Re: [rt-users] sendmailpipe returns EX_TEMPFAIL
On 08/14/2013 07:35 AM, Kevin Falcone wrote: So maybe the problem is solved? I did have PerlOptions +Parent in the apache configuration before, but maybe not correctly? I checked the other application's vhosts file and it _does_ have PerlOptions +Parent. While PerlOptions +Parent is important if you need to run two mod_perl apps, you should keep your log in place, and possibly dig up one of the shims from the mailing list archives that has been used to debug this. In the past, it was bugs in mod_perl and the handler type, but it's nearly impossible to debug from the standard RT debug and mail logs. Adding on to what Kevin said... You could also just save yourself some time and switch to a different deployment option for RT. Running it under mod_fastcgi or mod_fcgid is simple and would avoid any mod_perl bugs with +Parent. Why fight with mod_perl?
Re: [rt-users] Searching and comparing two date field values instead of value with supplied valid
On 08/12/2013 11:39 AM, Landon wrote: The help I need though is on comparing dates using RT::Date or something. If I load the CF.{ServerCreated} and the Created value how do I compare them reliably in modules? Would this work? ... my $ServerCreated = DateTime::Format::MySQL-parse_datetime( $ticket-FirstCustomFieldValue('ServerCreated') ); my $Created = DateTime::Format::MySQL-parse_datetime( $ticketObj-Created ); $ticket-SetStatus( 'resolved' ) if $ServerCreated $Created; … my $server_created = RT::Date-new( $ticket-CurrentUser ); $server_created-Set( Format = 'sql', Value = $ticket-FirstCustomFieldValue('ServerCreated'), ); if ($server_created-Unix $ticket-CreatedObj-Unix) { ... }
Re: [rt-users] Migration Prep
On 08/09/2013 06:36 AM, Paul O'Rorke wrote: When I look at syslog I see the following during startup: Aug 9 08:28:04 rt4 RT: DBI connect('dbname=rtdb;host=localhost','rtuser',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 105. (/usr/local/share/perl/5.14.2/Carp.pm:102) Aug 9 08:28:05 rt4 RT: DBI connect('dbname=rtdb;host=localhost','rtuser',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 105. (/usr/local/share/perl/5.14.2/Carp.pm:102) Aug 9 08:28:08 rt4 mysqld_safe: Starting mysqld daemon with databases from /var/lib/mysql Just by looking at the log timestamps, your system is pretty clearly set to start Apache (or whatever is serving RT) before mysql. This isn't RT's fault, but simply the wrong startup ordering for your system. You should change it so Apache/your webserver depends on mysql being started first. How to do so depends on your distribution.
Re: [rt-users] Migration Prep
On 08/02/2013 10:04 AM, Kevin Falcone wrote: On Fri, Aug 02, 2013 at 12:49:47PM -0400, Asif Iqbal wrote: Please show a log of your make upgrade-database step * 3.9.8 * 4.0.1 That's definitely skipping steps. It should read: * 3.9.8 * 4.0.0rc2 * 4.0.0rc4 * 4.0.0rc7 * 4.0.1 Paul and Asif, you've helped uncover a regression in RT's upgrade logic beginning in 4.0.14. It only affects folks who are upgrading from an RT 3.8.x (or older) install to 4.0.14 or higher. If you're upgrading from 4.0.0 or higher, you're unaffected. 4.0.17 will be out shortly to correct this regression. Thanks for your time spent debugging on the list.
Re: [rt-users] Postfix sendmail returning status code 75
On 07/31/2013 12:55 PM, Nathan Cutler wrote: postfix/sendmail[26576]: fatal: wwwrun(30): No recipient addresses found in message header My sendmail wrapper is now in place and I will be watching closely tomorrow. Today from what I managed to capture it looked like nothing (or only one byte?) was being piped from RT to sendmailpipe. This is consistent with what was written to the log (No recipient addresses found). My guess is that you're running RT 4 under mod_perl with the wrong SetHandler value. Read http://bestpractical.com/docs/rt/latest/web_deployment.html#mod_perl-2.xx and compare your config.
Re: [rt-users] Error when creating ticket after 4.0.6 -- 4.0.16 upgrade
On 07/30/2013 07:25 AM, Max McGrath wrote: Dug into the code...looks like I put some custom code in Create.html: 119 % if (QueueObj -Name eq 'Desk Tasks') { 120 /Elements/EmailInput, Name = 'Requestors', Size = undef, Default = $ARGS{Requestors} || $session{CurrentUser}-EmailAddress 121 % } else { 122 /Elements/EmailInput, Name = 'Requestors', Size = undef, Default = $ARGS{Requestors} 123 %} 124 % $m-callback( CallbackName = 'AfterRequestors', QueueObj = $QueueObj, ARGSRef = \%ARGS ); Is there something wrong in line 119 that won't work in 4.0.16? 119 won't have compiled on any RT version. It's a Perl syntax error (bareword QueueObj instead of the variable $QueueObj that you really want). Perhaps you never cleared your Mason cache previously so the customization never ran until you upgraded.
Re: [rt-users] Notifications are sent before status and custom field changes are applied?
On 07/23/2013 12:56 AM, Craig Ringer wrote: Do any of the other RT users here know of a reason *not* to use TransactionBatch for sending email notifications? Be wary of $self-TransactionObj in TransactionBatch scrips; it isn't guaranteed to be the transaction that matched the scrip condition but merely the first transaction in the batch. You can use $self-TicketObj-TransactionBatch to get an arrayref of transaction objects.
Re: [rt-users] Error when sending or reciving mail (fork::abort: address space needed by xxx)
[Posted back to the list for posterity.] On 07/24/2013 11:43 AM, John Rouillard wrote: On Tue, Jul 23, 2013 at 03:13:13PM -0700, Thomas Sibley wrote: On 07/23/2013 09:19 AM, scott.dalzell wrote: i have done some research and rebasing might be the answer. if this is the case how to i rebase and will it effect my mysql database? Whatever research you did was mistaken or misleading. Rebasing has nothing to do with MySQL. It is a concept in git, a source code management tool, used during development. You don't need to worry about rebasing. Actually rebasing is also a method for aligning the link libraries addresses in windows so that cygwin can properly emulate fork(2). The errors he is getting with failure to fork due to conflicting address layouts in the executable address space may be fixed with a (cygwin) rebase. Ahhh. Today I learned... :) Thanks for the explanation! Using rebase probably needs to be discussed on the cygwin list as it has nothing whatsoever to do with RT. Agreed.
Re: [rt-users] Error when adding user to RT 4 (email exists)
On 07/23/2013 02:31 PM, window camera wrote: Thanks. Unfortunately there is nothing like that in the latest RT version. Plus, this is an unprivileged user, so it probably wouldn't show up anyway. Not sure. Tools - Configuration - Users The search form shows up there. Unprivileged users are shown in user searches, but not when you first load the page (since there are often thousands of unprivileged users).
Re: [rt-users] Error when sending or reciving mail (fork::abort: address space needed by xxx)
On 07/23/2013 09:19 AM, scott.dalzell wrote: Hi Guy i am running RT4.0.12 using a mysql 5.6.10 under cygwin 2.774 and i am having a major issue It's rather brave to use Cygwin for a production RT instance. When i try and and reply to a ticket or create a ticket via email i get the following in the error.log ---log file--- [Tue Jul 23 16:51:49 2013] [error] (11)Resource temporarily unavailable: fork: Unable to fork new process [snip] 2 [main] perl 1952 child_info_fork::abort: address space needed by 'cygcrypto-1.0.0.dll' (0x41) is already occupied [Tue Jul 23 15:52:05 2013] [critical]: rt-4.0.12-408-1374594725-1758.16552-...@lfm-software.com: Could not send mail with command `/opt/rt4/etc/msmtp_wrapper -oi -t -ODeliveryMode=b -OErrorMode=m -f lfm.t...@aveva.com`: open2: fork failed: Resource temporarily unavailable at /opt/rt4/sbin/../lib/RT/Interface/Email.pm line 474. Your server is running out of memory, likely because the maximum memory usages of MySQL and Apache aren't properly configured to coexist peacefully within the limits of your server. Most people install Apache and MySQL without tuning them, and then eventually run into problems like this. You should read about how to tune Apache and MySQL. Starting with mysqltuner.pl is a good start, but nothing will do this automatically for you. You'll need to manually make changes. this all started to happen when i added in a set of new queues. i have removed the queues but the error persists. The new queues have nothing in particular to do with it. i have done some research and rebasing might be the answer. if this is the case how to i rebase and will it effect my mysql database? Whatever research you did was mistaken or misleading. Rebasing has nothing to do with MySQL. It is a concept in git, a source code management tool, used during development. You don't need to worry about rebasing.
Re: [rt-users] How to update CF via scripted mySQL commands
On 07/19/2013 06:10 AM, scott.dalzell wrote: i have got abit further with this issue and i have got a perl script that does what i need it to do and edit the mysl database, however when i add this code into RT as a scrip i get the following error in the error.log. Updating the RT database via raw SQL statements is a recipe for disaster. Do not do it. Use the Perl API RT provides. If you don't, you WILL corrupt your RT database. [Fri Jul 19 12:38:40 2013] [error]: Scrip 491 Prepare failed: Global symbol @row requires explicit package name at (eval 646) line 74. Global symbol $sqlQuery requires explicit package name at (eval 646) line 74. Global symbol @row requires explicit package name at (eval 646) line 75. Global symbol $dbh requires explicit package name at (eval 646) line 87. Global symbol $query_master2 requires explicit package name at (eval 646) line 92. Global symbol $sqlQuery requires explicit package name at (eval 646) line 98. (/opt/rt4/sbin/../lib/RT/Action/UserDefined.pm:65) [Fri Jul 19 12:38:40 2013] [warning]: Use of uninitialized value $Default in join or string at /opt/rt4/share/html/Elements/EditCustomFieldWikitext line 52. (/opt/rt4/share/html/Elements/EditCustomFieldWikitext:52) i prosume this means i am missing some USE xyz's at the start of the code(see below) to allow RT to understand all the variables like perl can via the command line No, those errors are because RT runs under strict. Put use strict; at the top of your command-line code and fix the errors first.
Re: [rt-users] SOS:: many mysql processes are killing RAM, why?
On 07/19/2013 11:29 AM, Alex Decalli wrote: Great, thanks for information. here u can find my settings http://stevieweewee.wordpress.com/2013/07/19/mysqltuner/ http://stevieweewee.wordpress.com/2013/07/19/my-cnf/ Please tell me whatever might cause this. A clue even.. By the way, RT 3.8.7 , and it's all dedicated to RT, mysql, apache Please keep replies on the list. I was only telling you where to start and what you needed to provide to the list for the list to possibly help. I don't have the time to solve your problem myself.
Re: [rt-users] SLA extension with prior Scrip setting SLA CF
On 07/17/2013 12:10 PM, Mark D. Nagel wrote: We ran into a problem that I think may be solvable with use of TransactionBatch, but may require changes to the SLA extension. Or perhaps not. Thus this question, which is We are using the ExtractCustomFieldValues extension to indicate to RT the initial setting of some fields, including the SLA field, depending on various factors examined in our procmail pre-filter. What we found was that the field was set, then the SLA scrip resets it to the default queue value. It seems that this is because all the conditions run first telling the SLA scrip to set the default value, which it does even though the value had been set previously. So what would be the recommended solution here to make sure this doesn't happen? I could move the ExtractCFValues Scrip to the bottom, which seems like it would work, but it would be nice if the SLA Scrip realized it doesn't actually need to set the CF once it was set. If we change both to TransactionBatch, this could work, but I assume this would still require some changes to the SLA condition logic. Changing both to the transaction batch stage will have the same problem. You need to put them in different stages, so move the SLA scrip which assigns the queue default to the TransactionBatch stage. I don't think it should negatively affect anything else.
Re: [rt-users] What do first, last and all mean in --transaction on rt-crontool?
On 07/16/2013 08:48 PM, Craig Ringer wrote: They're not related to database-level transactions since RT doesn't make use of them. This is wrong. RT _does_ make use of DB transactions. grep for BeginTransaction and/or Rollback. It looks like --transaction picks an *existing* transaction to set as the context of the cronjob. 'first' for the tx that created the ticket, 'last' for the most recent ticket, or 'all' to select all transactions on the ticket. [snip lots more] Yes, that all sounds about right without verifying myself. I'm a little puzzled by the way crontool doesn't seem to have the ability to create a *new* transaction for matching tickets. I guess the action code is supposed to do that if a new transaction is required, eg when adding a Comment to a ticket. rt-crontool can create new transactions by using the normal RT actions, just as you describe. I'm not sure why it seems odd to you. crontool is fundamentally a way to run scrip conditions/actions over a batch of tickets/transactions on a time-based trigger rather than solely event-based. Some actions and conditions don't require a transaction context, and for those no --transaction should be specified; there's an implicit --transaction none where undef is passed as the transaction to act on in process(...) . This can result in unexpected effects, like sending mail in the name of the person who last did something on the ticket, so it's best to avoid specifying a transaction unless you know you need one and one makes sense in that context. For example, if you invoke RT::Action::SendEmail, it'll use the transaction in GetFriendlyName to get the creator of the current transaction and from it, the friendlyname. Same with SetReturnAddress. FWIW, the Notify* subclasses are generally much more useful than the SendEmail action directly. It might be worth elaborating on this a little more in the documentation and/or book. Feel free to use any of the above. As is, the above isn't really suitable for pasting into the usage doc for rt-crontool. A doc patch based on the above that fits with the rest of the doc would be appreciated, though. Thomas
Re: [rt-users] How to customize/redirect default Logout Page?
I suspect you didn't clear your Mason cache like Chris suggests. That said, you can avoid modifying Logout.html. There's a Default callback in NoAuth/Logout.html which you can use to modify the URL redirected to. This lets you have RT redirect to the CAS endpoint's logout URL.
Re: [rt-users] LDAPImport size limit woes
On 07/11/2013 12:55 AM, Nathan Cutler wrote: You might contact the admins of the server and ask if they can enable the paging extension or something. It's strange that it's not supported; it's been around for _ages_. Thomas: OK, I will ask them. Is this the one: http://www.rfc-editor.org/rfc/rfc2696.txt ? Yep, that's the RFC for it. I like to use the html version which has slightly nicer formatting: https://tools.ietf.org/html/rfc2696
Re: [rt-users] LDAPImport size limit woes
On 07/10/2013 02:15 AM, Nathan Cutler wrote: [Wed Jul 10 09:10:42 2013] [error]: LDAP search failed Critical extension not available (/usr/lib/perl5/vendor_perl/5.16.2/RT/Extension/LDAPImport.pm:1237) LDAP search failed Critical extension not available This is an error from your LDAP server saying that it doesn't support paged results (i.e. the first 100, the second 100, etc). What LDAP server are you running? The paging extension is common in most servers using the v3 LDAP spec. Could it be that the value of LDAPSizeLimit that I set in RT_SiteConfig.pm must match the server's actual limit exactly? (I was assuming it just had to be = the server's actual limit.) No, you assumed correctly. It just must be = the actual limit.
Re: [rt-users] Mandatory Custom Field Privileges
On 07/09/2013 05:08 PM, Tim Wiley wrote: Not letting one group of users see a set of CFs is possible with RT's rights, provided you haven't granted rights too widely at the global level. You may need to rejigger some of your rights first to be less global and more role/group/object specific. I think that might've been the key. I removed some more wide spread permissions on one of my mandatory fields the error is gone. Let me play around with the others I'll get back to you. Which error is gone? How are you making the CFs mandatory, btw? If it's an extension, that may affect whether or not it's caring to check rights before verifying mandatory-ness. The blanket permission was SeeCustomField granted to everyone on the CF level. I'm guessing that there's no good way to allow a user to see the field, but not modify it? Am I misunderstanding what SeeCustomField allows? It's possible, I was mistaken on SeeQueue a while back. The See* rights are just visibility, not modification. ModifyCustomField controls adding/removing values from CFs on tickets, etc.
Re: [rt-users] LDAPImport size limit woes
On 07/10/2013 12:49 PM, Nathan Cutler wrote: What LDAP server are you running? I don't know. It (the server) is not under my control, so I'll just have to stick with kludge I've been using until now. You might contact the admins of the server and ask if they can enable the paging extension or something. It's strange that it's not supported; it's been around for _ages_. By the way, do I understand the docs correctly that the LDAPImport extension has no way of defining a chain of several LDAP servers, similar to what the RT::Authen::ExternalAuth does? Correct. You can work around this by using tricks like invoking rtldapimport with an environment variable that you then check with code in RT_SiteConfig.pm to dynamically determine which LDAP config to use. Then you invoke rtldapimport one time from cron for each value of the environment flag.
Re: [rt-users] Mandatory Custom Field Privileges
On 07/10/2013 02:33 PM, Tim Wiley wrote: I'm setting the validation field in the Basic CF config to (?#Mandatory). Ok, good. * What's unexpected is if a user has SeeCustomField, but not ModifyCustomField on a mandatory CF, at ticket creation they get the error MyCustomField: Input must match [Mandatory] even though it's not displayed they don't have modify rights on it. Shouldn't RT create the ticket just as it does for a user without SeeCustomField, leaving the mandatory CF unset? This is totally a bug. I just replicated it on 4.0-trunk. After digging, I discovered that I fixed it on git master, which will become RT 4.2. An equivalent fix should be backported to the 4.0 version of the CF validation. I'm Cc'ing this to our bug tracker.
Re: [rt-users] Mandatory Custom Field Privileges
On 07/09/2013 02:20 PM, Tim Wiley wrote: GroupA are workers in effectively own Queue1. GroupA requested a number of custom fields for their queue that help facilitate better reporting on tickets. Because of the reporting nature of these custom fields, GroupA has requested that only they have the permissions required to set the values on these fields that they are mandatory. Furthermore, these custom fields should be hidden from GroupB, the group that is allowed to submit tickets to the queue. Ideally, if GroupB can't see or modify the custom field, they shouldn't be told at ticket creation that the CFs are mandatory the ticket should be created. Once a ticket lands in the hands of GroupA they modify the ticket, the mandatory CFs with no values should then be verified an error should be displayed, not allowing the modify until all mandatory CFs are filled out (because GroupA has permissions to see modify the custom fields). I've looked all over for the special permissions recipe for this setup I can't find anything. Am I the only one trying to use RT in this manner? Is there a way to do this that I'm missing? Do you need more information or clarification? I'll gladly supply it. You never said what you tried and what isn't working... Not letting one group of users see a set of CFs is possible with RT's rights, provided you haven't granted rights too widely at the global level. You may need to rejigger some of your rights first to be less global and more role/group/object specific.
Re: [rt-users] Can you run RT on the same server as Twiki?
On 07/02/2013 11:42 AM, Sherri McGurnaghan wrote: [crit]: Something went wrong while trying to run RT's standalone web server: Can't locate FCGI.pm in @INC (@INC contains: /usr/local/share/request-tracker4/lib /usr/share/request-tracker4/lib /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at /usr/share/perl5/Plack/Handler/FCGI.pm line 8. You need to install the FCGI Perl module. Since you appear to be using the Ubuntu packages and the system perl, try this: apt-get install libfcgi-perl It should have been installed when you installed the Ubuntu package, since request-tracker4 depends on libhtml-mason-perl which depends on libfcgi-perl. RT's standard configure script during a tarball install has an --with-web-handler=fastcgi to ensure this dep is present. So I am at a loss as what to do next. Maybe the two can’t run on the same server? Any help / guidance would be appreciated. They can run just fine together, however: FYI: * OS and version - Ubuntu 12.04 * Memory - 1 GB * Disk - 10 GB * Processor - Intel(R) Xeon(TM) CPU 3.40GHz * Database and version - MySQL version 5.5.29 * Apache version - Apache version 2.2.22 That's a tiny amount of memory for an RT server which also hosts the database on the same machine. You'll want to tune MySQL and Apache so they can't swap death.
Re: [rt-users] RT Scrip
On 07/02/2013 06:37 AM, Bryon Baker wrote: it would be nice if there was a place people could put their scrips. A very good way to distribute custom scrips, actions, and conditions is to package them up into proper Perl classes and put them in an extension you publish to CPAN. That way they're installable and versionable and don't rely on error-prone copy and paste.
Re: [rt-users] Create child/parent ticket on another queue
On 06/26/2013 09:58 PM, nonnick wrote: Hi all, How can i create a child ticket on another queue. For example: Ticket A has been created in queue X. Team in queue X can not resolve by themselves, must be request queue Y do somethings then team X can resolve ticket. How can they create a child ticket B of ticket A on queue Y https://metacpan.org/release/RT-Extension-SpawnLinkedTicketInQueue
Re: [rt-users] External Authentication
On 06/26/2013 10:03 AM, Bryon Baker wrote: Update Working with the first error I created a SQLServer.pm with the correct connect string. (I tested using Perl). Now I get this error. DBD::SQLServer initialisation failed: Can't locate object method driver via package DBD::SQLServer at /usr/lib/perl5/vendor_perl/5.16.2/x86_64-linux-thread-multi/DBI.pm line 820. You shouldn't be trying to write a DBI driver class; that's madness. You probably to use ODBC with a connect (dsn) string that includes the correct odbc (sub)driver to use.
Re: [rt-users] Queue owner and Queue Admin Cc
On 06/26/2013 03:09 AM, Mohammadali Mobli wrote: I want a specific person to get email when a ticket comes in to a specific queue. (I have already added Admin Cc but it does not work it gives an error no recipient found no email sent.) Now the weird thing is on one queue i have this setup and it works the person gets email. But on another queue with the same configuration it does not work. NotifyActor. http://bestpractical.com/rt/docs/latest/RT_Config#NotifyActor or as a per-user preference It comes up on the list all the time.
Re: [rt-users] External Authentication
On 06/26/2013 10:25 AM, Bryon Baker wrote: I agree Thomas. As stated before I have the correct information and setup for the ODBC drivers I have tested this with isql and tsql and I wrote a quick perl scrip to test the connection string and that works. What I can's figure out is what information needs to be put in the 'dbi_driver'= 'DBI_DRIVER', so that RT will use the DSN entry in the ODBC configs. RT::Authen::ExternalAuth expects to build a DSN like so: dbi:$dbi_driver:database=$db_database;host=$db_server;port=$db_port Yet ODBC wants a sub-driver, so try this hack: dbi_driver = 'ODBC', database = 'FooBar;driver=FreeTDS',
Re: [rt-users] CustomField Transactions Options?
On 06/25/2013 01:22 PM, Kai Storbeck wrote: And for our custom action prepare (or cleanup, I never know which to pick): Prepare should be used to do any work needed to do the action's business, or to check some further conditions (depends on the action). No changes should ever be made in prepare since it may be called more than once. All changes should happen in cleanup (which is renamed to commit in 4.2).
Re: [rt-users] External Authentication
On 06/25/2013 01:39 PM, bba...@copesan.com wrote: 'Connect_MSSQL' = { ## GENERIC SECTION Typo. Compare above to message below. [Tue Jun 25 20:32:34 2013] [debug]: Invalid service type for UserExists: Connect__MSSQL (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:490)
Re: [rt-users] External Authentication
On 06/25/2013 01:45 PM, Bryon Baker wrote: Not a typo I am trying to us a Microsoft SQL database not MySQL. Please keep replies on the list. And look more closely at what you typed. One has a single underscore, the other two. I know you're using MSSQL not MySQL.
Re: [rt-users] External Authentication
On 06/25/2013 02:05 PM, Bryon Baker wrote: Sorry I screwed on both. Made change and now I get the following messages. LDAP works by the way. [Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth service: Connect_MSSQL (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186) [Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test with. Nexting (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214) [Tue Jun 25 20:58:13 2013] [debug]: Attempting to use external auth service: Connect_LDAP (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:186) [Tue Jun 25 20:58:13 2013] [debug]: SSO Failed and no user to test with. Nexting (/usr/lib/perl5/vendor_perl/5.16.2/RT/Authen/ExternalAuth.pm:214) [Tue Jun 25 20:58:13 2013] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/usr/share/request-tracker/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) This means that your MSSQL auth source didn't find a user, so it moved on to your LDAP source where it also didn't find a user (presumably because some users are in MSSQL and others are in LDAP).
Re: [rt-users] Question about restricting queues
On 06/18/2013 11:08 AM, Kevin Falcone wrote: On Mon, Jun 17, 2013 at 02:33:07PM -0400, Chris Hall wrote: I've got a bit of a weird problem, and wondered if anybody has a solution for it. We have several queues, and a few are grouped up by name. For example: Queue A tier 1 Queue A tier 2 Queue A tier 3 Queue B tier 1 Queue B tier 2 Queue B tier 3 The managers at the helpdesk are having a problem w/ ppl making a ticket in Queue A tier 1, and then when they escalate it, accidentally transferring it to Queue B tier 2 (instead of Queue A tier 2). They asked me if there was any way to group these queues up in such a way that, for example, if a ticket is made in any of the Queue A's they are locked in and can only be transferred between the Queue A's. As Jean-Christophe notes, the common solution is Don't let them have access to B but you may not be able to do that. Unfortunately, a Scrip runs too late to stop the email from going out with the other queue's email address. The best solution may be modifying SelectQueue (using a callback if available) to limit the set of Queues presented to non-admin users. Another solution which may be acceptable is defining different lifecycles for each trio of queues. The lifecycles don't have to actually be different, just named differently. Then if you omit a mapping between the two lifecycles, RT will prevent tickets moving between them (by _anyone_). It's a bit of a misuse, but will work. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RT and SSO with SAML
On 06/18/2013 05:58 AM, Ruslan Zakirov wrote: - logout waits 1 second (default), and go back to login page, so I'm authenticated again. I think I need to change the logout link in the code? Yes. Very specific to setup, so there is no direct solution that works for everybody. There's a Default callback in NoAuth/Logout.html which you can use to modify the URL redirected to. This lets you have RT redirect to the SSO endpoint's logout URL. - SSO is always used and I'd like a way to do a local login (with root for example which is not in our user directory). I'm not sure how to do this yet. Host second RT as a virtual host on different URL without SSO. Only people with passwords in RT's database would be able to use this interface. Alternatively you can tell Apache to Satisfy any and allow some local users depending on their IP address. You may or may not be able to configure mod_mellon to allow optional SSO auth. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RT 4.0.8 - rt-mailgate hangs on authenticated RT server
On 06/17/2013 03:06 PM, Duncan Napier wrote: I understand that to get around this, you open up areas of the server to the the localhost (127.0.0.1) so no authentication is required. I have tried a bunch of fixes, but none seem to work. They seem require NoAuth areas of the rt directory have authentication disabled using Apache Location or Directory directives, as in: # # Begin Code Fragment # LocationMatch /share/html/NoAuth Satisfy Any Allow from all /LocationMatch LocationMatch /share/html/REST/1.0/NoAuth Satisfy Any Allow from all /LocationMatch Your Apache configuration directives are wrong. Location/LocationMatch take a URL location, not a directory path (that's what Directory/DirectoryMatch are for). You also aren't using the matching power of LocationMatch, and don't need it, so you want something like: Location /REST/1.0/NoAuth/mail-gateway Satisfy any Allow from 127.0.0.1 /Location You don't need to allow /NoAuth for mailgate. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Export Missing Fields Break Tabs
On 06/12/2013 06:10 AM, Robert Gabriel wrote: Are there any major differences between feed spreadsheets and CLI output? Yes, the CLI output does not attempt to be importable by a spreadsheet. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Slow query on CFs
On 06/04/2013 06:03 AM, Vegard Vesterheim wrote: A RT (TicketSQL) query like this: Queue = 'drift' AND ( Status = 'new' or Status = 'open' or Status = 'stalled' ) AND ( CF.{utstyr} = 'ufisaweb.uninett.no' OR CF.{utstyr} = 'dss2.uninett.no' OR CF.{utstyr} = 'myrhauk.uninett.no' OR CF.{utstyr} = 'angel.uninett.no' OR CF.{utstyr} = 'jatoba-esxi2.uninett.no' OR CF.{utstyr} = 'bold.uninett.no' OR CF.{utstyr} = 'nidar.uninett.no' OR CF.{utstyr} = 'voll.uninett.no' OR CF.{utstyr} = 'brekka.uninett.no' OR CF.{utstyr} = 'www.stroemme.no' OR CF.{utstyr} = 'xen.uninett.no' OR CF.{utstyr} = 'jatoba-kvm4.uninett.no' OR CF.{utstyr} = 'inventory.uninett.no' OR CF.{utstyr} = 'busy.uninett.no' OR CF.{utstyr} = 'ufisa.uninett.no' OR CF.{utstyr} = 'wildfire.uninett.no' OR CF.{utstyr} = 'newfire.uninett.no' OR CF.{utstyr} = 'fou1.uninett.no' OR CF.{utstyr} = 'kanari.uninett.no' OR CF.{utstyr} = 'dok.uninett.no' OR CF.{utstyr} = 'ebony-kvm5.uninett.no' OR CF.{utstyr} = 'jatoba-kvm12.uninett.no' ) I'm sure you've considered this, but I have to ask: Could you simplify most of the CF conditions with CF.{utstyr} ENDSWITH '.uninett.no'? For a technical solution, the approach Ruslan described is the way to go. It works great for watchers. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Alert Group when a ticket in placed into stall
On 05/31/2013 09:09 AM, globo wrote: Does anyone have a script to alert a group when a ticket/request is placed in a Stall condition. but I cant find the Condition (On Stall ) when setting up the script The other answers you received will work, but if you'd like you can fairly easily add an On Stalled condition to the scrip dropdown. You'll need to create a small file with the following contents: @ScripConditions = ( { Name = 'On Stalled', Description = 'Whenever a ticket is stalled', ApplicableTransTypes = 'Status', ExecModule = 'StatusChange', Argument = 'stalled' } ); This is based on a small piece of etc/initialdata that's installed with RT for the On Resolve, On Open, etc conditions. Once you have the file, run: sbin/rt-setup-database --action insert --datafile /path/to/file/above It'll insert the On Stalled condition you defined into the database for use in the scrip condition dropdown. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RT at a Glance error after upgrade from 4.011 to 4.0.12
On 05/30/2013 10:52 AM, Kevin wrote: trs, Your reply trigged a thought that I didn’t clear the mason cache after the upgrades. I just cleared the cache and now it is functioning correctly. Thank you for taking a deeper look into this issue, please accept my apology for the the extra hoops I put you through, I can chalk this one up to not clearing the cache after the upgrade on both the .12 and .13 upgrades If you would still like to me to do the data dumper for the MyRT.html, lmk Thanks again for taking the time to look into this issue. Glad it's resolved. I don't need the data dumper output. That's a likely scenario, I guess I ruled it out since a number of people reported it. :) -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Change RT @ A Glance selection criteria
On 05/30/2013 12:55 AM, Danie Brink wrote: Is it possible for us to change the SQL query that is run for the RT at a glance front page that shows the last 10 unowned new tickets? With our RT Ticket count hovering around 4million the current query performs a complete table scan to sort the show the last 10 (filtered) so we would like to customize it more for our needs. Any pointers where to look for and modify this query? (We're on RT3.8.7). I suspect you want the $UseSQLForACLChecks option: http://bestpractical.com/rt/docs/latest/RT_Config#UseSQLForACLChecks -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RT at a Glance error after upgrade from 4.011 to 4.0.12
On 05/29/2013 08:00 AM, Kevin wrote: When tailing the log and trying to access the rt at a glance from the root user and menu section Tools Configuration Global RT at a Glance I get the following error in the log, no other messages come from the log [Wed May 29 14:57:54 2013] [error]: Can't call method Content on an undefined value at /opt/rt4/share/html/Admin/Global/MyRT.html line 69. Stack: [/opt/rt4/share/html/Admin/Global/MyRT.html:69] [/opt/rt4/share/html/Admin/autohandler:49] [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:635] [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:335] [/opt/rt4/share/html/autohandler:53] (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) Please send to the list two files: /opt/rt4/share/html/Admin/Global/MyRT.html /opt/rt4/share/html/Search/Elements/SearchesForObject Additionally, in which language do you use RT? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Module::Install::RTx install paths
On 05/29/2013 06:24 AM, Maciej Dobrzanski wrote: While converting our customizations into proper extensions I discovered that the installer, which I grabbed from other existing extensions, writes files into both release as well as local code trees. This way modules from 'lib' always go to rt/local/lib/RT, but everything from 'html' such as Mason files, CSS, Javascript end up in rt/html instead of rt/local/html. The culprit appears to be here: What RT version are you running? Modern versions of Module::Install::RTx install all extension data into local/plugins/Extension-Name/. If you're seeing extension files installed into local/{lib,html} or html/ then I suspect you're using an old version of Module::Install::RTx, or perhaps a very old version of RT. Rather than copying inc/ from another extension, you're better off installing Module::Install::RTx from CPAN and then writing and running a Makefile.PL which uses it. When you run it, it'll populate inc/ with the latest code. You should also make sure that a inc/.author directory exists for module authors _only_ since it will tell Module::Install to regenerate files that it wouldn't otherwise do. This draft documentation for writing extensions may be of help: https://github.com/bestpractical/rt/blob/4.0/writing-rt-extensions-doc/docs/writing-extensions.pod -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] MSMTP works for sending, but receiving is now - And why a full MTA?
On 05/29/2013 04:53 AM, Cena, Stephen (ext. 300) wrote: Postfix IRC channel they felt a full-blown MTA was overkill, so I Unfortunately the Postfix folks, while well intentioned, probably don't understand the behaviour and requirements of RT. Rest assured that a full blown MTA isn't overkill here, and is indeed the recommended practice. You can tell your paranoid-prone boss that using Postfix is way more reliable than msmtp. He wants RT to be reliable, right? :) -I didn't spend too long with MSMTP. It was at least good exposure to it, as I'd never heard of it before. What's bugging me is why I can't use any of the smtp_recipient_restrictions on the server. You probably can. You didn't mention what error you ran into, but it's likely no more than configuration error. There are many folks knowledgeable about Postfix on this list, although Postfix config is semi-off topic. Give #postfix (or whatever the postfix help channel is) another shot, and come back to us if they insist on badgering about non-postfix options rather than helping. ;) Thomas -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RT at a Glance error after upgrade from 4.011 to 4.0.12
On 05/29/2013 10:43 AM, Kevin wrote: I am using the default English no language changes have been done. Attached are the files requested as well as the rt.log. MyRT.html http://requesttracker.8502.n7.nabble.com/file/n54102/MyRT.html SearchesForObject http://requesttracker.8502.n7.nabble.com/file/n54102/SearchesForObject rt.log.gz http://requesttracker.8502.n7.nabble.com/file/n54102/rt.log.gz I'm stumped, and despite multiple reports unable to reproduce the problem in other RTs. Can you add the following line to share/html/Admin/Global/MyRT.html: use Data::Dumper; warn Dumper($_); Add it right after the line which reads: my ( $desc, $loc_desc, $search ) = @$_; Then clear your mason cache (rm -rf var/mason_data/obj) and restart RT. The logs should have the new Data::Dumper output you added when you hit Configuration - Global - RT At a Glance. Send the full logs that are output. Thomas -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] defanging URLs in incoming e-mails?
On 05/28/2013 03:58 PM, Riggle, Kevin wrote: It looks like RT's MailPlugins are only for go/no-go filtering and authentication, and aren't intended to be used to modify the body of the message before it is made into a transaction. (Or will changes to the MIME::Entity be honored?) MailPlugins which are ApplyBeforeDecode can completely alter the MIME::Entity, I believe. Start reading the code in RT::Interface::Email::Gateway(). -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Translators needed for RT 4.2 updates
Hello RT users and hackers, We're hard at work on what will become RT 4.2. Part of that process is starting to get the translations updated, and that's where you come in. If you speak English and a language other than English, we'd love if you took a bit of time to help update RT's translations for the next major release series. We translate RT using the Launchpad.net Rosetta translations tool, which means you help translate RT from your browser. You can find basic instructions here: http://requesttracker.wikia.com/wiki/TranslationRosetta or just jump in: https://translations.launchpad.net/rt/master Our message catalog tool found some errors in existing translations around the use of placeholders, which I've split out into separate files and attached, one for each language. If you're contributing to a translation, it'd be great to fix the problems noted in the appropriate file. Of particular note are bi-directional text issues and placeholders (%1, %2, etc) in the Arabic translation. Launchpad's web translation tool currently makes it difficult to verify that the usage of placeholders in right-to-left text is correct. If anyone is up for it, it may be easiest to fix up those strings using offline translation (no more complicated than editing a text file) and then uploading to Launchpad with the corrected file. Let us know if there's any way we can help with translations, and thanks to everyone who has contributes. Cheers, Thomas string does not have the same placeholders expected (%1, %2, %3) in msgid: %1 %2 changed to %3 got (%1, %2) in msgstr: %1 %2 تغيرت إلى 3% string does not have the same placeholders expected (%1, %2) in msgid: %1 %2 deleted got () in msgstr: تم حذف 1% 2% string does not have the same placeholders expected (%1, %2) in msgid: %1 %2 saved. got () in msgstr: تم حفظ1% 2% string does not have the same placeholders expected (%1, %2, %3) in msgid: %1 %2 with template %3 got (%1, %2) in msgstr: %1 %2 مع القالب 3% string does not have the same placeholders expected (%1, %2) in msgid: %1 (from pane %2) got (%1) in msgstr: %1 (من اللوحة 2%) string does not have the same placeholders expected (%1, %2, %3) in msgid: %1 changed from %2 to %3 got (%1) in msgstr: %1 تغير من 2% إلى 3% string does not have the same placeholders expected (%1, %2) in msgid: %1 chart by %2 got (%1) in msgstr: %1 الرسم البياني بواسطة 2% string does not have the same placeholders expected (%1) in msgid: %1 copy got () in msgstr: نسخ 1% string does not have the same placeholders expected (%1) in msgid: %1 enabled got () in msgstr: تم تمكين 1% string does not have the same placeholders expected (%1) in msgid: Invalid queue role group type %1 got () in msgstr: نوعُ مجموعةِ أدوارِ طابورٍ غيرُ صحيحٍ string does not have the same placeholders expected () in msgid: Modify a scrip that applies to all queues got (%1) in msgstr: عدّل سكربت ينطبق على كل الطوابير %1 string does not have the same placeholders expected (%1, %2) in msgid: weekly (on %1) at %2 got () in msgstr: أسبوعياً (في 1%) عند 2% string does not have the same placeholders expected (%1) in msgid: %1 update: Nothing changed got (%2) in msgstr: %2 actualitzar: Res ha canviat string does not have the same placeholders expected (%1) in msgid: Could not create CustomField: %1 got () in msgstr: No s'ha pogut crear el camp personalitzat string does not have the same placeholders expected (%1) in msgid: Unable to delete topic membership in %1 got () in msgstr: No s'ha pogut esborrar la pertinença al tema string does not have the same placeholders expected (%1, %2) in msgid: Couldn't delete dashboard %1: %2 got () in msgstr: Kontrolna ploča se nije mogla obrisati string does not have the same placeholders expected (%1) in msgid: #%1 got () in msgstr: msgstr string does not have the same placeholders expected (%1) in msgid: Can't find a collection class for '%1' got () in msgstr: Kan geen bewaarde zoekopdracht vinden om mee te werken string does not have the same placeholders expected (%1) in msgid: grouped by %1 got () in msgstr: opgedeeld in string does not have the same placeholders expected (%1, %2) in msgid: Custom field value changed from %1 to %2 got (%1) in msgstr: Kentän arvo muutettu arvosta %1 arvoon string does not have the same placeholders expected (%1) in msgid: Link ticket #%1 got () in msgstr: Lisää viittaus string does not have the same placeholders expected (%1) in msgid: Link ticket %1 got () in msgstr: Lisää viittaus string does not have the same placeholders expected (%1) in msgid: Modify the queries of dashboard %1 got () in msgstr: Muokkaa työtilan kyselyitä string does not have the same placeholders expected (%1, %2) in msgid: Owner changed from %1 to %2 got (%2) in msgstr: Yhteyshenkilöksi vaihdettu %2 string does not have the same placeholders expected (%1, %2) in msgid: Owner forcibly changed
Re: [rt-users] MSMTP doesn't run
On 05/24/2013 01:54 PM, Cena, Stephen (ext. 300) wrote: I've tried switching from Postfix to MSMTP with this wiki entry: Best Practical strongly recommends against mailers like MSMTP and _for_ real MTAs like Postfix. MSMTP will usually drop your email if delivery fails the first time. RT doesn't retry because it expects the MTA to do so. So it's strange you're switching away from such a nice MTA as Postfix. What's your reasoning? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Active Directory and RT
On 05/24/2013 03:35 PM, davidneudorfer wrote: Removing group and group_attr was what did it for me. Hopefully this helps someone else in the future. It looks like you missed my reply, where I explained what was going wrong with your group and group_attr, along with a few other things. http://lists.bestpractical.com/pipermail/rt-users/2013-May/080377.html -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Disable Requestor email in reply by default
On 05/23/2013 06:40 AM, Cena, Stephen (ext. 300) wrote: I'm putting an RT system online for our service department. At the present time, the site will be internally accessible only but Internet email correspondence with clients will be permitted. To control confidentiality, it's been requested that the requestor email be disabled by default for all ticket replies (i.e.: remove the checkbox from the Requestor by default). Is there a way to do this? Rather than automatically uncheck the checkbox you're thinking of, modify your global/queue scrips to not send mail to the requestor. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Proper way to backup RT Database
On 05/23/2013 11:16 AM, John Buell wrote: Does the interpretation of %M vs %m vary from Linux to Linux (or between Linux and other *nixes)? When I first set up my backups I found that following the linked page to the letter I got timestamps with YearMinuteDate instead of YearMonthDate. I do a nightly SQL backup, followed by a backup of everything I've customized for Apache and Postfix, and use `date +%Y%m%d%H%M` to do a date and time stamp on my files. No, that's a typo. Thanks, fixed! -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Installing RT4 with AssetTracker on Debian Wheezy
On 05/23/2013 03:45 PM, Gary McRae wrote: Then I “apt-get install rt4-extension-assettracker” and it installs without any errors. Then I put “Set(@Plugins, qw(RTx::AssettTracker));” into RT_SiteConfig.pm. You're spelling it wrong ---^^^ RTx::AssetTracker -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Installing RT4 with AssetTracker on Debian Wheezy
On 05/23/2013 04:42 PM, Gary McRae wrote: Hi, Thanks for your prompt reply. I changed the spelling but it made no difference. Any other ideas would be appreciated. Show logs with the correct spelling. BTW, when I reply like this should I reply to you personally or to a list? The list. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] [rt-announce] Security vulnerabilities in RT
We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed by 3.8.17, 4.0.13, and the below patches include the following: RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket. This vulnerability is assigned CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt that uses semi-predictable names when creating tempfiles. This could possibly be exploited by a malicious user to overwrite files with permissions of the user running bin/rt. This vulnerability is assigned CVE-2013-3368. RT 3.8.0 and above allow calling of arbitrary Mason components (without control of arguments) for users who can see administration pages. This could be used by a malicious user to run private components which may have negative side-effects. This vulnerability is assigned CVE-2013-3369. RT 3.8.0 and above allow direct requests to private callback components. Though no callback components ship with RT, this could be used to exploit an extension or local callback which uses the arguments passed to it insecurely. This vulnerability is assigned CVE-2013-3370. RT 3.8.3 and above are vulnerable to cross-site scripting (XSS) via attachment filenames. The vector is difficult to exploit due to parsing requirements. Additionally, RT 4.0.0 and above are vulnerable to XSS via maliciously-crafted URLs in ticket content when RT's MakeClicky feature is configured. Although not believed to be exploitable in the stock configuration, a patch is also included for RTIR 2.6.x to add bulletproofing. These vulnerabilities are assigned CVE-2013-3371. RT 3.8.0 and above are vulnerable to an HTTP header injection limited to the value of the Content-Disposition header. Injection of other arbitrary response headers is not possible. Some (especially older) browsers may allow multiple Content-Disposition values which could lead to XSS. Newer browsers contain security measures to prevent this. Thank you to Dominic Hargreaves for reporting this vulnerability. This vulnerability is assigned CVE-2013-3372. RT 3.8.0 and above are vulnerable to a MIME header injection in outgoing email generated by RT. The vectors via RT's stock templates are resolved by this patchset, but any custom email templates should be updated to ensure that values interpolated into mail headers do not contain newlines. This vulnerability is assigned CVE-2013-3373. RT 3.8.0 and above are vulnerable to limited session re-use when using the file-based session store, Apache::Session::File. RT's default session configuration only uses Apache::Session::File for Oracle. RT instances using Oracle may be locally configured to use the database-backed Apache::Session::Oracle, in which case sessions are never re-used. The extent of session re-use is limited to information leaks of certain user preferences and caches, such as queue names available for ticket creation. Thank you to Jenny Martin for reporting the problem that lead to discovery of this vulnerability. This vulnerability is assigned CVE-2013-3374. Patches for all releases of 3.8.x and 4.0.x are available for download below. Versions of RT older than 3.8.0 are unsupported and do not receive security patches; please contact sa...@bestpractical.com if you need assistance with an older RT version. http://download.bestpractical.com/pub/rt/release/security-2013-05-22.tar.gz http://download.bestpractical.com/pub/rt/release/security-2013-05-22.tar.gz.sig 25349c393c1b8d720f26a62dd57dc90d7def1cea security-2013-05-22.tar.gz d78db2e9fba3b78c1ee7a0a8d9ede871cc7ba7dc security-2013-05-22.tar.gz.sig The README in the tarball contains instructions for applying the patches. If you need help resolving this issue locally, we will provide discounted pricing for single-incident support; please contact us at sa...@bestpractical.com for more information. signature.asc Description: OpenPGP digital signature ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] [rt-announce] RT 4.0.13 released
RT 4.0.13 contains important security fixes. http://download.bestpractical.com/pub/rt/release/rt-4.0.13.tar.gz http://download.bestpractical.com/pub/rt/release/rt-4.0.13.tar.gz.asc SHA1 sums d09f0b9beed8f4e7972fd43d5597e78306d9acef rt-4.0.13.tar.gz 94d1de447301c9be728197572aff2d29944bc39e rt-4.0.13.tar.gz.asc This release of RT resolves a number of security vulnerabilities: CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374 It also includes a database upgrade, so please make sure to run `make upgrade-database`. Details about the above CVEs are available at: http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html A complete changelog is available from git by running: git log rt-4.0.12..rt-4.0.13 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13 signature.asc Description: OpenPGP digital signature ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] [rt-announce] RT 3.8.17 released
RT 3.8.17 contains important security fixes. http://download.bestpractical.com/pub/rt/release/rt-3.8.17.tar.gz http://download.bestpractical.com/pub/rt/release/rt-3.8.17.tar.gz.sig SHA1 sums 4765c68f91a0e8e21ed0fd39397cd8e3970ca992 rt-3.8.17.tar.gz a0aa9a3e284d4fc36ba7e6354d7e0772833f2a00 rt-3.8.17.tar.gz.sig This release of RT resolves a number of security vulnerabilities: CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374 It also includes a database upgrade, so please make sure to run `make upgrade-database`. Details about the above CVEs are available at: http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html A complete changelog is available from git by running: git log rt-3.8.16..rt-3.8.17 or visiting https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17 signature.asc Description: OpenPGP digital signature ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Change ticket status after elapsed time period
On 05/22/2013 01:52 PM, Asif Iqbal wrote: Ramon Kagan wrote a RT::Action::SetStatus module http://lists.bestpractical.com/pipermail/rt-users/2005-February/028827.html You can place it at /opt/rt3/local/lib/RT/Action/SetStatus.pm and use it. You may have to run mkdir -p /opt/rt3/local/lib/RT/Action Asif, RT has shipped with an RT::Action::SetStatus in core since 4.0.0. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] unsubscribed from dashboard for a user who has left
On 05/21/2013 11:13 AM, Andy Lee wrote: I got a system dashboard that is setup. And the user use to be subscribed to the dashboards to get reports daily. It appears the user is still receiving emails from the reports. How can i remove the user from the system dashboard reporting? There's currently no way for an RT admin to modify another user's dashboard subscriptions (without manually touching the database, which we discourage). You'll need to login as the user (admins *can* reset passwords) and remove the subscription, or the user will need to do it themselves. Keep in mind that dashboard subscriptions are to any arbitrary address, so it's possible for users to subscribe an address that isn't theirs (which can be useful in various situations). Thomas -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Login Passwords Fail following upgrade to RT 4.0.0
On 05/21/2013 06:55 AM, dfri...@qcol.net wrote: I am currently running RT 3.8.16 and all appears to be working fine. I have decided to upgrade to RT 4.0.0. Why 4.0.0 and not 4.0.12? .12 contains two years of bugfixes. There is no reason to upgrade to something less. There are a few other differences in the users database between rt3 rt4. I have tried to follow the README, UPGRADING UPGRADING.mysql directions but cannot find that the new database SCHEMA has changed during these processes. Did you run `make upgrade-database`? It sounds very much like you didn't run any database upgrades at all. Please re-read the README, paying attention to step 6(b) and UPGRADING-4.0: http://bestpractical.com/rt/docs/latest/README.html http://bestpractical.com/rt/docs/latest/UPGRADING-4.0.html Perhaps this will be useful: http://blog.bestpractical.com/2011/07/upgrading-to-rt-4.html -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] ExtractCustomFields template and dropping errant HTML tags
On 05/20/2013 02:53 PM, Lundberg, Emory wrote: Some additional information as I'm getting big blobs of text with markup in several fields on emails and forms that are submitted to my RT-4.0.10: 2013-05-20 21:37:32 The RT System itself - FQDN you've completed this form!/h3/td/tr/tbody/table/divdiv align=centernbsp;/div/body/html added I'm stuck on not being sure about the most appropriate way to proceed. I don't know if I should be trying to adjust my CustomField template to ignore HTML tags designated with '', or if I should be stripping HTML at the MTA and forcing plain text on everybody. Perhaps ECFV should preferentially use an alternative text/plain part if one exists, and only use text/html if necessary. I'm not using `Set($PreferRichText, 1);` because I don't know if that will even help with body parsing at all. It doesn't affect this parsing, it only affects display in the ticket history. My Template for that field is written as: FQDN|Body|FQDN:*([^].*+)|| I don't think your regex is matching what you expect. It says to match the string FQDN, then zero or more colons :, then any single character except , then any character zero or more times, then a syntax error since a quantifier + is used without anything to quantify. Perhaps you meant: FQDN:\s*([^]+)$ which matches FQDN:, optional whitespace, one or more characters that aren't to the end of the line. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
On 05/17/2013 09:13 AM, Pete Beebe wrote: Hi Thomas, Looks like the mail filter stopped this one from going through due to the attached log file. Re-forwarding minus log file. It was briefly stopped, yes, but I let it through manually. There's a size limit on posts at which point they require manual moderation. Also of note, yesterday evening I brought our RTPROD server offline for a reboot. When the OS was back online I backed up the existing RTPROD installation directory and re-ran the configuration to re-create the install directory. I then copied over our RT_SiteConfig file and custom log and started the web service back up. I re-tested the Global At A Glance setting and found that the issue was no longer appearing. Sonothing done on the database end (other than re-instating those user records). For this particular problem it seems that me laying down a new install base somehow corrected the original issue. Out of curiosity, how did you reinstate the user records? The error was still occurring after you'd reinstated them, but before you reinstalled, right? I'm surprised that a new install would correct the issue, but it is possible. Basically a component was returning an unexpected empty value. Can you run `diff -ruN` against the two install trees (the one you backed up and the one currently in use)? Alternatively, sent two tarballs over and I can do it. Thanks for continuing to dig at this and all the info you've provided. Thomas -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Notify Actor
On 05/17/2013 03:06 AM, Andrea gabellini - SC wrote: Thomas, this queue is a low traffic queue, and users that use it aren't so familiar with RT, so they prefer to have all emails in their mailbox, also those they send. Nod. NotifyActor is also changeable a per-user preference (Logged in as ... - Settings, look under the Mail section). Perhaps it would be sufficient for those users to simply flip the Outgoing mail preference to yes for themselves while leaving the global $NotifyActor preference off. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
On 05/17/2013 01:36 PM, Pete Beebe wrote: Can you run `diff -ruN` against the two install trees (the one you backed up and the one currently in use)? Zip file is 190KB in size. I will be sending it separate from this reply. I cut out the session_data diff output to trim down the original log file (4MB). If you prefer that this additional diff info be included I can simply send you the zipped 4MB log file. The session data isn't necessary (and shouldn't be published publicly either; sessions contain private data). I filtered out irrelevant files (the new RT-Authen-ExternalAuth install, Mason cache files, documentation files (man and pod)) from the diff you sent, and it left no significant changes. Frustratingly, I still can't reproduce the error locally on a handful of long-lived RT instances all of which have been upgraded through 4.0.12. Thomas -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] QueueDeactivatedScrips
On 05/16/2013 01:08 AM, Andrea gabellini - SC wrote: Thomas, thank you. I will wait for the 4.2. What is the time line? It's our policy not to speculate on release dates. You can follow development on rt-devel mailing list which receives announcements of alpha 4.1 releases and then 4.2 release candidates for testing. Note that in general, alpha releases like 4.1.x releases shouldn't be used for production services. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Notify Actor
On 05/16/2013 01:07 AM, Andrea gabellini - SC wrote: Thomas, I have 10 queues and only in one of them I need to notify the actor. What about a config like this? Set(NotifyActor, { 'default' = '0', 'queue-name' = '1', }); I understand the concept. What I'm asking is for an explanation why you want it for only 1 queue but not all the others. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] shredder on specific user
On 05/16/2013 05:14 PM, Philip Brown wrote: After doing a few searches, it seems that using the rt-shredder tool is the one true way to delete a user. Unfortunately... i find the documentation on it, inscruitable :( Could someone please give me a simple, straightforward commandline to delete user X? I was hoping it would be as simple as rt-shredder --plugin User name=doomeduser but that does not seem to be adequate. The format is incorrect. --plugin takes a single argument, but you've space separated it and hence it's two. See http://bestpractical.com/rt/docs/latest/rt-shredder.html for the proper format; you're close. Alternatively, use the admin web interface instead of the command line. Select Users from the object type and then enter doomeduser in the Name field. If the user isn't disabled, either disable them first or enter enabled in the status field (which defaults to disabled if empty, for safety). -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 05/14/2013 01:41 PM, Philip Brown wrote: I then attempted to do the fallback suggested via CanonicalizeEmailAddressMatch after removing the KrbLocalUser from my apache configs. however, the replace did not seem to have any effect. I'm still getting logged in as u...@kerb.my.com rather than u...@my.com for the record, I'm using a match string of '\@.*\.my.com$' and replace of '\@my.com' You may be mistaking the user *name* for the email address. Without a separate Name, RT often assigns the email address as the name. This may happen before canonicalization in some cases. Can you verify the email addresses aren't being canonicalized? If not, there may be an interaction with existing users, but I wouldn't expect that necessarily. If the email address is canonicalized, but the name is still the uncanonicalized form, I'd suggest looking at this piece from my original mail: You can also do more sophisticated munging by writing your own RT::User::CanonicalizeUserInfo: http://bestpractical.com/rt/docs/latest/RT/User.html#CanonicalizeUserInfo-HASH-of-ARGS -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 05/15/2013 06:19 AM, Jeff Blaine wrote: Well, here's where I asked the community to share what works: http://lists.bestpractical.com/pipermail/rt-users/2012-February/075085.html And here's 1 (of 2) contributions I got and submitted, still sitting in a github pull request that has not been merged after 1+ years: https://github.com/bestpractical/rt-authen-externalauth/pull/2 That was the water testing and end of my contributions to RT, as a failed experiment. I didn't bother submitting the 2nd config contribution I got based on the above. I just responded to your PR. Thanks for pointing it out again. We manage a lot of repos and only use github for publishing public mirrors and receiving PRs. Sometimes this means PRs slip through the cracks if no one prods us. That is to say: if anyone thinks they're owed a response on a PR or patch or any other contribution, please do pipe up to get our attention again. I'm sorry your contributing experience was lousy. Here's someone else's code contribution from 1+ years ago to allow secure LDAP: https://github.com/bestpractical/rt-authen-externalauth/pull/1 That is an unnecessary change, and should have been closed long ago. I've now done so. The simple solution is specifying a server of ldaps://example.com instead of just example.com. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Can't add attachments anymore - Possibly DB switch?
On 05/15/2013 11:57 AM, Cena, Stephen (ext. 300) wrote: Is this an error due to me switching to MariaDB from MySQL? It's looking like some file attachments can't get added. [Tue May 14 22:05:25 2013] [warning]: RT::Handle=HASH(0xbd328224) couldn't execute the query 'INSERT INTO Attachments (Subject, ContentType, Filename, Headers, MessageId, Creator, Parent, Created, ContentEncoding, Content, TransactionId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' at /usr/local/share/pe rl/5.14.2/DBIx/SearchBuilder/Handle.pm line 600. DBIx::SearchBuilder::Handle::SimpleQuery('RT::Handle=HASH(0xbd328224)', 'INSERT INTO Attachments (Subject, ContentType, Filename, Head...', '06 0741-2_new.pdf', 'application/pdf', '060741-2_new.pdf', 'Subject: 060741-2_new.pdf\x{a}MIME-Version: 1.0\x{a}Content-Type: app...', '', 821, 20024, ... ) called at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 350 Hmm, there's no reason in the error message *why* the query failed. That is strange. Is there anything in Maria's logs? Are you seeing this happen more than once? Is there any pattern in what attachments fail? FWIW, RT doesn't officially support MariaDB, and there are a few differences from MySQL, so you're running in uncharted territory right now. Support may be added in the future, as MariaDB does seem to be gaining usage. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] QueueDeactivatedScrips
On 05/15/2013 08:02 AM, Andrea gabellini - SC wrote: Hello, is there an updated version of RT-Extension-QueueDeactivatedScrips? I found https://github.com/dmsimard/RT-Extension-QueueDeactivatedScrips but is for rt 4.0.4. I do not believe so. However, RT 4.2 will include equivalent functionality natively. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Notify Actor
On 05/15/2013 07:49 AM, Andrea gabellini - SC wrote: Hello, is it possible to set NotifyActor per queue basis? No. If you wanted to hack up some Perl, you could do it. I don't recommend it. What's your use case? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
On 05/15/2013 02:24 PM, Pete Beebe wrote: Hi Thomas, The 4.0.11 to 4.0.12 Oracle upgrade completed and this RT At A Glance issue still did not reappear. This was all done on our Dev system, however. The Prod OS/config is a clone of the so I'm at a loss as to what the difference would be that's causing this to occur. That result is quite strange, but suggests a database inconsistency. Have you run rt-validator? http://bestpractical.com/rt/docs/latest/rt-validator What are the output of the 3 SQL queries I sent you earlier on this newly upgraded dev instance? As of yet, I haven't tracked down the problem locally. By my count, there are 3 reports of similar issues on rt-users. At least two of three migrated database types, so my suspicions are there right now but I have no proof/explanation. I hope to have more time to debug this soon. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] AD External Authentication
Pretty straightforward, with one caveat. On 05/14/2013 12:12 PM, MacKillip, Scott wrote: If the user has an account in RT (set up by an RT administrator) they should still have the same functionality, just authentication is coming from AD and not the internal RT database. If the user does not have an account in AD they should be denied access. If the user does not have an account in RT, they should be directed to the self-service pages. You can't access the self service pages without at least an unprivileged RT account. With $AutoCreateNonExternalUsers set to 0, users who can auth with AD but don't have an RT account will have one automatically created. Users without an AD account will be denied all access. If the user does have an account in RT, they should not notice any difference after installing the AD Authentication module. Given the above requirements, will the following steps accomplish this? 1. Install RT::Authen::ExternalAuth 2. Configure same to use LDAP 3. Set $WebExternalAuth to 0 in RT_SiteConfig.pm $WebExternalAuth already defaults to off, and while unfortunately named, does not refer to RT::Authen::ExternalAuth. It would be better named $WebRemoteUser, as it will be in RT 4.2, since it uses the REMOTE_USER that your webserver is expected to set when enabled. Short version: step 3 is unnecessary. 4. Set $AutoCreateNonExternalUsers to 0 (I don’t want to create any account in RT unless I do it myself) Note that this means RT also won't accept email from addresses which aren't in your configured AD. This is because all addresses must have an RT account of some sort, usually autocreated as unprivileged (without a password, so unable to login). -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Problems upgrading from 3.9.3
On 05/14/2013 08:57 AM, saxmad wrote: ERROR: One of initial functions failed: DBD::Pg::db table_info failed: ERROR: column t.spclocation does not exist LINE 11: ...t(t.spcname) AS pg_tablespace_name, quote_ident(t.spclocat... ^ at /usr/share/request-tracker4/etc/upgrade/3.9.8/content line 3. What version of Pg are you running? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] making a custom field mandatory for select queues
On 05/14/2013 07:32 AM, Darin Perusich wrote: Hello All, It's is possible to make a custom field mandatory of selective queues? Say I have a CF called Environment who's values are test, development, and production which is a global CF since it may apply any queue, but only needs to be mandatory in queue XYZ. Can this be done? Depending on your definition of mandatory, the plugin RT-Extension-MandatoryOnTransition might be what you want. It lets you specify per-queue mandatoryness, but does expect that you're only requiring the CFs are filled on creation or resolution or some other particular status transition. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] rt-email-dashboards CRON strange error Debian RT 4.0.7
On 05/13/2013 06:59 AM, David Lane (IT Support) wrote: Now I have a couple of other issue which could be unrelated (1) admins get copies of their own admincc messages There is a $NotifyActor site-wide config option and a per-user preference. (2) help-comm...@domain.com mailto:help-comm...@domain.com is ignored and email comments are taken as correspondance You didn't show your /etc/aliases file, but I expect you have help-comment to run rt-mailgate --action correspond instead of --action comment. [Mon May 13 13:00:08 2013] [error]: Can't locate object method err_headers_out via package RT::Dashboard::FakeRequest at /usr/share/request-tracker4/lib/RT/Interface/Web.pm line 891, DATA line 1000. (/usr/share/request-tracker4/lib/RT/Interface/Web/Handler.pm:209) [Mon May 13 13:00:08 2013] [error]: Caught exception: An internal RT error has occurred. Your administrator can find more details in RT's log files. (/usr/share/request-tracker4/lib/RT/Dashboard/Mailer.pm:117) Upgrade to RT 4.0.9. This was first fixed in that version. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] using rt command line to check whether a queue exists
On 05/13/2013 11:00 AM, Darin Perusich wrote: Hello All, I've been playing around w/scripting the creation of queues and haven't been able to figure this out. How do I use the rt command line tool to list whether a queue exists or not? 'rt ls -t queue name = queue1' throws unsupported object, rt list -q queue1 lists the tickets. ls/list is for tickets only. You want show: rt show queue/FooBar rt show queue/13 rt show -t queue Foo Bar -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RES: Generate end of the day report and email
On 05/10/2013 09:12 AM, Diaulas Castro wrote: Made this bash script to accomplish using RT CLI. Just customize “From:”, To:” and “Status” search in rt ls command and schedule on crontab. You really want to look at dashboards and dashboard subscriptions in RT's web interface. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Problem with mail bounce
On 05/10/2013 07:03 AM, Guadagnino Cristiano wrote: There definitely is something weird with the way the reply-to header is treated from RT. I did some more tests on a quite clean test system (RT 3.8.10) and I always get a permission denied error as soon as I add the reply-to header. By enabling debug logs I see RT thinks he is receiving the email message from the address in the reply-to header instead of the from header. That would also explain why I was getting the RT Received mail ( ) from itself. message in my previous experiments. This is a feature, not a bug. Reply-To: is preferred over From: is preferred over Sender: when determining the actor via email. Among other things, this is useful to create tickets on behalf of someone else via email. The original From: is still visible in the ticket history. FWIW, we have code to let you include a message when forwarding, and I hope that it makes it into 4.2. 1) we copy the text to forward in a new Outlook message 2) we set the sender as the private email address of who is sending 3) we mangle the subject so that it contains the magic RT token with the number of the original ticket 4) we add a special RT adress as BCC; this address is configured so that it triggers a comment action instead of a correspond action 5) set the Reply-To header with our normal RT address Instead of doing the above, why don't you just keep it inside RT all along? 1) Copy text to forward into a new RT comment 2) Set the One-time Cc to the person receiving the forward 3) Uncheck all other recipients from the Scrips and Recipients box. This should be easier if you enable the $SimplifiedRecipients option. Then the forward will come from RT originally, only go to the one-time cc, and be recorded on the ticket. Any replies will end up as comments on the ticket (assuming your queue comment address and /etc/aliases is setup correctly). Less steps, less needing to go outside RT only to shove stuff back in. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Multiple attachments
On 05/10/2013 05:12 AM, Alexander Kucheryuk wrote: Hi! I am running 4.0.12. Adding multiple attachment is not working. I can add one attachment (to ticket) and everything is fine. If I click add more files, I get redirected to Internal Server Error page. My logging level is set to debug, however, nothing shows up in logs. This is NOT self service. Can't reproduce this locally on 4.0.12. If there's an internal sever error, then there *must* be some sort of logs. Perhaps you're not looking in the right place? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RES: RES: Generate end of the day report and email
On 05/10/2013 10:52 AM, Diaulas Castro wrote: Already saw, but I have so many reports and alerts by mail and some of them I cant get with dashboard/subscribe so I made some bash scripts and all of reports/alerts have the same style/looking. I have one that alert 2 times/day, he send mail to requestor telling that ticket # is awaiting for response, but I need it with same subject since the requestor reply will create new ticket . PS: I Have huge red colored text telling to not reply. That sounds like you want rt-crontool. I know you said you had no experience with it, but try starting with our draft of expanded rt-crontool docs: https://github.com/bestpractical/rt/blob/4.0/add-rt-crontool-docs/docs/automating_rt.pod -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RES: RES: RES: Generate end of the day report and email
On 05/10/2013 01:32 PM, Diaulas Castro wrote: Sounds good, will look. Btw i tested again subscription/Dashboard... on outlook that mail looks weird. Dashboard : http://postimg.org/image/4mwn115kn/ My bash : http://postimg.org/image/yfmlp9307/ You don't mention your RT version, but I believe it's better in a recent 4.0 release. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] RES: RES: RES: RES: Generate end of the day report and email
On 05/10/2013 01:49 PM, Diaulas Castro wrote: Hi Thomas, Its 4.0.1 Yeah, upgrading should make the dashboard mails look better in Outlook. You can find the specific release by looking through our release notes: http://bestpractical.com/rt/release-notes/ Regardless, coming up to the latest 4.0.12 is worth it. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Problem with multple new tickets on same subject
On 05/09/2013 10:52 AM, Jok Thuau wrote: Has anyone from best practical considered integrating these patches in the source? (seems quite harmless from where I stand) Would one just fork the github repo and submit a pull request from there? This suggestion comes up once in a while, and there's been lengthy discussion about it in the past on rt-users. There are good reasons not to use References: or subject matching heuristics all the time; it boils down to common use cases which easily generate false positives (associating email with an existing ticket instead of creating a new one). False positives are potentially much worse from a privacy/security/information leak standpoint than false negatives. Probably it should be configurable for sites which accept the pitfalls of using References:. It's too late to consider for RT 4.2, but maybe 4.4. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
Thanks for the information, notes below. On 05/09/2013 09:29 AM, Pete Beebe wrote: Do you have any local customizations? None that I'm aware of. Only plugins I've currently go in place are: RT::Authen::ExternalAuth RT::Extension::ActivityReports Can you send us the output of running this SQL query? select id, Name, Description, ObjectType, ObjectId from Attributes where ObjectType='RT::System'; Could you also navigate to Configuration - Tools - System Config in RT, save that page as HTML, and send the file? Make sure any sensitive data is redacted first. Both the Select query and the system config HTML page and files have been included in the attached ZIP file. Your system config page and SQL results reveal that you have duplicate copies (3 total of each record) of certain global data. This suggests your migration from MySQL to Oracle was flawed. How did you migrate, exactly? Your database may contain duplicate internal records in other areas too, which are likely to lead to more problems (and potentially very subtle ones). What do these queries return? select id, Name, Created, LastUpdated from Users where Name in ('RT_System', 'Nobody', 'root'); select id, Domain, Type, Created, LastUpdated from Groups where Type in ('Everyone', 'Privileged', 'Unprivileged'); I'm unsure of how to reply to this and have it also update the forum thread so I've omitted the rt-users@lists.bestpractical.com address when sending the e-mail. You reply by sending to rt-users@lists.bestpractical.com. That sends to the mailing list, and I'll read it since I'm subscribed. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Can't remove Quick Create Can you reverse the order of history?
On 05/08/2013 04:39 PM, Thomas Sibley wrote: On 05/08/2013 01:00 PM, Cena, Stephen (ext. 300) wrote: I've got two questions: 1. I just did an upgrade from 4.0.11 to 4.0.12 all seemed well. Due to people not using the full ticket Create, I decided to globally remove Quick Create from RT At A Glance. However, when I do that I get the following error: [snip] I can't reproduce this problem and looking at the code don't see how it would happen. Do you have any local customizations? Can you send us the output of running this SQL query? select id, Name, Description, ObjectType, ObjectId from Attributes where ObjectType='RT::System'; Could you also navigate to Configuration - Tools - System Config in RT, save that page as HTML, and send the file? Make sure any sensitive data is redacted first. Stephen, the information I request above will still be useful, but on a hunch, did you recently migrate RT's database from MySQL to MariaDB? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
On 05/04/2013 07:22 PM, Pete Beebe wrote: I just completed a migration from MySQL to Oracle as well as an upgrade from 3.8.5 to 4.0.12. So far everything is running well however I have run across one error that occurs when, as super user, I click on the Global--RT At A Glance link. I receive an error in the WebUI followed by the resulting log file error message: [Sun May 5 02:14:09 2013] [error]: Can't call method Content on an undefined value at /rt4/share/html/Admin/Global/MyRT.html line 69, GEN38 line 445. Stack: [/rt4/share/html/Admin/Global/MyRT.html:69] [/rt4/share/html/Admin/autohandler:49] [/rt4/sbin/../lib/RT/Interface/Web.pm:634] [/rt4/sbin/../lib/RT/Interface/Web.pm:335] [/rt4/share/html/autohandler:53] (/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) I can't reproduce this problem and looking at the code don't see how it would happen. Do you have any local customizations? Can you send us the output of running this SQL query? select id, Name, Description, ObjectType, ObjectId from Attributes where ObjectType='RT::System'; Could you also navigate to Configuration - Tools - System Config in RT, save that page as HTML, and send the file? Make sure any sensitive data is redacted first. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Can't remove Quick Create Can you reverse the order of history?
On 05/08/2013 01:00 PM, Cena, Stephen (ext. 300) wrote: I've got two questions: 1. I just did an upgrade from 4.0.11 to 4.0.12 all seemed well. Due to people not using the full ticket Create, I decided to globally remove Quick Create from RT At A Glance. However, when I do that I get the following error: admsjc@helpdesk:/var/log/apache2$ mailto:admsjc@helpdesk:/var/log/apache2$ tail error.log [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:335] [/opt/rt4/share/html/autohandler:53] (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) [Wed May 8 19:53:28 2013] [error]: Can't call method Content on an undefined value at /opt/rt4/share/html/Admin/Global/MyRT.html line 69. Stack: [/opt/rt4/share/html/Admin/Global/MyRT.html:69] [/opt/rt4/share/html/Admin/autohandler:49] [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:634] [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:335] [/opt/rt4/share/html/autohandler:53] (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) I can't reproduce this problem and looking at the code don't see how it would happen. Do you have any local customizations? Can you send us the output of running this SQL query? select id, Name, Description, ObjectType, ObjectId from Attributes where ObjectType='RT::System'; Could you also navigate to Configuration - Tools - System Config in RT, save that page as HTML, and send the file? Make sure any sensitive data is redacted first. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Problems with Newest unowned and queue permissions
On 05/07/2013 05:48 AM, Ryan Whalen wrote: I 'fixed' this by saving a search for unowned and new tickets AND in a specific queue, naming them '10 newest unowned tickets in /queuename/. Then saved the search to /group's/ saved searches. Then you need to give the AdminCCs instructions on how to edit their RT at a glance page to remove the standard 10 newest unowned and add the saved search:10 newest unowned in /queuename. / FWIW, the above is unnecessarily complicated, as you can modify the one search to be relative for each user by adding this clause: QueueAdminCc.id = '__CurrentUser__' __CurrentUser__ is a placeholder for the logged in user's numeric id.
Re: [rt-users] RT 4.0.5 Pass/forward content type
On 05/06/2013 08:58 AM, Dalal, Kamber Z wrote: Hi, In RT 4.0.5 in the ticket history the ‘Download (untitled)/with headers’ (text/html) button/link does not pass content type, thus the browser displays the html page in plain text, instead of an html page. How can we force the content-type information be passed on thru the button/link? There is a configuration that controls this. It is off by default for security reasons. http://bestpractical.com/rt/docs/latest/RT_Config.html#TrustHTMLAttachments If what you really want is RT to show the (safe, sanitized) HTML in the ticket history directly, you want to instead set the $MaxInlineBody config option to 0 and $PreferRictText to 1. http://bestpractical.com/rt/docs/latest/RT_Config.html#MaxInlineBody http://bestpractical.com/rt/docs/latest/RT_Config.html#PreferRichText
Re: [rt-users] Login Loop
On 05/02/2013 03:22 AM, kennethmto...@eaton.com wrote: Ruslan, I removed WebBaseURL and added WebDomain, restarted apache, but still receive the same error: Set( $WebDomain, 'webserver.ken.com'); Set( $WebPort, 443); Set( $WebPath, '/rt4'); Thoughts? Your Apache config isn't setup for /rt4. Please read http://bestpractical.com/rt/docs/latest/web_deployment.html, particularly the last section.
[rt-users] [rt-announce] RT 4.0.12 released
It's my pleasure to announce RT 4.0.12 is now available for download. http://download.bestpractical.com/pub/rt/release/rt-4.0.12.tar.gz http://download.bestpractical.com/pub/rt/release/rt-4.0.12.tar.gz.sig SHA1 sums 779ae82d1847aea23afe28e54a982c59f93b4953 rt-4.0.12.tar.gz 8ef461c88486fa551985323ef6ed56e626176258 rt-4.0.12.tar.gz.sig This release of RT repairs a regression in 4.0.11. If you use the Rich Text Editor, the red background on Reply was missing due to the update of CKEditor to support IE10. It also includes a database upgrade, so please make sure to run 'make upgrade-database'. Features * Date and DateTime Custom Fields now have the same 'smart' date parsing that core RT date fields have. * Improved logging when the sending of a Correspond or Comment fails. * The Quick Search preferences page now has Select/Clear All buttons. * Unprivileged users can now change Language and Time Zone. * Warn MySQL users if their max_allowed_packet is dangerously low. Bugfixes * Repair 4.0.11 regression where red background on Reply with the RichText Editor was lost. * Quiet warnings in the verbose user format. * Allow changing the case of a Group's name (prevented by earlier code stopping you from having two groups with the same name). * Allow changing the case of a Class's name. * Avoid warnings when using empty Templates. * Update our InnoDB checks for MySQL 5.6 compatibility. * Clarification of when SetOutgoingMailFrom and OverrideOutgoingMailFrom are available. * Improve layout of collection lists in IE. * Fix Attach more files button in Self Service. * Set caching headers on autocomplete endpoints. * Restore and improve prematurely deleted documentation for DontSearchFileAttachments. * Correct the encoding of Dashboard email Subject headers. * Fix the default roles on User-WatchedQueues. * Document the need to grant SeeCustomField in UPGRADING-3.4. * Nudge menus below the shadows in aileron. * Fix missing headers and a syntax error in the /REST/1.0/attachment/NN endpoint. Localization * Improve the display of numbers when using the French localization. * Built in components and searches (such as Bookmarked Tickets) are now localizable. * Use PostgreSQL error codes in the full-text-indexer instead of matching on error messages that may be in a non-english language. * Localize 'Dashboard' during creation. * Mark 'Modify this user' as localizable. Developer * Test can now be run against a remote DB server. * Install etc/upgrade to make some rt-setup-database actions easier without requiring access to the install directory. * RT_TEST_PARALLEL_NUM controls the -j param in make parallel-test * Work around a git bug in git archive when packaging releases. This caused the third party sources to bloat the 4.0.11 tarball. * Fix examples in the CreateTickets documentation. * RT Ticket types (ticket, approval, reminder) are now always forced to lower case. * Allow the use of 'NOT IN' in Limits (assuming a new enough DBIx::SearchBuilder). A complete changelog is available from git by running: git log rt-4.0.11..rt-4.0.12 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.11...rt-4.0.12 ___ rt-announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
Re: [rt-users] Cannot Create user with LDAP Overlay
On 05/01/2013 12:59 PM, Camron W. Fox wrote: Alle, Even thought the privileges for Everyone and Unprivileged are set to CreateTicket and ReplyToTicket, we get these errors when send from an external user: User creation failed in mailgateway: Name in use User 'camron@example.com' could not be loaded in the mail gateway RT could not load a valid user, and RT's configuration does not allow for the creation of a new user for your email. How do we allow this when using the LDAP overlay? I've googled for this but found only answers for 3.X and we're running 4.0.10. What LDAP overlay are you using on 4.0.10? Usually that phrase refers to an ancient 3.6-era overlay that was pretty hacky. On a modern RT, you should be using REMOTE_USER auth ($WebExternalAuth) or RT::Authen::ExternalAuth (+ RT::Extension::LDAPImport). If you're using RT::Authen::ExternalAuth, look into the $AutoCreateNonExternalUsers option it provides.
Re: [rt-users] delete post
On 04/30/2013 06:26 PM, Tim Dunphy wrote: hello, How do I delete this post? http://lists.bestpractical.com/pipermail/rt-users/2012-February/074874.html I've already changed the password on my server. But I still need to get rid of this if at all possible. Any helpful info would be appreciated. You can't. It's a mailing list, so the mail was sent to thousands of subscribers months ago and archived by dozens of mailing list archives on the web. The one you link to is just our local official archives. Best you can do is change all the passwords.
Re: [rt-users] Help - Deep Recursion on subroutine...
On 04/26/2013 10:28 PM, Jason Doller wrote: I've fixed and checked all the potential problems listed, and the support email address may have been the problem. However, I've turned off postfix, and I'm still getting the errors below. I realise I can probably clear a cache to stop this, but with postfix turned off, nothing is injecting new mails into the system, I'm concerned that this problem isn't going away. I've also (temporarily) turned off loop mail forwarding to owner... For those errors to pop up in your logs again, *something* is submitting mail to RT. Look at your access logs for hits to /REST/1.0/NoAuth/mail-gateway.
Re: [rt-users] Collecting info from child tickets (scrip action)
Links have a target and a base (a destination and source), and therefore can be expressed in two directions. RefersTo is the inverse of ReferredToBy, and vice versa. In the database, links are stored in as canonical types and directionality is determined by which object is the target and which is the base. In the API, directionality and base/target combinations are exposed through the methods you found. You're ending up with the same ticket you started with because you're looking at the wrong end of the link. On 04/29/2013 08:17 AM, Tyler Harding wrote: I asked about this once and didn't get a response, 2nd (and final) try… I'm trying to write a script that pokes around in child tickets. My abridged version of it: my $Children = $self-TicketObj-Members(); while( my $childTicket = $Children-Next ) { my $childId = $childTicket-TargetObj-id; # Do some other stuff here } return 1; However the above only gives me information about the ticket I started in (i.e. $self-TicketObj). For whatever reason, the following work as anticipated: $self-TicketObj-MemberOf(); $self-TicketObj-DependsOn(); $self-TicketObj-RefersTo(); And these simply cough up the same ticket I started with: $self-TicketObj-Members(); $self-TicketObj-DependedOnBy(); $self-TicketObj-ReferredToBy(); Any ideas? We're running v4.0.4. Thank you, -Tyler
Re: [rt-users] How to use custom field with Include page
On 04/26/2013 10:43 AM, Guadagnino Cristiano wrote: Kevin, thank you for your reply. The fact is that the DokuWiki page ARE on the same domain as the RT pages. Actually, they are two virtual domains on the same apache server: rtbkd.fake.it dokuwiki.fake.it While those share a common domain component, they are not the same domain. Same domain means *exactly* the same. You will need to setup CORS [1] on the docuwiki domain so that your browser knows it is safe to let rtbkd make the cross-domain request. [1] Cross-origin resource sharing: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Re: [rt-users] Help - Deep Recursion on subroutine...
On 04/26/2013 10:01 AM, Jason Doller wrote: I'm getting this error: Deep recursion on subroutine RT::I18N::SetMIMEEntityToEncoding at /opt/rt4/sbin/../lib/RT/I18N.pm in my logs, and I'm out of RAM. I'm also getting a lot of bounces: Could not record email: Message Bounced (/opt/rt4/share/html/REST/1.0/NoAuth/mail-gateway:75) I've looked for loops in the RT_SiteConfig file (OwnerEmail) but see nothing. This implies a very deep mail loop that is getting larger and larger and hitting recursion limits when processing each successively larger bounce. RT should be logging at the [crit] level the message IDs. Can you find those and provide them? Your RT_SiteConfig.pm would be good to provide too. Folks can't help without these details.
Re: [rt-users] Add value to array in RT_SiteConfig.pm
On 04/26/2013 07:49 AM, Kevin Falcone wrote: On Fri, Apr 26, 2013 at 12:12:48PM +0300, Pavel Gulchouck wrote: I want to add one custom script to @JSFiles, but cannot find anything like Push() or Add() in config parser, only Set(). Is the only way copy all predefined array from RT_Config.pm to RT_SiteConfig.pm? For @JSFiles you have to copy (we've fixed this in the development series). You also have to be careful on upgrades in case we add files to @JSFiles. If you're writing a local extension, you want to use http://bestpractical.com/rt/docs/latest/RT.html#AddJavaScript from your code rather than munging the config. You should be able to use this, somewhat hackishly but just fine, in a local/etc/JS_Config.pm or etc/JS_Config.pm with this content: RT-AddJavaScript(foo.js); 1; You can't do that from your RT_SiteConfig.pm for load order reasons, but you can do so from additional config files.
Re: [rt-users] Help - Deep Recursion on subroutine...
There are a number of possibilities given the config snippet below. Jason wrote: Set($SendmailArguments , -oi -t -f support\@obscured.com); Does supp...@obscured.com go into RT? -f sets the envelope-sender address which is where bounces go. If it goes into RT, that's potentially a mail loop. Set($MaxAttachmentSize , 1000); #Set($RTAddressRegexp , '(^rt\@obscured.com$)(.*\@obscured.co.za)'); Set($RTAddressRegexp , '.*\@obscured.co.za'); The commented out $RTAddressRegexp (which I suppose is commented out because it didn't work; the regex syntax is incorrect) contains r...@obscured.com, but the uncommented version of the option doesn't match that. Does r...@obscured.com still go into RT? If so, that could be the source of a loop if a ticket got a watcher of the rt@ address added. Try this instead: '^(rt@obscured\.com|.*@obscured\.co\.za)$' Escaping the @ isn't necessary in a single-quoted string, just double quoted to prevent interpolation. Additionally, the current $RTAddressRegexp should have the dots (.) in .co.za escaped with a backslash, though that's unlikely to cause a loop. Set($CorrespondAddress , 'no-re...@obscured.co.za'); Set($CommentAddress , 'no-re...@obscured.co.za'); These values are strange, since normally those addresses are intended to receive replies! However, they are unlikely to be a mail loop source since they will match your RTAddressRegexp. Thomas
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 04/26/2013 02:35 PM, Philip Brown wrote: hi there, We are looking at using kerb auth and mod_auth_kerb as our external auth mechanism for RT. Trouble is.. our kerb domain is not the same as people's email address domain. We have mumble-thousand users. Hand-populating things is not an option. So, I was hoping there was potentially a way to do any of the following: a) automatically drop the @xyz from REMOTE_USER entirely b) autoconvert the @xyz to @real.domain c) (least preferable) have the autocreate routines, atomatically fill in @real.domain as the email address You can accomplish (b) with these options: http://bestpractical.com/rt/docs/latest/RT_Config.html#CanonicalizeEmailAddressMatch-CanonicalizeEmailAddressReplace You can also do more sophisticated munging by writing your own RT::User::CanonicalizeUserInfo: http://bestpractical.com/rt/docs/latest/RT/User.html#CanonicalizeUserInfo-HASH-of-ARGS Or you can take the easy way of (a) by setting the mod_auth_kerb config option that Jok pointed out earlier.
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 04/26/2013 05:09 PM, Philip Brown wrote: a) automatically drop the @xyz from REMOTE_USER entirely b) autoconvert the @xyz to @real.domain You can accomplish (b) with these options: http://bestpractical.com/rt/docs/latest/RT_Config.html#CanonicalizeEmailAddressMatch-CanonicalizeEmailAddressReplace Thanks for the tip. I followed the link, but it didnt explicitly give an answer to the following question. For posterity and the list archive's sake: does it also work for extern auth? In other words, when it auto-creates an account, will it rewrite the *account name*? Or will it just get triggered on actual email that comes in? It is used during account creation, as well as many other places that handle email addresses. It doesn't affect the account Name, just the account's Email Address. If you want to change the name, use one of the two other options I offered.