Re: [rt-users] supplying database credentials to rt-fulltext-indexer

[Alex Hall]

FTS is enabled and working, but it seems to be working only on tickets that
were set up when the setup tool was run. According to the docs
(rt4/docs/full_text_indexing.pod):

To keep the index up-to-date, you will need to run:

/opt/rt4/sbin/rt-fulltext-indexer

...at regular intervals.  By default, this will only tokenize up to 200
tickets at a time; you can adjust this upwards by passing C<--limit
500>.  Larger batch sizes will take longer and consume more memory.


What this file never says is how to tell the indexer tool how to connect to
the database. It clearly isn't pulling from the RT configuration, nor from
/home/www-data/rtrc.

On Fri, Dec 9, 2016 at 5:12 PM, Landon Stewart 
wrote:

> On Dec 9, 2016, at 2:06 PM, Alex Hall  wrote:
>
>
> I thought the tool I had to run periodically was 
> /opt/rt4/sbin/rt-fulltext-indexer.
> That's the one guides tell me to run; the setup tool seems to be the
> initial database adjustment tool, but once it runs once, I thought I had to
> run the indexer every so often. The indexer is the tool that refuses
> database credentials. Unless the guides on this are wrong, and the setup
> one is the one I have to run with cron?
>
>
> I haven't enabled Full Text searching in RT before but I have set it up in
> MySQL for other uses.  From my experiences with MySQL I believe you setup
> the indexes once only with the setup tool for RT and once they are setup
> there's no need to 're-index' anything regularly with any crontab or
> anything.
>
> Above all though - do this on a copy of your RT installation/database and
> make sure it works before you potentially interrupt the flow of business in
> production.
>
> --
> Landon Stewart
> Lead Analyst - Abuse and Security Management
> INTERNAP ®
> 📧 lstew...@internap.com
> 🌍 www.internap.com
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] supplying database credentials to rt-fulltext-indexer

[Landon Stewart]

On Dec 9, 2016, at 2:06 PM, Alex Hall 
mailto:ah...@autodist.com>> wrote:

I thought the tool I had to run periodically was 
/opt/rt4/sbin/rt-fulltext-indexer. That's the one guides tell me to run; the 
setup tool seems to be the initial database adjustment tool, but once it runs 
once, I thought I had to run the indexer every so often. The indexer is the 
tool that refuses database credentials. Unless the guides on this are wrong, 
and the setup one is the one I have to run with cron?

I haven't enabled Full Text searching in RT before but I have set it up in 
MySQL for other uses.  From my experiences with MySQL I believe you setup the 
indexes once only with the setup tool for RT and once they are setup there's no 
need to 're-index' anything regularly with any crontab or anything.

Above all though - do this on a copy of your RT installation/database and make 
sure it works before you potentially interrupt the flow of business in 
production.

--
Landon Stewart
Lead Analyst - Abuse and Security Management
INTERNAP ®
📧 lstew...@internap.com
🌍 www.internap.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] supplying database credentials to rt-fulltext-indexer

[Alex Hall]

I thought the tool I had to run periodically was
/opt/rt4/sbin/rt-fulltext-indexer. That's the one guides tell me to run;
the setup tool seems to be the initial database adjustment tool, but once
it runs once, I thought I had to run the indexer every so often. The
indexer is the tool that refuses database credentials. Unless the guides on
this are wrong, and the setup one is the one I have to run with cron?

On Fri, Dec 9, 2016 at 4:40 PM, Landon Stewart 
wrote:

> On Dec 9, 2016, at 1:33 PM, Alex Hall  wrote:
>
>
> I still don't have this working, so any input would be great. I just
> wanted to add that, since my last email on the topic, I've tried putting an
> rtrc file in /root, since I'm running this as root for the moment. It
> didn't help. I've also looked through the actual file, trying to find where
> it gets its credentials from, but all I saw was some kind of database
> handler function which I'll have to try to track down. I'm really hoping
> someone knows an easier way. After all, I can't be the first to use my own
> database name, username, and password who needs this tool to run.
>
>
> /opt/rt4/sbin/rt-setup-fulltext-index --dba root --dba-password secret
>
> Source: https://docs.bestpractical.com/rt/4.2.12/full_text_indexing.html
>
> --
> Landon Stewart
> Lead Analyst - Abuse and Security Management
> INTERNAP ®
> 📧 lstew...@internap.com
> 🌍 www.internap.com
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] supplying database credentials to rt-fulltext-indexer

[Landon Stewart]

On Dec 9, 2016, at 1:33 PM, Alex Hall 
mailto:ah...@autodist.com>> wrote:

I still don't have this working, so any input would be great. I just wanted to 
add that, since my last email on the topic, I've tried putting an rtrc file in 
/root, since I'm running this as root for the moment. It didn't help. I've also 
looked through the actual file, trying to find where it gets its credentials 
from, but all I saw was some kind of database handler function which I'll have 
to try to track down. I'm really hoping someone knows an easier way. After all, 
I can't be the first to use my own database name, username, and password who 
needs this tool to run.


/opt/rt4/sbin/rt-setup-fulltext-index --dba root --dba-password secret

Source: https://docs.bestpractical.com/rt/4.2.12/full_text_indexing.html

--
Landon Stewart
Lead Analyst - Abuse and Security Management
INTERNAP ®
📧 lstew...@internap.com
🌍 www.internap.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] supplying database credentials to rt-fulltext-indexer

[Alex Hall]

I still don't have this working, so any input would be great. I just wanted
to add that, since my last email on the topic, I've tried putting an rtrc
file in /root, since I'm running this as root for the moment. It didn't
help. I've also looked through the actual file, trying to find where it
gets its credentials from, but all I saw was some kind of database handler
function which I'll have to try to track down. I'm really hoping someone
knows an easier way. After all, I can't be the first to use my own database
name, username, and password who needs this tool to run.

On Thu, Dec 8, 2016 at 10:38 AM, Alex Hall  wrote:

> Hi all,
> I completely forgot to set up rt-fulltext-indexer as a cron job after
> initially enabling FTS. When I run it now, it complains that the database
> credentials are wrong, and yes, they definitely are. How do I give it the
> right ones? I hoped it would pick them up from rtrc, which I made for
> rt-email-dashboards, but it doesn't seem to be doing so. I know I've done
> this once before, I just don't remember (and can't find) how I did it.
> Thanks.
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com
>



-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Permissions on Customfield for CommandByEmail

[Woody - Wild Thing Safaris]

pls ignore. those CF's are not the ones needing updating. something else 
is up



On 09/12/16 20:49, Woody - Wild Thing Safaris wrote:

HI All,

I'm trying to set a custom field on create using the headers

X-RT-Command: CF.{PNR}: 12345678

X-RT-Command: CF.{Surname}: Bloggs

logs show:

[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command 
customfield{pnr} => 12345678 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command 
customfield{surname} => Bloggs 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #37 
(/var/www/sxxx/sbin/../lib/RT/CustomField.pm:1053)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #83 
(/var/www/xxx/sbin/../lib/RT/CustomField.pm:1053)


i actually want to "set initial value" for the custom field

i have granted "Everyone" the SeeCustomField and ModifyCustomField 
right for both fields.


I have also granted "SeeCustomField" and "ModifyCustomField" to 
Everyone for the Queue.


Is there a higher ranking right that i need for that right to exist? 
or is there a "set initial value" right somewhere?


thanks, as always, in advance

w.




--

---

Richard Wood (Woody)
Managing Director
Wild Thing Safaris Ltd.

UK: 2B Habbo St, Greenwich, London
Dar es Salaam: 5 Ethan St, Mbezi beach
Arusha: 3 Ebeneezer Rd, Njiro
PO BOX 34514 DSM
Office: +255 (0) 222 617 166
Office Mobile: +255 (0) 773 503 502
Direct: +255 742 373 327
Skype: woody1tz
http://wildthingsafaris.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

[rt-users] Permissions on Customfield for CommandByEmail

[Woody - Wild Thing Safaris]

HI All,

I'm trying to set a custom field on create using the headers

X-RT-Command: CF.{PNR}: 12345678

X-RT-Command: CF.{Surname}: Bloggs

logs show:

[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command customfield{pnr} 
=> 12345678 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:30 2016] [debug]: Got command 
customfield{surname} => Bloggs 
(/var/www/xxx/local/plugins/RT-Extension-CommandByMail/lib/RT/Extension/CommandByMail.pm:383)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #37 
(/var/www/sxxx/sbin/../lib/RT/CustomField.pm:1053)
[7552] [Fri Dec  9 17:35:31 2016] [debug]: Permission denied. User 
#469290 has no SeeCustomField right on CF #83 
(/var/www/xxx/sbin/../lib/RT/CustomField.pm:1053)


i actually want to "set initial value" for the custom field

i have granted "Everyone" the SeeCustomField and ModifyCustomField right 
for both fields.


I have also granted "SeeCustomField" and "ModifyCustomField" to Everyone 
for the Queue.


Is there a higher ranking right that i need for that right to exist? or 
is there a "set initial value" right somewhere?


thanks, as always, in advance

w.


--

---

Richard Wood (Woody)
Managing Director
Wild Thing Safaris Ltd.

UK: 2B Habbo St, Greenwich, London
Dar es Salaam: 5 Ethan St, Mbezi beach
Arusha: 3 Ebeneezer Rd, Njiro
PO BOX 34514 DSM
Office: +255 (0) 222 617 166
Office Mobile: +255 (0) 773 503 502
Direct: +255 742 373 327
Skype: woody1tz
http://wildthingsafaris.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Count and Group By CF

[Matt Zagrabelny]

On Fri, Dec 9, 2016 at 11:23 AM, Barton Chittenden
 wrote:
> We use a CF called 'Community Bug' to track bugzilla bug numbers associated
> with customer tickets. It would be really useful to know which values of
> CF.{Community Bug} occur most often.
>
> If you'll pardon a mix of SQL and query builder syntax, I'm looking to do
> something like this:
>
> SELECT COUNT(*), CF.{Community Bug}
> FROM CF
> GROUP BY CF.{Community Bug}
> ORDER BY COUNT(*)
>
> I'm well aware that query builder doesn't work like this, but I'm wondering
> if there's a way to do something like this.

What RT are you using?

In 4.2 the defaults will get you mostly there.

Search -> Chart

Group by -> Custom field

Choose CF, then "Update Chart"

-m
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

[rt-users] Count and Group By CF

[Barton Chittenden]

We use a CF called 'Community Bug' to track bugzilla bug numbers associated
with customer tickets. It would be really useful to know which values of
CF.{Community Bug} occur most often.

If you'll pardon a mix of SQL and query builder syntax, I'm looking to do
something like this:

SELECT COUNT(*), CF.{Community Bug}
FROM CF
GROUP BY CF.{Community Bug}
ORDER BY COUNT(*)

I'm well aware that query builder doesn't work like this, but I'm wondering
if there's a way to do something like this.

I'm sure that I could do this by querying the database directly, but I'd
prefer to do it the RT way if there is one.

Thanks!

--Barton
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] missing callbacks in 4.4.1 CSS?

[Emmanuel Lacour]

Le 09/12/2016 à 17:08, Alex Hall a écrit :
> Thanks. By "lib", I assume you just mean to make a folder somewhere,
> then use "@import myNewLib/myFile.css"? Should I make a replacement
> for the css file in local/html/NoAut/something that I'm replacing? I
> actually don't see a static folder around this CSS folder, so I'm not
> quite sure what should go where.h
>

Hi,

you just have to create a folder local/static/css and put CSS files here
with thinks you want to add/override. THen to use them, add each CSS
file name (without path) in configuration variable @CSSFiles and restart
you're web server.

Doc:
https://docs.bestpractical.com/rt/4.4.1/RT_Config.html#Web-interface 
->@CSSFiles.
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] missing callbacks in 4.4.1 CSS?

[Matt Zagrabelny]

Hey Alex,

On Fri, Dec 9, 2016 at 10:08 AM, Alex Hall  wrote:
> Thanks. By "lib", I assume you just mean to make a folder somewhere, then
> use "@import myNewLib/myFile.css"? Should I make a replacement for the css
> file in local/html/NoAut/something that I'm replacing? I actually don't see
> a static folder around this CSS folder, so I'm not quite sure what should go
> where.h

The static directory would be in your extension file hierarchy.

You'll be doing yourself a favor to be making most of your
customizations by ways of your own site modules (or extension).

Here is the documentation link for including your own static files:

https://docs.bestpractical.com/rt/4.4.1/writing_extensions.html#CSS-and-Javascript

Since you're using Debian the Perl modules for creating RT modules
should be in APT. I'd move forward with Module::Install::RTx.

-m
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] missing callbacks in 4.4.1 CSS?

[Alex Hall]

Thanks. By "lib", I assume you just mean to make a folder somewhere, then
use "@import myNewLib/myFile.css"? Should I make a replacement for the css
file in local/html/NoAut/something that I'm replacing? I actually don't see
a static folder around this CSS folder, so I'm not quite sure what should
go where.h

On Fri, Dec 9, 2016 at 10:35 AM, Matt Zagrabelny  wrote:

> Hi Alex,
>
> No need for a callback. Just include your CSS files in a lib. There is a
> function call you can make to include a CSS file in /static/css/. This is
> the proper way in, at least, 4.2.
>
> -m
>
> On Dec 9, 2016 9:55 AM, "Alex Hall"  wrote:
>
>> Hey all,
>> I'm trying to add a background image to a div, so went looking for the
>> callback the wiki describes. The wiki uses 3.8, and I'm on 4.4.1, but I
>> didn't think that mattered. Yet, I can't find any callbacks by looking in
>> main.css or base.css, and the wiki's big list of 4.2 callbacks has no css
>> at all. I tried
>> cd /opt/rt4/share
>> find /static/css | xargs grep 'callback'
>>
>> as well as
>>
>> find /static/css -name '*.css' | xargs grep 'callback'
>>
>> but got no results either way. What's the trick to callbacks in 4.4 for
>> CSS? Or do I make a copy of one of the CSS files in /opt/rt4/local and
>> modify it? Thanks.
>>
>> --
>> Alex Hall
>> Automatic Distributors, IT department
>> ah...@autodist.com
>>
>> -
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
>>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] missing callbacks in 4.4.1 CSS?

[Matt Zagrabelny]

Hi Alex,

No need for a callback. Just include your CSS files in a lib. There is a
function call you can make to include a CSS file in /static/css/. This is
the proper way in, at least, 4.2.

-m

On Dec 9, 2016 9:55 AM, "Alex Hall"  wrote:

> Hey all,
> I'm trying to add a background image to a div, so went looking for the
> callback the wiki describes. The wiki uses 3.8, and I'm on 4.4.1, but I
> didn't think that mattered. Yet, I can't find any callbacks by looking in
> main.css or base.css, and the wiki's big list of 4.2 callbacks has no css
> at all. I tried
> cd /opt/rt4/share
> find /static/css | xargs grep 'callback'
>
> as well as
>
> find /static/css -name '*.css' | xargs grep 'callback'
>
> but got no results either way. What's the trick to callbacks in 4.4 for
> CSS? Or do I make a copy of one of the CSS files in /opt/rt4/local and
> modify it? Thanks.
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com
>
> -
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
>
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

[rt-users] missing callbacks in 4.4.1 CSS?

[Alex Hall]

Hey all,
I'm trying to add a background image to a div, so went looking for the
callback the wiki describes. The wiki uses 3.8, and I'm on 4.4.1, but I
didn't think that mattered. Yet, I can't find any callbacks by looking in
main.css or base.css, and the wiki's big list of 4.2 callbacks has no css
at all. I tried
cd /opt/rt4/share
find /static/css | xargs grep 'callback'

as well as

find /static/css -name '*.css' | xargs grep 'callback'

but got no results either way. What's the trick to callbacks in 4.4 for
CSS? Or do I make a copy of one of the CSS files in /opt/rt4/local and
modify it? Thanks.

-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Searching for tickets with empty CF in RT 4.2.8

[Matt Zagrabelny]

Hi Thomas,

On Fri, Dec 9, 2016 at 4:53 AM, Thomas Oddsund
 wrote:
> Hello,
>
> I have some saved searches on my dashboard. Three of them are based on a 
> Custom Field; one show tickets where the CF is set to X, one where CF is set 
> to Y, and one is supposed to show tickets tagged with something other then X 
> or Y.
> To make the third search, I created the following search;
> Queue = 'foo'
> AND CF.{bar} != 'X'
> AND CF.[bar] != 'Y'
> AND (
>   Status = 'new'
>  OR Status = 'open'
>  OR Status = 'stalled' )
>
> However, tickets marked with either X or Y are still appearing in the result. 
> The same result was returned if i changed != to "NOT LIKE", and if I removed 
> either the X or Y part.
>
> Is this a bug, is there something wrong with our RT instance or is there 
> something I've overlooked?

I'm not sure about answering this question, but you can search for
tickets with empty CF values using the Advanced editing option of a
Search:

'CF.{bar}' is null

-m
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Claude EDUMA]

Hi,

Sorry, i used the shredder to remove all user from RT user's DB an now it's
work fine.

Thank you everyone for your help.


Regards,

2016-12-09 14:56 GMT+01:00 Martin Wheldon <
martin.whel...@greenhills-it.co.uk>:

> Hi,
>
> Sorry, please disregard my last response, the user account has been found.
> Could you post the RT logs please?
>
> Best Regards
>
> Martin
>
>
> On 2016-12-09 13:44, Martin Wheldon wrote:
>
>> Hi,
>>
>> Looks like a ldap acl issue, is your ldap search user able to access
>> the users mail attribute?
>>
>> Best Regards
>>
>> Martin
>>
>> On 2016-12-09 13:37, Claude EDUMA wrote:
>>
>>> LDAP logs show that user is retreive, but not bind.
>>>
>>> -
>>>
>>> SRCH base="o=corp.mycorp.com [2]" scope=2
>>> filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
>>> attrs="cn mail mail"
>>> [09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
>>> tag=101 nentries=1 etime=0
>>>
>>> 
>>>
>>> Regards.
>>>
>>> 2016-12-09 14:21 GMT+01:00 Claude EDUMA :
>>>
>>> Well,

 I will try to use user mail for authentication.

 here is conf i tested without success :(

 -

 Set($ExternalSettings, {
 'My_LDAP'   =>  {
 'type' =>  'ldap',
 'server'   =>
 'ldap://ypmycorpldap.corp.mycorp.com [1]',
 'user' =>
 'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
 [2]',
 'pass' =>
 'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
 'base' =>  'o=corp.mycorp.com [2]',
 'filter'   =>  '(objectClass=person)',
 'tls'  => { verify => "require", cafile =>
 "/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
 'net_ldap_args'=> [version =>  3, debug => 8
 ],
 'attr_match_list'  => [
 'Name' ,
 'EmailAddress',
 ],
 # Import the following properties of the user from LDAP
 upon
 # login
 'attr_map' => {
 'Name' => 'mail',
 'EmailAddress' => 'mail',
 'RealName' => 'cn',
 }
 },
 }
 );

 ---

 Regards

 2016-12-09 13:59 GMT+01:00 Martin Wheldon
 :
 Hi,

 You could either use another unique attribute i.e mail or add
 another uid to each RT user prefixed by a letter.

 dn: uid=123456,dc=my,dc=domain
 uid: 123456
 uid: x123456

 Best Regards

 Martin

 On 2016-12-09 12:49, Joop wrote:
 On 9-12-2016 13:38, Claude EDUMA wrote:
 Hi Joop,

 Thank you for your quick answer.
 We have tested with non numerical username and result is OK.
 Well in my organisation we use ldap uid for username. Any suggestion
 to resolve this issue ?

 Please keep the list in the loop.

 I think the problem is in the function(s) which load the user info.
 These functions take a name OR an id and then load the corresponding
 info. When  usernames are IDs that doesn't work any more. Other than
 patching all functions which use this I don't see another solution
 than
 to change the use of uid as a username, sorry.

 Joop

 -
 RT 4.4 and RTIR training sessions, and a new workshop day!
 https://bestpractical.com/training [3]
 * Los Angeles - January 9-11 2017

>>>  -
>>> RT 4.4 and RTIR training sessions, and a new workshop day!
>>> https://bestpractical.com/training [3]
>>> * Los Angeles - January 9-11 2017
>>>
>>>
>>>
>>> Links:
>>> --
>>> [1] http://ypmycorpldap.corp.mycorp.com
>>> [2] http://corp.mycorp.com
>>> [3] https://bestpractical.com/training
>>>
>> -
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
>>
> -
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
>
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Martin Wheldon]

Hi,

Sorry, please disregard my last response, the user account has been 
found.

Could you post the RT logs please?

Best Regards

Martin

On 2016-12-09 13:44, Martin Wheldon wrote:

Hi,

Looks like a ldap acl issue, is your ldap search user able to access
the users mail attribute?

Best Regards

Martin

On 2016-12-09 13:37, Claude EDUMA wrote:

LDAP logs show that user is retreive, but not bind.

-

SRCH base="o=corp.mycorp.com [2]" scope=2
filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0



Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA :


Well,

I will try to use user mail for authentication.

here is conf i tested without success :(

-

Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>
'ldap://ypmycorpldap.corp.mycorp.com [1]',
'user' =>
'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
[2]',
'pass' =>
'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' =>  'o=corp.mycorp.com [2]',
'filter'   =>  '(objectClass=person)',
'tls'  => { verify => "require", cafile =>
"/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'=> [version =>  3, debug => 8
],
'attr_match_list'  => [
'Name' ,
'EmailAddress',
],
# Import the following properties of the user from LDAP
upon
# login
'attr_map' => {
'Name' => 'mail',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);

---

Regards

2016-12-09 13:59 GMT+01:00 Martin Wheldon
:
Hi,

You could either use another unique attribute i.e mail or add
another uid to each RT user prefixed by a letter.

dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:
On 9-12-2016 13:38, Claude EDUMA wrote:
Hi Joop,

Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?

Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution
than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017

 -
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017



Links:
--
[1] http://ypmycorpldap.corp.mycorp.com
[2] http://corp.mycorp.com
[3] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Martin Wheldon]

Hi,

Looks like a ldap acl issue, is your ldap search user able to access the 
users mail attribute?


Best Regards

Martin

On 2016-12-09 13:37, Claude EDUMA wrote:

LDAP logs show that user is retreive, but not bind.

-

SRCH base="o=corp.mycorp.com [2]" scope=2
filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0



Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA :


Well,

I will try to use user mail for authentication.

here is conf i tested without success :(

-

Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>
'ldap://ypmycorpldap.corp.mycorp.com [1]',
'user' =>
'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
[2]',
'pass' =>
'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' =>  'o=corp.mycorp.com [2]',
'filter'   =>  '(objectClass=person)',
'tls'  => { verify => "require", cafile =>
"/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'=> [version =>  3, debug => 8
],
'attr_match_list'  => [
'Name' ,
'EmailAddress',
],
# Import the following properties of the user from LDAP
upon
# login
'attr_map' => {
'Name' => 'mail',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);

---

Regards

2016-12-09 13:59 GMT+01:00 Martin Wheldon
:
Hi,

You could either use another unique attribute i.e mail or add
another uid to each RT user prefixed by a letter.

dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:
On 9-12-2016 13:38, Claude EDUMA wrote:
Hi Joop,

Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?

Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution
than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017

 -
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017



Links:
--
[1] http://ypmycorpldap.corp.mycorp.com
[2] http://corp.mycorp.com
[3] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Claude EDUMA]

LDAP logs show that user is retreive, but not bind.

-

SRCH base="o=corp.mycorp.com" scope=2
filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0



Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA :

> Well,
>
> I will try to use user mail for authentication.
>
> here is conf i tested without success :(
>
> -
>  Set($ExternalSettings, {
> 'My_LDAP'   =>  {
> 'type' =>  'ldap',
> 'server'   =>  'ldap://ypmycorpldap.corp.mycorp.com',
> 'user' =>  'uid=mycorp-rtir-reader,ou=
> applicationAccounts,o=corp.mycorp.com',
> 'pass' =>  'SikH2mmKLtPi0E4ZYcqldTXAgILVxG
> VhXWlHBF3o21',
> 'base' =>  'o=corp.mycorp.com',
> 'filter'   =>  '(objectClass=person)',
> 'tls'  => { verify => "require", cafile =>
> "/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
> 'net_ldap_args'=> [version =>  3, debug => 8   ],
> 'attr_match_list'  => [
> 'Name' ,
> 'EmailAddress',
> ],
> # Import the following properties of the user from LDAP upon
> # login
> 'attr_map' => {
> 'Name' => 'mail',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> }
> },
> }
> );
>
> ---
>
> Regards
>
>
>
> 2016-12-09 13:59 GMT+01:00 Martin Wheldon  co.uk>:
>
>> Hi,
>>
>> You could either use another unique attribute i.e mail or add another uid
>> to each RT user prefixed by a letter.
>>
>> dn: uid=123456,dc=my,dc=domain
>> uid: 123456
>> uid: x123456
>>
>> Best Regards
>>
>> Martin
>>
>>
>> On 2016-12-09 12:49, Joop wrote:
>>
>>> On 9-12-2016 13:38, Claude EDUMA wrote:
>>>
 Hi Joop,


 Thank you for your quick answer.
 We have tested with non numerical username and result is OK.
 Well in my organisation we use ldap uid for username. Any suggestion
 to resolve this issue ?

 Please keep the list in the loop.
>>>
>>> I think the problem is in the function(s) which load the user info.
>>> These functions take a name OR an id and then load the corresponding
>>> info. When  usernames are IDs that doesn't work any more. Other than
>>> patching all functions which use this I don't see another solution than
>>> to change the use of uid as a username, sorry.
>>>
>>> Joop
>>>
>>> -
>>> RT 4.4 and RTIR training sessions, and a new workshop day!
>>> https://bestpractical.com/training
>>> * Los Angeles - January 9-11 2017
>>>
>> -
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
>>
>
>
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Claude EDUMA]

Well,

I will try to use user mail for authentication.

here is conf i tested without success :(

-
 Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ldap://ypmycorpldap.corp.mycorp.com',
'user' =>
 'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com',
'pass' =>
 'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' =>  'o=corp.mycorp.com',
'filter'   =>  '(objectClass=person)',
'tls'  => { verify => "require", cafile =>
"/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'=> [version =>  3, debug => 8   ],
'attr_match_list'  => [
'Name' ,
'EmailAddress',
],
# Import the following properties of the user from LDAP upon
# login
'attr_map' => {
'Name' => 'mail',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);

---

Regards



2016-12-09 13:59 GMT+01:00 Martin Wheldon <
martin.whel...@greenhills-it.co.uk>:

> Hi,
>
> You could either use another unique attribute i.e mail or add another uid
> to each RT user prefixed by a letter.
>
> dn: uid=123456,dc=my,dc=domain
> uid: 123456
> uid: x123456
>
> Best Regards
>
> Martin
>
>
> On 2016-12-09 12:49, Joop wrote:
>
>> On 9-12-2016 13:38, Claude EDUMA wrote:
>>
>>> Hi Joop,
>>>
>>>
>>> Thank you for your quick answer.
>>> We have tested with non numerical username and result is OK.
>>> Well in my organisation we use ldap uid for username. Any suggestion
>>> to resolve this issue ?
>>>
>>> Please keep the list in the loop.
>>
>> I think the problem is in the function(s) which load the user info.
>> These functions take a name OR an id and then load the corresponding
>> info. When  usernames are IDs that doesn't work any more. Other than
>> patching all functions which use this I don't see another solution than
>> to change the use of uid as a username, sorry.
>>
>> Joop
>>
>> -
>> RT 4.4 and RTIR training sessions, and a new workshop day!
>> https://bestpractical.com/training
>> * Los Angeles - January 9-11 2017
>>
> -
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Los Angeles - January 9-11 2017
>
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Martin Wheldon]

Hi,

You could either use another unique attribute i.e mail or add another 
uid to each RT user prefixed by a letter.


dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:

On 9-12-2016 13:38, Claude EDUMA wrote:

Hi Joop,


Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?


Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Joop]

On 9-12-2016 13:38, Claude EDUMA wrote:
> Hi Joop,
>
>
> Thank you for your quick answer.
> We have tested with non numerical username and result is OK.
> Well in my organisation we use ldap uid for username. Any suggestion
> to resolve this issue ?
>
Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

[rt-users] Searching for tickets with empty CF in RT 4.2.8

[Thomas Oddsund]

Hello,

I have some saved searches on my dashboard. Three of them are based on a Custom 
Field; one show tickets where the CF is set to X, one where CF is set to Y, and 
one is supposed to show tickets tagged with something other then X or Y.
To make the third search, I created the following search;
Queue = 'foo' 
AND CF.{bar} != 'X'
AND CF.[bar] != 'Y'
AND (
  Status = 'new'
 OR Status = 'open'
 OR Status = 'stalled' )

However, tickets marked with either X or Y are still appearing in the result. 
The same result was returned if i changed != to "NOT LIKE", and if I removed 
either the X or Y part.

Is this a bug, is there something wrong with our RT instance or is there 
something I've overlooked?
The operator 'IS' works fine, but it would be nice if I didn't have to change a 
query each time I updated a Custom Field..

Best regards,
Thomas Oddsund
SDS/USIT
University of Oslo
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Joop]

On 9-12-2016 11:11, Claude EDUMA wrote:
> Hi everyone.
> First sorry for my english i'm french.
>
> I try a couple of week to have LDAP authentication with my fresh RT
> 4.4.1 installation.
> All seem good but login still fail.
>
> --
> First login :
> -
> [13619] [Wed Dec  7 16:42:02 2016] [debug]: UserExists params:
> username: 20006587 , service: My_LDAP
I think you may have a problem here. This has come up on the mailinglist
a few times but I think that usernames can't start with a number.
Can you try with a 'regular' username consisting of only letters?

Regards,

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

[rt-users] RT 4.4.1 LDAP Authentication issue.

[Claude EDUMA]

Hi everyone.
First sorry for my english i'm french.

I try a couple of week to have LDAP authentication with my fresh RT 4.4.1
installation.
All seem good but login still fail.

As you ca see in logs, if it's first time that user try to login, he is
create in RT but and all cheks seem to be OK but user is not granted access.

below RT_Siteconfig.pm and logs.

Thank you for your help.
--
RT_Siteconfig.pm
-

Set($MaxAttachmentSize , 1000);
Set($FriendlyFromLineFormat, "\"%s\" <%s>");
Set($Timezone, "Europe/Paris");
Set($DisableGD, 0);
Set( $DisableGraphViz, 1 );
Set($LogToFile , 'debug');
Set($LogDir, '/var/log');
Set($LogToFileNamed , "rt.log");

Set($WebDomain, 'dmycopr');
Set($WebPort, 82);
Set($Organization, 'mycopr.com');
Set($CorrespondAddress , 'al...@mycoprservices.com');
Set($CommentAddress , 'al...@mycoprservices.com');
Set($SendmailPath, "/usr/lib/sendmail");
Set($SendmailArguments, "-t");
Set($OwnerEmail, "alert\@mycoprservices.com"); #who to email errors to
Set($UseTransactionBatch, '1');

 # Use the below LDAP source for both authentication, as well as user
# information
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalServiceUsesSSLorTLS, 1);

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 0);

# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ldaps://ypmycoprldap.corp.mycopr.com',
'user' =>
 'uid=mycopr-rtir-reader,ou=applicationAccounts,o=corp.mycopr.com',
'pass' =>
 'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' =>  'o=corp.mycopr.com',
'filter'   =>  '(objectClass=privperson)',
'tls'  => { verify => "require", cafile =>
"/etc/pki/tls/mycopr_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'=> [version =>  3, debug => 8   ],
'attr_match_list'  => [
'Name',
'EmailAddress',
],
# Import the following properties of the user from LDAP upon
# login
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);



1;


--
First login :
-
[13619] [Wed Dec  7 16:42:02 2016] [debug]: UserExists params:
username: 20006587 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:487)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com == Filter: (&(objectClass=privperson)(uid=20006587)) ==
Attrs: cn,mail,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:517)
[13619] [Wed Dec  7 16:42:02 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos:
20006587, Name: 20006587, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: Attempting to get user info
using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com == Filter: (&(objectClass=privperson)(uid=20006587)) ==
Attrs: cn,mail,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:405)
[13619] [Wed Dec  7 16:42:02 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Disabled: ,
EmailAddress: u...@ext.mycorp.com, Gecos: 20006587, Name: 20006587,
Privileged: 1, RealName: user (/opt/rt4/sbin/../lib/RT/User.pm:811)
[13619] [Wed Dec  7 16:42:02 2016] [info]: Autocreated external user
20006587 ( 716 ) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:358)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: Loading new user ( 20006587 )
into current session (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:364)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: Password validation required for
service - Executing... (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:381)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: Trying external auth service:
My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201)
[13619] [Wed Dec  7 16:42:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com == Filter: (&(uid=20006587)(objectClass=privperson)) ==
Attrs: dn (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm: