Re: [rt-users] Flaws on RT::Extension::RepeatTicket search
On 5/14/13 10:26 PM, Thomas Lau wrote: Hi, I recently tested out the new RT::Extension::RepeatTicket module, it works out great, but the search feature is basically non-existence. How could I search the original ticket which is GOING to repeat later on? Current situation there is no way to do this, please advise. Each ticket created in the recurrence should have a custom field called Original Ticket with the id of the ticket that controls the recurrence. Maybe you didn't run the 'make initdb' step when installing to create the custom field? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 5/15/2013 12:17 AM, Philip Brown wrote: Err.. thanks, but that's not what I'm looking for. For one thing, even if I got permission to do that (which I wont), we have 40,000 users in ldap. I dont actually WANT all of them in the rt database. particularly since we have a 15,000 user/year churn rate. I'm never quite sure why people do that (*import* then-stale data from LDAP/AD which is the dynamic source of truth for the information on the network). There must be some use case that I am just not aware of, but I definitely don't get it. it's kinda odd that I cant seem to google any sample RT_Config.pm files for this Well, here's where I asked the community to share what works: http://lists.bestpractical.com/pipermail/rt-users/2012-February/075085.html And here's 1 (of 2) contributions I got and submitted, still sitting in a github pull request that has not been merged after 1+ years: https://github.com/bestpractical/rt-authen-externalauth/pull/2 That was the water testing and end of my contributions to RT, as a failed experiment. I didn't bother submitting the 2nd config contribution I got based on the above. Here's someone else's code contribution from 1+ years ago to allow secure LDAP: https://github.com/bestpractical/rt-authen-externalauth/pull/1 *crickets* Contributing elsewhere. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Minimum MySQL permission for RT database access
On Wed, May 15, 2013 at 4:23 PM, William Muriithi william.murii...@gmail.com wrote: Hello, I have spent an hour or so looking at the least recommended permission RT need to be able to manage mysql database and everybody seem to be taking the easy way, grant everything People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants: 18GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE 19ON `$db_name`.* 20TO '$db_user'\@'$db_rthost' 21IDENTIFIED BY '$db_pass';, 22 ); It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code. Is it possible Best Practice has listed the necessary grants that is needed for RT to work successfully on mysql server that I missed? Would appreciate any guidance RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have bugs and use RT's primary account to perform some upgrade operations. What is the problem you're trying to solve? Regards, William -- Best regards, Ruslan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Notify Actor
Hello, is it possible to set NotifyActor per queue basis? Thanks, Andrea -- Every time I type 'win', I loose ... Ing. *Andrea Gabellini* Email: andrea.gabell...@telecomitalia.sm mailto:andrea%20gabellini%20%3candrea.gabell...@telecomitalia.sm%3E Skype: andreagabellini Tel: (+378) 0549 886111 Fax: (+378) 0549 886188 Telecom Italia San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Republic of San Marino http://www.telecomitalia.sm -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] QueueDeactivatedScrips
Hello, is there an updated version of RT-Extension-QueueDeactivatedScrips? I found https://github.com/dmsimard/RT-Extension-QueueDeactivatedScrips but is for rt 4.0.4. Thanks, Andrea https://github.com/dmsimard/RT-Extension-QueueDeactivatedScrips -- Keyboard not connected, press F1 to continue. Ing. *Andrea Gabellini* Email: andrea.gabell...@telecomitalia.sm mailto:andrea%20gabellini%20%3candrea.gabell...@telecomitalia.sm%3E Skype: andreagabellini Tel: (+378) 0549 886111 Fax: (+378) 0549 886188 Telecom Italia San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Republic of San Marino http://www.telecomitalia.sm -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] ExtractCustomFields template and dropping errant HTML tags
I have a scrip to assign CustomFields based on a template and it often ends up collecting junk like HTML tags trailing after the data I want to match.I think I have made my regex as specific as I can, but now I'm concerned that I went about this the wrong way. I would love an opinion.Emails that aren't human-generated typically have a block of data in them that includes data like:Room:Y10ABuilding:dddIP:172.16.2.2,fe80::250:43ff:fe00:ed31MAC:DE:CA:FB:AD:11:97Port:ddd-1@4/40And sometimes they're handled by applications that generate them with HTML formatting, or are copy/pasted with HTML formatting, etc.I have a CustomField called 'Building' and in my Template I have:Building|Body|Building:*([^]*+)\n|| a) Is this ([^]) necessary – or is there a way to merely ignore all HTML on incoming mail before it gets handed off to rt-mailtool that is preferred/better?b) Is there something about my Template use that is obviously wrong? [✔] Never use your HawkID's email address and password anywhere else! Emory Lundberg, Security Friend, Information Security Policy Office University of Iowa, UCC,Campus Phone:5-6174 -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
Hi Thomas, This might narrow down the issueI just noticed another thread titled RT at a Glance error after upgrade from 4.011 to 4.0.12 that also states the issue at hand. Just to be sure, I repeated the import on our RTDEV server using v4.0.11 of RT (using MySQL only, not Oracle) and confirmed that the Global RT At A Glance error does ~not~ occur. I will proceed with the migration to Oracle using 4.0.11 only and update this thread with the results. ~Pete_Jibe Disclaimer: This electronic message may contain information that is Confidential or legally privileged. It is intended only for the use of the individual(s) and entity named in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from your computer. Do not deliver, distribute or copy this message and do not disclose its contents or take any action in reliance on the information it contains. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Can't add attachments anymore - Possibly DB switch?
Is this an error due to me switching to MariaDB from MySQL? It's looking like some file attachments can't get added. [Tue May 14 22:05:25 2013] [warning]: RT::Handle=HASH(0xbd328224) couldn't execute the query 'INSERT INTO Attachments (Subject, ContentType, Filename, Headers, MessageId, Creator, Parent, Created, ContentEncoding, Content, TransactionId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' at /usr/local/share/pe rl/5.14.2/DBIx/SearchBuilder/Handle.pm line 600. DBIx::SearchBuilder::Handle::SimpleQuery('RT::Handle=HASH(0xbd328224)', 'INSERT INTO Attachments (Subject, ContentType, Filename, Head...', '06 0741-2_new.pdf', 'application/pdf', '060741-2_new.pdf', 'Subject: 060741-2_new.pdf\x{a}MIME-Version: 1.0\x{a}Content-Type: app...', '', 821, 20024, ... ) called at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 350 Stephen Cena QVII MIS/IT Dept 850 Hudson Ave. Rochester, NY. 14620 585-544-0450 x300 s...@qvii.com Thank you for helping us help you help us all. --For email related issues, please contact postmas...@qvii.com -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
Hi Thomas, Just performed the RT migration from MySQL to Oracle using just 4.0.11 and re-tested the Global RT At A Glance error without issue. I will now repeat the 4.0.11 to 4.0.12 upgrade using just Oracle and update with results. ~Pete_Jibe Disclaimer: This electronic message may contain information that is Confidential or legally privileged. It is intended only for the use of the individual(s) and entity named in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from your computer. Do not deliver, distribute or copy this message and do not disclose its contents or take any action in reliance on the information it contains. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] auto-populate email from short username?
Well, lets try a simpler, hopefully easier to tackle subject line :) lets say I have autocreate turned on. And accounts get created just fine when someone authenticates via web. ... however, the autocreated account name will be just the username. no @my.com What's the best way to get the email field set, with @my.com added, when the account is autocreated? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
Hi Thomas, The 4.0.11 to 4.0.12 Oracle upgrade completed and this RT At A Glance issue still did not reappear. This was all done on our Dev system, however. The Prod OS/config is a clone of the so I'm at a loss as to what the difference would be that's causing this to occur. ~Pete_Jibe Disclaimer: This electronic message may contain information that is Confidential or legally privileged. It is intended only for the use of the individual(s) and entity named in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from your computer. Do not deliver, distribute or copy this message and do not disclose its contents or take any action in reliance on the information it contains. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] auto-populate email from short username?
It would be an interesting scrip, but I believe you would be able to update the user from a on create scrip, and update that one user's email from ldap. That being said, that's not something that is canned, I don't think. (please someone correct me if I'm wrong) Thanks, Jok -- | Joachim Thuau | IT Systems Engineer - Linux / SpaceX | On 5/15/13 2:08 PM, Philip Brown p...@usc.edu wrote: Well, lets try a simpler, hopefully easier to tackle subject line :) lets say I have autocreate turned on. And accounts get created just fine when someone authenticates via web. ... however, the autocreated account name will be just the username. no @my.com What's the best way to get the email field set, with @my.com added, when the account is autocreated? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 05/14/2013 01:41 PM, Philip Brown wrote: I then attempted to do the fallback suggested via CanonicalizeEmailAddressMatch after removing the KrbLocalUser from my apache configs. however, the replace did not seem to have any effect. I'm still getting logged in as u...@kerb.my.com rather than u...@my.com for the record, I'm using a match string of '\@.*\.my.com$' and replace of '\@my.com' You may be mistaking the user *name* for the email address. Without a separate Name, RT often assigns the email address as the name. This may happen before canonicalization in some cases. Can you verify the email addresses aren't being canonicalized? If not, there may be an interaction with existing users, but I wouldn't expect that necessarily. If the email address is canonicalized, but the name is still the uncanonicalized form, I'd suggest looking at this piece from my original mail: You can also do more sophisticated munging by writing your own RT::User::CanonicalizeUserInfo: http://bestpractical.com/rt/docs/latest/RT/User.html#CanonicalizeUserInfo-HASH-of-ARGS -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] REMOTE_USER, external auth, and email mismatching
On 05/15/2013 06:19 AM, Jeff Blaine wrote: Well, here's where I asked the community to share what works: http://lists.bestpractical.com/pipermail/rt-users/2012-February/075085.html And here's 1 (of 2) contributions I got and submitted, still sitting in a github pull request that has not been merged after 1+ years: https://github.com/bestpractical/rt-authen-externalauth/pull/2 That was the water testing and end of my contributions to RT, as a failed experiment. I didn't bother submitting the 2nd config contribution I got based on the above. I just responded to your PR. Thanks for pointing it out again. We manage a lot of repos and only use github for publishing public mirrors and receiving PRs. Sometimes this means PRs slip through the cracks if no one prods us. That is to say: if anyone thinks they're owed a response on a PR or patch or any other contribution, please do pipe up to get our attention again. I'm sorry your contributing experience was lousy. Here's someone else's code contribution from 1+ years ago to allow secure LDAP: https://github.com/bestpractical/rt-authen-externalauth/pull/1 That is an unnecessary change, and should have been closed long ago. I've now done so. The simple solution is specifying a server of ldaps://example.com instead of just example.com. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Can't add attachments anymore - Possibly DB switch?
On 05/15/2013 11:57 AM, Cena, Stephen (ext. 300) wrote: Is this an error due to me switching to MariaDB from MySQL? It's looking like some file attachments can't get added. [Tue May 14 22:05:25 2013] [warning]: RT::Handle=HASH(0xbd328224) couldn't execute the query 'INSERT INTO Attachments (Subject, ContentType, Filename, Headers, MessageId, Creator, Parent, Created, ContentEncoding, Content, TransactionId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' at /usr/local/share/pe rl/5.14.2/DBIx/SearchBuilder/Handle.pm line 600. DBIx::SearchBuilder::Handle::SimpleQuery('RT::Handle=HASH(0xbd328224)', 'INSERT INTO Attachments (Subject, ContentType, Filename, Head...', '06 0741-2_new.pdf', 'application/pdf', '060741-2_new.pdf', 'Subject: 060741-2_new.pdf\x{a}MIME-Version: 1.0\x{a}Content-Type: app...', '', 821, 20024, ... ) called at /usr/local/share/perl/5.14.2/DBIx/SearchBuilder/Handle.pm line 350 Hmm, there's no reason in the error message *why* the query failed. That is strange. Is there anything in Maria's logs? Are you seeing this happen more than once? Is there any pattern in what attachments fail? FWIW, RT doesn't officially support MariaDB, and there are a few differences from MySQL, so you're running in uncharted territory right now. Support may be added in the future, as MariaDB does seem to be gaining usage. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] QueueDeactivatedScrips
On 05/15/2013 08:02 AM, Andrea gabellini - SC wrote: Hello, is there an updated version of RT-Extension-QueueDeactivatedScrips? I found https://github.com/dmsimard/RT-Extension-QueueDeactivatedScrips but is for rt 4.0.4. I do not believe so. However, RT 4.2 will include equivalent functionality natively. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Notify Actor
On 05/15/2013 07:49 AM, Andrea gabellini - SC wrote: Hello, is it possible to set NotifyActor per queue basis? No. If you wanted to hack up some Perl, you could do it. I don't recommend it. What's your use case? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Post upgrade 3.8.5 to 4.0.12 Global-RT At A Glance error
On 05/15/2013 02:24 PM, Pete Beebe wrote: Hi Thomas, The 4.0.11 to 4.0.12 Oracle upgrade completed and this RT At A Glance issue still did not reappear. This was all done on our Dev system, however. The Prod OS/config is a clone of the so I'm at a loss as to what the difference would be that's causing this to occur. That result is quite strange, but suggests a database inconsistency. Have you run rt-validator? http://bestpractical.com/rt/docs/latest/rt-validator What are the output of the 3 SQL queries I sent you earlier on this newly upgraded dev instance? As of yet, I haven't tracked down the problem locally. By my count, there are 3 reports of similar issues on rt-users. At least two of three migrated database types, so my suspicions are there right now but I have no proof/explanation. I hope to have more time to debug this soon. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] auto-populate email from short username?
On 5/15/13 3:27 PM, Jok Thuau wrote: It would be an interesting scrip, but I believe you would be able to update the user from a on create scrip, and update that one user's email from ldap. other than I want this to be from account name, not from ldap, this sounds fine.:] but... isnt an on create script, related to *ticket creation*, not user creation? -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] AD External Authentication
Pretty straightforward, with one caveat. On 05/14/2013 12:12 PM, MacKillip, Scott wrote: If the user has an account in RT (set up by an RT administrator) they should still have the same functionality, just authentication is coming from AD and not the internal RT database. If the user does not have an account in AD they should be denied access. If the user does not have an account in RT, they should be directed to the self-service pages. You can't access the self service pages without at least an unprivileged RT account. With $AutoCreateNonExternalUsers set to 0, users who can auth with AD but don't have an RT account will have one automatically created. Users without an AD account will be denied all access. If the user does have an account in RT, they should not notice any difference after installing the AD Authentication module. Given the above requirements, will the following steps accomplish this? 1. Install RT::Authen::ExternalAuth 2. Configure same to use LDAP 3. Set $WebExternalAuth to 0 in RT_SiteConfig.pm $WebExternalAuth already defaults to off, and while unfortunately named, does not refer to RT::Authen::ExternalAuth. It would be better named $WebRemoteUser, as it will be in RT 4.2, since it uses the REMOTE_USER that your webserver is expected to set when enabled. Short version: step 3 is unnecessary. 4. Set $AutoCreateNonExternalUsers to 0 (I don’t want to create any account in RT unless I do it myself) Note that this means RT also won't accept email from addresses which aren't in your configured AD. This is because all addresses must have an RT account of some sort, usually autocreated as unprivileged (without a password, so unable to login). -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Minimum MySQL permission for RT database access
Thank you That's what I was looking for. Agree, its a little unnecessary but prefer not being too generous as the application is external facing. If you guys ever get around cleaning the code to just use select, insert, update and delete, please document it somewhere William On May 15, 2013 10:12 AM, Ruslan Zakirov r...@bestpractical.com wrote: On Wed, May 15, 2013 at 4:23 PM, William Muriithi william.murii...@gmail.com wrote: Hello, I have spent an hour or so looking at the least recommended permission RT need to be able to manage mysql database and everybody seem to be taking the easy way, grant everything People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants: 18GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE 19ON `$db_name`.* 20TO '$db_user'\@'$db_rthost' 21IDENTIFIED BY '$db_pass';, 22 ); It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code. Is it possible Best Practice has listed the necessary grants that is needed for RT to work successfully on mysql server that I missed? Would appreciate any guidance RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have bugs and use RT's primary account to perform some upgrade operations. What is the problem you're trying to solve? Regards, William -- Best regards, Ruslan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training