[rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I've done some initial investigation but this doesn't seem to be so simple for me to do. Please can someone assist? I'm using RT::Authen::ExternalAuth and have the following working: External auth with LDAP and auto create privileged users if they are in 'rt' group in LDAP. How can unprivileged users be auto created if they are in LDAP but not in the 'rt' group when they send a mail ticket request so they can login through self service access? PS What should the ExternalInfoPriority be set to if no LDAP lookups for creating new users via RT? Thanks. Set( $rtname, '***.***.**.**'); Set($Organization , '.***.**.**'); Set($Timezone , 'Africa/Johannesburg'); Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth))); Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$'); Set($LogToSyslog , 'debug'); Set($LogToScreen, 'debug'); Set($DatabaseType , 'mysql'); Set($DatabaseHost , ''); Set($DatabaseRTHost , ''); Set($DatabasePort , ''); Set($DatabaseUser , ''); Set($DatabasePassword , '*'); Set($DatabaseName , ''); Set($DatabaseRequireSSL , undef); Set($OwnerEmail , 'root'); Set($MaxAttachmentSize , 1000); Set($CanonicalizeOnCreate, 0); Set($AutoCreate, {Privileged = 1}); require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm; Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' = { 'type'= 'ldap', 'server' = '**', 'user'= '', 'pass'= '', 'base'= 'dc=,dc=***,dc=**,dc=**', 'filter' = '(objectClass=*)', 'd_filter'= '(objectClass=FooBarBaz)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3], 'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***', 'group_attr' = 'member', 'attr_match_list' = ['Name', 'EmailAddress'], 'attr_map'= {'Name' = 'uid', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'} } } ); -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce 8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x 8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0 LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA= =dkSU -END PGP SIGNATURE- To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.fnb.co.za/disclaimer.html If you are unable to access the Disclaimer, send a blank e-mail to firstrandbankdisclai...@fnb.co.za and we will send you a copy of the Disclaimer. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
I'm just going off memory of what I have read, but can't you have more than one LDAP to look up against and have the AutoCreate in the LDAP portion of the config? Maybe have one for RT=Privileged and one for non-RT=normal autocreate? -Mark -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Robert Gabriel Sent: Monday, September 06, 2010 6:25 AM To: rt-users@lists.bestpractical.com Subject: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all, I've done some initial investigation but this doesn't seem to be so simple for me to do. Please can someone assist? I'm using RT::Authen::ExternalAuth and have the following working: External auth with LDAP and auto create privileged users if they are in 'rt' group in LDAP. How can unprivileged users be auto created if they are in LDAP but not in the 'rt' group when they send a mail ticket request so they can login through self service access? PS What should the ExternalInfoPriority be set to if no LDAP lookups for creating new users via RT? Thanks. Set( $rtname, '***.***.**.**'); Set($Organization , '.***.**.**'); Set($Timezone , 'Africa/Johannesburg'); Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth))); Set( @Plugins, qw(RT::Authen::ExternalAuth) ); Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$'); Set($LogToSyslog , 'debug'); Set($LogToScreen, 'debug'); Set($DatabaseType , 'mysql'); Set($DatabaseHost , ''); Set($DatabaseRTHost , ''); Set($DatabasePort , ''); Set($DatabaseUser , ''); Set($DatabasePassword , '*'); Set($DatabaseName , ''); Set($DatabaseRequireSSL , undef); Set($OwnerEmail , 'root'); Set($MaxAttachmentSize , 1000); Set($CanonicalizeOnCreate, 0); Set($AutoCreate, {Privileged = 1}); require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm; Set($ExternalAuthPriority, ['My_LDAP']); Set($ExternalInfoPriority, ['My_LDAP']); Set($ExternalServiceUsesSSLorTLS, 0); Set($AutoCreateNonExternalUsers, 0); Set($ExternalSettings, { 'My_LDAP' = { 'type'= 'ldap', 'server' = '**', 'user'= '', 'pass'= '', 'base'= 'dc=,dc=***,dc=**,dc=**', 'filter' = '(objectClass=*)', 'd_filter'= '(objectClass=FooBarBaz)', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [version = 3], 'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***', 'group_attr' = 'member', 'attr_match_list' = ['Name', 'EmailAddress'], 'attr_map'= {'Name' = 'uid', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'} } } ); -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce 8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x 8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0 LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA= =dkSU -END PGP SIGNATURE- To read FirstRand Bank's Disclaimer for this email click on the following address or copy into your Internet browser: https://www.fnb.co.za/disclaimer.html If you are unable to access the Disclaimer, send a blank e-mail to firstrandbankdisclai...@fnb.co.za and we will send you a copy of the Disclaimer. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! CONFIDENTIALITY NOTICE: The information contained in this email message, including any attachments, may be privileged, confidential and otherwise protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this message, including any attachments, is strictly prohibited. If you have received this email message in error, please notify the sender by reply email and delete/destroy the email message, including attachments, and any copies thereof. Although we have taken precautions to minimize the risk of transmitting viruses via email and attachments thereto, we do not guarantee that either is virus-free, and we accept no liability for any damages sustained as a result of any such viruses. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] Webmux.pl crashes Apache22 on FreeBSD 8.1
The update to Devel-StackTrace 1.24 solved the problem of webmux.pl not allowing apache to startup. Thank you for the help. Reid On Fri, Sep 3, 2010 at 12:14 PM, dill weed dillwe...@gmail.com wrote: Thanks that good information. When I get back into work next week, I'll give that a go. I'm sure that is what the problem is. Thank you everyone for the help. Reid On Fri, Sep 3, 2010 at 9:17 AM, Kevin Falcone falc...@bestpractical.com wrote: On Thu, Sep 02, 2010 at 02:51:48PM -0700, dill weed wrote: I don't have access to the server until Monday to run make testdeps, but the version of Stacktrace that I'm using is p5-Devel-StackTrace 1.23 from the FreeBSD ports collection. Looks like the CPAN author made a mistake with 1.23. He has released 1.24 to rectify it. http://cpansearch.perl.org/src/DROLSKY/Devel-StackTrace-1.24/Changes -kevin On Thu, Sep 2, 2010 at 2:20 PM, Jesse Vincent je...@bestpractical.com wrote: On Thu, Sep 02, 2010 at 02:16:06PM -0700, dill weed wrote: I recently updated my installation of rt38 from the ports collection on FreeBSD 8.1 and found that webmux.pl will not allow apache22 to start. Here is a copy of the error that I'm am receiving: make testdeps from the RT build directory? Also, what version of Devel::StackTrace is installed? [Wed Sep 01 11:01:08 2010] [error] Devel::StackTrace does not define $Devel::StackTrace::VERSION--version check failed at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class/Base.pm line 10.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class/Base.pm line 10.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class.pm line 10.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class.pm line 10.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Exceptions.pm line 73.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Exceptions.pm line 73.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Tools.pm line 18.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Tools.pm line 18.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Request.pm line 41.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Request.pm line 41.\nCompilation failed in require at (eval 1218) line 3.\n\t...propagated at /usr/local/lib/perl5/5.10.1/base.pm line 94.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/RT/Interface/Web/Request.pm line 55.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/RT/Interface/Web/Handler.pm line 60.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/RT/Interface/Web/Handler.pm line 60.\nCompilation failed in require at /usr/local/bin/webmux.pl line 150.\nCompilation failed in require at (eval 4) line 1.\n [Wed Sep 01 11:01:08 2010] [error] Can't load Perl file: /usr/local/bin/webmux.pl for serve blah.blah.home:0, exiting... However when I comment out the webmux.pl line from my httpd.conf the server starts fine. I'm not sure why the error is coming from Devel::StrackTrace and I'm not sure how to fix this error. I'm anxious to hear what tips other users might have. Everything is update as far as the ports collection is concerned. I'm running FreeBSD 8.1, apache 2.2.16, mod_perl2 2.0.4, mysql 5.1.(something). All items were installed from the ports collection. Thank you in advance for the help, Reid RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! -- RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] Slow Ticket History 3.8.8
Hi Ruslan, Sorry looks like I shrunk the image too much. The thing I find odd is that there are others with similar hardware who don't get the problem. It'll be great if 3.10 fixes it for me, but I'd love to get to the bottom of it first. I'm pretty much positive it's not a DB issue, as I've tried different sizes of DB, tried postgres AND mysql etc. I don't think it's apache as I've tried the built in webserver with RT and no change there either. Currently trying to install RT on Centos given that Roy (who has kindly been helping me with details of his own setup) appears to have none of the same problems on that OS. Perhaps perl is just slow on the 64bit ubuntu we've currently got live. No idea if it's going to have any effect though :( Justin - Justin Hayes OpenBet Support Manager justin.ha...@openbet.com On 6 Sep 2010, at 18:37, Ruslan Zakirov wrote: Justin. First of all, I can not read from the chart, but anyway history rendering has been worked on in a new code branch. Probably this code will be part of RT 3.10. Code at the moment is unstable, but eventually it wil be faster then the current version. On Mon, Sep 6, 2010 at 8:56 PM, Justin Hayes justin.ha...@openbet.com wrote: So far we've tried installing RT on different hardware, both 32 and 64bit versions of linux. RT is still very slow for long tickets. All the time is taken up by the perl/apache process maxing out a core of CPU. We've even gone as far as trying to profile the code. We came up with this graph of where the time was going: TIMING.png We then tried to go further into those functions but can't find a single smoking gun call that is taking all the time. For example in a ticket that takes 22s to render approx 5 secs goes on these 2 lines: File: Ticket/Elements/ShowHistory line: 100-103 version 3.8.8 my @trans_attachments = grep { $_-TransactionId == $Transaction-Id } @attachments; grep { ($_-TransactionId == $Transaction-Id ) ($trans_content-{$_-Id} = $_) } @attachment_content; Both are greps. Does this imply that perl itself is just slow? IF so why would our perl be slow compared to other people's? We've tried compiling it from source and that made no difference. ATM we're at a bit of a loss Justin - Justin Hayes OpenBet Support Manager justin.ha...@openbet.com On 1 Jul 2010, at 11:51, Raed El-Hames wrote: Justin, Do you use Transaction custom fields, if you do n’t ; try and comment out lines 70,71,72 from html/Ticket/Elements/ShowTransaction % if ( $Transaction-CustomFieldValues-Count ) { /Elements/ShowCustomFields, Object = $Transaction % } See if that improves things for you. Some of our monitoring tickets can have up to 500 updates, such tickets use to take up to 20s to load, once I commented out the above lines, load time is now down to less than 5 seconds. Regards; Roy From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Justin Hayes Sent: 01 July 2010 11:39 To: Kenneth Crocker Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Slow Ticket History 3.8.8 We do Kenneth, but most tickets don't have many file attachments, so I assume that's not an issue? Cheers, Justin - Justin Hayes OpenBet Support Manager justin.ha...@openbet.com On 29 Jun 2010, at 17:54, Kenneth Crocker wrote: Justin, I didn't see this mentioned and may have missed it, but are you displaying attachements inline? That might cut back on the I/O for History. Just a thought. Kenn LBNL On Tue, Jun 29, 2010 at 8:04 AM, Justin Hayes justin.ha...@openbet.com wrote: As a test we've just created a long ticket in an empty RT DB and it's very fast. So does look to be DB related - contrary to our earlier investigations. I guess it must still access the DB resultset during the ticket rendering (which isn't how we thought it would work). Time to tune the hell out of mysql then... Justin - Justin Hayes OpenBet Support Manager justin.ha...@openbet.com On 29 Jun 2010, at 15:53, Justin Hayes wrote: Seem to be quite a few things to look at Jason. Need to figure out what they all mean first. Justin General Statistics -- [--] Skipped version check for MySQLTuner script [OK] Currently running supported MySQL version 5.1.37-1ubuntu5.4-log [OK] Operating on 64-bit architecture Storage Engine Statistics --- [--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster [--] Data in MyISAM tables: 611M (Tables: 8) [--] Data in InnoDB tables: 10G (Tables: 20) [!!] Total
Re: [rt-users] Slow Ticket History 3.8.8
Hi Justin, I've recently been using siege to bash on RT, and have been testing the following two settings in our RT_SiteConfig.pm Set($UseSQLForACLChecks, 1); Set($WebExternalAuthContinuous, 0); The combined effect has been a serious reduction in rendering speed in general, and particularly so for long tickets. Cheers, Jeff. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!