Re: [rt-users] External users unable to create tickets since ExternalAuth activated
Hi Kevin, I was not seeing your replies through the user's e-mail digest. It's only when I logged into the gossamer-threads that I saw them. So, sorry if you thought I was ignoring or not accepting your answer. I was specifically looking at the RT_SiteConfig file and did not go through the ExternalAuth config line for line. This line did the trick: Set($AutoCreateNonExternalUsers, 1); Thanks again for responding.
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
Kevin, I guess that when I read things, I read them differently. From what I read about ExternalAuth, I assumed it did the authorizing but didn't see where it *defaulted back* to RT (checking the USERS Table) when an ExternalAuth failed. My mistake, again. I did figure that if ExternalAuth allowed a non-LDAP to be added (per setting) that the regular AutoCreate,Privileged, 0/1 setting would determine whether they were added as privileged or not, but I didn't realize that if the Auth didn't Pass LDAP, RT would look at the Users DataBase for the User. I just didn't see it that way when I read the documentation. No one's fault but my own. Sorry. Kenn LBNL On Thu, Jan 13, 2011 at 10:42 AM, Kevin Falcone wrote: > On Thu, Jan 13, 2011 at 10:37:03AM -0800, Kenneth Crocker wrote: > >I do have a question as to why all that explanation on My_Oracle and > such in the ExternalAuth > >notes if we should use such settings? > > Because you can validate against some other app's database? > > What gave you the idea that you needed to configure > RT-Authen-ExternalAuth to talk to RT's internal Users table? > Documentation implying that needs to be fixed > > -kevin >
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
On Thu, Jan 13, 2011 at 02:31:48PM -0400, Nicôle Layne-Balram wrote:
> Any thoughts on this issue?
Please see my reply to you on Tuesday
-kevin
>
> Message: 2
> Date: Mon, 10 Jan 2011 23:04:52 -0400
> From: Nicole Layne-Balram
> To:
> Subject: [rt-users] External users unable to create tickets since
> ExternalAuth activated
> Message-ID:
> <4c137e3ba6db4a4291596a118437d8e501929...@exchange1.telebarbados.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Since implementing external auth (LDAP option), RT works as expected for
> users within AD, but I've just realized that external users are unable to
> create tickets, even with the appropriate "Everybody" permissions set via the
> web interface (globally as well as queue-specific).
>
> Error within logs:
> *timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
> Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
> y...@hotmail.com, Name: y...@hotmail.com, Password: , Privileged: 0,
> RealName: Jane Doe
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
>
> Jan 10 21:21:58 RT RT: Couldn't load user 'y...@hotmail.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
>
> RT_SiteConfig.pm:
> Set($rtname , "xxx.com");
> Set($Organization , "xxx.com");
> Set($Timezone , 'US/Eastern');
> Set($DatabaseType , 'mysql');
> Set($DatabaseHost , 'localhost');
> Set($DatabaseRTHost , 'localhost');
> Set($DatabasePort , '');
> Set($DatabaseUser , 'rt');
> Set($DatabasePassword , 'xyz');
> Set($OwnerEmail , 'root');
> Set($RTAddressRegexp , '([a-z]+)\@rt\.xxx\.com$');
> Set($ValidateUserEmailAddresses, 1);
> Set($CorrespondAddress , 'no-re...@rt.xxx.com');
> Set($CommentAddress , 'no-reply-comm...@rt.xxx.com');
> Set( $WebDomain, 'rt.xxx.com' );
> Set($WebPath, "");
> Set($CanonicalizeRedirectURLs, 1);
> Set($LogToSyslog , 'info');
> Set($UnsafeEmailCommands,1);
> Set($LogToSyslog, "debug");
> Set($AutoCreateNonExternalUsers, 1);
> Set($AutoCreate, {Privileged => 1});
> Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
> RT::Extension::MobileUI RT::Authen::ExternalAuth));
> require
> "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
>
> 1;
>
> External User gets two returned e-mails from no-re...@rt.xxx.com:
> RT could not load a valid user, and RT's configuration does not allow for the
> creation of a new user for your email.
> User 'y...@hotmail.com' could not be loaded in the mail gateway
>
> Any help and suggestions would be greatly appreciated.
>
> Thanks,
> Nicole
>
>
> --
>
pgp9W50azQSrW.pgp
Description: PGP signature
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
On Thu, Jan 13, 2011 at 10:37:03AM -0800, Kenneth Crocker wrote: >I do have a question as to why all that explanation on My_Oracle and such > in the ExternalAuth >notes if we should use such settings? Because you can validate against some other app's database? What gave you the idea that you needed to configure RT-Authen-ExternalAuth to talk to RT's internal Users table? Documentation implying that needs to be fixed -kevin pgpg5fCC7Ihvn.pgp Description: PGP signature
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
Kevin,
Your suggestion on using the LDAP setting for adding users worked well.
Thank you.
I do have a question as to why all that explanation on My_Oracle and such in
the ExternalAuth notes if we should use such settings?
Kenn
LBNL
On Thu, Jan 13, 2011 at 10:31 AM, Nicôle Layne-Balram <
nla...@telebarbados.com> wrote:
> Any thoughts on this issue?
>
> Kind regards,
> Nicole
>
> --
>
> Message: 2
> Date: Mon, 10 Jan 2011 23:04:52 -0400
> From: Nicole Layne-Balram
> To:
> Subject: [rt-users] External users unable to create tickets since
>ExternalAuth activated
> Message-ID:
><
> 4c137e3ba6db4a4291596a118437d8e501929...@exchange1.telebarbados.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Since implementing external auth (LDAP option), RT works as expected for
> users within AD, but I've just realized that external users are unable to
> create tickets, even with the appropriate "Everybody" permissions set via
> the web interface (globally as well as queue-specific).
>
> Error within logs:
> *timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
> Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
> y...@hotmail.com, Name: y...@hotmail.com, Password: , Privileged: 0,
> RealName: Jane Doe
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
> Jan 10 21:21:58 RT RT: Couldn't load user 'y...@hotmail.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
>
> RT_SiteConfig.pm:
> Set($rtname , "xxx.com");
> Set($Organization , "xxx.com");
> Set($Timezone , 'US/Eastern');
> Set($DatabaseType , 'mysql');
> Set($DatabaseHost , 'localhost');
> Set($DatabaseRTHost , 'localhost');
> Set($DatabasePort , '');
> Set($DatabaseUser , 'rt');
> Set($DatabasePassword , 'xyz');
> Set($OwnerEmail , 'root');
> Set($RTAddressRegexp , '([a-z]+)\@rt\.xxx\.com$');
> Set($ValidateUserEmailAddresses, 1);
> Set($CorrespondAddress , 'no-re...@rt.xxx.com');
> Set($CommentAddress , 'no-reply-comm...@rt.xxx.com');
> Set( $WebDomain, 'rt.xxx.com' );
> Set($WebPath, "");
> Set($CanonicalizeRedirectURLs, 1);
> Set($LogToSyslog , 'info');
> Set($UnsafeEmailCommands,1);
> Set($LogToSyslog, "debug");
> Set($AutoCreateNonExternalUsers, 1);
> Set($AutoCreate, {Privileged => 1});
> Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
> RT::Extension::MobileUI RT::Authen::ExternalAuth));
> require
> "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
>
> 1;
>
> External User gets two returned e-mails from no-re...@rt.xxx.com:
> RT could not load a valid user, and RT's configuration does not allow for
> the creation of a new user for your email.
> User 'y...@hotmail.com' could not be loaded in the mail gateway
>
> Any help and suggestions would be greatly appreciated.
>
> Thanks,
> Nicole
>
>
> --
>
>
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
Any thoughts on this issue?
Kind regards,
Nicole
--
Message: 2
Date: Mon, 10 Jan 2011 23:04:52 -0400
From: Nicole Layne-Balram
To:
Subject: [rt-users] External users unable to create tickets since
ExternalAuth activated
Message-ID:
<4c137e3ba6db4a4291596a118437d8e501929...@exchange1.telebarbados.com>
Content-Type: text/plain; charset="iso-8859-1"
Since implementing external auth (LDAP option), RT works as expected for users
within AD, but I've just realized that external users are unable to create
tickets, even with the appropriate "Everybody" permissions set via the web
interface (globally as well as queue-specific).
Error within logs:
*timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
y...@hotmail.com, Name: y...@hotmail.com, Password: , Privileged: 0, RealName:
Jane Doe
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Jan 10 21:21:58 RT RT: Couldn't load user 'y...@hotmail.com'.giving up
(/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
RT_SiteConfig.pm:
Set($rtname , "xxx.com");
Set($Organization , "xxx.com");
Set($Timezone , 'US/Eastern');
Set($DatabaseType , 'mysql');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'rt');
Set($DatabasePassword , 'xyz');
Set($OwnerEmail , 'root');
Set($RTAddressRegexp , '([a-z]+)\@rt\.xxx\.com$');
Set($ValidateUserEmailAddresses, 1);
Set($CorrespondAddress , 'no-re...@rt.xxx.com');
Set($CommentAddress , 'no-reply-comm...@rt.xxx.com');
Set( $WebDomain, 'rt.xxx.com' );
Set($WebPath, "");
Set($CanonicalizeRedirectURLs, 1);
Set($LogToSyslog , 'info');
Set($UnsafeEmailCommands,1);
Set($LogToSyslog, "debug");
Set($AutoCreateNonExternalUsers, 1);
Set($AutoCreate, {Privileged => 1});
Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
RT::Extension::MobileUI RT::Authen::ExternalAuth));
require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
1;
External User gets two returned e-mails from no-re...@rt.xxx.com:
RT could not load a valid user, and RT's configuration does not allow for the
creation of a new user for your email.
User 'y...@hotmail.com' could not be loaded in the mail gateway
Any help and suggestions would be greatly appreciated.
Thanks,
Nicole
--
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
On Tue, Jan 11, 2011 at 11:00:02AM -0800, Kenneth Crocker wrote: >Kevin, > >Would this option require the use of a check to the DataBase? A'la > My_Oracle as a secondary >External Setting? >Set($ExternalAuthPriority, [ 'My_LDAP', *My_Oracle*] ); If you are attempting to have RT-Authen-ExternalAuth check RT's insternal Users table by defining My_Oracle that is wrong. RT-Authen-ExternalAuth falls back to RT's internal password checking automatically. Defining My_Oracle is likely to cause nothing but problems. There is a config option in RT-Authen-ExternalAuth that controls whether or not a user must exist in LDAP before being autocreated in RT. It is documented in the config file and comes up roughly every other week on the mailing list. -kevin pgpqtX2YXUeH7.pgp Description: PGP signature
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
Kevin,
Would this option require the use of a check to the DataBase? A'la My_Oracle
as a secondary External Setting?
I'm in the same situation where we have some outside consultants that are
NOT in our LDAP database, but need to reply/own tickets in RT.
I was looking at the RT_SiteConfig.pm setting options in
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc and saw the instructions
for 'My_My_SQL'.
These are the parameters I used:
*Set($ExternalAuthPriority, [ 'My_LDAP', ‘My_Oracle’] );*
*Set($ExternalInfoPriority, [ 'My_LDAP' ] );*
*Set($ExternalServiceUsesSSLorTLS, 1);*
*Set($AutoCreateNonExternalUsers, 0);*
#
# These are the full settings for each external service as a HashOfHashes
#
*Set(*
*$ExternalSettings,*
* {*
*'My_LDAP' =>*
* {*
*Our LDAP stuff - Works well*
* }
***
* },*
*# Settings for secondary Auth - using our Oracle DataBase
*
* {*
*'My_Oracle' =>*
* {*
*‘type’ => 'db',*
*‘server’=> 'luther',*
*‘database’ => ‘rtdev’,*
*‘table’ => ‘USERS’,*
*‘user’ => ‘OURID’,*
*‘pass’ => ‘’,*
*‘port’ => '’,*
*‘u_field’ => ‘name’,*
*‘dbi_driver’ => ‘’,*
*‘p_field’ => ‘’,*
*‘p_enc_pkg’ => ‘’,*
*‘p_enc_sub’ => ‘’,*
*‘p_salt’ => ‘’,*
*‘d_field’ => '’,*
*‘d_values’=> '',*
*‘attr_match_list’ => [' EmailAddress'],*
*‘attr_map’=> ['EmailAddress'=> 'mail']*
* }*
* }*
* );*
*1;
*Am I on the right track?*
*
Kenn
LBNL*
*
On Tue, Jan 11, 2011 at 7:40 AM, Kevin Falcone wrote:
> On Mon, Jan 10, 2011 at 11:04:52PM -0400, Nicôle Layne-Balram wrote:
> > Since implementing external auth (LDAP option), RT works as expected for
> users within AD, but I've just realized that external users are unable to
> create tickets, even with the appropriate "Everybody" permissions set via
> the web interface (globally as well as queue-specific).
>
> This comes up about twice a month on the mailing list, there is a
> config option documented in the RT-Authen-ExternalAuth config file to
> enable the creation of external users
>
> -kevin
>
> > Error within logs:
> > *timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo
> returning Comments: Autocreated on ticket submission, Disabled: 0,
> EmailAddress: y...@hotmail.com, Name: y...@hotmail.com, Password: ,
> Privileged: 0, RealName: Jane Doe
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
> > Jan 10 21:21:58 RT RT: Couldn't load user 'y...@hotmail.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
> >
> > RT_SiteConfig.pm:
> > Set($rtname , "xxx.com");
> > Set($Organization , "xxx.com");
> > Set($Timezone , 'US/Eastern');
> > Set($DatabaseType , 'mysql');
> > Set($DatabaseHost , 'localhost');
> > Set($DatabaseRTHost , 'localhost');
> > Set($DatabasePort , '');
> > Set($DatabaseUser , 'rt');
> > Set($DatabasePassword , 'xyz');
> > Set($OwnerEmail , 'root');
> > Set($RTAddressRegexp , '([a-z]+)\...@rt\.xxx\.com$');
> > Set($ValidateUserEmailAddresses, 1);
> > Set($CorrespondAddress , 'no-re...@rt.xxx.com');
> > Set($CommentAddress , 'no-reply-comm...@rt.xxx.com');
> > Set( $WebDomain, 'rt.xxx.com' );
> > Set($WebPath, "");
> > Set($CanonicalizeRedirectURLs, 1);
> > Set($LogToSyslog , 'info');
> > Set($UnsafeEmailCommands,1);
> > Set($LogToSyslog, "debug");
> > Set($AutoCreateNonExternalUsers, 1);
> > Set($AutoCreate, {Privileged => 1});
> > Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
> RT::Extension::MobileUI RT::Authen::ExternalAuth));
> > require
> "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
> >
> > 1;
> >
> > External User gets two returned e-mails from no-re...@rt.xxx.com:
> > RT could not load a valid user, and RT's configuration does not allow for
> the creation of a new user for your email.
> > User 'y...@hotmail.com' could not be loaded in the mail gateway
> >
> > Any help and suggestions would be greatly appreciated.
> >
> > Thanks,
> > Nicôle
>
Re: [rt-users] External users unable to create tickets since ExternalAuth activated
On Mon, Jan 10, 2011 at 11:04:52PM -0400, Nicôle Layne-Balram wrote:
> Since implementing external auth (LDAP option), RT works as expected for
> users within AD, but I've just realized that external users are unable to
> create tickets, even with the appropriate "Everybody" permissions set via the
> web interface (globally as well as queue-specific).
This comes up about twice a month on the mailing list, there is a
config option documented in the RT-Authen-ExternalAuth config file to
enable the creation of external users
-kevin
> Error within logs:
> *timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
> Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
> y...@hotmail.com, Name: y...@hotmail.com, Password: , Privileged: 0,
> RealName: Jane Doe
> (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
>
> Jan 10 21:21:58 RT RT: Couldn't load user 'y...@hotmail.com'.giving up
> (/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
>
> RT_SiteConfig.pm:
> Set($rtname , "xxx.com");
> Set($Organization , "xxx.com");
> Set($Timezone , 'US/Eastern');
> Set($DatabaseType , 'mysql');
> Set($DatabaseHost , 'localhost');
> Set($DatabaseRTHost , 'localhost');
> Set($DatabasePort , '');
> Set($DatabaseUser , 'rt');
> Set($DatabasePassword , 'xyz');
> Set($OwnerEmail , 'root');
> Set($RTAddressRegexp , '([a-z]+)\...@rt\.xxx\.com$');
> Set($ValidateUserEmailAddresses, 1);
> Set($CorrespondAddress , 'no-re...@rt.xxx.com');
> Set($CommentAddress , 'no-reply-comm...@rt.xxx.com');
> Set( $WebDomain, 'rt.xxx.com' );
> Set($WebPath, "");
> Set($CanonicalizeRedirectURLs, 1);
> Set($LogToSyslog , 'info');
> Set($UnsafeEmailCommands,1);
> Set($LogToSyslog, "debug");
> Set($AutoCreateNonExternalUsers, 1);
> Set($AutoCreate, {Privileged => 1});
> Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
> RT::Extension::MobileUI RT::Authen::ExternalAuth));
> require
> "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
>
> 1;
>
> External User gets two returned e-mails from no-re...@rt.xxx.com:
> RT could not load a valid user, and RT's configuration does not allow for the
> creation of a new user for your email.
> User 'y...@hotmail.com' could not be loaded in the mail gateway
>
> Any help and suggestions would be greatly appreciated.
>
> Thanks,
> Nicôle
pgpsi3uqPw7jY.pgp
Description: PGP signature
[rt-users] External users unable to create tickets since ExternalAuth activated
Since implementing external auth (LDAP option), RT works as expected for users
within AD, but I've just realized that external users are unable to create
tickets, even with the appropriate "Everybody" permissions set via the web
interface (globally as well as queue-specific).
Error within logs:
*timestamp* RT RT: RT::Authen::ExternalAuth::CanonicalizeUserInfo returning
Comments: Autocreated on ticket submission, Disabled: 0, EmailAddress:
y...@hotmail.com, Name: y...@hotmail.com, Password: , Privileged: 0, RealName:
Jane Doe
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
Jan 10 21:21:58 RT RT: Couldn't load user 'y...@hotmail.com'.giving up
(/opt/rt3/bin/../lib/RT/Interface/Email.pm:947)
RT_SiteConfig.pm:
Set($rtname , "xxx.com");
Set($Organization , "xxx.com");
Set($Timezone , 'US/Eastern');
Set($DatabaseType , 'mysql');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'rt');
Set($DatabasePassword , 'xyz');
Set($OwnerEmail , 'root');
Set($RTAddressRegexp , '([a-z]+)\...@rt\.xxx\.com$');
Set($ValidateUserEmailAddresses, 1);
Set($CorrespondAddress , 'no-re...@rt.xxx.com');
Set($CommentAddress , 'no-reply-comm...@rt.xxx.com');
Set( $WebDomain, 'rt.xxx.com' );
Set($WebPath, "");
Set($CanonicalizeRedirectURLs, 1);
Set($LogToSyslog , 'info');
Set($UnsafeEmailCommands,1);
Set($LogToSyslog, "debug");
Set($AutoCreateNonExternalUsers, 1);
Set($AutoCreate, {Privileged => 1});
Set(@Plugins,qw(RT::FM RT::Extension::QueueDeactivatedScrips
RT::Extension::MobileUI RT::Authen::ExternalAuth));
require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/My_RT_SiteConfig.pm";
1;
External User gets two returned e-mails from no-re...@rt.xxx.com:
RT could not load a valid user, and RT's configuration does not allow for the
creation of a new user for your email.
User 'y...@hotmail.com' could not be loaded in the mail gateway
Any help and suggestions would be greatly appreciated.
Thanks,
Nicôle
