Re: [rt-users] writing extensions for an old version

[Martin Wheldon]

Hi,

If you look in the Makefile.PL you will find somethink like this

requires_rt '4.0.0';

modify as required.

Can I suggest that you upgrade as v3.8 reached end of life in 2014.

Best Regards

Martin

On 2017-02-13 17:02, Vinicius Fagundes wrote:

Hi,

I'm starting to learn RT development. And I was designated to create a
RT extension, but our RT version is too old (3.8). I couldn't find any
documentation about how to do it for this version.

I tried follow the current documentation but when I tried to run:

perl Makefile.PL

I got this error:

 Error: This extension requires RT 4.0.0. Your installed version
of RT (3.8.8) is too old.

Is it possible write and run a Extension for this version? If so, how
can I achieve that.

Vinícius _Fagundes_

Re: [rt-users] assets: bulk updating a custom field value fails

[Martin Wheldon]

Hi Michael,

Line 183 of /opt/rt4/share/html/Asset/Search/Bulk.html seems to be the 
problem, if you comment it out

the bulk update works.
   # push @tmp_res, ProcessObjectCustomFieldUpdates( Object => $asset, 
ARGSRef => \%ARGS );


I'm suspect that line 183 shouldn't be here as the customfields are 
updated at line line 185
   push @tmp_res, ProcessRecordBulkCustomFields( RecordObj => $asset, 
ARGSRef => \%ARGS );



Best Regards

Martin

On 2017-01-11 14:11, Michael Hoertnagl wrote:

Hello!

We are using rt4.4.1 with the now build-in Assets. When bulk-updating a
custom field value for 2 Assets the following Error is logged and the
update fails:

[27811] [Wed Jan 11 13:35:52 2017] [warning]: Use of uninitialized 
value

$1 in hash element at /opt/rt4/sbin/../lib/RT/Interface/Web.pm line
3164. (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:3164)
[27811] [Wed Jan 11 13:35:52 2017] [error]: Can't call method "new"
without a package or object reference at
/opt/rt4/sbin/../lib/RT/Interface/Web.pm line 3099.

Stack:
  [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:3099]
  [/opt/rt4/share/html/Asset/Search/Bulk.html:183]
  [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:696]
  [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:375]

This only happens for custom fields. Bulk updating a 'Basics' Field
works as expected.

Is this due to
https://issues.bestpractical.com/Ticket/Display.html?id=15259 or 
someone

got a hint for me what we messed up here?

Thanks!

Re: [rt-users] Where are saved searches stored in the db

[Martin Wheldon]

Hi Woody,

Check out the following tools:
  rt-attributes-viewer
  rt-attributes-editor

Both of these read/write attribute information.

Best Regards

Martin

On 2017-01-10 13:51, Woody - Wild Thing Safaris wrote:

Thanks Emmanuel,

I see the "Content" is encoded, which is why it didn't come up with my 
grep.


How do i decode/encode it?

w.


On 10/01/17 15:19, Emmanuel Lacour wrote:

Le 10/01/2017 à 12:53, Woody - Wild Thing Safaris a écrit :

Hi all,

I was expecting to find a database table called "SavedSearches" but
there isn't one. I have a saved search that contains the string
'__CurrentUser_' but if i dump the DB and grep for that, i don't find 
it.


Anyone know where saved searches are?

In table "Attributes".



--

---

Richard Wood (Woody)
Managing Director
Wild Thing Safaris Ltd.

UK: 2B Habbo St, Greenwich, London
Dar es Salaam: 5 Ethan St, Mbezi beach
Arusha: 3 Ebeneezer Rd, Njiro
PO BOX 34514 DSM
Office: +255 (0) 222 617 166
Office Mobile: +255 (0) 773 503 502
Direct: +255 742 373 327
Skype: woody1tz
http://wildthingsafaris.com

Re: [rt-users] Where are saved searches stored in the db

[Martin Wheldon]

Hi Woody,

What are you trying to achieve? IMO you are better off using the RT API 
rather than hacking the database.


Best Regards

Martin

On 2017-01-10 11:53, Woody - Wild Thing Safaris wrote:

Hi all,

I was expecting to find a database table called "SavedSearches" but
there isn't one. I have a saved search that contains the string
'__CurrentUser_' but if i dump the DB and grep for that, i don't find
it.

Anyone know where saved searches are?

thanks

Woody.


--

---

Richard Wood (Woody)
Managing Director
Wild Thing Safaris Ltd.

UK: 2B Habbo St, Greenwich, London
Dar es Salaam: 5 Ethan St, Mbezi beach
Arusha: 3 Ebeneezer Rd, Njiro
PO BOX 34514 DSM
Office: +255 (0) 222 617 166
Office Mobile: +255 (0) 773 503 502
Direct: +255 742 373 327
Skype: woody1tz
http://wildthingsafaris.com

Re: [rt-users] no alert for invalid mail addresses

[Martin Wheldon]

Hi,

You might want to checkout the perl module Regex::Common::Email::Address

Best Regards

Martin

On 2017-01-06 13:16, Petr Hanousek wrote:

Hello Jeffrey,
thank you, I'll try to implement it here. Wonder if someone has done it
before or if there is any plugin for this? Or (the best way) if some
developer encodes it to some future release of RT? :)
Petr

On 5.1.2017 21:51, Jeffrey Pilant wrote:

Check out
http://www.regular-expressions.info/email.html
It indicates the 'most' official regex is:
\A(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*
 |  "(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]
  |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])*")
@ 
(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?

  |  \[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}
   (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:
  (?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]
  |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])+)
 \])\z

Yeah.  Quite a mouthful.  This is because there are quite a few ways 
to express email addresses.  And even this is not foolproof.


The same page also has other simpler regex expressions that work a 
fair amount of the time, but are less complicated, like:

\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b

The page claims it is 99% effective.

That, however, does not solve your problem.  Just because it is 
formulated correctly does not mean it is a valid address.


The usual solution is to whitelist the addresses and do a lookup.  Any 
address not found gets added tentatively, but flagged for testing.  
You can also at this time prompt for acceptance vs. going back to an 
edit screen.  This does require you maintain a list of valid email 
addresses somewhere.  The user list is a likely place, but if you are 
sending emails to people who are not users, then that fails.


/jeff

The information contained in this e-mail is for the exclusive use of 
the

intended recipient(s) and may be confidential, proprietary, and/or
legally privileged.  Inadvertent disclosure of this message does not
constitute a waiver of any privilege.  If you receive this message in
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail
and all copies and notify the sender.  Thank you.

Re: [rt-users] ***SPAM*** Re: How unprivileged users could see all tickets in their queue

[Martin Wheldon]

Apologies, if I remove the owner the CustomRole solution doesn't work.

Best Regards

Martin

On 2017-01-05 16:37, Felix Defrance wrote:

Hi,

In your example you said :
"I've got 2 unprivileged users with a single queue, each being the
owner of multiple tickets in that queue."

But in my case, the users is a customer, and they never owner of the
tickets.

So, the users see only the tickets they are requestor.

I would like to provide to a set of user, the ablillity to see all
ticket requestor in the queue..

Felix.

Le 05/01/2017 à 16:00, Martin Wheldon a écrit :


Hi,

No need to add the custom role to the tickets, just to the queue.

Best Regards

Martin

On 2017-01-05 14:26, Felix Defrance wrote:
Le 05/01/2017 à 12:22, Alex Hall a écrit :
Martin's suggestion makes sense, but I thought Felix was trying to
restrict user search, not ticket search? That is, he doesn't want
users to be able to search (and thus view the names of) all users?
It's quite early here, so my brain may still be muttled and I could
be wrong.
Alex, after I see it was possible to display any tickets via the
search
module, I want to restrict this too.

Sent from my iPhone

On Jan 5, 2017, at 06:08, Martin Wheldon
<martin.whel...@greenhills-it.co.uk> wrote:

Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a
custom role and it seems to work fine.
Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the
owner of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I
added the users to the custom role. (Done on the queue, watchers
tab)
The I added the SeeQueue and ShowTickets permissions to the custom
role on the queue.

Now when I login as either of the users I see all the tickets in
that queue owner by those users.

 In this case, unprivileged users via (SelfService of course), just
see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged
in
foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue
(as
elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx


Hope that helps

Best Regards

Martin

On 2017-01-04 08:45, Emmanuel Lacour wrote:
Le 03/01/2017 à 18:27, Felix Defrance a écrit :
Hi all,
I don't find how I could add ShowTickets or QueueList in
SelfService.
I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.
The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).
I have tried to play with CustomRole but it's not working for me. So

anybody known how I can do it?
SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:
my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";
if ($status) {
$status =~ s/(['\\])/\\$1/g;
$Query .= " AND Status = '$status'";
}
so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)
But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or
customfields
to set the customer.


--
Félix Defrance
PGP: 0x0F04DC57

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Martin Wheldon]

Hi,

No need to add the custom role to the tickets, just to the queue.

Best Regards

Martin

On 2017-01-05 14:26, Felix Defrance wrote:

Le 05/01/2017 à 12:22, Alex Hall a écrit :
Martin's suggestion makes sense, but I thought Felix was trying to 
restrict user search, not ticket search? That is, he doesn't want 
users to be able to search (and thus view the names of) all users? 
It's quite early here, so my brain may still be muttled and I could be 
wrong.

Alex, after I see it was possible to display any tickets via the search
module, I want to restrict this too.



Sent from my iPhone

On Jan 5, 2017, at 06:08, Martin Wheldon 
<martin.whel...@greenhills-it.co.uk> wrote:


Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a 
custom role and it seems to work fine.

Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the 
owner of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I 
added the users to the custom role. (Done on the queue, watchers tab)
The I added the SeeQueue and ShowTickets permissions to the custom 
role on the queue.


Now when I login as either of the users I see all the tickets in that 
queue owner by those users.

In this case, unprivileged users via (SelfService of course), just see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged 
in

foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue 
(as

elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx



Hope that helps

Best Regards

Martin


On 2017-01-04 08:45, Emmanuel Lacour wrote:

Le 03/01/2017 à 18:27, Felix Defrance a écrit :
Hi all,
I don't find how I could add ShowTickets or QueueList in
SelfService.
I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.
The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).
I have tried to play with CustomRole but it's not working for me. 
So

anybody known how I can do it?

SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:
my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";
if ($status) {
   $status =~ s/(['\\])/\\$1/g;
   $Query .= " AND Status = '$status'";
}
so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)
But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or 
customfields

to set the customer.

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Martin Wheldon]

Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a custom 
role and it seems to work fine.

Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the owner 
of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I added 
the users to the custom role. (Done on the queue, watchers tab)
The I added the SeeQueue and ShowTickets permissions to the custom role 
on the queue.


Now when I login as either of the users I see all the tickets in that 
queue owner by those users.


Hope that helps

Best Regards

Martin

On 2017-01-04 08:45, Emmanuel Lacour wrote:

Le 03/01/2017 à 18:27, Felix Defrance a écrit :


Hi all,

I don't find how I could add ShowTickets or QueueList in
SelfService.

I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.

The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).

I have tried to play with CustomRole but it's not working for me. So
anybody known how I can do it?


SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:

my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";

if ($status) {
$status =~ s/(['\\])/\\$1/g;
$Query .= " AND Status = '$status'";
}

so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)

But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or customfields
to set the customer.

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Martin Wheldon]

Hi,

If you are looking at modifying menus then the following will help.

  
https://docs.bestpractical.com/rt/4.4.1/writing_extensions.html#Adding-and-Modifying-Menus


Best Regards

Martin

On 2017-01-04 17:31, Alex Hall wrote:

I'm honestly not sure which file you want, but my guess is
share/html/Elements/Tabs. In that file is a line that goes something
like:

$search->child( users ...

If you wrap that bit in a conditional, checking that the active user
is not a member of the group as I said in a previous message, that
should do the job.

On Wed, Jan 4, 2017 at 12:21 PM, Felix Defrance 
wrote:


Le 04/01/2017 à 15:47, Alex Hall a écrit :

On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance 
wrote:

Le 04/01/2017 à 15:10, Alex Hall a écrit :

Okay, searching users is the problem? I'm not sure, but what about
an overlay that conditionally shows that part of page templates? You
could create a group to which you'd assign any user you don't want
viewing other users, then find the element that displays the user
search and add a condition to return nothing if the user belongs to
that group?
Yes, this is a part of the problem. The second, but not important,
it's just for the look, the ability to custom "Rt at a glance"
by user groups.

For the first, I don't known how I can do " then find the element
that displays the user search and add a condition to return nothing
if the user belongs to that group"


In one template, I was able to find this snippet to get the user
object:

my $user = $session{'CurrentUser'}->UserObj;

From there, I imagine you could check if the user is a member of a
certain group. Then "return 0" or something like that to stop the
element from loading. My Perl skills aren't worthy of being called
skills in any way, and I've never tried something quite like this, but
it's my first thought. Sorry I can't help more; hopefully a more
experienced user has a much simpler solution for you. :)

Do you know if the menu search come from :
rt/share/html/Dashboards/Elements/* ? Or from another file ?

I don't find documentation about these files and what are they doing
:(

Thanks


On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance 
wrote:

Le 04/01/2017 à 14:02, Alex Hall a écrit :

Can you describe your setup more? I'm not sure why unprivileged
users would need access to all queue tickets, or why each user would
have their own queue? As I understand it, unprivileged users are end
users (i.e. customers, those who don't work for your organization).
Thus, they shouldn't be able to access an entire queue, only tickets
they open. Make them privileged, and restrict their rights by adding
them to a certain group, and your life may be a lot easier.
Yes! In the begining, that's what I tried to do. Restrict
privilieged users. But I didn't find how restrict the access to the
SearchUser.

A member of a queue can search and view all users.

In my setup, a queue and group, are dedicated to a customer.

A customer should not be able to fetch other informations that are
not inside of their queue. Thus, not be able to search all user in
RT database..

Maybe, it's possible to limit the search function to their queue or
desactivate the access to the menu search. Do you know about that ?

Thanks,

For example, you might have a group called "basic users" to which
you'd add the users you currently consider unprivileged. That group
would have only a few rights, but since its members would be
privileged, you wouldn't run into RT's built-in restrictions.

As to one queue per user, that would quickly get hard to manage.
Queues are for organizing tickets and users. Sure, a queue may have
just one user, but each user shouldn't have their own queue. Trying
to keep track of the rights of such a setup would be a nightmare,
assuming you have a good amount of users. As an example, we have
queues for technology, warehouse, customer service, and other
divisions within the company. Some queues have a lot of people, some
have a few, butthey are all logical groupings of tasks. If I made a
new queue for every user, I'd have dozens of them, and tickets would
be all over the place! Plus, there's email to consider; if you want
to accept incoming emails for ticket replies, you have to make a new
Fetchmail or Postfix entry for every single user/queue you have.

I hope this makes some sense. As I said, a lot of this depends on
your usage pattern and setup concept. If you can explain that to us
more, we might be able to help better.

On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance 
wrote:

Hello,

You right, this rights isn't checked.

But I can't view all tickets in selfservice anymore.

I verify the same rights in :

Admin > Queue, "select the queue name" and  Group Rights, select
and grant "unprivileged users" to Seequeue & Showtickets

In the same section:

grant group "compagny name" to Seequeue & Showtickets

But no effect.

I try to add a user to watchers 'CC', and grant 

Re: [rt-users] Where to put crontool scripts?

[Martin Wheldon]

Hi Alex,

We drop ours in /opt/rt4/local/bin.

Martin

On 2017-01-04 16:13, Alex Hall wrote:

Hi all,
I'm just wondering if there's a conventional place to store scripts
that run crontool jobs? I've got one to notify people of old tickets,
but I'll be making more, now that this one is working. Thanks again
for all the help with that script, by the way.

I'm considering putting them in /opt/rt4/etc, maybe in a
"crontool-scripts" folder, but I don't know what RT upgrades might do
to that. Is it best to just put them somewhere completely separate,
like ~/rt-crontool-scripts, or can I keep them somewhere in the RT
directory tree? Thanks.

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Martin Wheldon]

Hi,

You can modify the Ticket Owner dropdowns by using the UpdateObjectList 
callback in Elements/SelectOwner,
you would remove all unwanted users from the list of objects passed to 
this callback.


You possibly need to use the Modify callback in Elements/ShowUser too, I 
suspect there are others, but those should get you started.


Best Regards

Martin

On 2017-01-04 14:35, Felix Defrance wrote:

Le 04/01/2017 à 15:10, Alex Hall a écrit :


Okay, searching users is the problem? I'm not sure, but what about
an overlay that conditionally shows that part of page templates? You
could create a group to which you'd assign any user you don't want
viewing other users, then find the element that displays the user
search and add a condition to return nothing if the user belongs to
that group?

 Yes, this is a part of the problem. The second, but not important,
it's just for the look, the ability to custom "Rt at a glance" by
user groups.

For the first, I don't known how I can do " then find the element that
displays the user search and add a condition to return nothing if the
user belongs to that group"


On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance 
wrote:

Le 04/01/2017 à 14:02, Alex Hall a écrit :

Can you describe your setup more? I'm not sure why unprivileged
users would need access to all queue tickets, or why each user would
have their own queue? As I understand it, unprivileged users are end
users (i.e. customers, those who don't work for your organization).
Thus, they shouldn't be able to access an entire queue, only tickets
they open. Make them privileged, and restrict their rights by adding
them to a certain group, and your life may be a lot easier.
Yes! In the begining, that's what I tried to do. Restrict
privilieged users. But I didn't find how restrict the access to the
SearchUser.

A member of a queue can search and view all users.

In my setup, a queue and group, are dedicated to a customer.

A customer should not be able to fetch other informations that are
not inside of their queue. Thus, not be able to search all user in
RT database..

Maybe, it's possible to limit the search function to their queue or
desactivate the access to the menu search. Do you know about that ?

Thanks,

For example, you might have a group called "basic users" to which
you'd add the users you currently consider unprivileged. That group
would have only a few rights, but since its members would be
privileged, you wouldn't run into RT's built-in restrictions.

As to one queue per user, that would quickly get hard to manage.
Queues are for organizing tickets and users. Sure, a queue may have
just one user, but each user shouldn't have their own queue. Trying
to keep track of the rights of such a setup would be a nightmare,
assuming you have a good amount of users. As an example, we have
queues for technology, warehouse, customer service, and other
divisions within the company. Some queues have a lot of people, some
have a few, butthey are all logical groupings of tasks. If I made a
new queue for every user, I'd have dozens of them, and tickets would
be all over the place! Plus, there's email to consider; if you want
to accept incoming emails for ticket replies, you have to make a new
Fetchmail or Postfix entry for every single user/queue you have.

I hope this makes some sense. As I said, a lot of this depends on
your usage pattern and setup concept. If you can explain that to us
more, we might be able to help better.

On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance 
wrote:

Hello,

You right, this rights isn't checked.

But I can't view all tickets in selfservice anymore.

I verify the same rights in :

Admin > Queue, "select the queue name" and  Group Rights, select
and grant "unprivileged users" to Seequeue & Showtickets

In the same section:

grant group "compagny name" to Seequeue & Showtickets

But no effect.

I try to add a user to watchers 'CC', and grant watchers 'CC' to
Seequeue & Showtickets but no effect too :(

Another ideas ?

Thanks,

Félix.

Le 03/01/2017 à 18:39, Alex Hall a écrit :

Have you granted the rights? In Admin > Global > Group Rights,
select the "unprivileged users" tab, then grant "view queue". That
should help, though our setup is quite different so I can't verify
it.

On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance 
wrote:

Hi all,

I don't find how I could add ShowTickets or QueueList in
SelfService.

I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.

The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).

I have tried to play with CustomRole but it's not working for me. So
anybody known how I can do it?
Thank you,

--
Félix Defrance
PGP: 0x0F04DC57

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


--
Félix Defrance
PGP: 0x0F04DC57

--

Alex 

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Martin Wheldon]

Hi,

Sorry, please disregard my last response, the user account has been 
found.

Could you post the RT logs please?

Best Regards

Martin

On 2016-12-09 13:44, Martin Wheldon wrote:

Hi,

Looks like a ldap acl issue, is your ldap search user able to access
the users mail attribute?

Best Regards

Martin

On 2016-12-09 13:37, Claude EDUMA wrote:

LDAP logs show that user is retreive, but not bind.

-

SRCH base="o=corp.mycorp.com [2]" scope=2
filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0



Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA <clauded...@gmail.com>:


Well,

I will try to use user mail for authentication.

here is conf i tested without success :(

-

Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>
'ldap://ypmycorpldap.corp.mycorp.com [1]',
'user' =>
'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
[2]',
'pass' =>
'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' =>  'o=corp.mycorp.com [2]',
'filter'   =>  '(objectClass=person)',
'tls'  => { verify => "require", cafile =>
"/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'=> [version =>  3, debug => 8
],
'attr_match_list'  => [
'Name' ,
'EmailAddress',
],
# Import the following properties of the user from LDAP
upon
# login
'attr_map' => {
'Name' => 'mail',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);

---

Regards

2016-12-09 13:59 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:
Hi,

You could either use another unique attribute i.e mail or add
another uid to each RT user prefixed by a letter.

dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:
On 9-12-2016 13:38, Claude EDUMA wrote:
Hi Joop,

Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?

Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution
than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017

 -
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017



Links:
--
[1] http://ypmycorpldap.corp.mycorp.com
[2] http://corp.mycorp.com
[3] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Martin Wheldon]

Hi,

Looks like a ldap acl issue, is your ldap search user able to access the 
users mail attribute?


Best Regards

Martin

On 2016-12-09 13:37, Claude EDUMA wrote:

LDAP logs show that user is retreive, but not bind.

-

SRCH base="o=corp.mycorp.com [2]" scope=2
filter="(&(objectClass=privperson)(mail=claude.ed...@ext.mycorp.com))"
attrs="cn mail mail"
[09/Dec/2016:14:16:47 +0100] conn=9480527 op=2 msgId=3 - RESULT err=0
tag=101 nentries=1 etime=0



Regards.

2016-12-09 14:21 GMT+01:00 Claude EDUMA <clauded...@gmail.com>:


Well,

I will try to use user mail for authentication.

here is conf i tested without success :(

-

Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>
'ldap://ypmycorpldap.corp.mycorp.com [1]',
'user' =>
'uid=mycorp-rtir-reader,ou=applicationAccounts,o=corp.mycorp.com
[2]',
'pass' =>
'SikH2mmKLtPi0E4ZYcqldTXAgILVxGVhXWlHBF3o21',
'base' =>  'o=corp.mycorp.com [2]',
'filter'   =>  '(objectClass=person)',
'tls'  => { verify => "require", cafile =>
"/etc/pki/tls/mycorp_CERTIFICATE_CHAIN.crt" },
'net_ldap_args'=> [version =>  3, debug => 8
],
'attr_match_list'  => [
'Name' ,
'EmailAddress',
],
# Import the following properties of the user from LDAP
upon
# login
'attr_map' => {
'Name' => 'mail',
'EmailAddress' => 'mail',
'RealName' => 'cn',
}
},
}
);

---

Regards

2016-12-09 13:59 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:
Hi,

You could either use another unique attribute i.e mail or add
another uid to each RT user prefixed by a letter.

dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:
On 9-12-2016 13:38, Claude EDUMA wrote:
Hi Joop,

Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?

Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution
than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017

 -
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [3]
* Los Angeles - January 9-11 2017



Links:
--
[1] http://ypmycorpldap.corp.mycorp.com
[2] http://corp.mycorp.com
[3] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] RT 4.4.1 LDAP Authentication issue.

[Martin Wheldon]

Hi,

You could either use another unique attribute i.e mail or add another 
uid to each RT user prefixed by a letter.


dn: uid=123456,dc=my,dc=domain
uid: 123456
uid: x123456

Best Regards

Martin

On 2016-12-09 12:49, Joop wrote:

On 9-12-2016 13:38, Claude EDUMA wrote:

Hi Joop,


Thank you for your quick answer.
We have tested with non numerical username and result is OK.
Well in my organisation we use ldap uid for username. Any suggestion
to resolve this issue ?


Please keep the list in the loop.

I think the problem is in the function(s) which load the user info.
These functions take a name OR an id and then load the corresponding
info. When  usernames are IDs that doesn't work any more. Other than
patching all functions which use this I don't see another solution than
to change the use of uid as a username, sorry.

Joop

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Issue With ExternalAuth

[Martin Wheldon]

Hi Claude,

Yes, your problem seems to be a little odd.

I believe that this is the code that is rejecting your authentication 
from

/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm


   # If we got here and don't have a user loaded we must have failed to
   # get a full, valid user from an authoritative external source.
   unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) 
{

   $session->{'CurrentUser'} = RT::CurrentUser->new;
   return (0, "No User");
   }


Do you have multiple external auth mechanisms configured??
Would you be able to post your full RT configuration, with sensitive 
information obfuscated obviously?


Best Regards

Martin

On 2016-12-06 11:37, Claude EDUMA wrote:

Martin,

It request only the "dn" attribute because the user is not internal.
once user is created, it will request the others attributes.

I have seen our ldap administrator and for him all is OK. Accounts are
well binded with LDAP.
It seem like after binding account it request another validation wich
failed.

My question is why RT retreive all attributes on LDAP but still fail
to grant acces to users ?

I'm sorry to take your presious time and thank you once more.

---

[4109] [Tue Dec  6 10:22:50 2016] [debug]: UserExists params:
username: 20005528 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] == Filter:
(&(objectClass=privperson)(uid=20005528)) == Attrs: co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518)
[4109] [Tue Dec  6 10:22:50 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with  : Disabled: , EmailAddress:
, Gecos: 20005528, Name: 20005528, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: Attempting to get user info
using this external service: My_LDAP
(/opt/rt4/sbin/../lib/RT/User.pm:743)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] == Filter:
(&(objectClass=privperson)(uid=20005528)) == Attrs: co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406)
[4109] [Tue Dec  6 10:22:50 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: ,
Disabled: , EmailAddress: jonathan.lai...@ext.mycorpservices.com,
Gecos: 20005528, Name: 20005528, Privileged: 1, RealName: JONATHAN
LAIGLE (/opt/rt4/sbin/../lib/RT/User.pm:812)
[4109] [Tue Dec  6 10:22:50 2016] [error]: Couldn't create user
20005528: Email address in use
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[4109] [Tue Dec  6 10:22:50 2016] [error]: FAILED LOGIN for 20005528
from 10.1.52.222 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
-----

Regards

2016-12-06 12:04 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:


Hi Claude,

OK from your logs you can see successful lookup from LDAP of the
user and a successful validation.
So we can rule out issues with communication with the LDAP server
and user credentials.

The following line however is an issue as you seem to be only
getting/requesting the dn attribute returned. I'm not quite certain
which :)

"... == Attrs: dn"


[4110] [Tue Dec  6 10:22:44 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] [1] == Filter:
(&(uid=20005528)(objectClass=privperson)) == Attrs: dn


This is what I get on my test system:

"... == Attrs:


mail,cn,street,telephoneNumber,mobile,st,mail,ukFirmGhITAccOrg,postalCode,l"


The configuration you sent earlier is expecting uid,mail,cn and co:

'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'Gecos'=> 'uid',
'Country'  => 'co',
}


 Is your ldap search account able to get this information from the
ldapserver?

Best Regards

Martin

On 2016-12-06 10:25, Claude EDUMA wrote:


Yes,

But even if it'is a new user, user is create but I still have LOGIN
FAILED.

below log with a new user

---

[4110] [Tue Dec  6 10:22:44 2016] [debug]: Trying external auth
service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] [1] == Filter:
(&(uid=20005528)(objectClass=privperson)) == Attrs: dn
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: Found LDAP DN:
uid=20005528,ou=people,ou=GO-LM,o=corp.mycorp.com [1] [1]

(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/

Re: [rt-users] Issue With ExternalAuth

[Martin Wheldon]

Hi Claude,

OK from your logs you can see successful lookup from LDAP of the user 
and a successful validation.
So we can rule out issues with communication with the LDAP server and 
user credentials.


The following line however is an issue as you seem to be only 
getting/requesting the dn attribute returned. I'm not quite certain 
which :)


"... == Attrs: dn"
[4110] [Tue Dec  6 10:22:44 2016] [debug]: LDAP Search ===  Base: 
o=corp.mycorp.com [1] == Filter: 
(&(uid=20005528)(objectClass=privperson)) == Attrs: dn


This is what I get on my test system:

"... == Attrs: 
mail,cn,street,telephoneNumber,mobile,st,mail,ukFirmGhITAccOrg,postalCode,l"


The configuration you sent earlier is expecting uid,mail,cn and co:


'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'Gecos'=> 'uid',
'Country'  => 'co',
}


Is your ldap search account able to get this information from the 
ldapserver?


Best Regards

Martin

On 2016-12-06 10:25, Claude EDUMA wrote:

Yes,

But even if it'is a new user, user is create but I still have LOGIN
FAILED.

below log with a new user

---

[4110] [Tue Dec  6 10:22:44 2016] [debug]: Trying external auth
service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] == Filter:
(&(uid=20005528)(objectClass=privperson)) == Attrs: dn
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: Found LDAP DN:
uid=20005528,ou=people,ou=GO-LM,o=corp.mycorp.com [1]
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:268)
[4110] [Tue Dec  6 10:22:44 2016] [info]:
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ):
20005528 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:350)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: LDAP password validation
result: 1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:558)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: Password Validation Check
Result:  1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:383)
[4110] [Tue Dec  6 10:22:44 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[4110] [Tue Dec  6 10:22:44 2016] [error]: FAILED LOGIN for 20005528
from 10.1.52.222 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286)
[4109] [Tue Dec  6 10:22:50 2016] [debug]: Calling UserExists with
$username (20005528) and $service (My_LDAP)
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327)

2016-12-06 11:12 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:


Hi Claude,

Seems you already have a user in the RT database with the same email
address, but different user name.


[3605] [Tue Dec  6 07:58:02 2016] [error]: Couldn't create user
20006583: Email address in use


Best Regards

Martin

On 2016-12-06 08:05, Claude EDUMA wrote:
Hi Martin,

Thank you for your response.

File permissions for my CA.cert are "rw-r--r-".

below rt.log

---

[3605] [Tue Dec  6 07:58:02 2016] [debug]: Attempting to use
external
auth service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Calling UserExists with
$username (20006583) and $service (My_LDAP)
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: UserExists params:
username: 20006583 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] [2] == Filter:
(&(objectClass=privperson)(uid=20006583)) == Attrs:
co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518)
[3605] [Tue Dec  6 07:58:02 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress:
,
Gecos: 20006583, Name: 20006583, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Attempting to get user
info
using this external service: My_LDAP
(/opt/rt4/sbin/../lib/RT/User.pm:743)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [1] [2] == Filter:

(&(objectClass=privperson)(uid=20006583)) == Attrs:
co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406)
[3605] [Tue Dec  6 07:58:02 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: ,
Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos:
20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA
(/opt/rt4/sbin/../l

Re: [rt-users] Issue With ExternalAuth

[Martin Wheldon]

Hi Claude,

Seems you already have a user in the RT database with the same email 
address, but different user name.


[3605] [Tue Dec  6 07:58:02 2016] [error]: Couldn't create user 
20006583: Email address in use


Best Regards

Martin

On 2016-12-06 08:05, Claude EDUMA wrote:

Hi Martin,

Thank you for your response.

File permissions for my CA.cert are "rw-r--r-".

below rt.log

---

[3605] [Tue Dec  6 07:58:02 2016] [debug]: Attempting to use external
auth service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Calling UserExists with
$username (20006583) and $service (My_LDAP)
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: UserExists params:
username: 20006583 , service: My_LDAP
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [2] == Filter:
(&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518)
[3605] [Tue Dec  6 07:58:02 2016] [debug]:
RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User
/opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: ,
Gecos: 20006583, Name: 20006583, Privileged: 1
(/opt/rt4/sbin/../lib/RT/User.pm:735)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Attempting to get user info
using this external service: My_LDAP
(/opt/rt4/sbin/../lib/RT/User.pm:743)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Attempting to use this
canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: LDAP Search ===  Base:
o=corp.mycorp.com [2] == Filter:
(&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406)
[3605] [Tue Dec  6 07:58:02 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: ,
Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos:
20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA
(/opt/rt4/sbin/../lib/RT/User.pm:812)
[3605] [Tue Dec  6 07:58:02 2016] [error]: Couldn't create user
20006583: Email address in use
(/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353)
[3605] [Tue Dec  6 07:58:02 2016] [debug]: Autohandler called
ExternalAuth. Response: (0, No User)
(/opt/rt4/share/html/Elements/DoAuth:58)
[3605] [Tue Dec  6 07:58:02 2016] [error]: FAILED LOGIN for 20006583
from 10.1.179.71 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)



Thank you one more time.

Regards.

2016-12-05 23:35 GMT+01:00 Martin Wheldon
<martin.whel...@greenhills-it.co.uk>:


Hi Claude,

Your english is much better than my french :)
I've cc'd the RT users list as they may have additional suggestions.
The short answer is no I don't believe your problem is caused by TLS
bugs.

You seem to be mixing up the new RT 4.4 LDAP configuration syntax
with the older RT::Authen::ExternalAuth syntax.

If you are using RT 4.4.x then you don't need the following, because
it is the old style syntax:


Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name=> 'uid',
EmailAddress=> 'mail',
RealName=> 'cn'
});


The following option should also be removed when using RT4.4.x


'ssl_version'  => 3,


Is RT able to read your CAcert file? Please could you check the file
permissions.
Do you see any errors in the logs?

Best Regards

Martin

On 2016-12-05 13:22, clauded...@gmail.com wrote:


Hi Martin,

I try to configure LDAP authentication but it don't work.
I'm sure all my config is correct (see below). I tried with
ladapsearch and all it's OK. I look my ldap's server logs and i
bind
users correctly. Do you thinks it's TLS bugs ?

(sorry for my english I'm french)
Thank you.

--
Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name=> 'uid',
EmailAddress=> 'mail',
RealName=> 'cn'
});

# Use the below LDAP source for both authentication, as well
as user
# information
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalServiceUsesSSLorTLS, 1);

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if
they
# fail to exist in an external service; this is so requestors
(who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 0);

# Minimal LDAP configuration; see
RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ldaps://MYLDAPSERVER',
'user' =>  'MYUSER',
'pass' => 

Re: [rt-users] Issue With ExternalAuth

[Martin Wheldon]

Hi Claude,

Your english is much better than my french :)
I've cc'd the RT users list as they may have additional suggestions.
The short answer is no I don't believe your problem is caused by TLS 
bugs.


You seem to be mixing up the new RT 4.4 LDAP configuration syntax with 
the older RT::Authen::ExternalAuth syntax.


If you are using RT 4.4.x then you don't need the following, because it 
is the old style syntax:



Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name=> 'uid',
EmailAddress=> 'mail',
RealName=> 'cn'
});


The following option should also be removed when using RT4.4.x


'ssl_version'  => 3,


Is RT able to read your CAcert file? Please could you check the file 
permissions.

Do you see any errors in the logs?

Best Regards

Martin

On 2016-12-05 13:22, clauded...@gmail.com wrote:

Hi Martin,

I try to configure LDAP authentication but it don't work.
I'm sure all my config is correct (see below). I tried with
ladapsearch and all it's OK. I look my ldap's server logs and i bind
users correctly. Do you thinks it's TLS bugs ?

(sorry for my english I'm french)
Thank you.

--
Set($LDAPBase,'MYLDAPSERVER');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name=> 'uid',
EmailAddress=> 'mail',
RealName=> 'cn'
});


# Use the below LDAP source for both authentication, as well as 
user

# information
Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalServiceUsesSSLorTLS, 1);

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 0);

# Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP 
for

# further details and examples
Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ldaps://MYLDAPSERVER',
'user' =>  'MYUSER',
'pass' =>  'MYPASS',
'base' =>  'MYBASE',
'filter'   =>  '(objectClass=privperson)',
'tls'  => { verify => "require", cafile =>
"/etc/CA.crt" },
'ssl_version'  => 3,
'net_ldap_args'=> [version =>  3, debug => 8   ],
'attr_match_list'  => [
'Name',
'EmailAddress',
],

'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'Gecos'=> 'uid',
'Country'  => 'co',
}
},
}
);

1;



_
Sent from http://requesttracker.8502.n7.nabble.com

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] FTS enabled in SiteConfig, but not being enabled

[Martin Wheldon]

Hi Alex,

Sounds like you may need to clear the mason cache.

Best Regards

Martin

On 2016-11-15 15:34, Alex Hall wrote:

Hi all,
I've enabled FTS on the database, and restarted the server just to be
sure. I have this line in one of my config files:

Set( %FullTextSearch,
Enable => 1,
Indexed => 1,
Table => 'AttachmentsIndex');

And yet, in global > system config, I see that Enable is set to 0, not
1. I've looked at the loaded config files, and they include the one
where I enabled this. After a lot of work yesterday, I did get the
index program to run without any warnings, so I know that worked. I
see no errors in the log when RT starts, at least not related to FTS.

I'm on RT 4.4.1, MySQL 5.7, Debian 8. What's the trick to getting FTS
to work? Thanks!

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Unable to create tickets after MySQL update?

[Martin Wheldon]

Hi Alex,

You could try disabling the PriorityAsString as a test, as least it will 
narrow down your problem space.


Best Regards

Martin

On 2016-11-14 21:15, Alex Hall wrote:

Update: still not working. I tried setting sql-mode to an empty
string, like it would have been in 5.5, and to all the 5.7 standard
ones except strict_trans_tables. Neither helped. Updating existing
tickets, and all data retrieval, seem to work fine. It's just that
priority getting a string (that looks like a variable pointer) instead
of an integer that's causing the problem. Until I fix this, no one can
make tickets, so if anyone has any suggestions, please share them.
Thanks.

On Mon, Nov 14, 2016 at 11:37 AM, Alex Hall 
wrote:


Hello again all,
I just discovered I have a more serious problem than full-text
indexing not working. I'm getting an error when anyone tries to make
a ticket, and the ticket is never created. Here's the message:

Nov 14 11:31:03 server24 RT: [2522] DBD::mysql::st execute failed:
Incorrect integer value: 'ARRAY(0x18325928)' for column 'Priority'
at row 1 at /usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 586.

I have the PriorityAsString extension installed, but that's been
working perfectly for weeks. I've also modified some files so that
the user can select a priority on the main ticket creation page
instead of going to the details view, but that's also been working
smoothly. The only major change is the MySQL 5.5 upgrade to 5.7, but
why that would be the cause, given the error message, I'm not sure.
If RT were trying to insert a string like that before, it should
have never worked. Is there anything I can do to fix this? I'd
rather not revert to 5.5, because I still want that full-text
indexing at some point and would rather fix this problem so I can
keep trying to do that. Thanks!

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Enabling full text index, getting "MySQL server has gone away"

[Martin Wheldon]

Hi Alex,

I think the mysql configuration be "max_allowed_packet" rather than 
"max_packet_size".


Best Regards

Martin

On 2016-11-14 13:54, Alex Hall wrote:

I should also say that I've already tried setting my MySQL
max_packet_size. 500M didn't do it, so I upped it to 5000M, restarting
the service both times. That hasn't changed the warnings I'm getting,
and I really don't think any attachments are over 5GB. Plus, the first
few warnings are that "st execute failed", not about attachments not
being indexed.

On Mon, Nov 14, 2016 at 7:46 AM, Alex Hall  wrote:


Hi all,
As the subject says, I'm trying to enable full text indexing. I've
updated MySQL to 5.7 (on Debian 8) and ran

/opt/rt4/sbin/rt-setup-fulltext-index --dba root --dba-password pwd

However, I get a bunch of warnings about executing the SQL
statements and, after that, that attachments can't be indexed. In
all cases, the main problem is the same: "the MySQL server has gone
away". The initial connection was successful, so I'm not sure what
the problem is. I also tested the root login after the 5.7 update,
just to be sure it worked, and it was fine. Has anyone ever seen
this happen? Any suggestions on what to do about it? Thanks!

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Scrip condition not for Reminders

[Martin Wheldon]

Your very welcome :)

Martin

On 2016-11-11 16:38, Tobias W. wrote:

Hi Martin,

thank you for your tip.

Now works fine!

Thank you and Best Regards,

Tobi

-

VON: Martin Wheldon <martin.whel...@greenhills-it.co.uk>
GESENDET: Freitag, 11. November 2016 12:31
AN: Tobias W.
CC: rt-users@lists.bestpractical.com
BETREFF: Re: [rt-users] Scrip condition not for Reminders

Hi Tobi,

A ticket object has a type method that will return a string when
called:
https://docs.bestpractical.com/rt/4.4.1/RT/Ticket.html#Type1 [1]

Something like the following should help:

if ( $self->TicketObj->Type ne 'reminder ) {
$self->TicketObj->SetStatus('open');
}

Best Regards

Martin

On 2016-11-11 08:01, Tobias W. wrote:

Hello,

We use a RT scrip to check on close if a Custom filed is empty. If

the

Custom field  is empty, the script reopens the ticket.

Condition:  On Resolved

Custom action preparation code:
if( ! $self->TicketObj-> FirstCustomFieldValue( 'FieldName' ) ) {
$self->TicketObj->SetStatus('open');
}else{
$self->TicketObj->AddCustomFieldValue(
Field => 'FieldName',
Value => 'true');
}

Now we have a problem with the reminders: When I close a reminder

the

scrip reopen it.

Is there a way to prevent this?

Thank you,
Tobi

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [2]
* Los Angeles - January 9-11 2017



Links:
--
[1] https://docs.bestpractical.com/rt/4.4.1/RT/Ticket.html#Type1
[2] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Scrip condition not for Reminders

[Martin Wheldon]

Hi Tobi,

A ticket object has a type method that will return a string when called:
   https://docs.bestpractical.com/rt/4.4.1/RT/Ticket.html#Type1

Something like the following should help:

if ( $self->TicketObj->Type ne 'reminder ) {
   $self->TicketObj->SetStatus('open');
}

Best Regards

Martin

On 2016-11-11 08:01, Tobias W. wrote:

Hello,

We use a RT scrip to check on close if a Custom filed is empty. If the
Custom field  is empty, the script reopens the ticket.

Condition:  On Resolved

Custom action preparation code:
if( ! $self->TicketObj-> FirstCustomFieldValue( 'FieldName' ) ) {
$self->TicketObj->SetStatus('open');
}else{
$self->TicketObj->AddCustomFieldValue(
Field => 'FieldName',
Value => 'true');
}

Now we have a problem with the reminders: When I close a reminder the
scrip reopen it.

Is there a way to prevent this?

Thank you,
Tobi

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] view articles/assets in main menu

[Martin Wheldon]

Hi Tomas,

You need to assign the ShowAssetsMenu right to the relevant user/group.
Obvoiusly I'm making the assumption that the user is a Priviledged user.

Best Regards

Martin

On 2016-11-10 09:46, Stehlík Tomáš wrote:

Hello,

another simple question - how can I show articles / assets for
standard user (not root) in main menu? There is only „home page",
„search" and „tools".

Thank you

Tomas Stehlik

__


-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Mapping users of a particular user database under OpenAM(SSO) to a specific queue

[Martin Wheldon]

Hi,

A quick google suggests that you may be looking for OpenAM web policy 
agents


  "Profile Attribute Fetch Mode"

Good luck..

Best Regards

Martin

On 2016-11-09 16:04, Martin Wheldon wrote:

Hi Maneesh,

I'm not familiar with OpenAM, but you should be able to get this to do
the authentication by either SSO cookie or getting the web server to
populate the REMOTE_USER variable.

The following may help...

https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth/DBI/Cookie.html
https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth.html#CONFIGURATION
https://docs.bestpractical.com/rt/4.4.1/authentication.html#Via-your-web-server-aka-WebRemoteUserAuth-aka-REMOTE_USER

However you will need to create groups and configure group
access/permissions to the relevant queue(s) within RT.

Best Regards

Martin

On 2016-11-09 12:58, Maneesh Kumar wrote:

Hello members,

We also have a requirement of mapping users of a particular user
database under OpenAM(SSO) to a specific queue. This is required to
enable users to have access to a specific queue rather than all
queues. The access need to be enabled for creation of tickets and
thereafter for listing his/her open and closed tickets.

Please let me know if this is possible and steps to meet this 
requirement.



Maneesh Kumar


National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing

---
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and 
destroy

all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this 
email

is strictly prohibited and appropriate legal action will be taken.
---

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Mapping users of a particular user database under OpenAM(SSO) to a specific queue

[Martin Wheldon]

Hi Maneesh,

I'm not familiar with OpenAM, but you should be able to get this to do 
the authentication by either SSO cookie or getting the web server to 
populate the REMOTE_USER variable.


The following may help...

https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth/DBI/Cookie.html
https://docs.bestpractical.com/rt/4.4.1/RT/Authen/ExternalAuth.html#CONFIGURATION
https://docs.bestpractical.com/rt/4.4.1/authentication.html#Via-your-web-server-aka-WebRemoteUserAuth-aka-REMOTE_USER

However you will need to create groups and configure group 
access/permissions to the relevant queue(s) within RT.


Best Regards

Martin

On 2016-11-09 12:58, Maneesh Kumar wrote:

Hello members,

We also have a requirement of mapping users of a particular user
database under OpenAM(SSO) to a specific queue. This is required to
enable users to have access to a specific queue rather than all
queues. The access need to be enabled for creation of tickets and
thereafter for listing his/her open and closed tickets.

Please let me know if this is possible and steps to meet this 
requirement.



Maneesh Kumar


National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing

---
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and 
destroy

all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this 
email

is strictly prohibited and appropriate legal action will be taken.
---

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Mapping users of a particular LDAP database to a specific queue

[Martin Wheldon]

Hi Maneesh,


We have a requirement of mapping users of a particular LDAP database
to a specific queue.


Just to clarify your first statement, do you require a particular set of 
user accounts stored in LDAP

to only have access to one or more queues?

If that is the case then this can be achieved using a combination of the 
External Authentication and LDAPimport

functionality, documentation can be found here:

  https://docs.bestpractical.com/rt/4.4.1/authentication.html
  https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html

The External Auth handles user import, but you need LDAP Import to 
create the groups, these groups can either by static

groups or dynamically created using a LDAP search filter.

Then all you need to do is assign the correct perms for the group and 
apply it to the queue.


Sorry to describe at such a high level, but the authentication system is 
very flexible and with that comes

a little complexity.

Hope that helps.

Best Regards

Martin

On 2016-11-09 12:30, Maneesh Kumar wrote:

Hello members,

We have a requirement of mapping users of a particular LDAP database
to a specific queue. This is required to enable users to have access
to a specific queue rather than all queues. The access need to be
enabled for creation of tickets and thereafter for listing his/her
open and closed tickets.

Please let me know if this is possible and steps to meet this 
requirement.



Maneesh Kumar


National PARAM Supercomputing Facility

HPC Infrastructure and Ecosystem Group
Centre for Development of Advanced Computing

---
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and 
destroy

all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this 
email

is strictly prohibited and appropriate legal action will be taken.
---

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Searching ticket content?

[Martin Wheldon]

Hi Alex,

I'm guessing you are looking for full text indexing, further details can 
be found here:


https://docs.bestpractical.com/rt/4.4.1/full_text_indexing.html

Best Regards

Martin

On 2016-11-07 13:57, Alex Hall wrote:

Hello list,
Some users at work are wondering if they can search ticket contents?
There's no way in the search builder, but I know I can plug any SQL I
want to into the advanced search. Even if I knew the SQL to use,
though, that's only a saved search for that string. Could I somehow
offer users a way to search for a string they enter when they're ready
to search? I don't want to expose the actual SQL query, as there's too
much chance of a misplaced punctuation mark or mistyped character
causing errors. Thanks.

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Search Assets by People gives "No assets matching search criteria found."

[Martin Wheldon]

Hi Tom,

Just tried this on my RT 4.4.1 install and it works fine, this is 
probably this bug?


From the release notes of RT 4.4.1
* Fix searching for people associated with Assets (I#31546)

Best Regards

Martin

On 2016-11-03 00:01, Tom Robinson wrote:

Sorry, forgot to mentions I'm using RT4 version 4.4.0


On 03/11/16 10:37, Tom Robinson wrote:

Hi,

I'm trying to search my Assets database by People (Owner, Contact or 
Held By) but always get "No

assets matching search criteria found.".

I think there may be an issue with the created query as I'm seeing an 
error in the logs. Anyone know

what is causing this?

Kind regards,
Tom


==> httpd/error_log <==
[2409] [Wed Nov  2 23:36:26 2016] [warning]: Use of uninitialized 
value $args{"GroupsAlias"} in hash

element at /usr/local/rt4/lib/RT/SearchBuilder/Role/Roles.pm line 153.
(/usr/local/rt4/lib/RT/SearchBuilder/Role/Roles.pm:153)

==> messages <==
Nov  3 10:36:26 marshal RT: [2409] Use of uninitialized value 
$args{"GroupsAlias"} in hash element

at /usr/local/rt4/lib/RT/SearchBuilder/Role/Roles.pm line 153.

==> httpd/error_log <==
[2409] [Wed Nov  2 23:36:26 2016] [warning]: Use of uninitialized 
value $args{"ALIAS1"} in
concatenation (.) or string at 
/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 1086.

(/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm:1086)

==> messages <==
Nov  3 10:36:26 marshal RT: [2409] Use of uninitialized value 
$args{"ALIAS1"} in concatenation (.)
or string at /usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 
1086.


==> httpd/error_log <==
[2409] [Wed Nov  2 23:36:26 2016] [warning]: Use of uninitialized 
value in string eq at

/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 1282.
(/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm:1282)

==> messages <==
Nov  3 10:36:26 marshal RT: [2409] Use of uninitialized value in 
string eq at

/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 1282.

==> httpd/error_log <==
[2409] [Wed Nov  2 23:36:26 2016] [warning]: DBD::mysql::st execute 
failed: You have an error in
your SQL syntax; check the manual that corresponds to your MySQL 
server version for the right syntax
to use near ') JOIN Groups Groups_1  ON ( Groups_1.Domain = 
'RT::Asset-Role' ) AND ( Groups_1' at
line 1 at /usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 
586.

(/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm:586)

==> messages <==
Nov  3 10:36:26 marshal RT: [2409] DBD::mysql::st execute failed: You 
have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version 
for the right syntax to use
near ') JOIN Groups Groups_1  ON ( Groups_1.Domain = 'RT::Asset-Role' 
) AND ( Groups_1' at line 1 at

/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 586.

==> httpd/error_log <==
[2409] [Wed Nov  2 23:36:26 2016] [warning]: 
RT::Handle=HASH(0x8a09ae8) couldn't execute the query
'SELECT COUNT(DISTINCT main.id) FROM Assets main JOIN 
CachedGroupMembers CachedGroupMembers_3  ON (
CachedGroupMembers_3.Disabled = '0' ) AND ( 
CachedGroupMembers_3.GroupId = .id ) JOIN Groups
Groups_1  ON ( Groups_1.Domain = 'RT::Asset-Role' ) AND ( 
Groups_1.Name = 'Owner' ) AND (
Groups_1.Instance = main.id ) JOIN CachedGroupMembers 
CachedGroupMembers_2  ON (
CachedGroupMembers_2.Disabled = '0' ) AND ( 
CachedGroupMembers_2.GroupId = Groups_1.id )  WHERE ( (
CachedGroupMembers_2.MemberId = '22' )  OR  ( 
CachedGroupMembers_3.MemberId = '0' ) ) AND

(main.Catalog = '4') AND (main.Status != 'deleted') ' at
/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 599.

DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0x8a09ae8), 
"SELECT COUNT(DISTINCT
main.id) FROM Assets main JOIN CachedGr"...) called at 
/usr/local/share/perl5/DBIx/SearchBuilder.pm

line 295
DBIx::SearchBuilder::_DoCount(RT::Assets=HASH(0xa8943c0)) 
called at

/usr/local/rt4/lib/RT/SearchBuilder.pm line 993
RT::SearchBuilder::_DoCount(RT::Assets=HASH(0xa8943c0)) called 
at

/usr/local/rt4/lib/RT/Assets.pm line 293
RT::Assets::_DoCount(RT::Assets=HASH(0xa8943c0)) called at
/usr/local/share/perl5/DBIx/SearchBuilder.pm line 1471
DBIx::SearchBuilder::Count(RT::Assets=HASH(0xa8943c0)) called 
at

/var/www/rt4/Asset/Search/index.html line 57
HTML::Mason::Commands::__ANON__("!CF.{Asset Number}", "", 
"CF.{OS}", "", "CF.{Express

Service Code}", "", "Status", "", "CF.{Asset Number}", ...) called at
/usr/local/share/perl5/HTML/Mason/Component.pm line 135

HTML::Mason::Component::run(HTML::Mason::Component::FileBased=HASH(0xa667330), 
"!CF.{Asset
Number}", "", "CF.{OS}", "", "CF.{Express Service Code}", "", 
"Status", "", ...) called at

/usr/local/share/perl5/HTML/Mason/Request.pm line 1302
eval {...} called at 
/usr/local/share/perl5/HTML/Mason/Request.pm line 1292
HTML::Mason::Request::comp(undef, undef, undef, "!CF.{Asset 
Number}", "", "CF.{OS}", "",
"CF.{Express Service Code}", "", ...) called at 

Re: [rt-users] Finding queue priority in script?

[Martin Wheldon]

Sorry that should be DefaultValue, not SetDefaultValue.
Should read the question more closely :(

Martin

On 2016-11-02 09:10, Martin Wheldon wrote:

Hi Alex,

The file below contains a example of how to set the default values for 
a queue.


share/html/Admin/Queues/DefaultValues.html

Looks like the SetDefaultValue method for Queues isn't documented or a
least I haven't found where, which seems odd
as I've always found RT to be very well documented.

Best Regards

Martin

On 2016-11-01 21:50, Alex Hall wrote:

Hi all,
It hit me the other day that instead of trying to move the priority
field out of the details view, I could simply make a custom field for
priority, then set it in a script on ticket creation.

I see in the docs how to set a ticket's priority, but is there a way
to get a queue's priority values (initial and maximum)? All our queues
will likely share priority settings, so I'm not too worried about
this, but I would prefer to base things off a given queue's settings
if possible. The docs for Queue objects mention nothing about
priority, which seems like an odd ommition. Thanks for any
suggestions.

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - Q1 2017

Re: [rt-users] Finding queue priority in script?

[Martin Wheldon]

Hi Alex,

The file below contains a example of how to set the default values for a 
queue.


share/html/Admin/Queues/DefaultValues.html

Looks like the SetDefaultValue method for Queues isn't documented or a 
least I haven't found where, which seems odd

as I've always found RT to be very well documented.

Best Regards

Martin

On 2016-11-01 21:50, Alex Hall wrote:

Hi all,
It hit me the other day that instead of trying to move the priority
field out of the details view, I could simply make a custom field for
priority, then set it in a script on ticket creation.

I see in the docs how to set a ticket's priority, but is there a way
to get a queue's priority values (initial and maximum)? All our queues
will likely share priority settings, so I'm not too worried about
this, but I would prefer to base things off a given queue's settings
if possible. The docs for Queue objects mention nothing about
priority, which seems like an odd ommition. Thanks for any
suggestions.

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - Q1 2017

Re: [rt-users] Overriding files in lib/RT?

[Martin Wheldon]

Hi Alex,

You may need to add the following to the end of your Email_Local.pm 
file:


1;

Best Regards

Martin

On 2016-10-31 20:17, Alex Hall wrote:

Hi all,
Thanks for the responses, it's partially working. When I use my
Email_Local.pm, the server refuses to start, yet I have no errors.
Running it through Perl's checker reveals only:

Name "RT::Logger" used only once: possible typo at Email_Local.pm at
line 31

Perl says everything else is fine. I pulled the single function I
wanted to modify out of the original Email.pm (ParseTicketId) and left
it alone, except for changing \s+ to \s* in the "if (my $@captures"
line. As usual, any errors that might be generated are going who knows
where, so I'm not sure where to start looking. As I said, Perl thinks
this is fine save that warning, but RT definitely doesn't. Any
thoughts? Here's the file:

use strict;
use warnings;
no warnings qw(redefine);

package RT::Interface::Email;

#Takes a string and searches for [subjecttag #id]

#Returns the id if a match is found.  Otherwise returns undef.

sub ParseTicketId {
my $Subject = shift;

my $rtname = RT->Config->Get('rtname');
my $test_name = RT->Config->Get('EmailSubjectTagRegex') ||
qr/\Q$rtname\E/i;

# We use @captures and pull out the last capture value to guard
against
# someone using (...) instead of (?:...) in $EmailSubjectTagRegex.
my $id;
if ( my @captures = $Subject =~ /\[$test_name\s*\#(\d+)\s*\]/i ) {
$id = $captures[-1];
} else {
foreach my $tag ( RT->System->SubjectTag ) {
next unless my @captures = $Subject =~
/\[\Q$tag\E\s+\#(\d+)\s*\]/i;
$id = $captures[-1];
last;
}
}
return undef unless $id;

$RT::Logger->debug("Found a ticket ID. It's $id");
return $id;
}

On Mon, Oct 31, 2016 at 12:18 PM, Nilesh  wrote:


To extend you should either add code in Email_Local.pm or
Email_Overlay.pm. If you name it as Email.pm then you have to copy
all code from existing module and modify it.

I'm not sure about differences between Overlay and Local but I think
that difference is for OO vs adding some functionality.

--
Nilesh

On 31-Oct-2016 9:45 PM, "Matt Zagrabelny" 
wrote:


Hi Alex,

On Mon, Oct 31, 2016 at 11:09 AM, Alex Hall 
wrote:

Hey list,
How would I override /opt/rt4/lib/RT/Interface/Email.pm [1]?


Overlays.





https://docs.bestpractical.com/rt/4.4.1/RT/StyleGuide.html#EXTENDING-RT-CLASSES

[2]

It looks like there is also an outdated wiki article:

https://rt-wiki.bestpractical.com/wiki/ObjectModel [3]

-m
-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [4]
* Los Angeles - Q1 2017


-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [4]
* Los Angeles - Q1 2017


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


Links:
--
[1] http://l.pm
[2]
https://docs.bestpractical.com/rt/4.4.1/RT/StyleGuide.html#EXTENDING-RT-CLASSES
[3] https://rt-wiki.bestpractical.com/wiki/ObjectModel
[4] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - Q1 2017

Re: [rt-users] "Hidden" tickets suddenly appear

[Martin Wheldon]

Hi Jeff,

If you examine the ticket history of the problem ticket it should tell 
you what happened

for it to be set back to the "new" status.

Is it being reopened by a reply to a email from the pervious ticket 
corespondance perhaps??


Best Regards

Martin

On 2016-10-25 16:00, Jeff Blaine wrote:

RT 4.2.13 backed by PostgreSQL, though I feel like we've been
experiencing the following for many versions.

I've been suspect for quite some time, but thought maybe I was losing 
my
mind instead. I've confirmed finally that I am not losing my mind re: 
RT
in this specific case. We are definitely seeing the following 
situation.


I'm curious if anyone has thoughts as to where to start debugging the
root cause.

I use a simple saved search as my view into RT at work. Others using
this queue also use a similar one. The query is:

Queue = 'atcc-help'
AND
   (
  Status = 'new'
  OR Status = 'open'
  OR Status = 'stalled'
   )
AND (
   Owner = 'Nobody'
   OR Owner = 'jbla...@our.org'
)

The display settings for the search have "Rows: Unlimited"

It results in a daily list of 70-120 tickets.

We are seeing tickets appear in this list, where they have never
appeared in the list before, after some period of being in the queue. 
In

most cases, the mystery ticket has a "Created" date of more than a few
weeks ago. The most recent case was 5 months. That is, a ticket with
"Created" of around 5 months ago, and in "new" status, showed up in the
results of the search above where it never had shown up before.

As you can imagine, this is terrible for customer service. Luckily it
seems pretty rare. I would estimate that we see this happen ~5 times 
per
year, and then have to start the very awkward conversation about how 
the

ticket "slipped through our cracks".

Thoughts very welcome.

Jeff
-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?

[Martin Wheldon]

Hi Malcolm,

The output from rt-ldapimport is normal if no changes are required, as
I've just tried it here in my lab and it is working.

Incidentally LDAPImport doesn't currently support TLS, I've written a 
patch which
you are welcome to have if you would like it. I'm afraid I haven't 
submitted it to BP

yet, but intend too when I get some time.

Best Regards

Martin

On 2016-10-19 14:21, Malcolm Galland wrote:

Ah, yes.  It looks like I had commented it out during testing, and
that's what was causing the PeerHost error.  Below is the section of
SiteConfig dedicated to LDAPImport:

Set($LDAPHost,'ggdc1.domain.int'); 
Set($LDAPUser,'LDAP_ACCOUNT'); 
Set($LDAPPassword,'LDAP_ACCOUNT_PASS'); 
Set($LDAPBase, 'dc=domain,dc=int'); 
Set($LDAPFilter, '(&(cn = users))'); 
Set($LDAPMapping, {Name => 'uid', # required
   EmailAddress => 'mail', 
   RealName => 'cn', 
   WorkPhone=> 'telephoneNumber', 
   Organization => 'departmentName'}); 

# If you want to sync Groups from LDAP into RT

Set($LDAPGroupBase, 'dc=domain,dc=int'); 
Set($LDAPGroupFilter, '(&(cn = Groups))'); 
Set($LDAPGroupMapping, {Name   => 'cn', 
Member_Attr=> 'member', 
Member_Attr_Value  => 'dn' });

Interesting follow up question though, when I run rt-ldapimport I don't
get any errors, but the output doesn't exactly instill a feeling of
sucess either:

/opt/rt4/sbin/rt-ldapimport --debug
Running test import, no data will be changed
Rerun command with --import to perform the import
Rerun command with --debug for more information
Testing group import
Finished test


On Wed, 2016-10-19 at 14:09 +, Martin Wheldon wrote:

Hi Malcolm,

You are missing the LDAP import configuration, which is separate
from 
the External auth config.
The following will help:

   https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html

Best Regards

Martin

On 2016-10-19 13:37, Malcolm Galland wrote:
>
> I've set up RT, and am testing it with rt-server.  Everything seems
> to
> be going smoothly except LDAP with RT::Authen::ExternalAuth.  I
> read
> the docs and have implemented the suggested changes in
> /opt/rt4/etc/RT_SiteConfig.pm like so:
>
> Set( $ExternalAuthPriority, ["My_LDAP"] );
> Set( $ExternalInfoPriority, ["My_LDAP"] );
> Set($ExternalAuth, 1);
> Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
> Set($AutoCreateNonExternalUsers, 1);
> Set($ExternalSettings, {
>     'My_LDAP'   =>  {
>         'type' =>  'ldap',
>         'server'   =>  'ggdc1.domain.int',
>         'user' =>  'LDAP_ACCOUNT',
>         'pass' =>  'LDAP_ACCOUNT_PASS',
>         'base' =>  'ou=Production,dc=domain,dc=int',
>         'filter'   =>  '(objectClass=inetOrgPerson)',
>         'attr_match_list'  => [
>             'Name',
>             'EmailAddress',
>         ],
>         'attr_map' => {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
>                 'WorkPhone'=> 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State'=> 'st',
> 'Zip'  => 'postalCode',
> 'Country'  => 'co',
>         },
>     },
> } );
>
> The issue is when I try to login the users aren't allowed access,
> and I
> get the following error from rt-server:
>
> [error]: FAILED LOGIN for username_redacted from IP_REDACTED
> (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)
>
> Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug
> I get: 
>  [critical]: Expected 'PeerHost' at
> /usr/local/share/perl/5.20.2/Net/LDAP.pm line 164.
> (/opt/rt4/sbin/../lib/RT.pm:390)
>
> Any ideas?  I read every document I could find, but it's hard to
> know
> which non-official ones you can trust since RT has been around so
> long
> and ExternalAuth was just added to the core.  Also, the official
> docs
> are a bit terse.
> -
> RT 4.4 and RTIR training sessions, and a new workshop day!
> https://bestpractical.com/training
> * Boston - October 24-26
> * Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?

[Martin Wheldon]

Hi Malcolm,

Are you able to get any results from the LDAP server when you try the 
same search

using ldapsearch from the commandline on the Debian box?

Something like:
  ldapsearch -D LDAP_ACCOUNT -x -w -ZZ -H ldap://ggdc1.domain.int/ -b 
ou=Production,dc=domain,dc=int "(objectClass=inetOrgPerson)"


I'm guessing your LDAP server is MS AD so you will probably need to 
configure TLS.

The following items come from my configuration.


Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalAuth, 1);
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);


# Use TLS
Set($ExternalServiceUsesSSLorTLS,1);


Set($ExternalSettings, {
'My_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ggdc1.domain.int',


# Configure TLS settings
'tls'   =>  {
'verify'=>  'require',
'cafile'=>  '/etc/ssl/certs/CACert.pem',  # Path CA 
file

 },


'user' =>  'LDAP_ACCOUNT',
'pass' =>  'LDAP_ACCOUNT_PASS',
'base' =>  'ou=Production,dc=domain,dc=int',
'filter'   =>  '(objectClass=inetOrgPerson)',
'attr_match_list'  => [
'Name',
'EmailAddress',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
'WorkPhone'=> 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State'=> 'st',
'Zip'  => 'postalCode',
'Country'  => 'co',
},
},
} );


Best Regards

Martin

On 2016-10-19 13:37, Malcolm Galland wrote:

I've set up RT, and am testing it with rt-server.  Everything seems to
be going smoothly except LDAP with RT::Authen::ExternalAuth.  I read
the docs and have implemented the suggested changes in
/opt/rt4/etc/RT_SiteConfig.pm like so:

Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalAuth, 1);
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
    'My_LDAP'   =>  {
        'type' =>  'ldap',
        'server'   =>  'ggdc1.domain.int',
        'user' =>  'LDAP_ACCOUNT',
        'pass' =>  'LDAP_ACCOUNT_PASS',
        'base' =>  'ou=Production,dc=domain,dc=int',
        'filter'   =>  '(objectClass=inetOrgPerson)',
        'attr_match_list'  => [
            'Name',
            'EmailAddress',
        ],
        'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
                'WorkPhone'=> 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State'=> 'st',
'Zip'  => 'postalCode',
'Country'  => 'co',
        },
    },
} );

The issue is when I try to login the users aren't allowed access, and I
get the following error from rt-server:

[error]: FAILED LOGIN for username_redacted from IP_REDACTED
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)

Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug
I get: 
 [critical]: Expected 'PeerHost' at
/usr/local/share/perl/5.20.2/Net/LDAP.pm line 164.
(/opt/rt4/sbin/../lib/RT.pm:390)

Any ideas?  I read every document I could find, but it's hard to know
which non-official ones you can trust since RT has been around so long
and ExternalAuth was just added to the core.  Also, the official docs
are a bit terse.
-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] RT 4.4.1 on Debian with RT::Authen::ExternalAuth?

[Martin Wheldon]

Hi Malcolm,

You are missing the LDAP import configuration, which is separate from 
the External auth config.

The following will help:

  https://docs.bestpractical.com/rt/4.4.1/RT/LDAPImport.html

Best Regards

Martin

On 2016-10-19 13:37, Malcolm Galland wrote:

I've set up RT, and am testing it with rt-server.  Everything seems to
be going smoothly except LDAP with RT::Authen::ExternalAuth.  I read
the docs and have implemented the suggested changes in
/opt/rt4/etc/RT_SiteConfig.pm like so:

Set( $ExternalAuthPriority, ["My_LDAP"] );
Set( $ExternalInfoPriority, ["My_LDAP"] );
Set($ExternalAuth, 1);
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
Set($AutoCreateNonExternalUsers, 1);
Set($ExternalSettings, {
    'My_LDAP'   =>  {
        'type' =>  'ldap',
        'server'   =>  'ggdc1.domain.int',
        'user' =>  'LDAP_ACCOUNT',
        'pass' =>  'LDAP_ACCOUNT_PASS',
        'base' =>  'ou=Production,dc=domain,dc=int',
        'filter'   =>  '(objectClass=inetOrgPerson)',
        'attr_match_list'  => [
            'Name',
            'EmailAddress',
        ],
        'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'RealName' => 'cn',
                'WorkPhone'=> 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State'=> 'st',
'Zip'  => 'postalCode',
'Country'  => 'co',
        },
    },
} );

The issue is when I try to login the users aren't allowed access, and I
get the following error from rt-server:

[error]: FAILED LOGIN for username_redacted from IP_REDACTED
(/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826)

Just for kicks, if I run /opt/rt4/sbin/rt-ldapimport --debug
I get: 
 [critical]: Expected 'PeerHost' at
/usr/local/share/perl/5.20.2/Net/LDAP.pm line 164.
(/opt/rt4/sbin/../lib/RT.pm:390)

Any ideas?  I read every document I could find, but it's hard to know
which non-official ones you can trust since RT has been around so long
and ExternalAuth was just added to the core.  Also, the official docs
are a bit terse.
-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

[rt-users] Search for Assets with active tickets

[Martin Wheldon]

Hi,

I'm running RT 4.4.1 and am trying to get a list of Assets that have 
active tickets logged against them.


I know I can do a asset search for all assets then click through each of 
the active links, but am
wondering whether I can coerce the Advanced ticket search into doing 
this.


Any help/pointers in the right direction would be much appreciated.

Thanks in advance

--
Martin Wheldon
Greenhills IT Ltd.
Telephone: 01904 238 454
Website: www.greenhills-it.co.uk

Greenhills IT Ltd. is a limited company registered in England and Wales.
Company Registration No: 06387214
Registered Offices: 2 Greenhills, Claxton, YORK, North Yorkshire, YO60 
7SA

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] RT 4.4.1 login form and 2FA

[Martin Wheldon]

Hi,

Using the Duo ldap proxy looks like a viable option too.

  https://duo.com/docs/ldap

Best Regards

Martin

On 2016-10-17 13:37, Matt Zagrabelny wrote:
On Mon, Oct 17, 2016 at 7:45 AM, Kem Hartley  
wrote:

RT Community,
I'm trying to setup 2FA, specifically Duo, with the RT login process.  
I'm
having a difficult time figuring out where to place the duo perl code 
in the
login process.  I'm using external LDAP authentication.  Once the 
successful
login returns from LDAP, where does RT forward to the home page.  I 
need to
put in the duo perl code before RT sends the authenticated user to the 
home

page.  Any help would be greatly appreciated.  Thank you.


Are you looking to use LDAP for AUTHN or hack RT to use DUO?

I'm not sure if LDAP can use PAM for AUTHN, but if it can, you can use
a PAM RADIUS module and configure DUO on your RADIUS server.

-m
-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] RT 4.4.1 login form and 2FA

[Martin Wheldon]

Hi,

I'm not familiar with the DUO 2FA solution, but I think you may be 
looking for callbacks in the login page.

The following should help:

  https://rt-wiki.bestpractical.com/wiki/CustomizingWithCallbacks

I beleive the ones you are interested in are those below:
  /Elements/Login CallbackName => 'AfterForm'
  /Elements/Login CallbackName => 'BeforeForm'

Hope that helps

Best Regards

Martin

On 2016-10-17 12:45, Kem Hartley wrote:

RT Community,
I'm trying to setup 2FA, specifically Duo, with the RT login process.
I'm having a difficult time figuring out where to place the duo perl
code in the login process.  I'm using external LDAP authentication.
Once the successful login returns from LDAP, where does RT forward to
the home page.  I need to put in the duo perl code before RT sends the
authenticated user to the home page.  Any help would be greatly
appreciated.  Thank you.

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Connecting RT to IBM iSeries and/or MSSQL databases?

[Martin Wheldon]

Hi Alex,

Sounds like you may be looking for the external custom fields 
functionality, please

see the link below for details:

https://docs.bestpractical.com/rt/4.4.1/extending/external_custom_fields.html

Best Regards

Martin

On 2016-10-10 15:15, Alex Hall wrote:

Hello list,
Another day, another proposed RT modification for me to investigate.
Our company has six remote representatives who each have a few hundred
customers they visit in person. The customer support team works
locally, and is the group who actually enters all the tickets. We want
reps to be able to look at tickets related to their customers, but we
want to do that in a dashboard and not as a CC. Since each rep has
hundreds of customers, and since the customer base for a rep can
change a lot, saved searches aren't an ideal solution. It is also too
error-prone and time-consuming to have staff enter a customer rep ID
for every ticket, as they already have to enter an order number and
other custom information. The good news is that, in databases we
already have, the order number can lead from the order, to the
customer, to the representative.

My thought is to have a cron job or a custom script that can take the
order number, look up the rep on our iSeries or MSSQL databases, and
fill in a custom field with the username of the relevant
representative. I like the idea of a script, so that users can see the
change immediately, but a cron job would probably be okay too. This
would then let us use a saved search that just finds tickets where the
rep name equals the name of the user whose dashboard it is, instead of
having hundreds of 'or' statements trying to find all possible
customer numbers.

* Can Perl code in scripts talk to an external database as I've
described?

* Can the RT cron tool do this job? If so, what might the workflow
look like? I haven't yet looked very deeply into this tool's abilities
or syntax.

Thanks for any thoughts. Debian 8.6, RT4.2.8 (hopefully going to be
4.4 sometime soon), MySQL database for RT. No, the server doesn't yet
have the drivers for these databases, but my question is about
integrating the information into RT and not about how Debian talks to
DB2 or Server.

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Database again stuck at SQLite?

[Martin Wheldon]

Hi Alex,

No problem, glad you have it working.

Martin

On 2016-09-14 14:44, Alex Hall wrote:

Thank you! It's working now, and I see what you mean about the
rt4-db-* package installations. RT is finally running on our new
server!

On Wed, Sep 14, 2016 at 10:02 AM, Martin Wheldon
<martin.whel...@greenhills-it.co.uk> wrote:


Hi Alex,

I've not run a Debian packaged install for a long time, but looking
at the package dependancies
I think the following may help.

How did you do the package install? If you ran the following it
should just work.
$ sudo apt-get install request-tracker4 rt4-db-mysql

If however you just installed the request-tracker4 package it would
install rt4-db-sqlite and you
will experience all kinds of issues like the ones you are
describing.

The following should fix your issues:

$ sudo apt-get remove --purge request-tracker4 rt4-*
$ sudo apt-get autoremove
$ sudo apt-get install request-tracker4 rt4-db-mysql

Hope that helps

Martin

On 2016-09-14 13:00, Alex Hall wrote:
Hello all,
I'm getting a bit desperate. I have no idea why the setting in
51-dbconfig-common and the main SiteConfig.pm file are both 'mysql',
but the error when my FCGI server starts clearly indicates that RT
is
trying to connect to a SQLite database. I've run
update-rt-siteconfig,
and I've tried to run dbconfig-common; the latter doesn't exist, and
I
just get an error from the shell that it doesn't know the command.
The
former works fine, as indicated by all the settings being in the .pm
file, but never actually seems to apply those settings for some
reason.

I've even re-installed both RT and rt4-db-mysql, but that didn't
make
any difference as, for some reason, the initial package
configuration
for RT didn't appear. I've also changed the database type in
/etc/dbconfig-common/request-tracker4.conf, but again, to no avail.
Perhaps there's a way of applying dbconfig-common changes I don't
know?

If anyone has any ideas about how I might get RT on the right
backend,
please, please send them along. We haven't been able to move RT to a
local server, and thus start testing it with a wider pool of users,
for two days because of this problem. My boss isn't happy, and I'm
stuck.

On Tue, Sep 13, 2016 at 4:23 PM, Alex Hall <ah...@autodist.com>
wrote:

Just a quick update. I've now tried changing the port and database
username, then re-applying the settings with update-rt-siteconfig.
They change just fine. Yet, the error in the log is still regarding
SQLite3, even though the database type is very clearly set to mysql.
I have no idea why the setting is right, but RT refuses to use it.
Please, if anyone knows how to troubleshoot this or re-run the
initial database setup, let me know. Thanks.

On Tue, Sep 13, 2016 at 7:07 AM, Alex Hall <ah...@autodist.com>
wrote:

Hello all,
I emailed last week asking a lot of questions, among them how to
get my RT installation over to MySQL instead of SQLite3. Having
moved to a company server, I'm again configuring RT, and I'm again
stuck here. During the install, I accidentally hit enter at the
database prompt rather than first hitting M. I figured I could
change it later, so wasn't worried about it, especially as I'm now
comfortable with how to update settings in RT.

Yet, I can't seem to manage it. I've gone into
RT_SiteConfig.d51dbconfig-common and made the changes, then issued
update-rt-siteconfig
and gotten confirmation that my configuration file was replaced,
but the log continues to show that RT is trying to connect to
SQLite. I've also restarted the RT service, and there's no server
to restart since this database error kills the FCGI server
immediately after it spawns. I've even restarted Nginx, though it
shouldn't make a difference. I know there's a command to re-run
the database configuration wizard, but I can't find it anywhere.

Two things, then. What's the command to re-configure the database
settings, and why might changing them in RT_SiteConfig.d and then
running update-rt-siteconfig not make the changes I want? Thanks!

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training [1]
* Boston - October 24-26
* Los Angeles - Q1 2017

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


Links:
--
[1] https://bestpractical.com/training

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Database again stuck at SQLite?

[Martin Wheldon]

Hi Alex,

I've not run a Debian packaged install for a long time, but looking at 
the package dependancies

I think the following may help.

How did you do the package install? If you ran the following it should 
just work.

$ sudo apt-get install request-tracker4 rt4-db-mysql

If however you just installed the request-tracker4 package it would 
install rt4-db-sqlite and you

will experience all kinds of issues like the ones you are describing.

The following should fix your issues:

$ sudo apt-get remove --purge request-tracker4 rt4-*
$ sudo apt-get autoremove
$ sudo apt-get install request-tracker4 rt4-db-mysql

Hope that helps

Martin

On 2016-09-14 13:00, Alex Hall wrote:

Hello all,
I'm getting a bit desperate. I have no idea why the setting in
51-dbconfig-common and the main SiteConfig.pm file are both 'mysql',
but the error when my FCGI server starts clearly indicates that RT is
trying to connect to a SQLite database. I've run update-rt-siteconfig,
and I've tried to run dbconfig-common; the latter doesn't exist, and I
just get an error from the shell that it doesn't know the command. The
former works fine, as indicated by all the settings being in the .pm
file, but never actually seems to apply those settings for some
reason.

I've even re-installed both RT and rt4-db-mysql, but that didn't make
any difference as, for some reason, the initial package configuration
for RT didn't appear. I've also changed the database type in
/etc/dbconfig-common/request-tracker4.conf, but again, to no avail.
Perhaps there's a way of applying dbconfig-common changes I don't
know?

If anyone has any ideas about how I might get RT on the right backend,
please, please send them along. We haven't been able to move RT to a
local server, and thus start testing it with a wider pool of users,
for two days because of this problem. My boss isn't happy, and I'm
stuck.

On Tue, Sep 13, 2016 at 4:23 PM, Alex Hall  wrote:


Just a quick update. I've now tried changing the port and database
username, then re-applying the settings with update-rt-siteconfig.
They change just fine. Yet, the error in the log is still regarding
SQLite3, even though the database type is very clearly set to mysql.
I have no idea why the setting is right, but RT refuses to use it.
Please, if anyone knows how to troubleshoot this or re-run the
initial database setup, let me know. Thanks.

On Tue, Sep 13, 2016 at 7:07 AM, Alex Hall 
wrote:


Hello all,
I emailed last week asking a lot of questions, among them how to
get my RT installation over to MySQL instead of SQLite3. Having
moved to a company server, I'm again configuring RT, and I'm again
stuck here. During the install, I accidentally hit enter at the
database prompt rather than first hitting M. I figured I could
change it later, so wasn't worried about it, especially as I'm now
comfortable with how to update settings in RT.

Yet, I can't seem to manage it. I've gone into
RT_SiteConfig.d51dbconfig-common and made the changes, then issued
update-rt-siteconfig
and gotten confirmation that my configuration file was replaced,
but the log continues to show that RT is trying to connect to
SQLite. I've also restarted the RT service, and there's no server
to restart since this database error kills the FCGI server
immediately after it spawns. I've even restarted Nginx, though it
shouldn't make a difference. I know there's a command to re-run
the database configuration wizard, but I can't find it anywhere.

Two things, then. What's the command to re-configure the database
settings, and why might changing them in RT_SiteConfig.d and then
running update-rt-siteconfig not make the changes I want? Thanks!


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Best web server for RT4?

[Martin Wheldon]

Hi,

If you decide to retry a source install. You might want to look at
using perlbrew to install a stand alone perl and configuring cpanminus 
as

described in the rt_perl documentation below will make life much easier.

https://docs.bestpractical.com/rt/4.4.1/rt_perl.html

I'm a big fan of Ubuntu/Debian, but always use a source install of RT, 
with Nginx incidently,

works a treat.

Best Regards

Martin

On 2016-09-02 13:01, Alex Hall wrote:

Thanks for the very helpful reply. No, I didn't know about rt4-fcgi,
nor the update command. Unfortunately, even after running that
command, the stand-alone server still thinks it's supposed to use
SQLite3 and the default database name, for some reason. I even
restarted the request-tracker4 service.

Where are the docs you mentioned? I searched for "request tracker
debian", but got only unhelpful results. There's an RT set up for
Debian itself; a wikia.com [1] page that is broken, an install guide
for RT3.6 that never mentions the rt4-fcgi package, and so on. The
package details page for rt4-fcgi itself doesn't seem to give any
usage instructions, unless I'm missing them (possible when using a
screen reader, though unlikely). Specifically, I'm not sure how to
tell it to use 127.0.0.1:8485 [2], or whatever port I set in the RT
site file for Nginx. Are there other commands that will be useful?

Installing from source got quite confusing. I've never used Perl, so
had to configure the CPAN first, and wasn't sure how to answer the
questions it asked. Then the make testdeps command didn't work, so I
had to manually look through the (very long) list of dependencies,
find one that was missing, and try to install it manually. That
installation process then got rather confusing, with a few packages
not going smoothly at all. Finally, I found there was a pre-built
package already made, and the installation for that was a breeze. Of
course, I'm now stuck with a stubborn configuration that isn't letting
any RT server start, so I suppose it's six of one and a half dozen of
the other. Still, I think this odd configuration problem will be much
easier to solve.

On Fri, Sep 2, 2016 at 1:48 AM, Christian Loos 
wrote:


Am 01.09.2016 um 20:15 schrieb Alex Hall:

I'm either missing something very obvious, or the Debian package

for RT

isn't working correctly. Installing with the latest source,

though, was

a nightmare.


First of all, read the docs. Especially the Debian docs, as
installing
RT as a Debian package works different than install RT from Source,
which the Best Practical documentation describes.

In Debian the RT config is managed by files under
/etc/request-tracker4/RT_SiteConfig.d/. If you change something in
one
of these files, you have to run the command update-rt-siteconfig,
which
actually builds the /etc/request-tracker4/RT_SiteConfig.pm file.

Did you install the rt4-fcgi package?
This will install everything you need for a nginx web deployment.
/etc/init.d/rt4-fcgi would then reload the RT configuration.

Why was installing from source a nightmare?
We actually use RT from source on Debian for years, and it works
great.

Chris


--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


Links:
--
[1] http://wikia.com
[2] http://127.0.0.1:8485

-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Centos 7 - Forbidden, You don't have, permission to, access /rt4 on this server

[Martin Wheldon]

Hi Yanni,

Have you managed to get RT working?

Best Regards

Martin

On 2016-04-27 10:33, Martin Wheldon wrote:

Hi,

I don't mean to be rude, but read AND FOLLOW the README file included
in the RT tarball.

Best Regards

Martin

On 2016-04-27 10:15, Yanni wrote:

Hi

I did not use ./configure, I just did "make install" as described in
the documentation.
To make things simpler for me, I have now deleted my ssl.conf and have
put the original file in place.

When I go to: http://jimmy.ad.biosci.ac.uk/rt4:8000
I get:

This site can't be reached. /jimmy.ad.biosci.ac.uk refused to connect
ERR_CONNECTION_REFUSED
---
I don't see anything in the log files, 'access_log' and 'error_log'


-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Centos 7 - Forbidden, You don't have, permission to, access /rt4 on this server

[Martin Wheldon]

Hi,

I don't mean to be rude, but read AND FOLLOW the README file included in 
the RT tarball.


Best Regards

Martin

On 2016-04-27 10:15, Yanni wrote:

Hi

I did not use ./configure, I just did "make install" as described in
the documentation.
To make things simpler for me, I have now deleted my ssl.conf and have
put the original file in place.

When I go to: http://jimmy.ad.biosci.ac.uk/rt4:8000
I get:

This site can't be reached. /jimmy.ad.biosci.ac.uk refused to connect
ERR_CONNECTION_REFUSED
---
I don't see anything in the log files, 'access_log' and 'error_log'


-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] problems attaching files

[Martin Wheldon]

Hi,

This is probably a issue with your web server configuration, you don't 
mention what

you are using.

Researching the following may help:

Apache2 - LimitRequestBody
Nginx - client_max_body_size

Best Regards

Martin

On 2016-04-27 00:25, Liam Forbes wrote:

We are using RT 4.4.0 and appear to be having problems attaching files
over some size around 100k. If we try to send an email with a larger
attachment, the mail message just drops on the floor. If we try to
attach a file through the web interface, the icon has an X over it and
an error message appears when the mouse hovers over it, plus the
attachment is dropped if we try to save the edit.

Looking in the log I don’t see any messages being generated in
either case. I do see messages generated when a file is successfully
attached though. Our current attachment size settings should allow
larger files than ~100k.

Set($MaxAttachmentSize, 10485760);  # 10MB
Set($TruncateLongAttachments, "true");

I’m not sure what else to look at to determine what’s happening or
where things are failing. Have I somehow mis-set the config, or could
this be a bug in 4.4.0?

Regards,
-liam

-There are uncountably more irrational fears than rational ones. -P.
Dolan
Liam Forbes lofor...@alaska.edu ph: 907-450-8618 fax:
907-450-8601
UAF Research Computing Systems Senior HPC EngineerLPIC1,
CISSP

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Centos 7 - Forbidden, You don't have, permission to access /rt4 on this server

[Martin Wheldon]

Hi,

The thing that stands out is that you seem to be trying to access the 
site using https on port 8000,

however you haven't configured apache for https.

Could you also post the ./configure that you used with rt to the list 
too please.



Best Regards

Martin

On 2016-04-26 09:40, Yanni wrote:

Thanks Martin

I thought I had to point "DocumentRoot" to where the RT login page is.

I tried to install "mod_fastcgi" as you suggested but is not available 
with yum.


--
[root@jimmy opt]# yum -y install mod_fastcgi
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.vorboss.net
 * epel: mirror.1000mbps.com
 * extras: mirror.vorboss.net
 * rpmforge: miroir.univ-paris13.fr
 * updates: centos.serverspace.co.uk
No package mod_fastcgi available
-

I also installed "rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm" and
tried to install it that way:
"yum --enablerepo=rpmforge install mod_fastcgi " but it's still not
available. There is a website called: www.fastcgi.com but I think is
not being maintained anymore. I also found out that with Apache 2.4,
the official module to use is "mod_proxy_fcgi". It looks like with
Centos7 I have 2 options. Either use Apache with "mod_fcgid" or go
with nginx.

I went with "mod_fcgid" and installed it with yum. I've got
"mod_fcgid-2.3.9-4.el7.x86_64".

Then:

1. I renamed the /opt/rt4 directory and re-run "make-install" so I can
get back all the default file permissions of rt4 directory, as Todd
suggested.
2. re-run "make initialize-database" with no errors.
3. Copied the "mod_fcgid" section from "bestpractical.com" to my
"httpd.conf" and restarted "httpd".
4. Made the changes described in "Running RT at rt rather than /" 
section.

5. Restarted "httpd" and tried to access the RT login page
(https://jimmy.ad.biosci.ac.uk/rt4:8000) but I get:


  Internal Server Error
  The server encountered an internal error or misconfiguration and was
unable to complete your request.
  Please contact the server administrator at root@localhost to inform
them of the time this error occurred, and the actions you performed
  just before this error.
  More information about this error may be available in the server 
error log.



6. I had a look at the "error.log" file and I can see the following:
-
RT couldn't load RT config file /opt/rt4/etc/RT_Config.pm as:
user: apache
group: apache

The file is owned by user root and group www.

This usually means that the user/group your webserver is running
as cannot read the file.  Be careful not to make the permissions
on this file too liberal, because it contains database passwords.
You may need to put the webserver user in the appropriate group
(www) or change permissions be able to run succesfully.

Can't locate RT_Config.pm in @INC (@INC contains: /opt/rt4/local/etc
/opt/rt4/etc /opt/rt4/sbin/../local/lib /opt/rt4/sbin/../lib
/usr/local/lib64/perl5 /usr/local/share/perl5
/usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl
/usr/lib64/perl5 /usr/share/perl5 .) at
/opt/rt4/sbin/../lib/RT/Config.pm line 1238.
-
As the error message says "apache" can not read RT_Config.pm so I
added "apache" to the "www" group like this:
usermod -a -G www apache

7. Restart "httpd" and tried to visit the login page
(https://jimmy.ad.biosci.ac.uk/rt4:8000). I get the same Internal
Server error.

Below are my full "httpd.conf" and "RT_SiteConfig.pm" files. When you
have time could you please have a look, I believe I've got the correct
"ScriptAlias" and "Location" now.

httpd.conf: http://pastebin.com/NMtxapR5
RT_SiteConfig.pm: http://pastebin.com/ekQEzdcw

Many thanks
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Centos 7 - Forbidden, You don't have, permission to access /rt4 on this server

[Martin Wheldon]

Hi,

It also says:

"   # Set DocumentRoot as appropriate for the other content you want to 
serve

DocumentRoot /var/www"

So to a path where your other content that you want apache to serve, I'm 
afraid only you can

answer that question.

Best Regards

Martin

On 2016-04-25 10:18, Yanni wrote:

Hello

In the section "Running RT at rt rather than /" says that you need to
make sure "DocumentRoot" is not set to "/opt/rt4/share/html/". What
path am I supposed to use, please?

Thanks
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Centos 7 - Forbidden, You don't have permission to access /rt4 on this server

[Martin Wheldon]

Hi,

You need to firstly pick your deployment method from the web deployment 
documentation.


I go for the nginx option, but I would suggest you use Apache and 
mod_fastcgi as lots of people on this

list seem to be using RT in that manner.

The following will install mod_fastcgi on your CentOS box
yum install mod_fastcgi

Copy that example from the fastcgi section of the documentation:
   
https://docs.bestpractical.com/rt/4.4.0/web_deployment.html#mod_fastcgi


If you have installed RT in the default location the paths should be 
fine.


Now make the changes described in the section regarding Running RT under 
/rt
   
https://docs.bestpractical.com/rt/4.4.0/web_deployment.html#Running-RT-at-rt-rather-than


You have already set the webpath in RT_Config.pm, however you haven't 
added the correct

ScriptAlias path nor Location to your apache configuration.

Hope that helps

Best Regards

Martin

On 2016-04-21 10:28, Yanni wrote:

Hello

I'm struggling a lot to understand how to configure Apache for RT.
I have gone through the documentation in the "Web deployment" section
but I don't understand
what am I supposed to do. Under the apache section it talks about
"mod_fastcgi" and "mod_fcgid".

Do I have these modules? What I add to "httpd.conf" depends on which
one of these modules I have or use?
I also borrowed the RT essentials book from our library but the book
is a bit out-of date and talks about RT3. There are a number of
how-to's online available but all a bit different to each other. I
presume that is because they are written by people who know what they
are doing so they config things they way, they believe is right.

Whenever I try to view RT I get this error: Forbidden, You don't have
permission to access /rt4 on this server. In a desperate attempt to
solve this permissions issue I did: "chown apache:apache -R /opt/rt4"
but with no luck.

I'm stuck at the moment because I don't know how to use Apache, so I
am asking for your help, please.
Below are my current configurations. When you can, please let me know
what I should do/correct.

--
Apache/2.4.6 (CentOS 7)
---

RT_SiteConfig.pm looks like this:

Set( $rtname, 'AD');
Set( $Organization, 'www.jimmy.ad.biosci.ac.uk [1]');
Set( $Timezone, 'GB');
#
Set( $WebDomain, 'jimmy.ad.biosci.ac.uk');
Set( $WebBaseURL, 'http://jimmy.ad.biosci.ac.uk');
Set( $WebPath, '/rt4');
Set( $WebPort, 443);
#
Set( $CorrespondAddress, 'b...@mail.biosci.ac.uk');
Set( $CommentAddress, 'comm...@mail.biosci.ac.uk');
Set( $SendMailPath, '/usr/lib/sendmail');
#
Set( $DatabaseType, 'mysql');
Set( $DatabaseUser, 'rtuser');
Set( $DatabasePassword, 'mypassword');
Set( $DatabaseName, 'rt4db');
#
Set( $LogtoSyslog, '');
Set ($LogToFile, 'debug');


HTTPD.CONF:

   
 ServerName jimmy.ad.biosci.ac.uk:443
 Redirect / https://jimmy.ad.biosci.ac.uk/rt4

-

SSL.CONF:

#

# Request Tracker
# ServerName rt.corp.example.com:443
  ServerName jimmy.ad.biosci.ac.uk:443

  AddDefaultCharset UTF-8
  DocumentRoot /opt/rt4/share/html
  Alias /NoAuth/images/ /opt/rt4/share/html/NoAuth/images/
  ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
  
  Order allow,deny
  Allow from all
  
  
  SSLOptions +StdEnvVars
  
  




Links:
--
[1] http://www.jimmy.ad.biosci.ac.uk

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Custom scrip condition

[Martin Wheldon]

Hi Raymond,

The following plugin may be what you are looking for.

https://metacpan.org/pod/RT::Extension::AdminConditionsAndActions

Best Regards

Martin

On 2016-03-22 13:49, raymond.teunis...@kpn.com wrote:

Hi,

I'm trying to find a way to add a custom scrip-condition, for when a
ticket is merged.

The thing I basically want is that when ticket 1 is merged into ticket
2 (which is closed), it automagically sets the status of ticket 2 to
open. I'm running RT 4.2, and I'm not good in Perl. Can anyone help me
with the code for the custom condition?

Thanks!

Raymond


-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] RT worklfow with approvers, chosen from list

[Martin Wheldon]

Hi Janus,

Details of how to do this can be found in the documentation:

https://docs.bestpractical.com/rt/4.4.0/RT/Ticket.html#LoadCustomFieldByIdentifier

You need to load the custom field before accessing its value,
something like the following should work. Not tested I'm afraid.

my $cf = $Ticket{TOP}->LoadCustomFieldByIdentifier("Manager");
Owner: {$Ticket{TOP}}->FirstCustomFieldValue($cf->Name)}


Best Regards

Martin

On 2016-03-21 10:25, zux wrote:

Hi,
i have been trying to create a workflow, i'll try to describe it here:
User A from group HR creates a new ticket in queue "New employee".
User A chooses a value from a custom field called "Manager", this is a
"Select one value" custom field with a drop down.
The values in custom field "Manager" are usernames of managers.
Now i would like to create an approval ticket, with owner - custom
field "Manager" value.

I have tried, without success, this code in template:

===Create-Ticket: Jauns Darbinieks
Subject: New employee  {$Tickets{'TOP'}->Subject}
Depended-On-By: {$Tickets{'TOP'}->Id}
Queue: ___Approvals
Type: approval
Owner: {$Ticket{TOP}->FirstCustomFieldValue('Manager')}

I get this error:
Owner: Can't call method "FirstCustomFieldValue" on an undefined value
at template line 6.

How do i correctly forward the value of that custom field?

The question also relates to the next part of my workflow. After the
manager approves the ticket, i would like to create 2-3 more tickets.
And each one of them would need to get some custom fields from the
parent ticket (but not all)
something like this - It would get a ticket with the username and what
computer should be given
security would also get a ticket with info about access restrictions
accounting would get some other info, that security and it should not
be able to see

How do i correctly forward these custom fields to children tickets?
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

[rt-users] Fwd: which Perl version should one use with RT 4.4 on CentOS 6

[Martin Wheldon]

Hi Jerome,

The following google search came back with a tutorial which pretty much
describes the type of perl brew install that I carry out for RT.

perlbrew "request tracker" howto

Best Regards

Martin

 Original Message 
Subject: [rt-users] which Perl version should one use with RT 4.4 on 
CentOS 6

Date: 2016-03-16 16:30
From: Jerome 
To: rt-users@lists.bestpractical.com

Dear Cris Groome,

You've wrote this answer:

"I upvote Martin's answer. He gave you the version and the proper 
technique to achieving it."


Would you be nice to send me too your "howto" about specific perl 
install for RT?


Regards.
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] which Perl version should one use with RT 4.4 on CentOS 6

[Martin Wheldon]

Hi,

I would recommend installing a version of perl just for RT that is 
seperate from the
system perl. I tend to use the version that the perl project considers 
stable. Currently

v5.22.1 I believe.

Check out perlbrew for a nice easy clean way of installing a independant 
perl version.


Best Regards

Martin

On 2016-03-15 15:36, Joseph D. Wagner wrote:

If you can upgrade to the latest version of CentOS 7, you'll get perl
5.16.

Joseph D. Wagner

On 2016-03-15 03:06, Boris Epstein wrote:


Hi Peter,

Thanks, I saw that.

I was wondering what the benefits and general experience was of
those who used later versions of Perl 5 or Perl 6 vs 5.10.1. Just
trying to see if it was a worthwhile exercize trying to upgrade -
which on Centos did not seem to be trivial.

Cheers,

Boris.

On Tue, Mar 15, 2016 at 4:27 AM, Peter Viskup 
wrote:


Hello Boris,
from readme [1] on github it is obvious the RT needs Perl as of
version 5.10.1 and above. Readme file from 4.4 version has the
same
list of requirements.
Some RT modules may have their own dependencies. You need to check
them.

[1] https://github.com/bestpractical/rt

--
Peter Viskup

On Mon, Mar 14, 2016 at 4:33 PM, Boris Epstein
 wrote:

Hello all,

I am about to upgrade my RT 4.2 to v4.4 on a CentOS 6 machine.

It appears

that Perl 5.1 is barely adequate. What is the recommended

version of Perl

for this setup?

Thanks.

Cheers,

Boris.




-
RT 4.4 and RTIR Training Sessions

https://bestpractical.com/training

* Washington DC - May 23 & 24, 2016



-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Weird behavior behind a proxy

[Martin Wheldon]

Hi Bret,

That should be

 Redirect permanent / https://proxy.damascusgrp.com/

Best Regards

Martin

On 2015-07-14 18:40, Martin Wheldon wrote:

Hi Bret,

It looks like you are missing a redirect/rewrite configuration on the
proxy to map requests from http to https.
Something like the following would be required on the proxy, obviously
if the client can access the real RT server this won't work

VirtualHost *:80

ServerName rt.damascusgrp.com
Redirect permanent / https://rt.damascusgrp.com/

/VirtualHost

Best Regards

Martin

On 2015-07-14 17:48, Bret Wortman wrote:

I've got a need to share a functioning rt instance behind a proxy, and
for the most part, everything is working fine.

But after actions taken through the proxy, the resulting URLs are
always pointing to the original host name, not the proxy.

On the proxy, we have the following:

ProxyPass   /rt/   http://rt.damascusgrp.com:80/rt/ [1]
ProxyPassReverse    /rt/    http://rt.damascusgrp.com:80/rt/ [1]

Our users can then access the system okay at
https://proxy.damascusgrp.com/rt/ [2]. But after they login, they're
directed to http://rt.damascusgrp.com/rt/ [3]. Likewise, after
switching back to the correct URL, after creating or updating a
ticket, they are directed to
http://rt.damascusgrp.com/rt/Ticket/Display.html. [4]..

What have I missed? I'm by no stretch an expert at either RT or Apache
proxy configuration.

Thanks,

Bret Wortman

 Links:
--
[1] http://rt.damascusgrp.com:80/rt/
[2] https://proxy.damascusgrp.com/rt/
[3] http://rt.damascusgrp.com/rt/
[4] http://rt.damascusgrp.com/rt/Ticket/Display.html.


!DSPAM:41,55a549b5136401427644005!

Re: [rt-users] Weird behavior behind a proxy

[Martin Wheldon]

Hi Bret,

It looks like you are missing a redirect/rewrite configuration on the 
proxy to map requests from http to https.
Something like the following would be required on the proxy, obviously 
if the client can access the real RT server this won't work


VirtualHost *:80

ServerName rt.damascusgrp.com
Redirect permanent / https://rt.damascusgrp.com/

/VirtualHost

Best Regards

Martin

On 2015-07-14 17:48, Bret Wortman wrote:

I've got a need to share a functioning rt instance behind a proxy, and
for the most part, everything is working fine.

But after actions taken through the proxy, the resulting URLs are
always pointing to the original host name, not the proxy.

On the proxy, we have the following:

ProxyPass   /rt/   http://rt.damascusgrp.com:80/rt/ [1]
ProxyPassReverse    /rt/    http://rt.damascusgrp.com:80/rt/ [1]

Our users can then access the system okay at
https://proxy.damascusgrp.com/rt/ [2]. But after they login, they're
directed to http://rt.damascusgrp.com/rt/ [3]. Likewise, after
switching back to the correct URL, after creating or updating a
ticket, they are directed to
http://rt.damascusgrp.com/rt/Ticket/Display.html. [4]..

What have I missed? I'm by no stretch an expert at either RT or Apache
proxy configuration.

Thanks,

Bret Wortman

 !DSPAM:41,55a53cad136401860415760!

Links:
--
[1] http://rt.damascusgrp.com:80/rt/
[2] https://proxy.damascusgrp.com/rt/
[3] http://rt.damascusgrp.com/rt/
[4] http://rt.damascusgrp.com/rt/Ticket/Display.html.

Re: [rt-users] spawn-fcgi crashing, is uWSGI an option?

[Martin Wheldon]

Hi Aaron,

I'm running Nginx with uWsgi in my lab environment and it seems to we 
working well.

Here are the snippets of config I'm using.

server {
root /usr/share/nginx/www;
index index.html index.htm;

# Make site accessible from http://localhost/
server_name localhost;

location / {
uwsgi_pass unix:/var/tmp/uwsgi.sock;
include uwsgi_params;
uwsgi_modifier1 5;
}
}

[uwsgi]
plugins = psgi
chmod-socket = 664
uid = www-data
gid = www-data
socket = /var/tmp/uwsgi.sock
psgi = /opt/rt4/sbin/rt-server
processes = 10


Best Regards

Martin



On 2015-05-31 05:43, Aaron C. de Bruyn wrote:

Thanks Ken.  It's working perfectly.

-A

On Sat, May 30, 2015 at 5:00 PM, k...@rice.edu k...@rice.edu wrote:

On Sat, May 30, 2015 at 04:49:00PM -0700, Aaron C. de Bruyn wrote:

I have a demo of RT set up for my company.

During testing, we found the spawn-fcgi process is slow and crashes 
often.


If more than a few users are on the site, and/or more than few
messages coming in through rt-mailgate, the site loads extremely 
slow.

We increased the number of child processes for spawn-fcgi, but it's
doesn't seem adequate to handle the load.

We can regularly make spawn-fcgi die by simply hitting escape while a
page is loading.  Other times it crashes for no apparent reason.

We use uWSGI everywhere for python projects we host, and I tried to
see if I could get RT working under that.  I failed miserably because
I don't know that much about PSGI, FCGI, etc...and their relationship
to the webserver.  I know Nginx can speak the uwsgi protocol to talk
to uWSGI, but uWSGI seems to bomb on trying to serve RT.

I tried the following config to no avail:

[uwsgi]
plugins = psgi
socket = 127.0.0.1:9001
psgi = /opt/rt4/sbin/rt-server.fcgi
fastcgi-socket = true
processes = 2
master = true
stats = 127.0.0.1:1717
chdir = /opt/rt4
uid = uitrt
gid = uitrt

Has anyone else been able to run it using uWSGI?

Are there other options for keeping the site running under nginx?

Thanks in advance for any pointers or advice.

-A


Hi Aaron,

We run RT with spawn-fcgi/nginx and either systemd/RHEL7 or
multiwatch/RHEL6 to make sure that the pool stays populated. No
problems at all. I would take uWSGI out of the mix, although there
is no reason it should not work, there may be some nuances involved.
The fact that the site loads slowly seems to indicate that you are
having a problem with your database backend. Check out your slow
queries and see what is wrong. It should be pretty zippy by default.

Regards,
Ken


!DSPAM:41,556a90bf10567738710544!

Re: [rt-users] Date customfields and searching

[Martin Wheldon]

Hi Joop,

This functionality currently doesn't work in your version of RT. I know 
that there is a patch to fix

this but has yet to make it into a release to the best of my knowlege.

This is functionality I would like to see, however I have worked around 
it by writing a script that runs from cron

on a daily basis and emails a report to the relevant users.

Best Regards

Martin

On 2013-02-11 11:00, Joop wrote:

Hi All,

As per the subject I'm a bit stupified because I really thought that 
I

could add a (global ticket) date customfield and search on it using
relative terms like 'today' but it doesn't work. If I use relative 
terms
with things like 'Created' then I get the expected results. I turned 
on
StatementLog and looked at the queries and see that for de latter one 
it
constructs a  and  but for the former one it just searches 
LargeContent

for 'today'

I'm using RT-4.0.9

Thanks in advance,

Joop




--
Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

Re: [rt-users] Adding rights to default lifecycle

[Martin Wheldon]

Hi,

Many thanks everyone for your responces, I'll give it a go at the 
weekend.


Best Regards

Martin

On 2013-02-10 19:28, Thomas Sibley wrote:

On 02/10/2013 12:10 AM, Martin Wheldon wrote:

Hi,

To answer part of my own question I see the default life cycle can 
be

found in RT_Config.pm.
Looks like my best option may be to copy the default over to
RT_SiteConfig.pm and modify it there?


Yes.  You may wish to lock down the ability to reject with a custom
right.  Read more about lifecycles here:

http://bestpractical.com/rt/docs/latest/customizing/lifecycles.html
http://bestpractical.com/rt/docs/latest/RT_Config.html#Lifecycles




--
Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

Re: [rt-users] Adding rights to default lifecycle

[Martin Wheldon]

Hi,

To answer part of my own question I see the default life cycle can be 
found in RT_Config.pm.
Looks like my best option may be to copy the default over to 
RT_SiteConfig.pm and modify it there?


Sorry about some of the noise.

Best Regards

Martin

On 2013-02-09 20:05, Martin Wheldon wrote:

Hi,

I would like to add the ability to deny setting a ticket status to
rejected for a group of
privileged users, however I'm not quite sure what would be the best
way to do it.

I've read RT essentials and it suggests that the best way forward
would be to add a appropriate *_Local.pm
with the relevant code, however having read the documentation for
v4.0.x this is also possible by
defining a new lifecycle.

If defining a new lifecycle is the best solution, where would I find
the information on how the default lifecycle
is defined?

Many thanks in advance.

Best Regards

--
Martin Wheldon
Greenhills IT Ltd.

Greenhills IT Ltd. is a limited company registered in England and 
Wales.

Company Registration No: 06387214
Registered Offices: 2 Greenhills, Claxton, YORK, North Yorkshire, 
YO60 7SA




--
Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

[rt-users] Adding rights to default lifecycle

[Martin Wheldon]

Hi,

I would like to add the ability to deny setting a ticket status to 
rejected for a group of
privileged users, however I'm not quite sure what would be the best way 
to do it.


I've read RT essentials and it suggests that the best way forward would 
be to add a appropriate *_Local.pm
with the relevant code, however having read the documentation for 
v4.0.x this is also possible by

defining a new lifecycle.

If defining a new lifecycle is the best solution, where would I find 
the information on how the default lifecycle

is defined?

Many thanks in advance.

Best Regards

--
Martin Wheldon
Greenhills IT Ltd.

Greenhills IT Ltd. is a limited company registered in England and 
Wales.

Company Registration No: 06387214
Registered Offices: 2 Greenhills, Claxton, YORK, North Yorkshire, YO60 
7SA





--
Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

Re: [rt-users] REST API and WebExternal Auth

[Martin Wheldon]

Hi Tom,

It is definatly possible to use the REST API with external auth as we 
use it to run scheduled reports.

I've not used curl, all our scripts are in python.

I would guess that you are not providing the credentials correctly, the 
following wiki page may help.


http://requesttracker.wikia.com/wiki/REST

Best Regards

Martin

On 2013-02-05 19:58, Thomas  Misilo wrote:

Hi,

I was wondering if it would be possible to use the REST API and an
External Auth? I keep getting redirected, when I try curling a url.
Also, I was wondering if anyone has created a page that shows all
current open tickets, and all current opened/unclaimed tickets?

Thanks,

Tom

 !DSPAM:9,51115b1633231209415469!




--
Help improve RT by taking our user survey: 
https://www.surveymonkey.com/s/N23JW9T

Re: [rt-users] problems with RT::Authen::ExternalAuth

[Martin Wheldon]

Hi,

I beleive what Kevin had in mind was that you specify the user account 
that you configured to carry out searches in the ldap external auth 
config

using the -D option to ldap search i.e

% ldapsearch -D cn= -W -h ldap..net -b dc=x,dc=net -s sub 
objectclass=*


If you are still experiencing problems post a relevant snippet from 
your LDAP logs (log level 256 is usually enough)


Hope that helps

Martin


On 2013-01-23 08:32, ymarinov wrote:

executing the following command gives all of the users

ldapsearch -h ldap..net -b dc=x,dc=net -s sub 
objectclass=*


now, i'm more confused :/



--
View this message in context:

http://requesttracker.8502.n7.nabble.com/problems-with-RT-Authen-ExternalAuth-tp52440p52452.html
Sent from the Request Tracker - User mailing list archive at 
Nabble.com.


!DSPAM:9,50ff978833231683852830!

Re: [rt-users] problems with RT::Authen::ExternalAuth

[Martin Wheldon]

Hi,

Is cn=ymarinov specified as the user to bind as in the External Auth 
configuration?


Best Regards

Martin

On 2013-01-23 10:59, ymarinov wrote:

our ldap accepts connections without using username or password

however executing the following command, again lists the users in 
ldap


ldapsearch -D cn=ymarinov -h ldap.xxx.net -b dc=,dc=net
objectclass=*



--
View this message in context:

http://requesttracker.8502.n7.nabble.com/problems-with-RT-Authen-ExternalAuth-tp52440p52457.html
Sent from the Request Tracker - User mailing list archive at 
Nabble.com.


!DSPAM:9,50ffb9e533231370321117!

Re: [rt-users] problems with RT::Authen::ExternalAuth

[Martin Wheldon]

Hi,

In that case then your config should have the following set:

'user' = '',
'pass' = '',

And looking at your comments the attr_match_list should look something 
like:

attr_match_list' = ['cn,mail'],

Rather than:
attr_match_list' = ['uid,mail'],

Best Regards

Martin

On 2013-01-23 11:24, ymarinov wrote:

not at all. i don't use ANY user/pass for ExternalAuth extension



--
View this message in context:

http://requesttracker.8502.n7.nabble.com/problems-with-RT-Authen-ExternalAuth-tp52440p52459.html
Sent from the Request Tracker - User mailing list archive at 
Nabble.com.


!DSPAM:9,50ffbfbe33231138812997!

Re: [rt-users] problems with RT::Authen::ExternalAuth

[Martin Wheldon]

Hi,

Sorry but my last post was incorrect regarding the attr_match_list here 
is an extract from my working config.


'attr_match_list'   = ['Name',
'EmailAddress'
   ],
'attr_map'  =  {   'Name' = 'mail',
'EmailAddress' = 'mail',
'RealName' = 'cn',
'ExternalAuthId' = 'uid'
 }
},

Without knowing how your users are structured in LDAP the attr_map will 
differ at a guess you will need to change 'ExternalAuthId' at the

very least.

Hope this helps

Martin

On 2013-01-23 12:06, ymarinov wrote:

this didn't help at all :/
to be sure i'll give you the exact current RT_SiteConfig.pm 
specifications

that i've got at the moment:

'type'  =  'ldap',
'server'=  'ldap..net',
'user'  =  '',
'pass'=  '',
'base'  =  '(dc=neterra,dc=net)',
'filter'=  '(objectClass=*)',
'd_filter'  =  '(objectClass=NonExistant)',
'tls'   =  0,
'ssl_version'   =  3,
'net_ldap_args' = [version =  3   ],
'attr_match_list'   = ['cn', 'mail' ],
'attr_map'  =  {   'Name' = 'uid', 'EmailAddress' 
=

'mail' }
 },

Have in mind that I tried the attr match list to use 'uid' instead of 
'cn' -

however LDAP return again

[Wed Jan 23 12:00:33 2013] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)

(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Wed Jan 23 12:00:33 2013] [error]: FAILED LOGIN for ymarinov from
.xxx.xxx.xxx (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)




--
View this message in context:

http://requesttracker.8502.n7.nabble.com/problems-with-RT-Authen-ExternalAuth-tp52440p52461.html
Sent from the Request Tracker - User mailing list archive at 
Nabble.com.


!DSPAM:9,50ffc9a733236974910902!

Re: [rt-users] problems with RT::Authen::ExternalAuth

[Martin Wheldon]

Hi,

Just a couple of things don't know if you just haven't posted 
information as its sensitive.


1. Do you have a userPassword set for your ldap user

In addition I don't know if it is required or not, but try adding
'RealName' = 'cn',

to your attr_map config.

Regards

Martin

On 2013-01-23 13:05, ymarinov wrote:
Martin, your help is really much appreciated! However i still can't 
get this
working. I'll paste my current attr match list +the structure of the 
LDAP

information

'attr_match_list'   = ['Name', 'EmailAddress' ],

'attr_map'= {   'Name' = 'uid' 'EmailAddress' 
=

'mail',
#

'ExternalAuthId' = 'uid'
   }
},


uid=,ou=People,dc=,dc=net
objectClass=mozillaAbPersonAlpha
objectClass=evolutionPerson
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=posixAccount
objectClass=shadowAccount
objectClass=sambaSamAccount
uidNumber=(binary value)
uid=(binary value)
gidNumber=(binary value)
givenName=Yavor
sn=Marinov
mail=ymari...@xx.net
cn=Yavor Marinov
homeDirectory=(binary value)
loginShell=(binary value)
sambaSID=(binary value)
displayName=(binary value)
sambaPasswordHistory=(binary value)
sambaPwdLastSet=(binary value)
sambaAcctFlags=(binary value)




--
View this message in context:

http://requesttracker.8502.n7.nabble.com/problems-with-RT-Authen-ExternalAuth-tp52440p52463.html
Sent from the Request Tracker - User mailing list archive at 
Nabble.com.


!DSPAM:9,50ffd75333231634411062!

Re: [rt-users] problems with RT::Authen::ExternalAuth

[Martin Wheldon]

Hi,

If you can post information from both the ldap logs and the RT logs 
that would help.


Best Regards

Martin

On 2013-01-23 13:42, ymarinov wrote:
adding RealName to the attr maps didn't help, i still get No User in 
the

error logs.
i'll try to investigate further which field should i map for the 
password,

but it doesn't seem logical for me to map a password, since LDAP just
answers if the user is authenticated or not.

i'm completely lost 



--
View this message in context:

http://requesttracker.8502.n7.nabble.com/problems-with-RT-Authen-ExternalAuth-tp52440p52465.html
Sent from the Request Tracker - User mailing list archive at 
Nabble.com.


!DSPAM:9,50ffe00533231496217174!

Re: [rt-users] Dealing with forwarded tickets from one queue to another

[Martin Wheldon]

Hi Sean,

Looks like you are looking to create a workflow in RT. Have a look at 
the following wiki page.


http://requesttracker.wikia.com/wiki/WorkFlow

You will need to close the old email and autocreate a new ticket in the 
relevant queue.


Hope this helps

Martin Wheldon

On 2013-01-15 17:33, Sean Purdy wrote:

Hi,


We have a situation where someone gets mail sent to them from one
queue, and needs to forward it to a different queue as a new ticket.
e.g. for forwarding to a support queue.  Currently RT will interpret
the incoming mail as an update to the original ticket instead of
creating a new ticket in the other queue.

Is there any way around this?  RT knows the old ticket ID from the
Subject, and the new queue it's being submitted to.

Currently looking at patching Interface/Email.pm and using
$SystemTicket-id vs $args{'queue'}
but perhaps this has been covered before?


Thanks,

Sean Purdy
!DSPAM:9,50f58a9733235687925207!

Re: [rt-users] rt-mailgate and web based authentication

[Martin Wheldon]

Hi Tom,

Sounds like you may missing a Location section from your apache config. 
Something like...


Location /REST/1.0/NoAuth
   Order Allow,Deny
   Allow from 127.0.0.1
/Location

Best Regards

Martin Wheldon

On 2013-01-16 16:38, Thomas  Misilo wrote:

Hi,

I am switched from using LDAP to CAS for authentication, and now
because it redirects to the login screen, mailgate isn't working. I
was wondering if anyone had a workaround or solution to this?

Thanks,

Tom

 !DSPAM:9,50f6cf2333231759512251!

Re: [rt-users] Problem with using ssl over nginx reverse-proxy when submitting ticket updates

[Martin Wheldon]

Hi Andy,

A very simular issue to this was discussed on the list last week. Have 
a search for https redirects to http.


Best Regards

Martin

On 2013-01-15 11:24, Andy D'Arcy Jewell wrote:

Hi all,

 I'm trying to run RT 3.8 over ssl via an nginx reverse-proxy, and
almost everything works, except when you update a ticket; after you
click Update Ticket, after the update is submitted, it redirects
Display.html to show the updated ticket. However, it is redirecting 
to

plain http, which results in an error because I'm intentionally NOT
proxying port 80...

 I have set $WebBaseURL in RT_SiteConfig.pm to include https://; [1]
at the beginning.

 I apologise in advance - I've also posted this query on #rt on
irc.perl.org.

 Any ideas, please?

--
Andy D'Arcy Jewell

SysMicro Limited
Linux Support
T: 0844 9918804
M: 07961605631
E: andy.jew...@sysmicro.co.uk
W: www.sysmicro.co.uk

 !DSPAM:9,50f5355e33231878918082!

Links:
--
[1] https://

Re: [rt-users] https redirects to http

[Martin Wheldon]

Hi,

You will need to have the webserver rewrite requests for http to https.

Best Regards

Martin Wheldon

On 2013-01-07 07:06, CB wrote:

RT 4.0.8

We have set up RT to be accessible over https:
RT_SiteConfig.pm

Set($WebPort, 443);

However when a ticket is resolved or updated, after the Update button 
is
clicked the website goes to the http site. What configuration option 
am I

missing?

Have we set up lifecycles incorrectly?

Any suggestions appreciated


!DSPAM:9,50ea6c4733238911212596!

Re: [rt-users] Placing 2 CF in RT ticket subject

[Martin Wheldon]

Hi,

How about something like:

my $subject = sprintf(%s %s, 
$self-TicketObj-FirstCustomFieldValue('Custom Field 1'), 
$self-TicketObj-FirstCustomFieldValue('Custom Field 2');


Best Regards

Martin Wheldon


On 2012-12-29 08:48, Nums wrote:

I am trying to create a script which will pull 2 custom field values
into the RT
ticket subject upon creation.
I am able to do it with one using script below, but
unable to manage to pull 2 CF values, is this possible?

my $subject = $self-TicketObj-FirstCustomFieldValue('Custom Field
Selection')

$self-TicketObj-SetSubject($subject);


!DSPAM:9,50def36133231913920786!

Re: [rt-users] Custom fields and non privileged users

[Martin Wheldon]

Hi,

I suspect you may need to give write access to the custom fields for 
the non priviliged user,

as I've never needed to I'm not sure.

For the priviliged user you could write a scrip that checked if a 
transaction is a create and status is not new then

reset status to new.

Best Regards

Martin

On 2013-01-02 11:32, Xavier Barnada wrote:

Hi

I'm configuring a RT4 and I have a problem. I want to use custom
fields on tickets.
I tried to create a non privileged user with view custom fields
permission .I tried to create a ticket with this user and the custom
field don't appear on the form of ticket and don't allow me to create
the ticket because a custom field validation error.
I searched possible solutions and set this user as a privileged
user.With privileged user the custom field appear on the create 
ticket

form  but appear another option that allows the user to set the
initial status of the ticket and I want the user only can create
tickets as New.

There is any possible solution to show the custom field on non
privileged users or hide the initial status on the privileged users?

Cheers

!DSPAM:9,50e4133033231824719915!

Re: [rt-users] Reply to requestors not sending emails

[Martin Wheldon]

Hi,

I'm not 100% sure about your question, but if you are asking if you can 
update a ticket
without sending a reply to the requestor? Then all you need to do is 
select the Comment action and leave

the update type set to Comments (Not sent to requestors).

If I have miss understood your question please send further details on 
what you are trying to achieve.


Best Regards

Martin

On 2012-12-19 19:56, charlyc...@yahoo.com.ar wrote:

Hi,

As far as I know RT should send an email to the requestor when Reply
is chosen as an Action or Commentand then Reply to requestor is
chosen.

This is not my case, if I create a new Scrips with Send an email on
Comment work perfectly, but sometimes I don't want to send 
everything

to the requestor, just replying to it.

Do I have to create a specific Scrip for it or it comes by default?

I'm using RT 4.0.8.

Thank you.

 !DSPAM:9,50d214dc33233521092242!



We're hiring! http://bestpractical.com/jobs

Re: [rt-users] Ticket creation fails

[Martin Wheldon]

Hi Matthias,

I have experienced the same issue in the past and would recommend that 
you don't use fetchmail, but
invoke the mail gate directly from your MTA as described in the 
following link.


http://requesttracker.wikia.com/wiki/ManualEmailConfig

Regards

Martin

On 2012-12-19 14:21, Thomas Sibley wrote:

On 12/19/2012 12:51 AM, Matthias Henze wrote:
I use RT 4.0.7. on Debian Squeeze installed from Debian packages (I 
will

not upgrade while there a no new Debian packages) and I use it with
fetchmail. A customer sent an message  to me for which no ticket was
created but the mail got flushed. I noticed this accidentally. This
leads me to the conclusion that I can't trust on RT creating tickets
from mails. The mail was sent by a recent Thunderbird on Windows XP.

If ticket creation fails for any reason mails should NOT be flushed.


I suspect your problem with unsuccessful mail being flushed is
fetchmail, not RT.  Are you delivering directly to rt-mailgate from
fetchmail (using the mda option), or delivering to a real MTA like
postfix which then queues and handles delivery to rt-mailgate?  The
latter is unsafe, as documented in `man fetchmailrc`, and the former 
is

recommended.


Here are my logs:

Dec 19 09:35:15 server fetchmail[1498]: 1 message for support at
mail.mhc.loc (84732 octets).

== /var/log/syslog ==
Dec 19 09:35:15 server RT: DBD::Pg::st execute failed: FEHLER:
ungültige Byte-Sequenz für Kodierung »UTF8«: 0xc46e at


This edge case is handled better by a branch in RT that should be in 
the

next release.


We're hiring! http://bestpractical.com/jobs

!DSPAM:9,50d1c65733231686110849!



We're hiring! http://bestpractical.com/jobs

Re: [rt-users] RT as a intranet portal? Or other suggestions?

[Martin Wheldon]

I personaly use pmwiki and have been very happy with it.

Martin


On 4/16/08, Nelson Pereira [EMAIL PROTECTED] wrote:

  Hi all,



 Is there an extension that will make RT look like an intranet portal?

 To be able to put in articles, upload docs, and such?



 Or do you guys have any suggestions as a good Intranet Portal I could
 install on the same box as RT (RHEL5) ?





 *Nelson Pereira*
 Senior Network Administrator

 Protus IP Solutions Inc.
 [EMAIL PROTECTED]
 phone: 613.733. ext.528
 MyFax: 613.822.5083
 www.myfax.com

 Refer your friends and colleagues to MyFax!
 Click here for more information.http://www.myfax.com/referral_program.asp

 [image: www.MyFax.com] http://www.myfax.com/



 ___
 http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

 Community help: http://wiki.bestpractical.com
 Commercial support: [EMAIL PROTECTED]


 Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
 Buy a copy at http://rtbook.bestpractical.com

image001.gif___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Re: [rt-users] Date/Time issue

[Martin Wheldon]

Sounds to me as if the system time is incorrect.

Is NTP configured and working OK.

Martin

On 4/13/08, IT GUY [EMAIL PROTECTED] wrote:
 hello everyone,

 Could anyone suggest me how to configure Date/Time for RTWhatever TIME
 is seen in the httpd error_log below, is not the actual local time

 Is it just for the error logs? I am confused! Shouldn't it reflect my
 machine's date.

 [Sat Apr 12 19:07:23 2008] [notice] Digest: generating secret for digest
 authentication ...
 [Sat Apr 12 19:07:23 2008] [notice] Digest: done
 [Sat Apr 12 19:07:23 2008] [notice] Apache/2.2.8 (Unix) DAV/2 mod_perl/2.0.3
 Per
 l/v5.8.8 configured -- resuming normal
 operations
 Regards,
 Yogesh
 ___
 http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

 Community help: http://wiki.bestpractical.com
 Commercial support: [EMAIL PROTECTED]


 Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
 Buy a copy at http://rtbook.bestpractical.com

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com