Re: [rt-users] Searching ticket content?

2016-11-07 Thread Bill Cole

On 7 Nov 2016, at 8:57, Alex Hall wrote:


Hello list,
Some users at work are wondering if they can search ticket contents?
There's no way in the search builder,


Does your search builder page not have "Content" as a choice in the 
pull-down menu with "Subject" as the default?


-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017


Re: [rt-users] create transaction record

2016-10-11 Thread Bill Cole

On 10 Oct 2016, at 17:16, Bryon Baker wrote:


Hello List

I have created a custom scrip the will respond to an email via a web 
service call.  I would like to create a transaction with the return 
message.


Can someone give me a little code snippet or some direction on how to 
create the transaction?  With our creating or updating a custom field.


I have read about the _RecoredTransaction but I think this may be the 
wrong route and I have not found any example code to help me out.


Have you read 
https://docs.bestpractical.com/rt/4.4.1/RT/Transaction.html#Create ?


Probably more useful: 
https://docs.bestpractical.com/rt/4.4.1/RT/Ticket.html#Comment


The simplest way to call it, given a RT::Ticket object named ticket:

$ticket->Comment( Content => "I'm A Little Teapot" );

And now you have a new comment transaction.
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017


Re: [rt-users] Create ticket via API ignores Requestors field on notify requestors?

2016-10-11 Thread Bill Cole
On 11 Oct 2016, at 15:58, Andrew Ruthven wrote:

> Any other suggestions?  I'm kinda grasping at straws here.

Perhaps you need to make Scrip 22 runs in the "Batch" scrip stage?
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Bad characters in names loaded from LDAP (AD)

2016-10-11 Thread Bill Cole

On 11 Oct 2016, at 5:51, Jan Burian wrote:


Hi Bill,

thank you for your response. Sry not to mention our database.
We use PostreSQL.
After I wrote first email a also checked encoding in database.

The database was with following parameters:
   Name| Encoding |  Collate |   Ctype
-+-+-+--
  rt4  |  UTF8   | en_US.UTF-8 | en_US.UTF-8


And so my beautiful theory is destroyed by your brutal facts. :)


1) I dump database with UTF-8 encoding parameter.
2) Then I drop the databases.
3) Create new database with following parameters:

   Name| Encoding |  Collate |   Ctype
-+-+-+--
  rt4  |  UTF8   | cs_CZ.UTF-8 | cs_CZ.UTF-8

4) And then import database from dump.

But after that change names are loading from LDAP still with bad
characters :-/.


Indeed: the Collate and Ctype parameters are encoding-specific rulesets 
for how characters are related to each other, not variations on 
encoding.



When the user writes first email to queue, then is also autocreated as
unprivileged. If he/she was his/her name in From header, then is used 
as
RealName RT attribute. But in this case is his/her name saved 
correctly.


*Example from the log - autocreated from LDAP:*
[6937] [Tue Sep 27 15:59:25 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Disabled: ,
EmailAddress: no...@vsup.cz, Gecos: novak, Name: novak, Privileged: 1,
RealName: Matouš Novák, WorkPhone:  
(/opt/rt4/sbin/../lib/RT/User.pm:811)

[6937] [Tue Sep 27 15:59:25 2016] [info]: Autocreated external user
novak ( 61 ) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:356)
[6937] [Tue Sep 27 15:59:25 2016] [info]:
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ):
novak (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:348)
[6937] [Tue Sep 27 15:59:26 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning EmailAddress:
no...@vsup.cz, Name: novak, *RealName: Matouš Novák*, WorkPhone:
(/opt/rt4/sbin/../lib/RT/User.pm:811)
*
**Example from the log - autocreated from email:*
[6026] [Mon Oct 10 06:26:02 2016] [info]:
RT::User::CanonicalizeUserInfoFromExternalAuth returning Comments:
Autocreated on ticket submission, Disabled: , EmailAddress:
tereza.skvar...@seznam.cz, Name: tereza.skvar...@seznam.cz, 
Privileged:

, *RealName: Tereza Škvárová* (/opt/rt4/sbin/../lib/RT/User.pm:811)

Any other ideas?


Yes: At least one of your FCGI handlers (PID 6937) is using an 8-bit 
encoding and at least one (PID 6026) is using UTF-8.


Note that both of those cases are being logged by the 
RT::User::CanonicalizeUserInfoFromExternalAuth method, which uses LDAP 
to retrieve the attribute it uses for the "RealName" field in RT. The 
first was logged by process 6937, the second by process 6026.


The *reason* for that is a bit of a mystery. It's clear that the 2 
processes were not started near the same time (unless that server is 
VERY busy spawning processes) so if you can determine what was different 
about how they were launched (likely a involving a locale environment 
variable, most likely LANG or LC_ALL) you can probably make sure that 
the improper launch doesn't happen.

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] Unable to connect to MySQL during RT upgrade

2016-10-10 Thread Bill Cole

On 10 Oct 2016, at 19:56, Alex Hall wrote:




On Oct 10, 2016, at 18:18, Keith Edmunds  wrote:

The 'update-rt-siteconfig' command still seems to be working on the 
4.2.8

install, not the new 4.4.1.


update-alternatives(8)


Typing the (8) exactly as shown gives me a syntax error, while leaving 
it off offers options that don't appear to be what I'm after.


I believe that was a suggestion that you consult the documentation for 
"update-alternatives" in the system manual page collection, section 8. 
Or in command form:


man 8 update-alternatives

The "()" shorthand as a way to refer to man pages is 
traditional Unix-ese, derived from the page headers of the V7 Research 
Unix system manual (a thing made of actual paper.)

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017


Re: [rt-users] Bad characters in names loaded from LDAP (AD)

2016-10-10 Thread Bill Cole

On 10 Oct 2016, at 16:26, Jan Burian wrote:


Hi all,

we have RT 4.4.0 on CentOS 7 and Perl v5.22.1. And we are starting to
use RT in production.

We configured RT to authenticate users via LDAP
(RT::Authen::ExternalAuth::LDAP). Our LDAP server is MS AD (Win 2008 
R2).

[...]

Authentication is working fine. Users can log in, if the user doesn't
exist in RT the account is autocreated. All the configured attributes
are transferred.


This is a strong sign that the LDAP part is working correctly. If the 
LDAP server (AD) and client (Perl's Net::LDAP module) are using 
mismatched encodings, it is likely to show up in authentication failures 
due to incompatible encodings of the same (logical) characters that 
8-bit encodings assign to byte values 0x80-0xff.


Fortunately, it is somewhere between arcane and impossible to make 
Net::LDAP use anything other than UTF-8. There's *probably* some way to 
make it do T.61 for ancient-history compatibility, but that's mostly 
pointless.


[...]

We had similar problem with Moodle. When we configured Moodle against
Active Directory and set cp1250 encoding, then it was doing exactly 
same

thing. After we changed encoding for LDAP connector to utf-8 then the
names was
corrected.


Which makes sense: LDAP v3 by default uses UTF-8 and you have a modern 
system with a mature LDAP client. I know of no way to configure a CentOS 
7/Perl 5.22 system such that the LDAP interaction with an AD LDAP server 
talking UTF-8 would be the source of this sort of encoding conflict. I'm 
mildly surprised that anything talking LDAPv3 can be made to use cp1250 
encoding, but I suppose Microsoft makes their own rules to go along with 
their own unique code pages.


[...]
Also I red thath MS AD in LDAP protocol version 3 returns any string 
to

LDAP client in utf-8 encoding.
I really don't know where could be a problem.


The most likely place is in your database. I'm guessing that you are 
using MySQL, which defaults to latin1 encoding. When you store a UTF-8 
string into a latin1 table, it breaks any multi-byte characters into 2 
or 3 characters, but the right bits are still there. This issue has come 
up a few times on this list over the past decade and I think Best 
Practical has documented how to safely convert a RT database with that 
sort of problem from latin1 to utf8. It is probably worth looking 
through their docs (possibly one of the UPGRADING* files?) and the RT 
Wiki for a solution. I expect it could be done with a binary dump of the 
database, altering of any latin1 tables to use utf8, and a re-import of 
the binary dump. I'm not enough of a MySQL expert to detail that process 
(I generally use Postgres where possible.)

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017


Re: [rt-users] powetmaster undeliverd loop prevention

2016-06-21 Thread Bill Cole

On 21 Jun 2016, at 8:40, Woody - Wild Thing Safaris wrote:


Hello,

I recently had an issue where one of the requestor emails was 
bouncing, and a reply was sent from postmaster back to RT. The reply 
also contained the subject tag, so caused a correspondence on the 
ticket, mailing the bouncing requestor again and creating another 
postmaster mail.


I see there is bulk detection, and

Set($RedistributeAutoGeneratedMessages, "privileged");

But the loop was caused by mails from postmas...@domain.com  which 
corresponded to requestor unknownu...@domain.com who was unprivileged.


I'm unsure if i have things set up right - ideally any mails from 
postmaster would never get sent to anyone.


One solution for bounces hitting RT: 
http://www.mailermailer.com/labs/projects/RT-Bounce-Handler.rwp




secondly

if i disable a user, mails that are rejected cause a mail to 
OwnerEmail (faied to crete ticket) - i don't want a mail to OwnerEmail 
as they're basically spam users that are disabled, but i do want 
OwnerEmail to appear on the login page for support enquiries.


I see i can turn off loop detection mails with

Set($LoopsToRTOwner, 1);

but don't see anything to stop the "fialed to create ticket" emails


It is best to handle that at the MTA rather than in RT. If you have 
widely-exposed addresses feeding into RT which autocreate users & new 
tickets, you really need a robust spam filtering rig protecting RT that 
is configured specifically for RT protection. The strong bias towards 
permanence in RT makes it a nuisance to try to clean up after the spam 
has gotten in; it's easier to just keep it out.


I don't have a spam problem with the RT I currently manage, but 
something I've done on past systems was to have a "Spammers" group in RT 
and periodically extract its members email addresses and use that as a 
bi-directional blacklist on the MTA, in my case as part of a 'make' 
process that rebuilt the Sendmail AccessDB. Once an address is blocked 
at the MTA, you can shred the bogus account and the ticket(s) it created 
in RT. I can't share my code and am not sure that I even still have a 
copy of it, but the concept is pretty easy to implement. If you're using 
Postfix it would be simpler than with Sendmail, since you don't have a 
monolithic BDB AccessDB to rebuild with each change.

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Los Angeles - September, 2016


Re: [rt-users] Best file layout for Centos7 + apache

2016-05-07 Thread Bill Cole

On 7 May 2016, at 12:47, Duncan Morgan wrote:


Thanks Bill.
 
So what you are saying is don't make any configuration changes as far 
as file locations and put everything in the doc root?



No, I'm saying that I do exactly as Thomas Bätzler described: install 
to /opt/rt4/ and configure an Apache VirtualHost with  'DocumentRoot 
"/opt/rt4/share/html"'


One advantage to this is that if you keep SELinux enabled, you don't 
need to worry about any policy changes (which you do need for RT to 
work) being entangled with the default system policy.

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] Best file layout for Centos7 + apache

2016-05-07 Thread Bill Cole

On 7 May 2016, at 10:46, Duncan Morgan wrote:


Hello All
 
I have previously installed rt4 files in /var/www/rt4 (by setting the 
$PREFIX) but my concern is that this creates a security risk.


Can you detail that concern? Not saying it's wrong, I just don't see 
anything particularly risky. It's not the way I deploy RT, but I don't 
see a clear risk in it...

  
The gist of my questions are what is the minimum set of files required 
in the web server document root?


Zero.

I've been running RT versions since v2 from subdirectories of /opt/ 
(i.e. the default layout) on various versions of FreeBSD and Linux and 
never had a need to point a server-wide document root there. I've not 
put a 4.x on CentOS7 instance into production yet, but I have an 
extended demo instance of RT4.4rc1 on CentOS7 system running, being 
lightly exercised and tweaked for a prospective customer for months now 
with no problems related to filesystem location, entirely in /opt/rt4/.


-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016


Re: [rt-users] rt-server.fcgi hangs

2016-02-02 Thread Bill Cole

On 2 Feb 2016, at 11:22, Joseph Mays wrote:

Here’s what I get in the logs when try to pull an info.php from 
the website


Why would you think that is a reasonable thing to do?  I would hope 
that would NOT work on any normal RT installation.


I don't know why I wrote that, it was a year ago, but I think I just 
put in info.php as a brain misfire or something.


No need to beat a dead horse, but your Apache log lines showed a request 
for /info.php and  a fcgi timeout 300s later, so it wasn't entirely 
random.


Certainly info.php was not installed on the site. Regardless, it was 
trying to start the rt-server, as it is now under a completely new 
freebsd, apache and rt installation (when I assure you I am still not 
trying to pull info.php) and the error is the same.


And my advice is as given: crank up Apache error logging and RT's 
built-in logging and check what is logged. There should be more info 
available than just the timeout. The fact of a timeout says for sure 
that the rt-server.fcgi script was launched and did *something*.


-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany  March 14 & 15, 2016

Re: [rt-users] rt-server.fcgi hangs

2016-02-01 Thread Bill Cole

On 1 Feb 2016, at 15:53, Joseph Mays wrote:

Here’s what I get in the logs when try to pull an info.php from the 
website


Why would you think that is a reasonable thing to do?  I would hope that 
would NOT work on any normal RT installation.


The possible reasons for RT not working are many. Maybe the database 
connection is bad, maybe the permissions on rt-server.fcgi or your RT 
tree are wrong, etc. Helpful steps would be:


1. Set the Apache LogLevel to "info" so that you catch output (i.e. 
errors) Apache *MAY* be getting back from rt-server.fcgi that isn't 
parseable as starting with HTTP headers.


2. Set RT's logging options (LogToFile, LogDir,LogToFileNamed) so you 
can get a full accounting of what RT thinks is happening.


3. Try an URL RT should be able to handle ('/' should work with your 
config) and see what happens.


-
RT 4.4 and RTIR Training Sessions 
(http://bestpractical.com/services/training.html)
* Hamburg Germany  March 14 & 15, 2016

Re: [rt-users] INET6 - bug

2015-12-29 Thread Bill Cole

On 29 Dec 2015, at 16:36, Marcelo Calado | TBS TAX Services wrote:


Hi There,

I've been having this error after the Fetchmail has flushed my mails:
Subroutine IO::Socket::INET6::sockaddr_in6 redefined at
/usr/share/perl5/Exporter.pm line 67.
at /usr/share/perl5/IO/Socket/INET6.pm line 21.

I googled around a bit and came across many solutions that classified 
this

as a bug and which was fixed in version 2.69.


None of that refers to anything that is part of RT. That's a version 
number for the *OBSOLETE* Perl module IO::Socket::INET6.


Does anyone have the official fix for this? I've seen some blog posts 
but

would like to know the right way to go about fixing this.


Nothing should be using IO::Socket::INET6. It is abandoned (note 
https://bitbucket.org/shlomif/perl-io-socket-inet6/overview) and has 
been superseded by IO::Socket::IP. If you can't convert whatever is 
using it to use IO::Socket::IP, I guess you could upgrade to to the last 
version but it would be a bit like running Windows ME: no one else uses 
it *BECAUSE IT'S SHODDY*, no one cares about any bugs you might run 
into, and nothing else you want to run will accommodate the quirky 
exercise in inscrutable nostalgia.


Re: [rt-users] Debugging RT code....

2015-12-07 Thread Bill Cole

On 7 Dec 2015, at 20:01, Gary Greene wrote:

I’m working on updating the rt-reminders.pl to work with the newer 
API, and I’m getting the following error when running it from 
command-line:


rt:~/bin # /root/bin/rt-reminders.pl -r
Can't call method "warn" on an undefined value at 
/usr/lib/perl5/vendor_perl/5.20.1/RT.pm line 954.


We’re running RT 4.2.12 on openSUSE 13.2. Any ideas would be 
helpful.


Get a stack trace. Something called a deprecated method in an odd way 
such that RT=>Deprecated() couldn't figure out a caller name.


Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-12-03 Thread Bill Cole

On 2 Dec 2015, at 12:45, dwdixon wrote:

Got it, so I removed the ServerName from httpd.conf and set it back to 
the
default of nothing set for ServerName in httpd.conf.  The error you 
said was

not serious was what triggered me to start messing with ServerName in
httpd.conf so I think that was my problem there.  I left ServerName 
set to
rt-ir-sandbox.snip.snip.snip.edu and restarted httpd (no worries on 
the
question about restarting httpd after each config change, but, yes- I 
have

been restarting httpd after every config change).

Once I removed the ServerName from httpd.conf and left it only in 
rt.conf
I'm starting to see some strange(r) behavior, first when I restart 
httpd I'm

getting:

**
# service httpd restart
Stopping httpd:[  OK  ]
Starting httpd: httpd: Could not reliably determine the server's fully
qualified domain name, using 127.0.0.1 for ServerName
[  OK  ]
**


That mostly-harmless (because you don't want to use the default "main 
server" of Apache for anything) error message probably is the result of 
the primary non-loopback network interface having an IP address without 
proper reverse resolution and/or a system hostname that doesn't resolve 
to any IP address on any interface on the host. Or crap DNS servers or 
garbage in /etc/hosts or the obnoxious NetworkMangler "tool" (it's a 
tool alright...) deciding you didn't mean what you put in a config file.


On the same (local) server from a private/incognito browser window I'm 
now

getting the RT login page when I type in the fqdn
(rt-ir-sandbox.snip.snip.snip.edu) in the address bar!!  WHOO HOO 
PROGRESS!


*/The problem was that even after running "make fixperms" (which
apparently sets everything it touches to be owned by root:nobody) the 
apache
user was not in the nobody group so the apache user couldn't access 
anything
it needed to!!...so after manually making the apache user a member of 
the

nobody group I magically got the RT login screen as I described
above!.../*


That's odd. The RT configure script should have figured out a better 
ownership/permissions model and generated a Makefile that did the right 
thing for you. There is some stuff in RT that's 640 or 750, but if 
fixperms did the wrong thing it was because configure couldn't determine 
the right owner and/or group, not because the apache user wasn't in the 
right group.


However...there is still some major strangeness/problems going on.  
When I

type localhost in a new incognito browser I get nothing


That's slightly odd: I'd expect that to get you the default (httpd.conf) 
document root.


I STRONGLY recommend a long read of the Apache docs. Particularly:

https://httpd.apache.org/docs/2.4/dns-caveats.html
https://httpd.apache.org/docs/2.4/vhosts/details.html
https://httpd.apache.org/docs/2.4/vhosts/name-based.html



also when trying
to access the RT login page from a external resource to the server 
hosting
RT I'm also getting nothing ("No data 
received...ERR_EMPTY_RESPONSE)...which

is obviously a big problem.


That sounds like it could be an iptables issue, except that I'd expect 
an error complaining about the connection.


Apache's logs should be helpful if you're getting a connection and 
making a request but then not getting anything back.


So PROGRESS is good, at least I'm now getting the RT login page 
locally on
the server while using the fqdn in the local browser on the 
server...but
something is still very much off...also here is my redacted 
RT_SiteConfig.pm

... I've had the WebDomain set to rt-ir-sandbox.snip.snip.snip.edu
throughout this troubleshooting duration:


*
Set( $CommentAddress, 'rt-ir-test-comm...@snip.edu' );
Set( $CorrespondAddress, 'rt-ir-test-corresp...@snip.edu' );
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $DatabasePassword, 'REDACTED' );
Set( $DatabasePort, '' );
Set( $DatabaseType, 'mysql' );
Set( $DatabaseUser, 'rt_user' );
Set( $Organization, 'rt-ir-sandbox.snip.snip.snip.edu' );
Set( $OwnerEmail, 'rt-ir-bou...@snip.edu' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
Set( $WebDomain, 'rt-ir-sandbox.snip.snip.snip.edu' );
Set( $WebPort, '80' );
# Set( $WebBaseURL, 'hxxp://rt-ir-sandbox.snip.snip.snip.edu' );  #
Presently commented out
Set( $rtname, 'rt-ir-sandbox.snip.snip.snip.edu' );
1;
**


Seems reasonable, but I'd suggest 3 things:

1. Set( $DatabaseHost, '' );
   This causes RT to connect over the mysql local socket rather than 
TCP to localhost:3306, which means slightly better performance and one 
more network listener you can kill (unless you need that mysqld for 
other things that aren't local or are too dumb to 

Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-11-30 Thread Bill Cole

On 30 Nov 2015, at 12:23, dwdixon wrote:


Hi Bill,

I am not seeing anything in my apache error log regarding the config 
line

you've highlighted here, I obtained all the contents of my
/etc/httpd/conf.d/rt.conf file from the RT documentation  here

I must not be inferring what you're hinting at perhaps?

It still seems as though apache/httpd is just not picking up my 
rt.conf file

in the conf.d directory since it seems it's still trying to serve the
content from the default directory in the default httpd.conf
(/var/www/html/)


My mistake: I thought it was showing you /opt/rt4/share/html/index.html, 
which would have indicated that your rt.conf was being read but the 
ScriptAlias line not working. Anything that could cause that would 
normally cause Apache to complain, either during its startup or when a 
suitable URL was requested.




any idea's on what may be causing that?


If you're seeing /var/www/html/ as the document root, that implies 
Apache isn't recognizing the URL you're giving it as mapping to the 
virtual host you've defined in rt.conf.


Try running "httpd -S" (basically: a summary of Apache's parsed 
configuration) and see what it says about virtual hosts. My first guess 
would be that you need a ServerName directive inside the VirtualHost 
block in rt.conf, but it could be a missing Include directive in the 
main httpd.conf, incomplete DNS setup, or probably other things I 
haven't thought of.




Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-11-30 Thread Bill Cole

On 30 Nov 2015, at 15:02, dwdixon wrote:


Hi Bill,

Thanks for getting back with me so quickly- I was sort of on the right 
track
based on what you've indicated but long story short I think you're 
correct
and this info has helped me further...When I initially did a "httpd 
-S" I

got:

**
# httpd -S
httpd: Could not reliably determine the server's fully qualified 
domain

name, using 127.0.0.1 for ServerName


That complaint is in the context of the default config that handles 
requests Apache can't determine as being for any virtual host. Not a 
serious problem, since you don't really want that config catching 
anything, I assume...



VirtualHost configuration:
192.168.1.97:80  rt-ir-sandbox.snip.snip.snip.edu
(/etc/httpd/conf.d/rt.conf:1)
Syntax OK


So, Apache httpd is seeing the config file for the RT virtual host. 
That's good.




**

So I then played around with adding the ServerName directive in my 
rt.conf:


**

 ### Optional apache logs for RT
 # Ensure that your log rotation scripts know about these files
 # ErrorLog /opt/rt4/var/log/apache2.error
 # TransferLog /opt/rt4/var/log/apache2.access
 # LogLevel debug
 ServerName rt-ir-sandbox.snip.snip.snip.edu
 AddDefaultCharset UTF-8

 ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

 DocumentRoot "/opt/rt4/share/html"
 

 Require all granted

 Options +ExecCGI
 AddHandler fcgid-script fcgi
 

**

Still got the same complaining output as above from "httpd -S"  after 
adding

ServerName to rt.conf


At which point I have to ask what may seem like an insulting question 
but really it isn't meant as such:


Are you restarting Apache after every config change?

Because while "httpd -S" will parse your current config files and tell 
you what Apache httpd would do if it was using those files, the live 
httpd processes are always using whatever config was parsed and loaded 
when their master process (assuming you're using the pre-fork MPM) was 
started.



so then I added my
rt-ir-sandbox.snip.snip.snip.edu as the ServerName in
/etc/httpd/conf/httpd.conf


Don't do that. Or if you do, remove the VirtualHost "tags" around the 
config for RT. You DO NOT want the default host config for Apache 
handling requests for RT if you have RT configured inside a virtual host 
section. If you tell the default config its name is 
rt-ir-sandbox.snip.snip.snip.edu, it will handle requests for 
rt-ir-sandbox.snip.snip.snip.edu.

[...]

I'm not certain what seems to be the issue at this point...nor why 
when I
add the ServerName directive to my rt.conf inside  it 
doesn't
recognize it, and only does when I add it to 
/etc/httpd/conf/httpd.conf.
You also mentioned I could me missing an Include directive in 
httpd.conf,

any idea what that might be?


Since httpd -S is picking up your rt.conf file, that Include directive 
is correct.


The only other thing that comes to mind is the actual RT config in 
/opt/rt4/RT_SiteConfig.pm. If you haven't set WebDomain to 
rt-ir-sandbox.snip.snip.snip.edu, RT might (not sure off the top of my 
head...) redirect requests to use its default WebDomain, localhost", and 
if you're testing with a browser on the host itself that'll still work 
but hit the default config.




Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-11-25 Thread Bill Cole
On 24 Nov 2015, at 17:30, dwdixon wrote:

>  ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

I'm SHOCKED that your Apache error log says nothing about that...  


Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-11-23 Thread Bill Cole

On 23 Nov 2015, at 17:03, dwdixon wrote:

Sorry correction to my last reply it came back null only *before* I 
wiped the
private tree for rootmy mistake I meant to remove that part of my 
last
replythe output shown in my last reply of make testdeps is the 
output

after I had wiped the private tree of root and ran your full command.
Apologies for any confusion.


I'm guessing those environment variables are still set in your current 
shell, which will mess up fixdeps/testdeps as well as CPAN. SO:


unset PERL_LOCAL_LIB_ROOT PERL_MB_OPT PERL_MM_OPT PERL5LIB

That should make anything you do stop looking in /root/perl5/

I'm unsure what the issue is with fixdeps...


Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-11-23 Thread Bill Cole

On 23 Nov 2015, at 15:57, dwdixon wrote:

This was sort of the problembasically I installed many Perl 
modules via
cpanm and apparently that's a problem in certain circumstances which 
I'm not
totally sure about at this time.  To fix this error I installed the 
CentOS

@epel repo version of a few packages:

perl-UNIVERSAL-require.noarch..0.13-12.el7.@epel
perl-Log-Dispatch.noarch 2.41-1.el7.1@epel

These are from @epel (as shown above) but now I'm stuck with an error 
based
on a perl module that does not have a package published in the epel 
repo:


**
Can't locate /Symbol/Global/Name.pm/ in @INC (@INC contains:
/root/perl5/lib/perl5/ /opt/rt4/sbin/../local/lib /opt/rt4/sbin/../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 
/usr/lib64/perl5/vendor_perl

/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
/opt/rt4/sbin/../lib/RT/Config.pm line 57.
BEGIN failed--compilation aborted at /opt/rt4/sbin/../lib/RT/Config.pm 
line

57.
Compilation failed in require at /opt/rt4/sbin/../lib/RT.pm line 159.
**

After getting this I searched the repo's for this package, I found and
installed this one:

perl-Symbol-Util.noarch 0.0203-4.el7   @epel

But this did nothing for me and doesn't seem to be what RT/Perl/httpd
wants.


Right. If there was a package for the EL7 distro family that gave you 
just the Symbol::Global::Name module, its base name would be 
perl-Symbol-Global-Name, and if that module were part of a larger 
package it would probably be perl-Symbol-Global or perl-Symbol.


BUT: the way to find a specific-file dependency with yum is the 
'provides' command:


[root@requesttracker ~]# yum provides */Symbol/Global/Name.pm
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.tripadvisor.com
 * epel: mirror.cogentco.com
 * extras: centos.firehosted.com
 * remi: remi.check-update.co.uk
 * remi-safe: remi.check-update.co.uk
 * updates: bay.uchicago.edu
No matches found

Oh well... that is why I used CPAN on that machine (via 'make fixdeps') 
to install Symbol::Global::Name.



So...It looks like I will have to build a package for the module
"Symbol::Global::Name" that I can install with yum..I tried the 
hacked
up solution suggested in the blog post you referenced, the OP said in 
the
quote below that this fixed it for him but I had no luck, it's a 
hacked in

solution anyhow

"I fixed the issue by adding the following line in ther perl script 
before

any 'use' command."

use lib "/root/perl5/lib/perl5/" ;


Smart choice. That's not maintainable for RT. Also: won't work unless 
you disable or reconfigure SELinux and open up /root/perl5/ to the 
apache user, which would be generally unwise things to do.


Looks like your suggestion of installing a separate instance of perl 
that's
dedicated to RT is making more and more sense the deep down the rabbit 
hole
that I travelI'm afraid that if I install a new separate instance 
of

perl it will break even more things since I suppose I probably have to
recompile RT after doing so and I don't want to lose the configuration 
state

of RT/RT-IR.

I just saw Bill Cole's reply and it is EXCELLENT!!! I'm still 
re-reading to
comprehend but Bill if you get this reply I was drafting prior to 
seeing
your response so if you need to update your great info based on what 
I've

said here I'd be very grateful!!


Well, in looking at it again I think maybe I should have also noted that 
those PERL* variables set in either .bashrc or .bash_profile will stay 
with any shell launched with them set and its offspring, so you will 
want to log out and back in after fixing the files or:


unset PERL_LOCAL_LIB_ROOT PERL_MB_OPT PERL_MM_OPT PERL5LIB

*BEFORE* trying to install anything with CPAN or RT's make fixdeps.

And a bit of background: if you install a Perl module using yum from the 
Base or EPEL repos, it may install pieces under any of the 6 roots shown 
by 'perl -V' depending on the mood of some junior RedHat intern on a 
random Tuesday in 1997. Mostly they SHOULD stay out of the /usr/local 
ones and only get 64-bit-specific things in the lib64 ones. There's also 
supposedly "logic" determining what does and doesn't go in vendor_perl 
but it's not obvious. If you install using CPAN in a pristine (no PERL* 
variables) environment, you should get a bit better determinism, since 
the vendor_perl roots should be avoided entirely and /usr/local/* should 
be the only place anything lands. However, if you let CPAN *upgrade* 
modules already installed as part of the canonical Perl base (i.e. not 
"local" or "vendor_perl") it *might* clobber files that the RPM/yum 
subsystem believes belong to particular 

Re: [rt-users] Trouble/Error with Web deployment httpd/apache/mod_fcgid

2015-11-23 Thread Bill Cole

On 23 Nov 2015, at 11:02, dwdixon wrote:


I'm not an Apache/httpd configuration
expert especially when modules are involved so I would GREATLY 
appreciate

any and all help:


Can't locate UNIVERSAL/require.pm in @INC (@INC contains:
/opt/rt4/sbin/../local/lib /opt/rt4/sbin/../lib /usr/local/lib64/perl5
/usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
/opt/rt4/sbin/../lib/RT.pm line 60.
BEGIN failed--compilation aborted at /opt/rt4/sbin/../lib/RT.pm line 
60.

Compilation failed in require at /opt/rt4/sbin/rt-server.fcgi line 86.



As others have noted, using CPAN on CentOS 7 can be sketchy. It's very 
easy to be drawn into installing modules locally under /root/perl5/ 
where normal Perl programs won't ever see them or clobbering files owned 
by yum-installed packages. Care is needed...


For the immediate issue, you can resolve the problem by enabling the 
EPEL repository for yum (see https://fedoraproject.org/wiki/EPEL) and 
installing the needed module:


yum install perl-UNIVERSAL-require

HOWEVER, since you have had stuff installed (presumably by CPAN and a 
local::lib configuration) in a private place only for use by root with 
suitable variables in the environment, you probably want to fix that[1] 
and install everything possible for RT via yum, filling in whatever is 
missing with CPAN *NOT* using a private module tree. I recently did this 
for a RT4.4rc1 install on CentOS 7 by massaging the output of "make 
testdeps" into a whopping huge yum command[2]:


	make testdeps  |fgrep MISSING |egrep -v ' (owner|group) |>=5\.10\.'|awk 
'{print $1}'|sort -u |sed 's/::/-/g'|sed 's/^/perl-/'| xargs -rt yum 
list|grep '^perl-' |awk '{print $1}' |xargs -rt yum install -y


Following that (go get a cup of coffee, it will be a while...) you MAY 
still have unmet dependencies, since RT demands various modules and 
versions of modules that the EPEL and "base" repos don't have. Those can 
be installed from CPAN (or 'make fixdeps') after "yum erase"-ing any 
too-old versions that were installed with yum.



FOOTNOTES:

[1] Wipe the private tree for root:

rm -rf /root/perl5/

Remove any lines from /root/.bashrc or /root/.bash_profile like 
these

which set up the relevant environment variables for local::lib :

export PERL_LOCAL_LIB_ROOT="$PERL_LOCAL_LIB_ROOT:/root/perl5";
export PERL_MB_OPT="--install_base /root/perl5";
export PERL_MM_OPT="INSTALL_BASE=/root/perl5";
export PERL5LIB="/root/perl5/lib/perl5:$PERL5LIB";
export PATH="/root/perl5/bin:$PATH";


[2] ARE YOU CRAZY? Don't just run that because I said so! Be sure you 
understand what it DOES! Test it by breaking the pipeline before that 
last xargs and see if what it's going to install seems sane FOR YOUR 
SYSTEM.


Re: [rt-users] :Extension::MobileUI +rt-4.2.12

2015-11-20 Thread Bill Cole

On 20 Nov 2015, at 5:37, wajdi wrote:


Hello,

How can i access to my rt-4.2.12 with mobile interface? With rt-4.0 or
greater we have   



Did you read the "DEPRECATED" section of that page?


RT::Extension::MobileUI but with rt-4.2.12 I don't know.

Please help me



See Also:  
http://blog.bestpractical.com/2011/05/whats-new-in-4-mobile-ui.html


In short: that extension is only for versions BEFORE 4.0, which merged 
it into the RT base. It SHOULD NOT be installed  on any 4.x version.


Re: [rt-users] RT creates CLOSE_WAITS

2015-10-30 Thread Bill Cole

On 30 Oct 2015, at 3:48, Asanka Gunasekera wrote:


Hi thank you for the reply, I am using mod_perl
2.0.9


I suggest switching to mod_fastcgi or mod_fcgid as a first step. I use 
mod_fastcgi because my RT instances all have long legacies, but on a 
newly-built system mod_fcgid is probably a better choice because it is 
still being maintained.


I don't suggest that because I know of a specific problem in the current 
RT & mod_perl, but because 3 times over many years & RT versions I've 
tried to stand up fresh RT instances using mod_perl (because it should 
in principle be more efficient) and every time I've retreated to FastCGI 
 after running into some problem I couldn't figure out and which simply 
didn't happen with FastCGI. I know a lot of people run RT with mod_perl 
so it CAN be done, but when it doesn't work the diagnostic process is 
daunting.


If there's some reason you really want to stick with mod_perl, you 
should investigate troubleshooting tactics for mod_perl, which include a 
way to load it with a Perl debugger.


Re: [rt-users] RT creates CLOSE_WAITS

2015-10-28 Thread Bill Cole

On 28 Oct 2015, at 4:07, Asanka Gunasekera wrote:


Hi all I have been struggling with this CLOSE_WAITS.

I have an Request Tracker installed on CEntOS 6.7 (64 bit) RT 
rt-4.2.12 and Apache httpd-2.2.31. I can log in and all, but after a 
while I am seeing CLOSE_WAIT socket are created for each selection 
that I make on the dashboard. Eventually the system goes unresponsive.


root@iplrt logs]# netstat -nalp | grep -i wait
tcp 1 0 192.168.11.254:80 192.168.11.118:57076 CLOSE_WAIT 3176/httpd
tcp 1 0 192.168.11.254:80 192.168.11.118:57083 CLOSE_WAIT 3177/httpd
tcp 1 0 192.168.11.254:80 192.168.11.118:57082 CLOSE_WAIT 3185/httpd
tcp 1 0 192.168.11.254:80 192.168.11.118:57084 CLOSE_WAIT 3365/httpd
[root@iplrt logs]#

I don't see any errors in the logs! I have downgraded both RT and 
Apache with no luck and I am STUCK no ware to goo


Can some one tell me how to go about diagnosing this


What interface are you using to run RT via Apache? (Possible answers: 
mod_fastcgi, mod_fcgid, mod_perl 1.x, mod_perl 2.x)


That is important because a CLOSE_WAIT state indicates that the OS is 
waiting on a local process (in this case multiple Apache httpd 
processes) to recognize that the socket has been closed on the other end 
and call close() itself. The Apache core doesn't have that problem much, 
so the issue is most likely lurking in whatever module is loaded into 
the httpd process to handle running RT proper.


(my bet is that you're running a slightly broken mod_perl, but I'm 
biased by bad experiences...)


Re: [rt-users] How manage error message from stmp

2015-09-21 Thread Bill Cole

On 21 Sep 2015, at 8:41, Albert Shih wrote:


Hi,

When someone add a CC (at creation, of after) and this person make a
mistake the address is wrong how can I known that (or the person).

For example :

When a ticket was create with

  Cc: first_address, second_wrong_address

the smtp server going to send back a error message about
« second_wrong_address », this message is for www@rt_server

but www@rt_server is a black_hole. So no one going to known
«second_wrong_address» never going to received anything.

How you manage this problem ?



http://www.mailermailer.com/labs/projects/RT-Bounce-Handler.rwp

It's unclear to me why Best Practical has never rolled that relatively 
simple functionality into RT itself. Once configured, it results in any 
bounces going back into the ticket that generated them as comments, so 
that staff (who presumably can correct the error) will see them but 
requestors do not.


If you don't like that approach, you could instead just use the 
$SendmailArguments config parameter to make bounces go somewhere useful 
(i.e. adding a sendmail '-fsomewhereuseful\@example.com' argument)


Re: [rt-users] mysql>=2.1018 ...MISSING

2015-09-15 Thread Bill Cole

On 15 Sep 2015, at 15:51, Jonathan Murray wrote:

[...]


It's a different error now, but some progress as it's not related to 
mysql.

I'm using this as my configure:

./configure --with-web-user=apache --with-web-group=apache 
--enable-graphviz --enable-gd --with-db-type=Pg


I'm assuming that "Pg" means postgres. (configure --help doesn't 
actually specify postgres, just Pg)


then:

make testdeps
make fixdeps

Configuring DBD::Pg 3.5.1
Path to pg_config? /usr/pgsql-9.4/bin/pg_config

then I get this
SOME DEPENDENCIES WERE MISSING.
PG missing dependencies:
DBD::Pg >= 1.43 ...MISSING

Is it looking for postgres in a special location?


No, as it says: it is failing to find the DBD::Pg perl module, version 
1.43 or greater. Why it isn't able to use the one that seems to have 
been just configured (v3.5.1) is the key question. Perhaps something 
about how you're running fixdeps is installing that module in a place 
that testdeps can't find? Maybe you have SELinux enabled but the module 
is being installed without a proper label?


You can see in the Makefile that testdeps and fixdeps both run 
sbin/rt-test-dependencies, and all it does to check for dependencies to 
to see if a "use" statement for each module fails.




I can only find one pg_config on my system:

/usr/pgsql-9.4/bin/pg_config

I got my postgres from here:

http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm

Is it possible I'm using the wrong version of Postgres (9.4.1) with 
this version of RT (4.2.9)?


Very unlikely, and that certainly isn't the cause of THIS error.



Re: [rt-users] Pg FTS query works, RT search returns 0 results ( was: '.' as delimiter/boundary breaks domain name searches)

2015-08-31 Thread Bill Cole

On 31 Aug 2015, at 9:39, Jeff Blaine wrote:


I'm reviving this one time in case anyone has further ideas.

* PostgreSQL 8.4.20 (RHEL 6.6) with FTS does the right
thing when parsing an email address[1]


I question that.

I know that with Pg 9.0 the FTS indexer does arguably "right" things in 
parsing email addresses, hostnames, and IP addresses BUT that behavior 
effectively hides the octets inside an IP, the host and domain name 
elements in a hostname, and the local and domain parts of an email 
address. For our business (customized hosting & related services) this 
made the indexing do more harm than good. We have adequate capacity (and 
suitable config) on our DB server to handle most of the searches we need 
to do in reasonable time without the indexing, so we disabled it.




Re: [rt-users] Lockdown CC and AdminCC

2015-08-24 Thread Bill Cole

On 24 Aug 2015, at 15:40, Matt Zagrabelny wrote:


On Mon, Aug 24, 2015 at 2:02 PM, Joseph D. Wagner
j...@josephdwagner.info wrote:

What do you mean by without logins? The email address needs
to correspond to a user that already exists on the system?


Yes.  Here's what happened.  A privileged user entered an external 
email address into the CC field, which did not have an account.  RT 
autocreated an account for that person, and it accepted that external 
email address on the CC field.  I need to prevent that.


How can I limit CC and AdminCC to email addresses that already have 
accounts?  Either rejecting the ticket or silently failing to add the 
CC/AdminCC email address would be acceptable.


Use a callback.

Do you know what those are?



Specifically: You can use the BeforeCreate callback to prevent 
accidental creation of . It is available in Ticket/Create.html, 
SelfService/Create.html, and m/ticket/create. It is NOT available for 
the QuickCreate widget, so users of that widget could add bogus 
Requestors at will. Anyone who can add ad hoc recipients to ticket 
updates share the ability to add users to RT, so you may want to find a 
callback in the Update pages as well. If controlling user creation by 
gatekeeping many different paths of ticket modification seems like a 
shoddy approach to you, you are not wrong. In RT's defense, its 
eagerness to add new users whenever it sees a new email address is 
rooted in the days before spam from random addresses to random addresses 
and via random compromised web applications was a widespread problem.


If you use ExternalAuth, setting AutoCreateNonExternalUsers to 0 seems 
to be an option that would block creation of users not in one of your 
configured external auth sources, but it may have undesirable 
side-effects. If you want random strangers to be able to send your RT 
mail that opens new tickets, you are stuck with gatekeeping other paths 
to user auto-creation.


Re: [rt-users] Custom Field Security

2015-08-06 Thread Bill Cole

On 4 Aug 2015, at 4:30, Joseph D. Wagner wrote:

I would like for unprivileged users to be able to enter and view 
custom fields on the tickets they enter.


I setup the custom field for Ticket and added it to a specific Queue.  
I figured out how unprivileged users can enter custom fields for 
tickets they file -- SeeCustomField and ModifyCustomField.


However, after the ticket is entered, unprivileged users cannot see 
the custom field data they just entered on the 
SelfService/Display.html page.  Only privileged users can see this.


How can I set this up so unprivileged users can see the custom field 
data they just entered?


Have you cleared the Mason cache?

It *seems* like you've done the needful, but *where* you set rights can 
matter. I don't have the problem and I've got the rights set via 
Global-Group Rights-Everyone. That may seem too loose, but our RT has 
fairly tight overall control and Unprivileged users can only see the 
tickets they are Requestors or CCs on.


Re: [rt-users] Comment

2015-06-23 Thread Bill Cole

On 17 Jun 2015, at 13:57, Daniel Moore wrote:


Hello,

Is there anyway to take the comment directly out of lifecycle for 
the Tickets? I have been able to rename some things but we do not want 
users commenting on Tickets since the default behavior for a comment 
is to not reply or send emails at all.


We want users to be only click reply when they are replying to their 
ticket.


Please let me know if this is possible.


It can be handled as a Rights issue, if you want to use Comments as 
designed (i.e. to be a private channel in a ticket for staff...) A user 
without the CommentOnTicket Right (Comment on tickets in the 
General rights tab of the modern Rights screens) for a ticket is not 
shown any UI offering to let them do that, and any user without the 
ShowTicketComments Right (View ticket private commentary in the 
Rights for Staff tab) for a ticket sees none of the Comments.


The RT deployments I've wrangled have all managed those Rights based on 
global and per-Queue Group Rights. Sites obviously vary in their 
preferences or there wouldn't be so many ways to twiddle so many Rights, 
but *generally* the pattern I follow is that the AdminCc and Owner roles 
get the two Comment Rights at the Global Group Rights level, with none 
of the System groups (Everyone/Priv./Unpriv.) or other roles having them 
at that level. User Groups with a need for special oversight privileges 
(e.g. Executive Management) may also get those rights at the Global 
Group Rights level. Individual Queues then don't need those Rights 
assigned to any of the System or Role Groups and in most cases don't 
need them granted to any User Groups either, as the appropriate users 
(e.g. staff members working the tickets) get them by way of being in an 
Owner or AdminCc role for the Queue.


Of course you COULD create a custom lifecycle that removes the Comment 
action entirely and remove the feature of a private commentary side of 
tickets from RT entirely. Speaking only for myself and not for any 
company I've ever used RT at, I think that would be a terrible 
functional impairment and a destroyer of morale, as the comments in 
tickets (unseen by Requestors  Cc, a.k.a. Those Who Are Always Right) 
can be both useful AND entertaining. In *principle* I mostly use 
Comments to document arcane technical process details of possible 
interest to my fellow staff members who may need to pick up where I 
leave off, but that is often supplemented with warnings/tips/incident 
documentation regarding the interpersonal facets of handling requests. 
(no examples will be provided)



Please do not try to sell me a book.


Aw shucks, I've got a bunch of old paperbacks in boxes I need to get rid 
of, mostly old SF I haven't reread in decades... :)


But seriously, the issue of Comments vs Replies is one that I've seen a 
lot of confusion about over 15 years of using RT. While I have no idea 
whether The Book (which I don't own) discusses it, I'm pretty sure I've 
seen it covered in BP's online documentation but it's clearly not 
explained well enough. The RT4 Rights UI helps a little by putting View 
ticket private commentary in the Rights for Staff tab, but if you're 
using an organically evolved RT where Rights haven't been managed 
fastidiously from the start, it is easy to miss the concept that 
Comments are designed to be an entirely different thing from Replies.


Re: [rt-users] RT send 2 mail notification for setting the ticket owner

2015-05-12 Thread Bill Cole

On 11 May 2015, at 17:50, Rabin Yasharzadehe wrote:


On Sun, May 10, 2015 at 7:45 PM, Bill Cole 
rtusers-20090...@billmail.scconsult.com wrote:


On 10 May 2015, at 5:41, Rabin Yasharzadehe wrote:

First mail looks like this,


Sun May 10 12:27:14 2015: Request 242534 was acted upon.


Transaction: Given to rabin by X
Queue: sandbox
Subject: *(No subject given)*
Owner: rabin
Requestors: rabin
Status: new
Ticket: https://rt



​the 2nd mail notification look like this,

Sun May 10 12:27:14 2015: Request 242534 was acted upon.


Transaction: Owner set to rabin by X
Queue: sandbox
Subject: *(No subject given)*
Owner: rabin
Requestors: rabin
Status: new
Ticket: https://rt




​why is that ? ​



You have 2 different scrips being triggered by the same transaction. 
You
can find which scrip is sending which message by looking at the 
Message-Id

header. An example from my system:

Message-ID: rt-4.2.9-96149-1430920514-473.15045-118-0@[rt hostname]

That's: rt-version-Trans-EpochSec-msecs-Ticket-Scrip-MailSeq@hostname



​Thank you Bill,
your tip was very helpful (and probably also in the future)​

I found the scrip which send the email notification,


Based on what you posted, I would expect there to be 2 different scrips, 
one for each message. Your solution will probably involve selecting one 
of them to keep and disabling the other.



but it is not familiar
to me,
the condition is User defined but i can't understand the Perl code,

can you help please ?


my $txn = $self-TransactionObj;
return 0 unless $txn-Field eq Owner;
return 0 if $txn-NewValue == $txn-Creator;
return 1;



That means the scrip action (sending an email notification using the 
selected template) will trigger only on transactions that (1) change the 
ticket's Owner field and (2) set the new value of Owner to a value 
that is not equal to the Creator field of the transaction. In other 
words: the scrip triggers when a user gives a ticket to someone else.






Re: [rt-users] RT send 2 mail notification for setting the ticket owner

2015-05-10 Thread Bill Cole

On 10 May 2015, at 5:41, Rabin Yasharzadehe wrote:


First mail looks like this,

Sun May 10 12:27:14 2015: Request 242534 was acted upon.

Transaction: Given to rabin by X
Queue: sandbox
Subject: *(No subject given)*
Owner: rabin
Requestors: rabin
Status: new
Ticket: https://rt



​the 2nd mail notification look like this,

Sun May 10 12:27:14 2015: Request 242534 was acted upon.

Transaction: Owner set to rabin by X
Queue: sandbox
Subject: *(No subject given)*
Owner: rabin
Requestors: rabin
Status: new
Ticket: https://rt



​why is that ? ​


You have 2 different scrips being triggered by the same transaction. You 
can find which scrip is sending which message by looking at the 
Message-Id header. An example from my system:


Message-ID: rt-4.2.9-96149-1430920514-473.15045-118-0@[rt hostname]

That's: rt-version-Trans-EpochSec-msecs-Ticket-Scrip-MailSeq@hostname



Re: [rt-users] User able to view, comment, reply to tickets not belonging to themselves

2015-03-13 Thread Bill Cole

On 12 Mar 2015, at 18:41, Michael Jablonski wrote:


Hello everyone,

I currently have RT 4.2.9 installed. I have the ability for our 
customers to log in and view their open and resolved tickets. This all 
works great and they can comment, reply and change the status on their 
tickets. However my issue is this: in the URL 
domain.tld/SelfService/Display.html?id= 1503120001 . After the id= 
it displays the ticket number.
If I am a cleaver user I can easily understand the ticketing number 
and change it to 1503110001 and see the ticket that belongs to someone 
else, and they have the ability to comment, reply etc.


I am looking for a way to either
1) Not have the ticket number displayed in the URL


Entirely infeasible, also not a solution, since it only slightly raises 
the cleverness bar. RT depends on having unique URLs for tickets.


2) Not have the ability to view other tickets that do not belong to 
the user logged in


That's what you get with the default Rights configuration. You may have 
assigned overly-permissive Rights to the  System groups Everyone 
and/or Unprivileged. On the Admin/Global/GroupRights.html page, 
uncheck 'View ticket summaries' (ShowTicket) for those groups. 
Unprivileged users should only get a ShowTicket Right by way of having a 
Requestor or Cc role. You should also confirm that those roles DO have 
it granted.


Re: [rt-users] Queue Admin, not RT Admin

2015-02-06 Thread Bill Cole

On 5 Feb 2015, at 10:07, Lewis, Valerie wrote:

I have recently become one of the campus administrators for our RT 
system.  As a result, I am fielding a lot of requests from staff for 
privledges to different queues.  One in particular is a director 
within IT wanting to be admin for queues that pertain to his 
department.  I have gone into the queue and went to modify user rights 
for queue and gave him all of the rights under Rights for 
Administrators.  However, he not able to utilize any of those rights 
within his queues.  I don't want him to be an overall  administrator, 
just over his queues.  Am I missing something big?  I haven't found 
any explanation of this online anywhere.  Any help would be greatly 
appreciated.


Possibly: At the bottom of /Admin/Global/UserRights.html = Rights for 
Administrators the Show Admin Menu right is critical. That's assuming 
you're using 4.2.x. In older versions you may see it called 
ShowConfigTab.


And yes, there is no good comprehensive documentation for RT rights. 
There is some useful info in the Wikia site, some useful info in the 
docs at Best Practical, in both cases including bits and pieces lurking 
in pages where you'll never find them without reading just about 
everything. The Rights system is also counter-intuitive, as a virtue of 
it being logically rigorous and extremely fine-grained. It helps in 
working out where a Rights problem is to think carefully about the 
specific mode of I can't do $x the user is running into. For example, 
the general he not able to utilize any of those rights description is 
vague enough that my guess about the ShowConfigTab right could be 
entirely wrong. You can *usually* find where you need to check Yet 
Another Right by figuring out what part of the UI the user doesn't see, 
because RT usually will not show the UI to do something that a user 
isn't allowed to do.


Re: [rt-users] Installing RT4 with AssetTracker on Debian Wheezy

2013-05-25 Thread Bill Cole

On 24 May 2013, at 18:06, Gary McRae wrote:


I have not explained we'll.
The installation was fully from the apt repository. The files in /tmp 
are from my attempts to overcome the problem. Nothing has been 
installed from /tmp.
apt-get install rt4-extension-assettracker installs without any errors 
being thrown up. Just the correct files do not appear. It is not 
working correctly but it looks as if it is.

I have tried on a clean debian 7 install with the same result.


It seems clear that the install did not actually work, since it clearly 
did not put the AssetTracker module anywhere. Also odd is that the perl 
load error does not seem to be looking for the module where the Debian 
package seems to be intending to install it, under 
/usr/share/request-tracker4/plugins/RTx-AssetTracker/. Is there anything 
there?


This seems to be an installation problem. Does 'dpkg -s 
rt4-extension-assettracker' claim that the package is actually 
installed?



--
RT Training in Seattle, June 19-20: http://bestpractical.com/training


Re: [rt-users] Problems upgrading from 3.9.3

2013-05-23 Thread Bill Cole

On 17 May 2013, at 10:45, Ruslan Zakirov wrote:


On Fri, May 17, 2013 at 6:37 PM, saxmad g.ma...@fairfx.com wrote:


I'm on Postgres 9.2 on Debian Wheezy.

So is this a Postgres issue or an RT upgrade issue ?



Both. RT uses something that is deleted. Pg deleted something that is 
used

by software.


More precisely, they removed something from a system catalog -- the 
spclocation column in the description of tablespaces -- which was 
statically set at tablespace creation time and could be invalidated 
silently by an innocent  plausible admin oversight, and replaced the 
functionality with something else -- the pg_tablespace_location() 
function -- which provides the same information determined dynamically 
at runtime. Note that the internal structure of Pg system catalogs is an 
area where software developers and sysadmins should expect to find 
change across major releases and this was a well-documented change with 
public discussion before it was made and during the 9.2 beta period.


IOW: A documented change in Pg 9.2 fixed a design error that needed 
fixing.


The OPERATIONALLY focused answer is simpler: You must update the Perl 
module DBD::Pg to v2.19.3 to get compatibility with PostgreSQL 9.2 and 
later.



--
RT Training in Seattle, June 19-20: http://bestpractical.com/training


Re: [rt-users] RT4 Postfix/Apache Email Return-Path causing issues

2013-03-20 Thread Bill Cole

On 20 Mar 2013, at 17:37, Billington, James wrote:

This looks like it might work. It just feels like we're tricking the 
system as a workaround instead of fixing it at the root.


Not really. Return-Path is a header that gets created by an MTA for 
local delivery or when constructing a bounce message, with the SMTP 
envelope sender address as the header value. The SMTP envelope sender 
address domain is checked by receiving MTA's because that is the address 
that bounces get sent to, it is visible to the receiving MTA before any 
message data is sent, and a bad domain in that address is proof of a 
misconfigured sending system. Historically, a bad envelope sender domain 
was common in spam, before Sendmail made rejection of such mail a 
default setting. No system should be generating *ANY* mail with an 
envelope sender in a domain that has no MX or A record, and any envelope 
sender address should actually deliverable (even if final delivery 
consists of a pipe into /dev/null).


So *one* root is that RT isn't setting the envelope sender to something 
that works. The *other* root is that your Postfix config is wrong in 
that it sends mail with a bad domain part in envelope sender addresses. 
The fix for that is to set myhostname to something sane in 
/etc/postfix/main.conf.


Isn't there a way to set the Return-Path without changing the From: 
and/or ReplyTo: headers? RT already set those properly. I just need 
the Return-Path to change.


It may have changed with RT4, but historically RT has set the envelope 
sender address via the  $SendmailArguments variable in RT_StiteConfig.pm 
 using the sendmail -f option, with an address that gets delivered 
into the rtbouncehandler program. For example:


Set($SendmailArguments , -frtbounce\@requesttracker.example.com -oi 
-t);


On a machine running real Sendmail that knows itself as 
requesttracker.example.com, that operates in concert with an entry in 
the alias file:


rtbounce: |/etc/smrsh/rtbouncehandler | /etc/smrsh/rt-mailgate --queue 
incoming --action comment --url https://requesttracker.example.com/rt/ 
--timeout 300


The alias provides feedback into RT when ticket mail bounces. 
Constructing an equivalent alias for Postfix is left as an exercise :)


Just to confirm a starting point... where are these headers set? Where 
is the Return-Path: header set? Sendmail right? RT hands off the 
formatted email with most of the needed headers/content and sendmail 
adds the Return-Path: header, right? Postfix doesn't do it, does it?

Just confirming where to check?


RT pipes a fully-formed (in theory) message into a sendmail process. If 
you are using Postfix, that sendmail is in fact a Postfix version 
built to mimic real Sendmail. Postfix's sendmail transforms the 
message (as influenced by its arguments  environment) into Postfix 
queue format and passes it to postdrop, which injects it in the maildrop 
queue. That queue file has an envelope sender address, which is either 
the -f argument to sendmail or if there is no -f argument, the user that 
ran sendmail @ the Postfix myhostname setting. It is possible to use 
Postfix generic address mapping to fix a bad myhostname config, but 
that is not the most robust approach.




Re: [rt-users] searching for tickets that haven't had a response yet?

2012-07-11 Thread Bill Cole

On 11 Jul 2012, at 10:27, Roedel, Mark wrote:

What's the proper TicketSQL to return the list of tickets that don't 
yet have a Told date set?


The answer to that may be version sensitive, since it appears to me that 
there is breakage in at least versions 3.8.7, 3.8.11, and 4.0.5. You 
will note that these are all not the most recent releases.


You SHOULD be able to use:

Told = '1970-01-01'

or:

Told = 'Not set'

However, neither of those criteria works. I believe they *should* 
because they both work with 'Due' instead of 'Told' and those are the 
same data type. They are both manipulated by RT::Date and can logically 
be unset for a ticket. Unfortunately, there's also a clue to something 
wrong in that if you sort a list by Due the 'Not set' tickets are before 
any others, but if you sort a list by Told they sort as if Told is in 
the future, yet searching for Told after the current date also fails to 
find those tickets.






Re: [rt-users] Error creating tickets

2012-06-22 Thread Bill Cole

On 22 Jun 2012, at 6:55, Al Kay wrote:

[Thu Jun 21 21:09:47 2012] [error]: Couldn't create a ticket group of 
type 'Requestor' for ticket 879: Could not create group (/opt/rt4/sbi$
[Thu Jun 21 21:09:47 2012] [crit]: Couldn't create ticket groups for 
ticket 879. aborting Ticket creation. 
(/opt/rt4/sbin/../lib/RT/Ticket.$
[Thu Jun 21 21:09:47 2012] [error]: WebRT: Ticket could not be created 
due to an internal error (/opt/rt4/share/html/Elements/Error:82)

[Thu Jun 21 17:13:12 2012] [notice] caught SIGTERM, shutting down
[Thu Jun 21 17:13:09 2012] [notice] Apache/2.2.22 (Ubuntu) 
PHP/5.3.10-1ubuntu3.2 with Suhosin-Patch mod_perl/2.0.5 Perl/v5.14.2 
configured $




Those log lines are truncated and out of order, so it is hard to trust 
that they are accurate and meaningful or to discern much meaning from 
them.


However, the most likely cause of a problem like this is database 
misconfiguration. Are you sure that your $DatabaseUser and 
$DatabasePassword settings are correct? Can you access the database 
using the mysql command-line client?


Re: [rt-users] Error creating tickets

2012-06-22 Thread Bill Cole

On 22 Jun 2012, at 17:25, Borngunners wrote:

I can access the database using the mysql command line... The database 
was dumped from a previous RT database with 3.8 version and restored 
to a newly created RT database with 4.02 version on a different 
machine... Everything else looks like okay except creating tickets...


That leaves doing the database conversion from 3.8.x to 4.x as the most 
likely reason for a problem. Did you run make upgrade AND make 
upgrade-database with the database running?



-Original Message-
From: Bill Cole rtusers-20090...@billmail.scconsult.com
To: RT-Users@lists.bestpractical.com 
rt-users@lists.bestpractical.com

Sent: Fri, Jun 22, 2012 4:51 pm
Subject: Re: [rt-users] Error creating tickets


On 22 Jun 2012, at 6:55, Al Kay wrote:


[Thu Jun 21 21:09:47 2012] [error]: Couldn't create a ticket group of
type 'Requestor' for ticket 879: Could not create group 
(/opt/rt4/sbi$

[Thu Jun 21 21:09:47 2012] [crit]: Couldn't create ticket groups for
ticket 879. aborting Ticket creation.
(/opt/rt4/sbin/../lib/RT/Ticket.$
[Thu Jun 21 21:09:47 2012] [error]: WebRT: Ticket could not be 
created

due to an internal error (/opt/rt4/share/html/Elements/Error:82)
[Thu Jun 21 17:13:12 2012] [notice] caught SIGTERM, shutting down
[Thu Jun 21 17:13:09 2012] [notice] Apache/2.2.22 (Ubuntu)
PHP/5.3.10-1ubuntu3.2 with Suhosin-Patch mod_perl/2.0.5 Perl/v5.14.2
configured $



Those log lines are truncated and out of order, so it is hard to trust
that they are accurate and meaningful or to discern much meaning from
them.

However, the most likely cause of a problem like this is database
misconfiguration. Are you sure that your $DatabaseUser and
$DatabasePassword settings are correct? Can you access the database
using the mysql command-line client?


Re: [rt-users] Slightly off-topic

2012-06-13 Thread Bill Cole

On 12 Jun 2012, at 16:26, Paul Tomblin wrote:


I have a need to access information in another database simultaneously
to the , so I cloned RT::Handle.pm into my own RTx::FooBar::Handle
that access the other database.  Now I'm testing this on my Linux box
and everything is running fine, but I copied it over to my MacBook Pro
in order to demo it to a client, but Postgres is complaining that it's
running out of database handles.  So I added a DESTROY method to my
RTx::FooBar::Handle that does a $self-dbh-disconnect.  I stuck a
call to $RT::Logger-debug in that DESTROY method just to make sure.
On the Linux box, it's definitely getting called and the debug is
printing out, but I wasn't running out of handles there so I don't
know if that's helping matters.  On the Mac, either it's not getting
called or the logger isn't working, and it's running out of handles
still.  Any suggestions?



Maybe http://archives.postgresql.org/pgsql-general/ could be helpful? 
Maybe not. It isn't clear to me what exactly you mean by Postgres 
complaining that it's running out of database handles as that doesn't 
sound much like any complaint I've seen from Postgres.


It may be relevant that the MacOS Perl environment is rather lame by 
default, so if you haven't built an alternative Perl environment you may 
be working with some Perl modules that are outdated or have been given 
some special Apple touch so that they aren't quite like they should be.


Re: [rt-users] Require owner before update

2012-05-18 Thread Bill Cole

On 18 May 2012, at 7:49, Mayk Backus wrote:


Hi List,

I'm searching the list but can't find anything usefull for now. At our 
site, a lot of agents lack becoming owner of tickets.  I want them to 
take a ticket first and then start working on it. Is there a way to 
force this that the must be an owner set ?


One way to enforce this operationally without getting agents to change 
work habits is a Scrip that assigns ownership to a user who updates a 
ticket owned by Nobody. Using Scrips to automate work rules rather 
than Rights settings allows for more complex and nuanced rules, 
particularly ones that you might want agents to be able to reverse by a 
conscious choice. For example, the RT instance I wrangle has a Scrip 
that runs when a ticket is resolved that gives ownership of Nobody 
tickets to the person who is resolving the ticket. This has the useful 
side-effect of making sure Requestors don't get notification of 
resolution without a specific responsible human identified. Agents can 
still specifically go back and disown a ticket they've been given by 
that Scrip, but that would be a distinct transaction they have to do 
intentionally.


On the other hand, fine-tuning Rights provides agents with UI clues 
about the proper workflow, provided they have been trained well.


Re: [rt-users] How do I override a default scrip?

2012-05-18 Thread Bill Cole

On 18 May 2012, at 14:45, Paul Tomblin wrote:


How can I override a default scrip for a queue?


You don't. A Scrip is either Global or limited to a single Queue, and is 
either enabled or disabled in that scope. If you have a Scrip that you 
want to apply to all Queues except for one, you need to disable the 
Global version and replicate it in all Queues except for one.


Another option is to modify the Global Scrip with a User Defined 
Condition that returns 0 if the Queue is one that you want to exempt.



If I define a new
scrip with the same name as an existing one, it runs both of them.


Yes, it does. Scrips are objects that point to Queues by ID, Queues are 
not objects that point to Scrips by name.


Re: [rt-users] How do I override a default scrip?

2012-05-18 Thread Bill Cole

On 18 May 2012, at 17:40, Paul Tomblin wrote:


On Fri, May 18, 2012 at 3:47 PM, Bill Cole
rtusers-20090...@billmail.scconsult.com wrote:
Another option is to modify the Global Scrip with a User Defined 
Condition

that returns 0 if the Queue is one that you want to exempt.


How do I programmatically add one of these User Defined Conditions to
an existing RT Global Scrip?  (Preferably something that I can do in
my etc/initialdata)


Ewww. Why???

With a running RT (i.e. a system where etc/initialdata has seen its 
single lifetime access) just go into the Scrip's definition 
(Configuration-Global-Scrips-$WhicheverOneYouAreChanging) and switch 
the Condition from whatever it is (e.g. On Comment) to User 
Defined and put some suitable perl in the Custom condition text area. 
See http://requesttracker.wikia.com/wiki/WriteCustomCondition for clues 
on suitable perl. See 
http://requesttracker.wikia.com/wiki/Documentation#Scrips for more links 
to doc on Scrips.


I suppose you *could* do the needful to put your custom scrip into 
etc/initialdata, but I can't see a way to make that a rational thing to 
do. It's name has meaning...




If I define a new
scrip with the same name as an existing one, it runs both of them.



Yes, it does. Scrips are objects that point to Queues by ID, Queues 
are not

objects that point to Scrips by name.


I'd just like to point out that's completely inconsistent with the way
Templates are done.


You may want to have inconsistency discussions with Jesse Vincent. I 
gave up trying to understand the reasoning behind RT internal 
architecture a couple of major versions ago. It wasn't a hobby that was 
making me happy... Now I just try to keep the useful facts in my head 
without judging what I really don't understand.


With that caveat, I think it's not true that the way Scrips relate to 
Queues is inconsistent with Templates. Templates also are either 
Queue-specific or Global and point to their Queue by ID, rather than the 
Queue pointing to them by name. This is pretty much orthodox data 
structuring.


Re: [rt-users] How do I override a default scrip?

2012-05-18 Thread Bill Cole

On 18 May 2012, at 18:40, Paul Tomblin wrote:

On Fri, May 18, 2012 at 5:40 PM, Paul Tomblin ptomb...@xcski.com 
wrote:

rtusers-20090...@billmail.scconsult.com wrote:
Another option is to modify the Global Scrip with a User Defined 
Condition

that returns 0 if the Queue is one that you want to exempt.


How do I programmatically add one of these User Defined Conditions to
an existing RT Global Scrip?  (Preferably something that I can do in
my etc/initialdata)


Oh wait, I could do that with an overlay, couldn't I?


Um, maybe YOU could, but I sure wouldn't try it that way...

Scrips are configuration data, not program code. This sort of Condition 
is going to reference specific Queues in your instance, so you really 
want it in the database where you can easily tweak it and where there's 
no way for it to conflict with the next minor version of RT.


Re: [rt-users] How do I override a default scrip?

2012-05-18 Thread Bill Cole

On 19 May 2012, at 0:15, Paul Tomblin wrote:


On Fri, May 18, 2012 at 11:51 PM, Bill Cole
rtusers-20090...@billmail.scconsult.com wrote:

On 18 May 2012, at 17:40, Paul Tomblin wrote:


On Fri, May 18, 2012 at 3:47 PM, Bill Cole
rtusers-20090...@billmail.scconsult.com wrote:


Another option is to modify the Global Scrip with a User Defined
Condition
that returns 0 if the Queue is one that you want to exempt.



How do I programmatically add one of these User Defined Conditions 
to
an existing RT Global Scrip?  (Preferably something that I can do 
in

my etc/initialdata)



Ewww. Why???


Because I want to provide an extension that my client can install on
their RT installation, and when they type make initdb in the source
directory for my extension it adds all the things that are particular
to that extension to the RT system.  Just like the way literally
dozens of other extensions that I've looked at do it.


OIC.

Incidentally, this is the first mention of extension in this thread. 
Writing an RT extension may be something that has been done dozens of 
times, but it's hard to guess that anyone in particular is doing it and 
asking questions about it on this list. You might get better guesses out 
of the rt-devel list. I'm not there.


[...]
With that caveat, I think it's not true that the way Scrips relate to 
Queues
is inconsistent with Templates. Templates also are either 
Queue-specific or
Global and point to their Queue by ID, rather than the Queue pointing 
to

them by name. This is pretty much orthodox data structuring.


That is simply not true.  If I want to override the system provided
Resolved template for a particular queue, then all I have to do is
make a new template called Resolved on that queue.  It's referenced
by name, and only my new Resolved template will be used for that
queue.


That's an interesting fact that I'd somehow missed in 12 years of 
working with RT...


A Scrip references its Template by ID. Really. I'm looking at that in 
the database. It's also documented that way in the API docs, but looking 
further down I see hints of nefarious magic at RT::Template-Load() I 
also just tested and confirmed what you say: even if I specifically pick 
the Global:$Name Template in a Scrip, the $QueueName:$Name Template gets 
used. Spooky.



If I want to override the behavior of the default On Resolve
Notify Requestors for a particular queue I can't just create a new
Scrip with the same name, because then it will run both Scrips.  There
is no definition of the word consistent which that fits the
definition of.


But Scrips cannot be that way: there is no RT::Scrip=Name. There's a 
Description, but that would be analogous to a Template's Description. 
Since Scrips don't *HAVE* a Name, they can't override by Name, yes?


But I do concede that there's inconsistency. Thus is the world. 
Different things are different.


Re: [rt-users] If I change domain name, how screwed am I?

2012-05-15 Thread Bill Cole

On 15 May 2012, at 16:32, Mister IT Guru wrote:


Hi guys,

I know I've lurked on the list for years, but I've never really ever 
had a problem with RT. Until now, I've been asked to change the domain 
name for an RT instance, and I'm thinking, this is going to be a bad 
day! Does anyone have any advice if this is possible?


It should work just fine. We routinely dump our production DB and reload 
it into our test server and don't get breakage. It's all about getting 
RT_SiteConfig.pm right. The settings that you are likely to need to 
change are Organization, RTAddressRegexp, SendmailArguments, 
CorrespondAddress, CommentAddress, WebDomain, and rtname. Or maybe just 
a few if you've parameterized some of those from rtname or Organization.





Re: [rt-users] RT3 - login history recorded?

2012-05-04 Thread Bill Cole

On 2 May 2012, at 18:50, Joseph Spenner wrote:

I'm using RT 3.8.8 and am curious whether RT records login history of 
users logging into the web interface.


Not in its default config, but it can if you want it to and do external 
auth. If you use the RT::Authen::ExternalAuth extension and have 
debug-level logging, the log will include lines describing every step of 
every login.


Re: [rt-users] rt4.0: anonymous hash error on apache startup

2011-05-29 Thread Bill Cole

Ruslan Zakirov wrote, On 5/28/11 1:46 PM:

Hello,

Problem is in your config file. Somewhere you set a hash option
(key-value pairs), but misses key or value and number of elements in
assignment is odd.


A very likely cause of this is the ChartFont setting. It changed from a 
scalar in RT3 to a hash in RT4, so the config 'Set' command for RT3 will 
generate that specific error.




On Sat, May 28, 2011 at 2:15 PM, Daniel G. Rohan
d-ro...@northwestern.edu  wrote:

Hello everyone,

We've recently upgraded to 4.0.0 and whenever we start up our apache (using 
mod_perl), we get the following errors:

Starting httpd: Odd number of elements in anonymous hash at 
/opt/rt4/sbin/../lib/RT/Config.pm line 861.
Use of uninitialized value in anonymous hash ({}) at 
/opt/rt4/sbin/../lib/RT/Config.pm line 861.
Odd number of elements in hash assignment at /opt/rt4/sbin/../lib/RT/Config.pm 
line 862.
Use of uninitialized value in list assignment at 
/opt/rt4/sbin/../lib/RT/Config.pm line 862.

This seems to reference this subroutine in /opt/rt4//lib/RT/Config.pm

sub Set {
my ( $self, $name ) = ( shift, shift );

my $old = $OPTIONS{$name};
my $type = $META{$name}-{'Type'} || 'SCALAR';
if ( $type eq 'ARRAY' ) {
$OPTIONS{$name} = [@_];
{ no warnings 'once'; no strict 'refs'; @{RT::$name} = (@_); }
} elsif ( $type eq 'HASH' ) {
$OPTIONS{$name} = {@_};
{ no warnings 'once'; no strict 'refs'; %{RT::$name} = (@_); }
} else {
$OPTIONS{$name} = shift;
{no warnings 'once'; no strict 'refs'; ${RT::$name} = 
$OPTIONS{$name}; }
}
$META{$name}-{'Type'} = $type;
return $self-_ReturnValue( $old, $type );
}


Apache starts up fine, and RT seems to be working, but this is concerning to 
us. Any suggestions or insight into what might be the issue?

Thanks,

Dan Rohan






Re: [rt-users] Remove a post to the group?

2011-01-09 Thread Bill Cole

Mark Jenks wrote, On 1/9/11 8:46 AM:

I posted something out here, and now the link is showing up in Google
search, and I want to get rid of it.

Is there a way to completely remove a post?

http://www.mail-archive.com/rt-users@lists.bestpractical.com/msg27228.html


No.

You could try to get mail-archive.com to pull their copy down, but they are 
not the only site that offers a public archive of the RT-Users list. I 
wouldn't expect most operators of list archives sites to kill messages 
without very strong justifications that are not obvious in that message. 
Beyond that, it isn't really possible to know all of the places where copies 
of messages sent to a public mailing list may have been sent, and there is 
no way to prevent someone with an archived copy from making it openly 
accessible. Even if you got the half-dozen easily found copies removed now, 
you would have the possibility of other copies appearing at any time.




Electronic Privacy Notice. This e-mail, and any attachments, contains
information that is, or may be, covered by electronic communications
privacy laws, and is also confidential and proprietary in nature. If you
are not the intended recipient, please be advised that you are legally
prohibited from retaining, using, copying, distributing, or otherwise
disclosing this information in any manner. Instead, please reply to the
sender that you have received this communication in error, and then
immediately delete it. Thank you in advance for your cooperation ­­


The fact that your lawyers have convinced you to tack that absurdity onto 
every email you send does not give it force. When you send a piece of email 
to a public mailing list, you effectively give up any realistic expectation 
that you can control who may see that email.




Re: [rt-users] RTx::Calendar Not Displaying

2010-12-30 Thread Bill Cole

Lee Hughes wrote, On 12/29/10 7:01 PM:

I've installed and configured RTx::Calendar per the instructions and
restarted the web server but don't see any links to it anywhere. I have
syslogging set to debug but no errors are logged.

Here are the relevant settings from RT_SiteConfig.pm:

# Calendar Plugin
require '/usr/local/rt3/local/plugins/RTx-Calendar/lib/RTx/Calendar.pm';
Set($HomepageComponents, [qw(QuickCreate Quicksearch MyCalendar
MyAdminQueues MySupportQueues MyReminders RefreshHomepage)]);

# enable all plugins
Set(@Plugins,qw(
RT::Authen::ExternalAuth
RTx::Calendar
));

Any ideas what I'm missing?


Did you clear the Mason cache?

rm -rf /usr/local/rt3/var/mason_data/obj/*

See http://requesttracker.wikia.com/wiki/CleanMasonCache for details.


Re: [rt-users] see others tickets

2010-11-03 Thread Bill Cole

Josef wrote, On 11/3/10 4:46 PM:

Yes, but only priviledged users see this... I don't want end users to
change my settings.


Privileged in RT does not mean that a user is able to change system 
settings. It means that a user gets the full UI instead of SelfService and 
shows up by default in the user list in the Configuration area (which is 
only accessible by users rights including ShowConfigTab, Admin*, and 
SuperUser) and that it is possible to assign the user various rights.




Re: [rt-users] SMTP for email

2010-10-01 Thread Bill Cole

seb...@gmail.com wrote, On 9/30/10 2:24 PM:

On Thu, Sep 30, 2010 at 2:42 AM, Emmanuel Lacour
elac...@easter-eggs.com  wrote:

On Tue, Sep 28, 2010 at 03:25:11PM -0300, seb...@gmail.com wrote:

Hi Folks,

Is there any way we could use our external qmail server to handle RT
outgoing emails, instead of the default internal sendmailpipe?
If so, setup details will be appreciated.



 From RT_Config.pm

C$MailCommand  defines which method RT will use to try to send mail.
We know that 'sendmailpipe' works fairly well.  If 'sendmailpipe'
doesn't work well for you, try 'sendmail'.  Other options are 'smtp'
or 'qmail'.


I saw that line, but were to but the SMTP IP, account details, etc.-?
Remember we are on 3.6.10


so you can use smtp. THought, it can be less reliable if your smtp
server went unavailable. Also, as you propably set up your RT on an Unix
box, this is very recommended to have a small smtp sendmail compatible
on it to handle system emails. So why not use it for you're outgoing
emails and set your qmail as a relayhost for this smtp?


We prefer to have smtp centralized.


You may want to think about this more carefully.

Sendmail and drop-in replacements for it like Postfix are not solely or even 
primarily SMTP servers, they provide a multi-function email subsystem. That 
spares applications (such as RT) from a need to implement a robust mail 
handling subsystem of their own, and means that if you have the local mail 
submission and outbound routing parts of Sendmail (or its replacement) 
configured correctly, all of your applications can send mail in a consistent 
and robust way without having to implement their own SMTP client or 
queue/retry infrastructure. Sendmail (or any proper replacement for it) can 
easily be configured to only accept mail via local submission paths (i.e. 
the sendmail binary and/or network daemons listening only on the loopback 
address) and to route all mail through a centralized 'hub' system. The 
alternative of having each application on each system configured to talk 
SMTP directly to the central hub means you have to maintain SMTP 
configurations for each application and your central hub needs to 
accommodate the limitations and idiosyncrasies of each application's SMTP 
client implementation. By having applications submit mail to the local mail 
service (i.e. port 25 or 587 on localhost or a sendmail executable) you 
isolate the applications' mail weaknesses to the host where they each run 
and get a single well-behaved and robust SMTP client implementation talking 
to your SMTP hub. With security tools available on some systems you can even 
enforce restrictions to block anything other than the shared mail subsystem 
(i.e. sendmail) from making outbound SMTP connections.


RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!


Re: [rt-users] Securing /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

2010-09-20 Thread Bill Cole

Val Polyakov wrote, On 9/15/10 3:51 PM:

Plaintext.

But that doesnt matter - because its a RT db, with nothing else on it.
Security has no problem with it.

They only have a problem with storing the domain account credentials in
plaintext.


I'm not sure that it will satisfy the people you are trying to satisfy, but 
we stay as safe as possible by using an LDAP account that has restricted 
read and search access and no write permissions. That account is only used 
to do an initial bind, search for a user by the attributes in 
attr_match_list, and read the attributes in attr_map. It needs no other 
rights in LDAP. After that, actual user authentication is done with a bind 
attempt using the found account DN and the password provided by the user.


The way your question is worded makes it seem like you are trying to use 
some sort of unique high-privilege account, which would be an unnecessary 
and unsafe approach. The limited-account approach works for us because the 
attributes it can search and read are significantly less than what any of 
our human users can search and read. The added risk of that account password 
being in the clear in a file that can only be read by 'root' and 'www' on a 
system that has only admins as human users is insignificant. But of course, 
that is our environment, and yours may be a lot different.




--Val


   On 09/15/2010 12:52 PM, Val Polyakov wrote:

Hello,

what are our options as far as securing RT_SiteConfig.pm goes?

My company has pretty strict security requirements, and our security
team
will simply not allow us to store the ldap username/password in a plain
text file on the RT server (and I can fully understand their concerns).

What are some options here? Again, keeping in mind that the requirement
is
for the password (at least the password, that is) to NOT be plaintext in
RT_SiteConfig.pm

Solutions like well make the file only readable by root aren't going
to
be accepted (not by me, but by our security team). Needs to be a hashed
password, may be, or something.. I don't know.. soliciting ideas.

--Val

How are you storing the database userid and password in that case?

Jeff

RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!





RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!



RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!


Re: [rt-users] RT not sending email

2010-02-01 Thread Bill Cole
Jonathan Rummel wrote, On 1/28/10 11:51 AM:

 Hi Andreas,

 I am currently having this same problem.  Did you ever figure it out?

 Thanks so much!
 Jonathan


 Andreas Heinlein-2 wrote:

 Hello,

 I need your help debugging RTs mail system.

 I have had RT send emails successfully when replying to or creating new
 tickets. As such, the mail system is working. I have fiddled with the
 global scrips to invoke some more mails, i.e. on owner change. But now
 somehow, RT does not send any mail at all.

 I am not sure if this has to do with the scrips at all. In any case,
 when you reply to a ticket, no recipients are shown at the bottom (Below
 ...mail will be sent to the following users...), and no mail is sent
 on reply. Dito when entering someone as Cc: or AdminCc: for a ticket,
 both for the whole ticket and one-time when replying. In all cases, RT
 claims Outgoing message recorded after saving changes, but the ticket
 display does not show any outgoing mail (I have the ShowOutgoingMail
 right).

  From the mail server logs I can see that no attempt to send mail is
 done. From syslog, I see RT::User::CanonicalizeEmailAddress called with
  from RT::Ticket. I checked the user account settings, and alle users
 have valid working mail addresses associated with them.

Likely root causes when you've 'fiddled' with a scrip that is now failing to 
send mail is an error in the scrip or in the mail template that it uses, if 
you've changed that as well. In either case you can get an error logged that 
may well be technically correct, but isn't obviously indicative of the real 
flaw. In this case, the fact that CanonicalizeEmailAddress is being called 
with an empty string as an argument may not indicate that an actual user 
record lacks an address, but rather that the scrip or template has mangled 
the email address in a User object, perhaps by something as simple as using 
'=' somewhere that '==' was intended.

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com

2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22  23
Dublin, Ireland - Mar 15  16
Boston, MA, USA - April 5  6
Washington DC, USA - Oct 25  26

Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Asset Tracker on a new install of RT

2010-02-01 Thread Bill Cole
Brenner, Martin wrote, On 1/28/10 2:11 PM:
 We have an old instillation of RT 3.4.2, but it was a VM given to us
 many years ago and there are things broken on the underlying Debian. So,
 instead of working hard to fix everything and then upgrade, we decided
 to start from scratch and build a new VM.

 I got 3.8.7 up and running on an Ubuntu 9.04 box with the LDAP add-on
 working. We really need something that handles our inventory integrated
 into our ticketing system, so we were going to try AssetTracker out.

  From some of the posts on the AT google site, it sounds like only
 1.2.4b1 works with RT 3.8.x. got it downloaded and configured (we didn't
 do the patch mentioned in the README since posts I saw said it wan't
 needed) but when we try make install, we get the following error:

 [crit]: Can't locate object method ACLEquivalenceObjects via package
 RTx::AssetTracker::System at /opt/rt3/lib/RT/Principal_Overlay.pm line
 327, DATA line 323. (/opt/rt3/lib/RT.pm:379)
 Can't locate object method ACLEquivalenceObjects via package
 RTx::AssetTracker::System at /opt/rt3/lib/RT/Principal_Overlay.pm line
 327, DATA line 323.

 The only similar thing I found about this was in the archives for this
 list saying to add to

 sub ACLEquivalenceObjects { return () }

 to
 /opt/rt3/local/lib/RTx/AssetTracker/System.pm ( actually 
 /opt/rt3/lib/RTx/AssetTracker/System.pm on our system)

 and restart apache.

 Did this and no luck. I'm out of my depth here, so any help would be 
 appreciated.

Did you clear the Mason object cache as well? If you don't have DevelMode 
set, there is a cache under /opt/rt3/var/mason_data/obj/ that is populated 
with sub-assemblies of RT pages that are reusable by Mason for as long as 
the code they use isn't changed. That cache is great for making RT faster, 
but there's no validity checking: if you change code in an existing RT file 
you have to remove any cache files that were built using the old code before 
the changes are actually used.


___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com

2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22  23
Dublin, Ireland - Mar 15  16
Boston, MA, USA - April 5  6
Washington DC, USA - Oct 25  26

Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Spam filtering in RT

2009-07-06 Thread Bill Cole
Venkateswaran, Subbaraman wrote, On 7/6/09 10:05 AM:


 Hello everyone,

 Would like to understand what's the best strategy to stop spam emails
 creating tickets in RT ? Thanks for your time.

That's a bit like asking what's the best vehicle? without mentioning what 
sort of transportation you need.

RT gets used in so many different types of environments that a perfect 
anti-spam solution for one site may be completely useless elsewhere. I've 
worked with RT in three very different places, and spam control in each has 
been very different. Some generally useful principles:

1. Do as much of your spam stopping as you can in the MTA layer, not in the 
mail gateway delivery agent or RT itself.

2. Segregate your RT mail from all other mail. Ideally, the domain part of 
the addresses that deliver into RT will only be used for RT mail, so you can 
have spam control for it that is not compromised by the needs of other 
recipients in the domain. When that is not possible (e.g. public role 
accounts like abuse-reporting addresses) you will still benefit from having 
some mechanism that treats RT's mail differently before it gets handed off 
for delivery into RT.

3. If you don't need to accept requests from random strangers, don't 
configure RT to autocreate users when receiving email from random strangers. 
This alone (sometimes in conjunction with something like 
RT::Authen::ExternalAuth that can autocreate RT users based on an external 
user database) is adequate for many circumstances.

4. Use the per-queue address mechanism (built into 3.8, previously in the 
BrandedQueues extension) so that you can segregate correspondence on 
existing tickets from new-request mail, and filter the two streams 
accordingly (e.g. require mail to a queue-specific address to have the right 
RT Subject tag) using whatever tools your MTA has or can hook into.

5. Think carefully about how RT's legitimate incoming mail in your 
environment differs from a generic mail stream aimed at a large set of 
people, and use that (see #1) to tune its filtering. Spam control is done 
best when it is customized for a specific well-understood mail stream rather 
than generically. A mail stream into RT is very unlikely to look like a mail 
stream into a bunch of corporate users' mailboxes or into a consumer ISP's 
users' mailboxes or into a sysadmin's mailbox. Tactics that would do 
violence to personal mail might be harmless and effective for RT's incoming 
mail, and vice versa.

6. Be prepared to adjust your filtering of RT's mail in response to spam 
coming in.
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] devel list AssetTracker

2009-07-04 Thread Bill Cole
Natxo Asenjo wrote, On 7/4/09 7:51 AM:
 hi,

 My apologies for posting here, but I in the assettracker some things
 remain unanswered (see
 http://code.google.com/p/asset-tracker-4rt/wiki/FeatureRequestPage )
 Is there a devel mailing list for asset tracker?

There is no mailing list dedicated to Asset Tracker that has significant 
membership or traffic. A few months ago, someone posted here about starting 
a list for it, but he made 2 mistakes: (1) he created the list on 
yahoogroups.de, making signup confusing for people who don't speak German, 
and (2) he made no real effort at evangelizing it.

However, the author of AT (Todd Chapman) can sometimes be seen posting to 
this list and to the rt-devel list regarding AT. Apparently he pays more 
attention to these lists than to the Google Code site.

 Are there enough
 people with an interest in such a list?

Probably not. There don't seem to be a lot of people using AT. In its 
current state it does not have a lot of appeal, and I say that as someone 
currently deploying it. Having worked with Todd at the company where he 
created AT, I could but probably should not dissect how AT was built to be 
attractive to a small pathological niche of organizations... Beyond that, I 
think AT is a victim of being a minimalist tool that is implemented very 
well and is dependent upon and constrained by a larger framework. People who 
are not daunted by the amount and type of work required to implement a 
working asset tracking system using AT are likely to have enough Perl skill 
to handle a lot of their own customizations and AT itself isn't big enough 
or sloppy enough to provide much to work on. There's not enough to it to 
base a community of user/developers on which would be distinct from RT.

I should also add that in my experience working with AT at its birthplace 
and seeing how it evolved there and now trying to get it deployed in a very 
different environment, the most common *user* problem with AT is 
understanding how to model their assets as very simple data objects with 
links to assets of other simple types rather than having internal complexity 
in the asset records themselves.

 RT is the best helpdesk software out there, but I see lots of places
 where the lack of some feautures (like tracking assets)  get RT out
 the door. This is a shame. At work I am now stuck with topdesk because
 of this, and every time I have to use that piece of sh*t I nearly cry
 when I think at how good and fast RT is. That is why I would like to
 change this, I am no perl guru (far from that) but am willing to learn
 and contribute in my own time. Are there any other people interested
 in further improving assettracker?

I'm one, but I'm only a Perl hacker to the degree that I need to be. I don't 
have enough spare cycles to make anything like a commitment to advancing a 
piece of freeware.


___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Upgrade only the DB schema

2009-07-03 Thread Bill Cole
dmatton wrote, On 6/26/09 9:36 AM:
 Hello everybody,

 I've got RT 3.6.6 in production and I would like to upgrade only the DB
 schema to 3.8.4. Is it possible ?

No.

Of course it is *possible* in the most narrowly pedantic sense. You can make 
the schema changes without installing the new RT code, but what you end up 
with won't work.
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] reply address from RT

2009-07-03 Thread Bill Cole
testwreq wreq wrote, On 6/26/09 11:23 AM:
 I have the new install of RT. When a new ticket is created, we get a
 response from RT which has a reply-to field set as 'fds...@ ; can
 anyone tell where this setting is comming from?
 In the RT_SiteConfig file we have set the correspondAddress as follows.
 Set($CorrespondAddress, 'r...@cs.sunysb.edu' mailto:'r...@cs.sunysb.edu');
 where and what should we change in order to fix 'fds...@.. to r...@...
 Below is the sample of email received from RT. fds...@www2
 mailto:fds...@www2 should be rt@ cs.sunysb.edu mailto:r...@cs.sunysb.edu
 From: The default queue via RT [mailto:fds...@www2.cs.sunysb.edu
 mailto:fds...@www2.cs.sunysb.edu]
 Sent: Thursday, June 25, 2009 2:16 PM
 To: h...@cs.sunysb.edu mailto:h...@cs.sunysb.edu
 Subject: [CS_Department #9] AutoReply: whitelist request

It appears that you either are using a pre-3.8 RT with RTx::BrandedQueues or 
3.8.x and have set up a Subject Tag (CS-Department) and Reply Address 
for the default queue. Remove the Reply Address in the queue configuration, 
and you should get the default address (i.e. whatever RT_SiteConfig.pm sets)
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] How to make the subject field mandatory?

2009-06-30 Thread Bill Cole
Kevin Gagel wrote, On 6/30/09 4:41 PM:
 How can I make the subject field a mandatory field?

Write a BeforeCreate callback to validate that the subject meets your needs.

The callback routine needs to be placed in:
$RT_ROOT/local/html/Callbacks/$localtag/Ticket/Create.html/BeforeCreate
$RT_ROOT/local/html/Callbacks/$localtag/SelfService/Create.html/BeforeCreate

The SelfService callback requires 3.8.4 (or changeset r19205 from the RT SVN 
repository)

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Installing and Using ExternalAuth

2009-05-14 Thread Bill Cole
Eric Chatham wrote, On 5/14/09 11:35 AM:
 -Original Message-
 From: rt-users-boun...@lists.bestpractical.com 
 [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Bill Cole
 Sent: Wednesday, May 13, 2009 15:03
 To: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] Installing and Using ExternalAuth

[...]

 3 possibilities:

 1. This is because of the version mismatch.
 2. That RT.pm is not the RT.pm you are looking for, i.e. it is not the
 top-level module for Request Tracker.
 3. That RT.pm is not readable by the install process. (one might achieve
 such an oddity with something like SELinux)

 Speaking of SELinux, the instructions I followed say to disable this.
 Does it matter if I chose the permissive level?

Dunno. I don't handle a lot of Linux machines, and none of them use SELinux 
at all. My RT lives in a FreeBSD jail.

  Also, I saw a question
 asked earlier on the mailing list. Is there a way to integrate both LDAP and
 non-LDAP?

With V0.08, the sample config file says:

   # If this is set to 1, then users should be autocreated by RT
   # as internal users if they fail to authenticate from an
   # external service.
   Set($AutoCreateNonExternalUsers,0);

I don't know if that works...
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] RT Question on adding users

2009-05-14 Thread Bill Cole
Ken Crocker wrote, On 5/13/09 5:18 PM:
   Kevin,


 Thank you so much for answering. I looked through our RT_Config.pm file
 and did not see any reference to either RT::User::CanonicalizeUserInfo
 or RT::Authen::ExternalAuth. Where do I find them and how do I set them?

CanonicalizeUserInfo is a method in the RT::User, which is a part of the 
base package. I think Kevin was saying that you could write an overlay 
replacement for it. You probably already have an overlay in place, as it 
appears that you are using something related to the old LDAP overlay 
described at http://wiki.bestpractical.com/view/LdapUserLocalOverlay and 
http://wiki.bestpractical.com/view/LdapSiteConfigSettings.

RT::Authen::ExternalAuth is an extension that can be used instead of that 
overlay approach, and it is nicely documented at 
http://wiki.bestpractical.com/view/ExternalAuth.



 Our current applicable LDAP settings (in RT_SiteConfig.pm) are as follows:

 * *Set($AuthMethods, ['LDAP', 'Internal']);*
 * *Set($LdapExternalAuth, 1);*
 * *Set($LdapExternalInfo, 1);*
 * *Set($LdapAutoCreateNonLdapUsers, 0);*

That looks promising. I'd bet that if you set that to '1' instead, you'll 
get new internal users if they are not found in LDAP.


___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Installing and Using ExternalAuth

2009-05-13 Thread Bill Cole
Eric Chatham wrote, On 5/13/09 12:14 PM:
 Hello All,

 I am trying to install the current PM for RT::Authen::ExternalAuth PM
 from CPAN.  I am using the wiki.bestpractical guide for the
 installation.

 http://wiki.bestpractical.com/view/ExternalAuth

See the Versions note on that page. In another post, you say you are 
installing RT 3.6.6, but below it looks like you are trying to install 
RT::Authen::ExternalAuth 0.08. That won't work. I'm not sure that it is the 
source of your current issue, but you should get compatible versions before 
proceeding.


 I am stuck at the point where it is asking me to enter the path to the RT
 PM.  I tried looking up RT.pm in the system and using the path to it in
 the Makefile.PL portion, but it is not taking.  I also tried copying the
 RT.pm to one of the selections in the Makefile.PL answer prompt to no
 avail.  Please assist in any way possible.  I tried both the cpan install
 and manual installation.  I am stuck at both places with the Makefile.PL
 script.  Thank you greatly. :)

 Examples:

 [root@ ~ RT-Authen-ExternalAuth-0.08]# find / -name RT.pm
 /usr/lib/perl5/vendor_perl/5.8.8/RT/RT.pm
 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Net/DNS/RR/RT.pm
 /usr/lib/perl5/vendor_perl/5.8.8/RT.pm

Obviously the second one is not the right RT.pm It, but the others are also 
in very odd places for RT.pm. Typically RT's perl modules are NOT installed 
under the general-use perl directory tree, but in a distinct directory such 
as /opt/rt3/. The specific layout is defined as part of the build/install 
process, and results in the various paths being defined in the RT.pm that 
gets installed. If you start moving parts of RT around after installation, 
you will break it.

 [root@ ~ RT-Authen-ExternalAuth-0.08]# cp 
 /usr/lib/perl5/vendor_perl/5.8.8/RT.pm /usr/lib/perl5/vendor_perl/5.8.8/RT
 [root@ ~ RT-Authen-ExternalAuth-0.08]# perl Makefile.PL
 Cannot determine perl version info from lib/RT/Authen/ExternalAuth.pm
 Cannot determine author info from lib/RT/Authen/ExternalAuth.pm
 Cannot determine license info from lib/RT/Authen/ExternalAuth.pm
 Cannot find the location of RT.pm that defines $RT::LocalPath in: inc 
 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 
 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 
 /usr/lib/perl5/site_perl 
 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 
 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 
 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi 
 /usr/lib/perl5/5.8.8 . /opt/rt3/lib /opt/lib/rt3 /opt/lib /usr/local/rt3/lib 
 /usr/local/lib/rt3 /usr/local/lib /home/
rt3/lib /home/lib/rt3 /home/lib /usr/rt3/lib /usr/lib/rt3 /usr/lib /sw/rt3/lib 
/sw/lib/rt3 /sw/lib
 Path to your RT.pm:  /usr/lib/perl5/vendor_perl/5.8.8/
 Cannot find the location of RT.pm that defines $RT::LocalPath in: inc 
 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi 
 /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 
 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 
 /usr/lib/perl5/site_perl 
 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi 
 /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 
 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 
 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi 
 /usr/lib/perl5/5.8.8 . /opt/rt3/lib /opt/lib/rt3 /opt/lib /usr/local/rt3/lib 
 /usr/local/lib/rt3 /usr/local/lib /home/
rt3/lib /home/lib/rt3 /home/lib /usr/rt3/lib /usr/lib/rt3 /usr/lib /sw/rt3/lib 
/sw/lib/rt3 /sw/lib /usr/lib/perl5/vendor_perl/5.8.8/ 
/usr/lib/perl5/vendor_perl/5.8.8//rt3/lib 
/usr/lib/perl5/vendor_perl/5.8.8//lib/rt3 /usr/lib/perl5/vendor_perl/5.8.8//lib
 Path to your RT.pm:

3 possibilities:

1. This is because of the version mismatch.
2. That RT.pm is not the RT.pm you are looking for, i.e. it is not the 
top-level module for Request Tracker.
3. That RT.pm is not readable by the install process. (one might achieve 
such an oddity with something like SELinux)





___

Re: [rt-users] Email delay on ticket creation - sending to www user?

2009-03-20 Thread Bill Cole
Derek Cunningham wrote, On 3/20/09 10:45 AM:
 I thought this was solved, but I was wrong - see below:

 On 3/11/09 2:02 PM, Bill Colertusers-20090...@billmail.scconsult.com
 wrote:

 Now the bad case:

 Mar 10 08:56:51 rt3-curis-com postfix/pickup[214]: 6D778843F4: uid=70
 from=www
 Mar 10 08:56:51 rt3-curis-com postfix/cleanup[231]: 6D778843F4:
 message-id=rt-3.8.1-228-1236689811-14.30085-...@curis.com
 Mar 10 08:56:51 rt3-curis-com postfix/qmgr[219]: 6D778843F4:
 from=w...@rt3.curis.com, size=998, nrcpt=1 (queue active)
 Mar 10 08:56:51 rt3-curis-com postfix/pickup[214]: 7C66B843F5: uid=70
 from=www

HINT!

[big snip]

 I figured out that it is trying to send email to the user www,

No, it isn't.

  which is
 the problem!!!

No, it isn't.


  So, where is RT making the decision to add www to the bcc
 list?

It isn't.


 rt3:/etc/postfix root# mailq
 -Queue ID- --Size-- Arrival Time -Sender/Recipient---
 D97C288D82 1416 Fri Mar 20 10:10:14  www
   de...@curis.com
   j...@curis.com
   rcur...@curis.com

 -- 1 Kbytes in 1 Request.

 rt3:/etc/postfix root# sendmail -q
 rt3:/etc/postfix root# mailq
 -Queue ID- --Size-- Arrival Time -Sender/Recipient---
 D97C288D82 1416 Fri Mar 20 10:10:14  www
   de...@curis.com
   j...@curis.com
   rcur...@curis.com

 -- 1 Kbytes in 1 Request.
 rt3:/etc/postfix root#

Look at the mail log, which should tell you what happened when you ran 
sendmail -q. Also 'man mailq' or consider what the header on the 4th column 
in the mailq output might mean about the content of the 4th column.

You may want to configure RT so that it uses something other than 'www' but 
using that address is unlikely to be a cause for slow deliveries.

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Is RT allright being OK ?

2009-03-16 Thread Bill Cole
jul wrote, On 3/16/09 11:17 AM:
 Hello,
 
 I discovered I had mistakes in my scrips (forgot the -ISO cast), but I am
 puzzled :
 
 is it normal that my table and field name are lower case even though I
 installed request tracker with the  rt-setup-database script ?

Yes. SQL names are case-insensitive except when quoted (i.e. used as literals).

 Will it be a problem upgrading ?

No.


___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Email delay on ticket creation

2009-03-12 Thread Bill Cole
Derek Cunningham wrote, On 3/12/09 8:30 AM:
 Hi Bill,
 
 I really appreciate your time and helpful answers.  They have certainly
 pointed me in the right direction, and I'll update the list when I have it
 solved.
 
 It's been a bit of a challenge to make this run on Mac OS X, all kinds of
 different preinstalled software points to that it 'should' work easily, but
 time and time again I find myself fighting against what should be simple
 config changes that have been harder to solve than I though it should be.

It is useful to keep in mind that Apple acts strategically, even when it 
looks like they are just being sloppy. MacOS X *Server* is a premium-priced 
product and has very few truly secret differences from the standard version 
of MacOS X that comes with a personal Mac, it is mostly a matter of 
configuration; the desktop version of the system is aggressively configured 
towards use as a personal computer that is almost exclusively used through 
the GUI by one person at a time. The Postfix config is an example of this, 
and if you want Postfix on a Mac to behave like a normal server instance of 
Postfix, you should either replace it altogether or at least fix the lack of 
wakeup settings in master.cf. That may also require you to watch out for 
Apple regressing the change in future updates, but it won't break anything 
that already works.

 At least I have some much more focused searches to make about the postfix
 config.  I will try changing RT's $MailCommand and $SendmailArguments first
 and see if that makes the difference.

Well, despite my digression on that option I think that is a second-best 
approach. It is something one might try if one does not have administrative 
control of the mail subsystem or has some need to keep the no-wakeup model. 
The 'sendmailpipe' option for $MailCommand is a much more efficient 
approach, and I wouldn't suggest switching to 'sendmail' on a high-volume RT 
machine. I'm not even sure that change will solve the queue delay problem 
completely. My hypothesis is that it will avoid the problem by serializing 
the queueing of messages for multiple recipients so that the Postfix 
'pickup' process can't win a parallel race with a 'sendmail -oi -t' process 
that has to parse multiple recipients out of a Bcc header.
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] ticket links all pointing to localhost

2009-03-12 Thread Bill Cole
Calvin Chiang wrote, On 3/5/09 4:04 AM:
 HI
 
 This has been happening just since this morning. When i add a link - 
 parent/child/referred etc the link appears fine. but when i 
 click-through, the url of the page is pointing to localhost e.g. 
 http://localhost/Ticket/Display.html?id=166
 
 Anyone have any idea how i can fix this un?

Set the $WebDomain parameter in RT_SiteConfig.pm

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] CommandByMail HELP with install

2009-03-12 Thread Bill Cole
Kenneth Crocker wrote, On 3/12/09 3:37 PM:
 To all,
 
 
   FIRST and FOREMOST!!! I am NOT a Unix guy. I know it runs on a server 
 and we have a Sparc server and our DataBase is Oracle 10g and we are on 
 RT 3.6.4.
   However, I have NO IDEA how directories work when it comes to how an 
 install program looks for or defines where to go to find software it 
 wants to install. I am the Admin guy for RT at our site and so I 
 understand privileges, how to create scrips and templates, Queues, etc. 
 But when it comes to INSTALLING RT or any of the available extensions, 
 I'm lost, TOTALLY!
   I downloaded the CommandByMail extension from CPAN with no problem. 
 However, when I try to follow the instructions, I get the following error:
 
 Cannot find the location of RT.pm that defines $RT::LocalPath in: inc 
 /soft/perl-5.8.5/run/default/sparc-SunOS-5.8/lib/5.8.5/sun4-solaris 
 /soft/perl-5.8.5/run/default/sparc-SunOS-5.8/lib/5.8.5 
 /soft/perl-5.8.5/run/default/sparc-SunOS-5.8/lib/site_perl/5.8.5/sun4-solaris 
 /soft/perl-5.8.5/run/default/sparc-SunOS-5.8/lib/site_perl/5.8.5 
 /soft/perl-5.8.5/run/default/sparc-SunOS-5.8/lib/site_perl . 
 /opt/rt3/lib /opt/lib/rt3 /opt/lib /usr/local/rt3/lib /usr/local/lib/rt3 
 /usr/local/lib /home/rt3/lib /home/lib/rt3 /home/lib /usr/rt3/lib 
 /usr/lib/rt3 /usr/lib /sw/rt3/lib /sw/lib/rt3 /sw/lib

That smells like a Solaris 8 machine set up by someone with root access and 
a grand concept for the way custom-built software is to be installed. You 
may want to enlist that 'someone' (i.e. who should be a Unix Guy) for help.

 Path to your RT.pm:

That looks like it is asking for input...

You could give it some. //rt/rt-3.6.4/lib/RT.pm seems likely to be a 
reasonable answer. //rt/rt-3.6.4/lib might be all that it needs.


   Now, to be fair, I DO KNOW that we have /opt/rt pointing to 
 //rt/rt-3.6.4 (I have to protect our path). 

If you can rename that symbolic link from /opt/rt to /opt/rt3 the whole 
problem should go away for this and future cases where you want to install 
an extension for RT.

 From there
 (//rt/rt-3.6.4) I can find all the bin, etc, lib, local, perl, 
 share, and var directories. AND in //rtrt-3.6.4/lib I can see a RT 
 directory, a RT.pm file, a RT.pm.in file, and a t directory.
 
   Also, I downloaded the extension software to //rt/src. So, when I 
 go to //rt/src I can find the un-tared version of the 
 CommandByMail directory RT-Extension-CommandByMail-0.05.
 
   I'm just not sure where to go from here. Do I have the downloaded 
 CommandByMail directory in the wrong place? DO I move it? Where to? 
 //rt/rt-3.6.4? DO I just run perl Makefile.PL with some sort of 
 overrides?

If you are stuck with /opt/rt instead of /opt/rt3, try this:

PERL5LIB=//rt/rt-3.6.4/lib
export PERL5LIB
perl Makefile.PL

The first two commands set the PERL5LIB variable to where your RT perl 
library lives and make that variable visible to child processes, i.e. to the 
'perl' process you are running on the third line to do the installation.

(That assumes that you are using the default shell on Solaris 8, /bin/sh. If 
those 2 commands kick back errors, your Unix Guy (the one who installed perl 
5.8.5 under /soft) is evil...)


   I'm not an idiot, but I am VERY ignorant on this stuff. I know this is 
 REALLY a pain in the rump for you more experienced people to have to 
 walk an inexperienced person like me thru this, but I'm getting no help 
 from my group except put it in your directory and play with it. Well, 
 asking me to play with it is like asking an infant to play with a 
 rubik's cube to figure out how it works. I could spend the rest of my 
 life playing with this and not get anywhere.

That depends on how old you are. After all, that infant might get really 
good at the cube by age 10 or so.

FWIW, many of us learned Unix (or Linux) just that way. For this reason, 
some of the people reading this are wondering about my suggestion for 
setting and exporting PERL5LIB in 2 commands, a necessity for the ancient 
shell in Solaris 8 that is only mostly like the ones in Linux and the BSD's.


   So, if there is a REAL BRAVE SOUL out there, who doesn't mind taking my 
 hand and walking me thru this, PLEASE, PLEASE, PLEASE help me.

I hope this has helped.
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Email delay on ticket creation

2009-03-11 Thread Bill Cole
Derek Cunningham wrote, On 3/10/09 10:54 AM:
 Hi
 If I have gone about posting my question the wrong way please let me know.
 Should I add my RT_SiteConfig.pm file in addition to these logs? The
 autoreply goes out right away, but I'm getting a lengthy delay on only the
 admincc messages, and only sometimes when a user submits a new request by
 email.  It doesn't seem to matter who the user is.  If anybody sees anything
 helpful in my log entries please tell me.  If I should be including info
 from another log, please tell me.  I would have suspected a postfix config
 problem, but I'm suspecting my RT config because this only happens during
 the condition that a user submits a new request via email.

It's not primarily RT, it's primarily Postfix.

 I am using RT 3.8.1 on Mac OSX (10.4), postfix/sendmail to relay to our main
 email server with SMTP.  RT is working great except for these email delays.

The mail subsystem for MacOS X 10.4 in its default configuration has a 
tendency to have this sort of trouble, particularly when connectivity is 
intermittent or mail is being sent to systems that use greylisting for 
spam control. Messages that are not delivered on the first try will 
typically sit around until the next new mail submission, and in some cases 
will not be tried immediately because of how Postfix compartmentalizes 
operations. This can be fixed in your Postfix config, which presumably 
you've already adjusted somewhat to make the system accept mail. Look at the 
pickup, qmgr, and flush lines in master.cf and give them reasonable wakeup 
times. You also could set up a scheduled queue run via cron or launchd if 
you are not comfortable adjusting the Postfix config.


 Another recent sample:
 From /var/log/mail.log

I'll comment a bit in the hope that it will be enlightening...

 Mar 10 07:45:45 rt3-curis-com postfix/smtpd[215]: connect from
 [mailserver].curis.com[10.2.0.20]
 Mar 10 07:45:47 rt3-curis-com postfix/smtpd[215]: 1C89B8436A:
 client=[mailserver].curis.com[10.2.0.20]
 Mar 10 07:45:47 rt3-curis-com postfix/cleanup[218]: 1C89B8436A:
 message-id=c5dbcb27.111a%[request...@curis.com
 Mar 10 07:45:47 rt3-curis-com postfix/smtpd[215]: disconnect from
 [mailserver].curis.com[10.2.0.20]
 Mar 10 07:45:47 rt3-curis-com postfix/qmgr[219]: 1C89B8436A:
 from=[request...@curis.com, size=896, nrcpt=1 (queue active)

So,  message 1C89B8436A comes in and gets queued.

But it doesn't get delivered until 9 seconds later when an outgoing message 
wakes up Postfix:

 Mar 10 07:45:54 rt3-curis-com postfix/pickup[214]: 2A4DE8438B: uid=70
 from=www
 Mar 10 07:45:54 rt3-curis-com postfix/cleanup[218]: 2A4DE8438B:
 message-id=rt-3.8.1-212-1236685553-588.30085-...@curis.com
 Mar 10 07:45:54 rt3-curis-com postfix/qmgr[219]: 2A4DE8438B:
 from=w...@rt3.curis.com, size=1655, nrcpt=1 (queue active)
 Mar 10 07:45:54 rt3-curis-com postfix/smtp[225]: 2A4DE8438B:
 to=[request...@curis.com, relay=[mailserver].curis.com[10.2.0.20],
 delay=0, status=sent (250 2.0.0 49b652f2-000b3322 Message accepted for
 delivery)
 Mar 10 07:45:54 rt3-curis-com postfix/qmgr[219]: 2A4DE8438B: removed

Message 2A4DE8438B makes it out immediately

 Mar 10 07:45:54 rt3-curis-com postfix/local[220]: 1C89B8436A:
 to=facilit...@rt3.curis.com, relay=local, delay=9, status=sent (delivered
 to command: /opt/rt3/bin/rt-mailgate --queue facilities --action correspond
 --url http://localhost/rt)
 Mar 10 07:45:54 rt3-curis-com postfix/qmgr[219]: 1C89B8436A: removed

And finally 1C89B8436A gets delivered locally, because the outbound mail 
woke up Postfix, which found it waiting for its first delivery attempt.

Now the bad case:

 Mar 10 08:56:51 rt3-curis-com postfix/pickup[214]: 6D778843F4: uid=70
 from=www
 Mar 10 08:56:51 rt3-curis-com postfix/cleanup[231]: 6D778843F4:
 message-id=rt-3.8.1-228-1236689811-14.30085-...@curis.com
 Mar 10 08:56:51 rt3-curis-com postfix/qmgr[219]: 6D778843F4:
 from=w...@rt3.curis.com, size=998, nrcpt=1 (queue active)
 Mar 10 08:56:51 rt3-curis-com postfix/pickup[214]: 7C66B843F5: uid=70
 from=www
 Mar 10 08:56:51 rt3-curis-com postfix/cleanup[231]: 7C66B843F5:
 message-id=rt-3.8.1-212-1236685553-104.30085-...@curis.com
 Mar 10 08:56:51 rt3-curis-com postfix/qmgr[219]: 7C66B843F5:
 from=w...@rt3.curis.com, size=1232, nrcpt=3 (queue active)
 Mar 10 08:56:51 rt3-curis-com postfix/smtp[234]: 6D778843F4:
 to=d...@curis.com, relay=[mailserver].curis.com[10.2.0.20], delay=0,
 status=sent (250 2.0.0 49b66393-000b34c3 Message accepted for delivery)
 Mar 10 08:56:51 rt3-curis-com postfix/smtp[235]: 7C66B843F5:
 to=d...@curis.com, relay=[mailserver].curis.com[10.2.0.20], delay=4257,
 status=sent (250 2.0.0 49b66393-000b34c4 Message accepted for delivery)
 Mar 10 08:56:51 rt3-curis-com postfix/smtp[235]: 7C66B843F5:
 to=de...@curis.com, relay=[mailserver].curis.com[10.2.0.20], delay=4257,
 status=sent (250 2.0.0 49b66393-000b34c4 Message accepted for delivery)
 Mar 10 08:56:51 rt3-curis-com postfix/smtp[235]: 7C66B843F5:
 

Re: [rt-users] Email delay on ticket creation

2009-03-11 Thread Bill Cole
Kenneth Marshall wrote, On 3/11/09 2:27 PM:
 On Wed, Mar 11, 2009 at 02:02:15PM -0400, Bill Cole wrote:
  Derek Cunningham wrote, On 3/10/09 10:54 AM:
   Hi
   If I have gone about posting my question the wrong way please let me 
   know.
   Should I add my RT_SiteConfig.pm file in addition to these logs? The
   autoreply goes out right away, but I'm getting a lengthy delay on only 
   the
   admincc messages, and only sometimes when a user submits a new request 
   by
   email.  It doesn't seem to matter who the user is.  If anybody sees 
   anything
   helpful in my log entries please tell me.  If I should be including info
   from another log, please tell me.  I would have suspected a postfix 
   config
   problem, but I'm suspecting my RT config because this only happens 
   during
   the condition that a user submits a new request via email.
  
  It's not primarily RT, it's primarily Postfix.
  
   I am using RT 3.8.1 on Mac OSX (10.4), postfix/sendmail to relay to our 
   main
   email server with SMTP.  RT is working great except for these email 
   delays.
[...]
 You *MIGHT* be able to get better behavior by adjusting the mail parameters 
 that RT is using. The defaults are reasonable for Real Sendmail and for the 
 sendmail compatibility interface of Postfix as Postfix is commonly 
 configured on many Linux and *BSD systems, but it is really not suited for 
 the modified (and somewhat old) Postfix that Apple ships on MacOS X with a 
 desktop-oriented configuration. You might find that using 'sendmail' instead 
 of 'sendmailpipe' for $MailCommand and adjusting $SendmailArguments (no -t) 
 makes the whole issue vanish.

 We have been using RT since 3.2 with postfix versions 1.x and later
 and this sort of problem speaks to a misconfiguration of the postfix
 system, not a problem with the age of the release. The sendmail
 compatibility even in the earliest postfix releases has no problem
 with the way RT submits E-mail. I would recommend checking your
 postfix configurations. Good luck.

The age is a tangential issue, but when working with Postfix on MacOS X it 
is helpful to know that one is dealing with an Apple-modified 2.1.x rather 
than Dr. Venema's 2.5.x and that the default configuration on MacOS X is an 
afterthought for a personal desktop system that almost never uses it. One 
can really fix that Postfix by replacing it with a standard modern version, 
adapt it to more normal use by changing the config, or adjust things that 
use it (like RT) to go around its flaws. I may be wrong, but I think that by 
using 'sendmail' instead of 'sendmailpipe' in RT, the envelope splitting 
task is done upstream in the Mail::Mailer part of a MIME::Entity  object 
rather than being handed off to the sendmail binary called with a '-t' 
argument. That should prevent the circumstance where messages end up sitting 
in the queue waiting for the next external event to trigger pickup.
___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com


Re: [rt-users] Problem with AdminCC's not being sent

2009-03-03 Thread Bill Cole
Blake Crawford wrote, On 3/3/09 4:54 PM:
 
 Hi folks:
 
 I've been pouring over the lists and trying to debug this for a while, 
 but can't seem to come up with a reason.  I have a group set up on a 
 queue with all rights.  When I set that group to watch a ticket as 
 adminCC, and then create a scrip that notifies the adminCCs on comment, 
 all indications are that the email is being sent but it doesn't ever 
 arrive.  Below is a section of the RT log, where all the 's are to 
 protect the identities of the unwilling.
 
 Please note, everything works just fine when the group is set to watch 
 as CC's rather than AdminCCs.  This very well could be a problem with 
 the mail setup, but if so I need to communicate that to the systems 
 folks very clearly.

[...]

 [Tue Mar  3 21:33:25 2009] [error]: 
 rt-3.8.1-25239-1236116005-1140.2468-2...@xx.mtvn.com 
 mailto:rt-3.8.1-25239-1236116005-1140.2468-2...@xx.mtvn.com: 
 `/usr/sbin/sendmail -oi -t` exitted with code 64 (/opt/rt3_xx
 s.mtvn.com/bin/../lib/RT/Interface/Email.pm:417 
 http://s.mtvn.com/bin/../lib/RT/Interface/Email.pm:417)

Sendmail choked on the message.

If RT can send any mail at all successfully, then the most likely cause of 
this particular problem is a broken email address for one of the recipients. 
The '-t' flag that RT is passing to sendmail tells it to scan the headers 
for recipients. If sendmail sees an improper email address (such as one 
containing a non-ASCII character) in a To/Cc/Bcc header, it will reject the 
message altogether. I do not know for sure, but I'd bet that RT is less 
strict in what it allows as a user email address than sendmail is.

___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com