talk on this list about using RT for project management. However, I have not read much about how others are doing it. For instance, what is the most sensible way to set up queues? It seems like it might be good to give each group, e.g. SW engineering, HW engineering, Applications Engineering etc., their own queue. But how would one determine which tickets belong to which of many possible projects? Should each project have it's own queue instead? Anyone care to share how they apply RT to their general PM processes? It would be a big help to me. Sincerely, Bryan Bryan D. Ellinger ellin...@adi.com Applications Engineer Applied Dynamics International 3800 Stone School Road Ann Arbor, MI 48108 734.973.1300 ext. 289 734.668.0012 Fax http://www.adi.com, mailto:supp...@adi.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Bill Graboyes On Assignment At: Toyota Motor Sales, USA, Inc. Consumer Portal Delivery Office: (310) 468-6754 Cell: (714) 515-8312 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Problem in installing RT::Authen::ExternalAuth
Before installing the module w/ CPAN. # Note - /opt/rt3/lib is the default path - if you used a different arg to --prefix during configure/install, use that as well. export PERL5LIB=/opt/rt3/lib Then run your cpan install. Paths in PERL5LIB are added (prepended?) to @INC, allowing the RT modules to be found during run-time, thus allowing CPAN to detect that the dependency for the module you're installing is satisfied. -Rob On Tue, Jul 7, 2009 at 3:29 AM, Ratish Ravindranratish_ravind...@persistent.co.in wrote: Hi All, I tried to install RT::Authen::ExternalAuth module ( version 0.08) for RT 3.8.4, but during installation its giving an error as : Cannot determine perl version info from lib/RT/Authen/ExternalAuth.pm Checking if your kit is complete... Looks good Warning: prerequisite RT 0 not found. Writing Makefile for RT::Authen::ExternalAuth Unsatisfied dependencies detected during ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz RT [requires] Shall I follow them and prepend them to the queue of modules we are processing right now? [yes] y Running make test Delayed until after prerequisites Running make install Delayed until after prerequisites Running install for module 'RT' The module RT isn't available on CPAN. Either the module has not yet been uploaded to CPAN, or it is temporary unavailable. Please contact the author to find out more about the status. Try 'i RT'. Running make for Z/ZO/ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz Has already been unwrapped into directory /root/.cpan/build/RT-Authen-ExternalAuth-0.08-s0b8RW CPAN.pm: Going to build Z/ZO/ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz cp lib/RT/Authen/ExternalAuth.pm blib/lib/RT/Authen/ExternalAuth.pm cp lib/RT/Authen/ExternalAuth/LDAP.pm blib/lib/RT/Authen/ExternalAuth/LDAP.pm cp lib/RT/User_Vendor.pm blib/lib/RT/User_Vendor.pm cp lib/RT/Authen/ExternalAuth/DBI/Cookie.pm blib/lib/RT/Authen/ExternalAuth/DBI/Cookie.pm cp lib/RT/Authen/ExternalAuth/DBI.pm blib/lib/RT/Authen/ExternalAuth/DBI.pm Manifying blib/man3/RT::Authen::ExternalAuth.3pm Manifying blib/man3/RT::User_Vendor.3pm ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz /usr/bin/make -- OK Running make test No tests defined for RT::Authen::ExternalAuth extension. ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz Tests succeeded but one dependency not OK (RT) ZORDRAK/RT-Authen-ExternalAuth-0.08.tar.gz [dependencies] -- NA Running make install make test had returned bad status, won't install without force I searched for RT modules but didn’t find. Please help me to get out of this problem. Thanks Ratish DISCLAIMER == This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
