[rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello all,
I've done some initial investigation but this doesn't seem to be so
simple for me to do.
Please can someone assist?
I'm using RT::Authen::ExternalAuth and have the following working:
External auth with LDAP and auto create privileged users if they are
in 'rt' group in LDAP.
How can unprivileged users be auto created if they are in LDAP but not
in the 'rt' group when they send a mail ticket request so they can login
through self service access?
PS What should the ExternalInfoPriority be set to if no LDAP
lookups for creating new users via RT?
Thanks.
Set( $rtname, '***.***.**.**');
Set($Organization , '.***.**.**');
Set($Timezone , 'Africa/Johannesburg');
Set(@Plugins,(qw(Extension::QuickDelete RT::FM RT::Authen::ExternalAuth)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$');
Set($LogToSyslog , 'debug');
Set($LogToScreen, 'debug');
Set($DatabaseType , 'mysql');
Set($DatabaseHost , '');
Set($DatabaseRTHost , '');
Set($DatabasePort , '');
Set($DatabaseUser , '');
Set($DatabasePassword , '*');
Set($DatabaseName , '');
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , 'root');
Set($MaxAttachmentSize , 1000);
Set($CanonicalizeOnCreate, 0);
Set($AutoCreate, {Privileged = 1});
require
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm;
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' = {
'type'= 'ldap',
'server' = '**',
'user'= '',
'pass'= '',
'base'= 'dc=,dc=***,dc=**,dc=**',
'filter' = '(objectClass=*)',
'd_filter'= '(objectClass=FooBarBaz)',
'tls' = 0,
'ssl_version' = 3,
'net_ldap_args' = [version = 3],
'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***',
'group_attr' = 'member',
'attr_match_list' = ['Name', 'EmailAddress'],
'attr_map'= {'Name' = 'uid', 'RealName' = 'cn',
'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'}
}
}
);
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce
8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x
8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I
PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0
LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o
Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA=
=dkSU
-END PGP SIGNATURE-
To read FirstRand Bank's Disclaimer for this email click on the following
address or copy into your Internet browser:
https://www.fnb.co.za/disclaimer.html
If you are unable to access the Disclaimer, send a blank e-mail to
firstrandbankdisclai...@fnb.co.za and we will send you a copy of the Disclaimer.
RT Training in Washington DC, USA on Oct 25 26 2010
Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged Users
I'm just going off memory of what I have read, but can't you have more
than one LDAP to look up against and have the AutoCreate in the LDAP
portion of the config?
Maybe have one for RT=Privileged and one for non-RT=normal autocreate?
-Mark
-Original Message-
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Robert
Gabriel
Sent: Monday, September 06, 2010 6:25 AM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] RT::Authen::ExternalAuth AutoCreate [Un]Privileged
Users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello all,
I've done some initial investigation but this doesn't seem to be so
simple for me to do.
Please can someone assist?
I'm using RT::Authen::ExternalAuth and have the following working:
External auth with LDAP and auto create privileged users if they are
in 'rt' group in LDAP.
How can unprivileged users be auto created if they are in LDAP but not
in the 'rt' group when they send a mail ticket request so they can login
through self service access?
PS What should the ExternalInfoPriority be set to if no LDAP
lookups for creating new users via RT?
Thanks.
Set( $rtname, '***.***.**.**');
Set($Organization , '.***.**.**');
Set($Timezone , 'Africa/Johannesburg');
Set(@Plugins,(qw(Extension::QuickDelete RT::FM
RT::Authen::ExternalAuth)));
Set( @Plugins, qw(RT::Authen::ExternalAuth) );
Set($RTAddressRegexp , '^(-***)?...@***\.**\.**$');
Set($LogToSyslog , 'debug');
Set($LogToScreen, 'debug');
Set($DatabaseType , 'mysql');
Set($DatabaseHost , '');
Set($DatabaseRTHost , '');
Set($DatabasePort , '');
Set($DatabaseUser , '');
Set($DatabasePassword , '*');
Set($DatabaseName , '');
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , 'root');
Set($MaxAttachmentSize , 1000);
Set($CanonicalizeOnCreate, 0);
Set($AutoCreate, {Privileged = 1});
require
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm;
Set($ExternalAuthPriority, ['My_LDAP']);
Set($ExternalInfoPriority, ['My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' = {
'type'= 'ldap',
'server' = '**',
'user'= '',
'pass'= '',
'base'= 'dc=,dc=***,dc=**,dc=**',
'filter' = '(objectClass=*)',
'd_filter'= '(objectClass=FooBarBaz)',
'tls' = 0,
'ssl_version' = 3,
'net_ldap_args' = [version = 3],
'group' = 'cn=rt,ou=groups,dc=,dc=,dc=**,dc=***',
'group_attr' = 'member',
'attr_match_list' = ['Name', 'EmailAddress'],
'attr_map'= {'Name' = 'uid', 'RealName' = 'cn',
'ExternalAuthId' = 'uid', 'Gecos' = 'cn', 'EmailAddress' = 'mail'}
}
}
);
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMhM+hAAoJEBMzHChmstlqrfsH/3UFar4PQFUBjN3o7pc4iBce
8oOGftGf75+0/CZkVVt3ogOo+JCFWlfpSb21Kh4YKYMUZ2NXRQVWQO6O25iO8u0x
8aL/rkzei98mKCNlkWP6O/lVIiXeTzAHMJgHJpbC207mEcqRFCKToJ61nOnmtU8I
PBZntO+SRK5V/i+WPFk75/ZmAayJ30wZxVZmThjKPPpINSMkP/y5naUAH1aFwuk0
LMg5CcxloOxq0pEFA6PfQGjetk8NEeF6T01ypS8R8+ArQBrBBJYUJkhuPrRjge3o
Dyl9Eb0wE/HwubZBVixSvLoTMFj4tPo+mYHth+cexMyRZf7br6ieWMSSOwYFNzA=
=dkSU
-END PGP SIGNATURE-
To read FirstRand Bank's Disclaimer for this email click on the
following address or copy into your Internet browser:
https://www.fnb.co.za/disclaimer.html
If you are unable to access the Disclaimer, send a blank e-mail to
firstrandbankdisclai...@fnb.co.za and we will send you a copy of the
Disclaimer.
RT Training in Washington DC, USA on Oct 25 26 2010
Last one this year -- Learn how to get the most out of RT!
CONFIDENTIALITY NOTICE: The information contained in this email message,
including any attachments, may be
privileged, confidential and otherwise protected from disclosure. If the
reader of this message is not the
intended recipient, you are hereby notified that any use, dissemination,
distribution or copying of this
message, including any attachments, is strictly prohibited. If you have
received this email message in
error, please notify the sender by reply email and delete/destroy the email
message, including attachments,
and any copies thereof. Although we have taken precautions to minimize the
risk of transmitting viruses via
email and attachments thereto, we do not guarantee that either is virus-free,
and we accept no liability for
any damages sustained as a result of any such viruses.
RT Training in Washington DC, USA on Oct 25 26 2010
Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] Webmux.pl crashes Apache22 on FreeBSD 8.1
The update to Devel-StackTrace 1.24 solved the problem of webmux.pl not allowing apache to startup. Thank you for the help. Reid On Fri, Sep 3, 2010 at 12:14 PM, dill weed dillwe...@gmail.com wrote: Thanks that good information. When I get back into work next week, I'll give that a go. I'm sure that is what the problem is. Thank you everyone for the help. Reid On Fri, Sep 3, 2010 at 9:17 AM, Kevin Falcone falc...@bestpractical.com wrote: On Thu, Sep 02, 2010 at 02:51:48PM -0700, dill weed wrote: I don't have access to the server until Monday to run make testdeps, but the version of Stacktrace that I'm using is p5-Devel-StackTrace 1.23 from the FreeBSD ports collection. Looks like the CPAN author made a mistake with 1.23. He has released 1.24 to rectify it. http://cpansearch.perl.org/src/DROLSKY/Devel-StackTrace-1.24/Changes -kevin On Thu, Sep 2, 2010 at 2:20 PM, Jesse Vincent je...@bestpractical.com wrote: On Thu, Sep 02, 2010 at 02:16:06PM -0700, dill weed wrote: I recently updated my installation of rt38 from the ports collection on FreeBSD 8.1 and found that webmux.pl will not allow apache22 to start. Here is a copy of the error that I'm am receiving: make testdeps from the RT build directory? Also, what version of Devel::StackTrace is installed? [Wed Sep 01 11:01:08 2010] [error] Devel::StackTrace does not define $Devel::StackTrace::VERSION--version check failed at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class/Base.pm line 10.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class/Base.pm line 10.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class.pm line 10.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/Exception/Class.pm line 10.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Exceptions.pm line 73.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Exceptions.pm line 73.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Tools.pm line 18.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Tools.pm line 18.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Request.pm line 41.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/HTML/Mason/Request.pm line 41.\nCompilation failed in require at (eval 1218) line 3.\n\t...propagated at /usr/local/lib/perl5/5.10.1/base.pm line 94.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/RT/Interface/Web/Request.pm line 55.\nCompilation failed in require at /usr/local/lib/perl5/site_perl/5.10.1/RT/Interface/Web/Handler.pm line 60.\nBEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.10.1/RT/Interface/Web/Handler.pm line 60.\nCompilation failed in require at /usr/local/bin/webmux.pl line 150.\nCompilation failed in require at (eval 4) line 1.\n [Wed Sep 01 11:01:08 2010] [error] Can't load Perl file: /usr/local/bin/webmux.pl for serve blah.blah.home:0, exiting... However when I comment out the webmux.pl line from my httpd.conf the server starts fine. I'm not sure why the error is coming from Devel::StrackTrace and I'm not sure how to fix this error. I'm anxious to hear what tips other users might have. Everything is update as far as the ports collection is concerned. I'm running FreeBSD 8.1, apache 2.2.16, mod_perl2 2.0.4, mysql 5.1.(something). All items were installed from the ports collection. Thank you in advance for the help, Reid RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! -- RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT! RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
Re: [rt-users] Slow Ticket History 3.8.8
Hi Ruslan,
Sorry looks like I shrunk the image too much. The thing I find odd is that
there are others with similar hardware who don't get the problem. It'll be
great if 3.10 fixes it for me, but I'd love to get to the bottom of it first.
I'm pretty much positive it's not a DB issue, as I've tried different sizes of
DB, tried postgres AND mysql etc. I don't think it's apache as I've tried the
built in webserver with RT and no change there either.
Currently trying to install RT on Centos given that Roy (who has kindly been
helping me with details of his own setup) appears to have none of the same
problems on that OS. Perhaps perl is just slow on the 64bit ubuntu we've
currently got live.
No idea if it's going to have any effect though :(
Justin
-
Justin Hayes
OpenBet Support Manager
justin.ha...@openbet.com
On 6 Sep 2010, at 18:37, Ruslan Zakirov wrote:
Justin.
First of all, I can not read from the chart, but anyway history rendering has
been worked on in a new code branch. Probably this code will be part of RT
3.10. Code at the moment is unstable, but eventually it wil be faster then
the current version.
On Mon, Sep 6, 2010 at 8:56 PM, Justin Hayes justin.ha...@openbet.com wrote:
So far we've tried installing RT on different hardware, both 32 and 64bit
versions of linux. RT is still very slow for long tickets. All the time is
taken up by the perl/apache process maxing out a core of CPU.
We've even gone as far as trying to profile the code. We came up with this
graph of where the time was going:
TIMING.png
We then tried to go further into those functions but can't find a single
smoking gun call that is taking all the time.
For example in a ticket that takes 22s to render approx 5 secs goes on these
2 lines:
File: Ticket/Elements/ShowHistory line: 100-103 version 3.8.8
my @trans_attachments = grep { $_-TransactionId == $Transaction-Id }
@attachments;
grep { ($_-TransactionId == $Transaction-Id )
($trans_content-{$_-Id} = $_) } @attachment_content;
Both are greps. Does this imply that perl itself is just slow?
IF so why would our perl be slow compared to other people's? We've tried
compiling it from source and that made no difference.
ATM we're at a bit of a loss
Justin
-
Justin Hayes
OpenBet Support Manager
justin.ha...@openbet.com
On 1 Jul 2010, at 11:51, Raed El-Hames wrote:
Justin,
Do you use Transaction custom fields, if you do n’t ; try and comment out
lines 70,71,72 from html/Ticket/Elements/ShowTransaction
% if ( $Transaction-CustomFieldValues-Count ) {
/Elements/ShowCustomFields, Object = $Transaction
% }
See if that improves things for you.
Some of our monitoring tickets can have up to 500 updates, such tickets use
to take up to 20s to load, once I commented out the above lines, load time
is now down to less than 5 seconds.
Regards;
Roy
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Justin Hayes
Sent: 01 July 2010 11:39
To: Kenneth Crocker
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Slow Ticket History 3.8.8
We do Kenneth, but most tickets don't have many file attachments, so I
assume that's not an issue?
Cheers,
Justin
-
Justin Hayes
OpenBet Support Manager
justin.ha...@openbet.com
On 29 Jun 2010, at 17:54, Kenneth Crocker wrote:
Justin,
I didn't see this mentioned and may have missed it, but are you displaying
attachements inline? That might cut back on the I/O for History. Just a
thought.
Kenn
LBNL
On Tue, Jun 29, 2010 at 8:04 AM, Justin Hayes justin.ha...@openbet.com
wrote:
As a test we've just created a long ticket in an empty RT DB and it's very
fast. So does look to be DB related - contrary to our earlier investigations.
I guess it must still access the DB resultset during the ticket rendering
(which isn't how we thought it would work).
Time to tune the hell out of mysql then...
Justin
-
Justin Hayes
OpenBet Support Manager
justin.ha...@openbet.com
On 29 Jun 2010, at 15:53, Justin Hayes wrote:
Seem to be quite a few things to look at Jason. Need to figure out what
they all mean first.
Justin
General Statistics
--
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.1.37-1ubuntu5.4-log
[OK] Operating on 64-bit architecture
Storage Engine Statistics
---
[--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 611M (Tables: 8)
[--] Data in InnoDB tables: 10G (Tables: 20)
[!!] Total
Re: [rt-users] Slow Ticket History 3.8.8
Hi Justin, I've recently been using siege to bash on RT, and have been testing the following two settings in our RT_SiteConfig.pm Set($UseSQLForACLChecks, 1); Set($WebExternalAuthContinuous, 0); The combined effect has been a serious reduction in rendering speed in general, and particularly so for long tickets. Cheers, Jeff. RT Training in Washington DC, USA on Oct 25 26 2010 Last one this year -- Learn how to get the most out of RT!
