Re: [rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
Anyone knows whether this should work? Did see any answers till now... Is it possible for a user to use more than one sender e-mail address for the same account if all e-mail addresses are in the LDAP directory? I have found this in the RT_SiteConfig.pm file which comes with the ExternalAuth module: However, if a user with an existing RT account with EmailAddress set to the Cmail address, sent mail from Calias, it would still match. The user's EmailAddress in RT would remain the primary Cmail address. This feature is useful for LDAP configurations where users have a primary institutional email address, but might also use aliases from subdomains or other email services. This prevents RT from creating multiple accounts for the same person. It doesn't clearly say whether e-mails sent from the alias email address would be accepted or not. Thanks! Gerald On 18.01.2014 14:27, Gerald Vogt wrote: Hi! We use the ExternalAuth module to authenticate users against a LDAP directory. Some users have multiple e-mail addresses, i.e. multiple values for the LDAP mail attribute (e.g. g...@example.com and v...@example.com) Users can send e-mails to the RT server from the e-mail address which made it into the RT MySQL database without problems. (let's say v...@example.com works) However, if they send from a different e-mail address (i.e. g...@example.com) it fails with error Could not load a valid user. Documentations mentions it should work if the users has e-mail addresses from different attributes. But it doesn't say anything if there are multiple values for the same attribute. Browsing through the source code it looks to me as if RT first only checks against it internal database to find out whether a user with the sender address already exists, then tries to create a new user for the address only to find that the user name matching in LDAP to this e-mail address already exists in the internal database. Is this not possible or am I missing something here? Thanks! Logs show this: Jan 17 13:57:56 rt4 RT: [5002] The RTAddressRegexp option is not set in the config. Not setting this option results in additional SQL queries to check whether each address belongs to RT or not. It is especially important to set this option if RT recieves emails on addresses that are not in the database or config. (/usr/local/rt4/sbin/../lib/RT/Config.pm:485) Jan 17 13:57:57 rt4 RT: [5007] Encode::Guess guessed encoding: ascii (/usr/local/rt4/sbin/../lib/RT/I18N.pm:595) Jan 17 13:57:57 rt4 RT: [5007] Encode::Guess guessed encoding: ascii (/usr/local/rt4/sbin/../lib/RT/I18N.pm:595) Jan 17 13:57:57 rt4 RT: [5007] Converting 'ascii' to 'utf-8' for text/plain - test (/usr/local/rt4/sbin/../lib/RT/I18N.pm:295) Jan 17 13:57:57 rt4 RT: [5007] Going to create user with address 'g...@example.com' (/usr/local/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:100) Jan 17 13:57:57 rt4 RT: [5007] RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::Authen::ExternalAuth /usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm 702 with: Comments: Autocreated on ticket submission, Disabled: , EmailAddress: g...@example.com, Name: g...@example.com, Password: , Privileged: , RealName: (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:599) Jan 17 13:57:57 rt4 RT: [5007] Attempting to get user info using this external service: LDAP (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:607) Jan 17 13:57:57 rt4 RT: [5007] Attempting to use this canonicalization key: Name (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621) Jan 17 13:57:57 rt4 RT: [5007] LDAP Search === Base: ou=people,o=ldap,o=root == Filter: ((objectclass=*)(uid=g...@example.com)) == Attrs: l,gecos,st,mail,gecos,co,streetAddress,postalCode,telephoneNumber,uid,physicalDeliveryOfficeName,uid (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357) Jan 17 13:57:57 rt4 RT: [5007] Attempting to use this canonicalization key: EmailAddress (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:621) Jan 17 13:57:57 rt4 RT: [5007] LDAP Search === Base: ou=people,o=ldap,o=root == Filter: ((objectclass=*)(mail=g...@example.com)) == Attrs: l,gecos,st,mail,gecos,co,streetAddress,postalCode,telephoneNumber,uid,physicalDeliveryOfficeName,uid (/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357) Jan 17 13:57:57 rt4 RT: [5007] RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Address1: , City: , Comments: Autocreated on ticket submission, Country: , Disabled: , EmailAddress: v...@example.com, ExternalAuthId: vogt, Gecos: Gerald Vogt, Name: vogt, Organization: , Password: , Privileged: , RealName: Gerald Vogt, State: , WorkPhone: , Zip: Jan 17 13:57:57 rt4 RT: [5007] Use of uninitialized
Re: [rt-users] REST mail-gateway using 100% cpu
Sorry for my lack of knowledge. Still I think that RT, to be more precise, Email::Address:List module should reject this kind of header and not stuck in infinity regex loop. What I was able to get from mail sender, he was using Microsoft Outlook Web App. -- View this message in context: http://requesttracker.8502.n7.nabble.com/REST-mail-gateway-using-100-cpu-tp56255p56358.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
Re: [rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
On Tue, Jan 21, 2014 at 09:27:50AM +0100, Gerald Vogt wrote: Anyone knows whether this should work? Did see any answers till now... You asked on a Saturday of a holiday weekend. Is it possible for a user to use more than one sender e-mail address for the same account if all e-mail addresses are in the LDAP directory? I have found this in the RT_SiteConfig.pm file which comes with the ExternalAuth module: However, if a user with an existing RT account with EmailAddress set to the Cmail address, sent mail from Calias, it would still match. The user's EmailAddress in RT would remain the primary Cmail address. This feature is useful for LDAP configurations where users have a primary institutional email address, but might also use aliases from subdomains or other email services. This prevents RT from creating multiple accounts for the same person. It doesn't clearly say whether e-mails sent from the alias email address would be accepted or not. I'm glad you found the example config. The key is the first sentence you quote. RT will look up against alias and treat it as though they sent from their primary email address. -kevin pgpBrUaLH6nqk.pgp Description: PGP signature
Re: [rt-users] Import a text file into RT as a scrip ?
On Fri, Jan 17, 2014 at 07:35:43PM +, Ethier, Michael wrote: I have a text file (exact RT scrip syntax) that sits on our RT server that I would like to import into RT and update(overwrite) a particular scrip's custom condition with it on a regular basis. Is this possible ? And if yes, how ? Why not write a scrip condition that lives on disk instead? Look at /opt/rt4/lib/RT/Condition/*.pm for ideas and then read the initialdata docs for how to insert a database record for the condition. http://bestpractical.com/docs/rt/latest/initialdata.html We do this all the time so the actual code of the condition can be easily tracked in source control. -kevin pgpVgGX6QBT8E.pgp Description: PGP signature
Re: [rt-users] REST mail-gateway using 100% cpu
On Tue, 2014-01-21 at 04:55 -0800, andriuss wrote: Sorry for my lack of knowledge. Still I think that RT, to be more precise, Email::Address:List module should reject this kind of header and not stuck in infinity regex loop. Absolutely. We intend to address this shortly. What I was able to get from mail sender, he was using Microsoft Outlook Web App. Interesting. - Alex
Re: [rt-users] Real time fulltext search/indexing with sphinx
On Fri, Jan 17, 2014 at 08:34:55PM +0100, m...@fv-berlin.de wrote: as you can see on these slides: http://www.slideshare.net/AdrianNuta1/real-time-fulltext-search-with-sphinx ... it is now possible with sphinx to allow for actual realtime searching, something that I have come to realize while researching, not even postgresql allows for. There is a caveat to this though: this functionality is not transparent to the application, meaning that RT would need to be modified to support this. Is this being worked on already, or is this something that could be suggested? No work to support this is currently being done. It's certainly something that could be sponsored if it was important to your company's use of RT. -kevin pgpEeAHeRsoaW.pgp Description: PGP signature
Re: [rt-users] Apache Threads hanging not gracefully exiting
On Wed, Jan 15, 2014 at 03:13:31PM -0500, Nathan Baker wrote: I switched from mod_perl to mod_fcgid and along with the memory usage decreasing by about 75%, the problem seems to have disappeared. I'm not sure if there is a problem with the code and mod_fcgid is just handling it better, or what the deal is, but everything is working fine now. Judging by the user reviews of mod_perl (http://cpanratings.perl.org/dist/mod_perl) it seems like mod_perl should be the less preferred option, and mod_fastcgi or mod_fcgid should be used if possible. Is this the general consensus? If so, it might be helpful to add that recommendation on http://bestpractical.com/docs/rt/latest/web_deployment.html. I personally never deploy on mod_perl unless forced, and we document a number of mod_perl specific issues in the web_deployment document. We also document mod_fastcgi and mod_fcgid before mod_perl in that document for a reason. It's possible we should more strongly discourage mod_perl. -kevin Thanks for your suggestions though Kevin, if I do see any further issues I'll try using strace. For anyone else that comes across this, here are some apache mod_perl documents about debugging mod_perl applications, using strace and other methods: http://perl.apache.org/docs/1.0/guide/debug.html http://perl.apache.org/docs/2.0/user/troubleshooting/troubleshooting.html -Nate On Wed, Jan 15, 2014 at 11:21 AM, Kevin Falcone [5]falc...@bestpractical.com wrote: On Tue, Jan 14, 2014 at 01:43:59PM -0500, Nathan Baker wrote: (gracefully finishing). Those threads will never exit unless I kill the processes manually. My guess would be that one of my customizations are causing this, but does anyone have any tips for how to find out what the problem is? strace/dtruss? - custom Scrip that uses Filesys::SmbClient to copy attachments to the user's computer when they Take the ticket That sounds like the biggest suspect. pgpyXlDh80sfz.pgp Description: PGP signature
Re: [rt-users] How far can categories nest?
Any assistance with this will be appreciated. On Jan 17, 2014 2:12 PM, Mathew Snyder mathew.sny...@gmail.com wrote: For clarification: First CF: Support Type (ST) - System Support - User Support Second CF: Support Category (SC) - Hardware - System Support - Software - System Support - Telephony - System Support - New Employee - User Support - Promotion - User Support - Temp Employee - User Support Third CF: Support Sub-Category (SSC) - Mobile Phone - Hardware - Computer - Hardware - VPN - Software - Anti-virus - Software - Email - Software - Networking - Telephony - Phones - Telephony This is the original order for I have found that the bug mentioned by Kevin persists in version 4.2.2, at least, in my case, after upgrading from 4.2.1. Selecting System Support will populate Support Category, but selecting a value from Support Category will not populate Support Sub-Category. As a matter of troubleshooting I have moved Support Sub-Category above Support Category and found that SSC will populate with one of the categories described by SC and all of the associated options (specifically, the Software category). However, changing the value of SC still does not cascade into SSC. SSC retains the Software sub-category and its values and only the Software sub-category regardless of the SC chosen. Reverting the custom fields to their original order does not alter this nor does it go back to not displaying *any* values in SSC. Example: Selecting System Support from Support Type populates Support Category with Hardware, Software, and Telephony. Selecting Hardware from Support Category populates Support Sub-Category with - Software - VPN - Anti-virus - Email No value is selected. Selecting Telephony from Support Category populates Support Sub-Category with - Software - VPN - Anti-virus - Email No value is selected. Instead of - Telephony - Networking - Phones /Example Selecting User Support from Support Type populates Support Category with all of the expected, relevant values under Support Category. There are no associated Support Sub-Category values for User Support. However, the same issue as above is present. The SSC field is still populated with the Software sub-category. -Mathew When you do things right, people won't be sure you've done anything at all. - God; Futurama We'll get along much better once you accept that you're wrong and neither am I. - Me On Fri, Jan 17, 2014 at 12:04 PM, Mathew Snyder mathew.sny...@gmail.comwrote: I just upgraded and the custom fields still aren't cascading properly. After selecting the first one the second populates, but after selecting the second one the third does not. CentOS 6.5, FastCGI, RT 4.2.2, MySQL 5.1.71-1 -Mathew When you do things right, people won't be sure you've done anything at all. - God; Futurama We'll get along much better once you accept that you're wrong and neither am I. - Me On Fri, Jan 17, 2014 at 11:43 AM, Mathew Snyder mathew.sny...@gmail.comwrote: Looks like I'll be upgrading to 4.2.2. Fortunately, this isn't in production yet. -Mathew When you do things right, people won't be sure you've done anything at all. - God; Futurama We'll get along much better once you accept that you're wrong and neither am I. - Me On Fri, Jan 17, 2014 at 11:41 AM, Mathew Snyder mathew.sny...@gmail.com wrote: Sorry. 4.2.1. -Mathew When you do things right, people won't be sure you've done anything at all. - God; Futurama We'll get along much better once you accept that you're wrong and neither am I. - Me On Fri, Jan 17, 2014 at 6:15 AM, Kevin Falcone falc...@bestpractical.com wrote: On Thu, Jan 16, 2014 at 12:07:14PM -1000, Mathew Snyder wrote: I have three custom fields I'd like linked: Support Type, Support Category, and Support Sub-Category. Support Type has not Categories are based on set. Support Category has Categories are based on set to Support Type Support Sub-Category has Categories are based on set to Support Category. When I select the Support Type, Support Category populates with the expected values (In this case, Hardware, Software, and Telephony). However, when I select Support Category, Support Sub-Category does not populate. The categories are configured for each entry in Support Sub-Category. Do categories only go one level? You didn't state your RT version, but if you search http://bestpractical.com/release-notes/rt/4.2.2 for Custom Field you'll find a likely bugfix. -kevin
Re: [rt-users] On reply un-own ticket
On Mon, Jan 20, 2014 at 06:54:42PM +, Shane Vedvik wrote:
Does anyone know how this is implemented in RT 4? I know when we used
RT 3 at a previous employer, any time a customer replied to a ticket
the owner was changed to nobody and if it was resolved, it was re-
opened. I would like to implement this behavior here but I didn't
administer that server, and I'm unfamiliar with Scrip writing in
general. Any assistance of course would be greatly appreciated.
The second of these is a core RT feature (On Correspond Open Ticket).
It sounds like the first was an On Correspond with a user defined
custom commit section that called something like
$self-TicketObj-SetOwner('Nobody')
-kevin
pgp3weZ7qbhtX.pgp
Description: PGP signature
Re: [rt-users] rt-crontool and --action RT::Action::NotifyAsComment
On Thu, Jan 16, 2014 at 06:46:06PM +0100, Eric Maisonobe wrote: Hello, I try to use the following cron task : /opt/rt4/bin/rt-crontool \ --search RT::Search::FromSQL \ --search-arg Created '1 day ago' AND (Status = 'new') \ --action RT::Action::NotifyAsComment \ --action-arg 'OtherRecipients' --template 'my_nice_template' but nothing is done (no comment and no notification), because RT complains : [critical]: Can't call method CreatorObj on an undefined value at /opt/rt4/bin/../lib/RT/Action/Notify.pm line 134. (/opt/rt4/bin/../lib/RT.pm:400) I look at /opt/rt4/bin/../lib/RT/Action/Notify.pm line 134 and i see : my $creatorObj = $self-TransactionObj-CreatorObj; So, does anybody knows : - how to use rt-crontool with --action RT::Action::NotifyAsComment, - or how to specify the default RT system user in the Notify.pm script something like : eval( my $creatorObj = $self-TransactionObj-CreatorObj) || my $creatorObj = RT_DEFAULT_USER_OBJ; You want the --transaction argument if you're going to use a Notify action: http://bestpractical.com/docs/rt/latest/rt-crontool.html You want first or last, not all. You may find the notification example of the reminders documentation interesting http://bestpractical.com/docs/rt/latest/reminders.html#Email-Reminders -kevin pgp47QZVp8qAT.pgp Description: PGP signature
Re: [rt-users] rt-crontool and --action RT::Action::NotifyAsComment
Many thanks for tour help ! Le 21 janv. 2014 20:38, Kevin Falcone falc...@bestpractical.com a écrit : On Thu, Jan 16, 2014 at 06:46:06PM +0100, Eric Maisonobe wrote: Hello, I try to use the following cron task : /opt/rt4/bin/rt-crontool \ --search RT::Search::FromSQL \ --search-arg Created '1 day ago' AND (Status = 'new') \ --action RT::Action::NotifyAsComment \ --action-arg 'OtherRecipients' --template 'my_nice_template' but nothing is done (no comment and no notification), because RT complains : [critical]: Can't call method CreatorObj on an undefined value at /opt/rt4/bin/../lib/RT/Action/Notify.pm line 134. (/opt/rt4/bin/../lib/RT.pm:400) I look at /opt/rt4/bin/../lib/RT/Action/Notify.pm line 134 and i see : my $creatorObj = $self-TransactionObj-CreatorObj; So, does anybody knows : - how to use rt-crontool with --action RT::Action::NotifyAsComment, - or how to specify the default RT system user in the Notify.pm script something like : eval( my $creatorObj = $self-TransactionObj-CreatorObj) || my $creatorObj = RT_DEFAULT_USER_OBJ; You want the --transaction argument if you're going to use a Notify action: http://bestpractical.com/docs/rt/latest/rt-crontool.html You want first or last, not all. You may find the notification example of the reminders documentation interesting http://bestpractical.com/docs/rt/latest/reminders.html#Email-Reminders -kevin
Re: [rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
On 21.01.14 20:29, Kevin Falcone wrote: It doesn't clearly say whether e-mails sent from the alias email address would be accepted or not. I'm glad you found the example config. The key is the first sentence you quote. RT will look up against alias and treat it as though they sent from their primary email address. Then why doesn't this happen when it has two or more values set for the mail attribute? When RT receives an e-mail I don't see any access to the LDAP server at first. It searches the sender address in the internal database. Doesn't find it. Then wants to create a new user. And only then it checks against the LDAP database and finds that the user with that uid (which maps to the Name column in the RT database) exists and refuses to create this user. Why doesn't this work and does this reject e-mails from that sender address? Thanks! Gerald
Re: [rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
On Tue, Jan 21, 2014 at 08:49:49PM +0100, Gerald Vogt wrote: When RT receives an e-mail I don't see any access to the LDAP server at first. It searches the sender address in the internal database. Doesn't find it. Then wants to create a new user. And only then it checks against the LDAP database and finds that the user with that uid (which maps to the Name column in the RT database) exists and refuses to create this user. Why doesn't this work and does this reject e-mails from that sender address? You haven't provided your configuration or debug logs for the condition so any answers would be pure guesses. -kevin pgp5tV1qCZt6B.pgp Description: PGP signature
Re: [rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
On 21.01.2014, at 21:33, Kevin Falcone falc...@bestpractical.com wrote: On Tue, Jan 21, 2014 at 08:49:49PM +0100, Gerald Vogt wrote: When RT receives an e-mail I don't see any access to the LDAP server at first. It searches the sender address in the internal database. Doesn't find it. Then wants to create a new user. And only then it checks against the LDAP database and finds that the user with that uid (which maps to the Name column in the RT database) exists and refuses to create this user. Why doesn't this work and does this reject e-mails from that sender address? You haven't provided your configuration or debug logs for the condition so any answers would be pure guesses. That was in my first email and fully quoted in my second. -Gerald
Re: [rt-users] RT 4.2.1 - ExternalAuth against LDAP server and users with multiple mail addresses
I have tested the ExternalAuth module with the suggested configuration
of two different attributes for EmailAddress as suggested in the
configuration file:
'attr_map' = {
'Name' = 'uid',
'EmailAddress' = [ 'mail', 'mailAlternateAddress' ],
This won't work at all: the call of postfix to rt-mailgateway fails:
(temporary failure. Command output: RT server error. The RT server
which handled your email did not behave as expected. It said: Can't
call method as_string on an undefined value at
/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
line 357. Stack:
[/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]
[/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:655]
[/usr/local/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:702]
[/usr/local/rt4/sbin/../lib/RT/User.pm:143]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:838]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email/Auth/MailFrom.pm:178]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:1531]
[/usr/local/rt4/sbin/../lib/RT/Interface/Email.pm:1345]
[/usr/local/rt4/share/html/REST/1.0/NoAuth/mail-gateway:61])
This is because it passes the EmailAddress key as array to the function
and tries to built the LDAP filter from that which results in a string
like this:
((objectclass=*)(ARRAY(0xacc5d0)=g...@example.com))
And with that the following call to Net::LDAP::Filter-new will fail.
I don't see how this should work with version 0.17 of ExternalAuth and
RT4.2.2.
Thanks!
Gerald
On 21.01.2014 22:43, Gerald Vogt wrote:
On 21.01.2014, at 21:33, Kevin Falcone falc...@bestpractical.com wrote:
On Tue, Jan 21, 2014 at 08:49:49PM +0100, Gerald Vogt wrote:
When RT receives an e-mail I don't see any access to the LDAP server at
first. It searches the sender address in the internal database. Doesn't
find it. Then wants to create a new user. And only then it checks
against the LDAP database and finds that the user with that uid (which
maps to the Name column in the RT database) exists and refuses to
create this user.
Why doesn't this work and does this reject e-mails from that sender address?
You haven't provided your configuration or debug logs for the
condition so any answers would be pure guesses.
That was in my first email and fully quoted in my second. -Gerald
