[rt-users] Custom Logo dimensions for RT Theme
Hi, Just a cosmetic question about changing the Theme on RT 4. I have a logo that is legible at 373X57 pixels. When I upload the custom logo is shown compressed into a 173X27 size. It is quite tiny and not legible and I wonder if there is a quick and easy way to fix this? I assume this restriction is to avoid throw off all the graphical elements on the page? Would appreciate it if there a way to tweak this. Duncan.
[rt-users] Upgrading web/email server...should I upgrade RT itself too?
Hi, A more immediate issue I would expect is that newer versions (not to mention the switch from Debian to RPM based distros) of framework applications (Apache, MySQL, PHP, Mason, Perl etc) may have compatibility issues with your older RT installation. So yes, you may not have much choice but to upgrade anyway. Subject: [rt-users] Upgrading web/email server...should I upgrade RT itself too? Message-ID: 074c3ae4e206dc478ab4fa128b97914143d78...@olawpa-exmb05.ad.garmin.com Content-Type: text/plain; charset=us-ascii Hi all, We're running RT on Ubuntu 8.04...so it's time to get with the times. :-) A new CentOS server has been prepared for us. The database is actually running on a separate machine that is newer and there isn't a plan to upgrade it at this point. My question...is RT 4.0.17 itself old enough that I really ought to upgrade it as well? I'd like to minimize the amount of surprise for the users via new looks, so I'm wondering if there are any huge problems with staying at 4.0.17. I'm looking at the UPGRADING-4.2 document and I don't see anything like this version of RT turned into Ultron at 10% of installations.
Re: [rt-users] rt-users Digest, Vol 128, Issue 4
From: Christian Loos cl...@netcologne.de To: Duncan Napier dgnap...@sfu.ca, rt-users@lists.bestpractical.com Subject: Re: [rt-users] Any way to turn subscription email into a .html document? Message-ID: 5459d37d.5070...@netcologne.de Content-Type: text/plain; charset=windows-1252 Am 04.11.2014 um 22:49 schrieb Duncan Napier: - Original Message - I have created some RT Subscriptions, but I was wondering if there is an easy way to convert the subscription content into a HTML document? : : Just in case anyone is interested, I managed to do this. Here is how it was done: What do you exactly mean by subscription email? Reading all above I would assume that you don't use RT Dashboards, but thats exactly what you want: * you can display them within the RT Webinterface * you can send them as e-mail Here is the documentation: http://www.bestpractical.com/docs/rt/4.2/dashboards.html While the documentation is for RT 4.2, dashboards are also available in RT 4.0 without the DashboardInMenu function. Chris Hi - my terminology was vague/incorrect. What I should have said that I wanted to post various Dashboard subscriptions to a website that was widely accessible. We use a setup where all our non-RTadmin users are non-privileged. These users create new tickets via the RT SelfServe interface. Once the ticket is created, they can correspond either rt-mailgate and/or the SelfServe interface. I wanted non-technical group managers and some other (RT non-privileged) staff to be able to access dashboards showing open/resolved tickets for their groups/queues. I played around with all manner of Group Rights and User Rights and was unable to grant non-privileged, SelfServe users the rights to access custom dashboards. So I ended up creating a script to take the Dashboard subscription and post it as a webpage for these users to access if they needed to.
Re: [rt-users] Any way to turn subscription email into a .html document?
- Original Message - I have created some RT Subscriptions, but I was wondering if there is an easy way to convert the subscription content into a HTML document? The emailed subscription appears as a very nicely formatted HTML/ajax email in my Zimbra mail system, but I would prefer it be posted as a HTML document that people could access. Could the email (with MIME-encapsulated attachment - I believe) output be piped to a file and turned into a HTML document? I am running RT 4.0.8 on CentOS 6.4 (final). Just in case anyone is interested, I managed to do this. Here is how it was done: 1) Create a subscription as a saved search, eg Search 1. 2) Create an alias/es or a user account/s each with the only purpose is receiving email subscriptions (eg rt-mail-sear...@myserver.com). 3) Set up the account rt-mail-sear...@myserver.com to receive the subscription email from Search1. 4) Set up a time/day for the RT subscription as frequently as you need using the Subscription management page and crontab 5) Set up a shell script to run through crontab shortly after the subscription email is delivered as follows: # write the contents of the mailbox to a file called subscribe (or whatever you choose). # You will have to locate the mail directory for your system. # For example in POSTFIX it may be ~rt-mail-search1/Maildir/new/, in Sendmail it may be /var/mail/rt-mail-search1 and so on /bin/cat Maildir/new/* subscription # Strip out everything between !DOCTYPE html and div (inclusive) # and write it to a .html file (called search1-listing.html) - the email is a HTML-formatted text document /bin/sed -n '/!DOCTYPE html/,/div/ p' subscription search1-listing.html # Copy the extracted text to the share/html directory of your server /bin/cp search1-listing.html $rt_home/share/html # Fix permissions so it is readable /bin/chown apache:apache $rt_home/share/html/search1-listing.html # Delete the email in the mailbox to await the next subscription email /bin/rm ~rt-mail-search1/Maildir/new/* # Clear the mason cache as is required for the rt shared folder /bin/rm -rf $rt_home/var/mason_data/obj/* # Your subscription is now readable to all non-admin or external users with authentication privileges http://www.myserver.com/SelfService/search1-listing.html -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Any way to turn subscription email into a .html document?
I have created some RT Subscriptions, but I was wondering if there is an easy way to convert the subscription content into a HTML document? The emailed subscription appears as a very nicely formatted HTML/ajax email in my Zimbra mail system, but I would prefer it be posted as a HTML document that people could access. Could the email (with MIME-encapsulated attachment - I believe) output be piped to a file and turned into a HTML document? I am running RT 4.0.8 on CentOS 6.4 (final). -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Best way to configure non-technical Manager in RT 4 who needs to check RT (but not create) saved searches?
Hello, I am running RT 4.0.8 on CentOS 6. We would like non-technical managers to be able to see current search results/reports for our organization from RT. We want to avoid the Manager from using/seeing the RT at a Glance page (resulting in head explosions) but still be able to see query/search through, for example, URL links (in an email or on a website) running as http://my.company.com/Search/Results.html?Format= All our non-technical users are unprivileged and interact through the /SelfService interface. We would like to keep the Manager unprivileged and have them use only the /SelfService interface. However, it appears (?) that only privileged users can run searches on the system. So ideally, we would like this user to have both a default /Selfserve interface as well as the permission to execute searches. Basically, I am wondering how I could create a user, or group of users who have - SelfService access by default - But can run search URLs http://my.company.com/Search/Results.html?Format= ... In other words, forcing privileged users to have a SelfService home page, while still granting the privilege to run searches through hyperlinks or their browser URL Bar. Or is this better managed through Dashboards? I see older version of RT (v 3) that have extensions like AutoRedirectToSelfService BasicVsAdvancedInterface that seem to either force users to SelfServe or give them a choice but I'm not sure how well or if they will work on RT4. Of course one simple solution is to bookmark their browsers with http://my.company.com//SelfService; but something a little more fool-proof would be preferred. Thanks in advance. Regards, Duncan. -- RT Training November 4 5 Los Angeles http://bestpractical.com/training
[rt-users] Problem with attachment size limits
Hi, I'm running RT 4.0.8, Apache 2.2.24, on CentOS 6.4 (final) with Mysql 5.1.67-1 I cannot attach files larger in size than a couple of hundred kb to tickets. Yes ... I've changed made all the upload max size parameters that I'm aware of, restarted apache and restarted the server: php.ini: post_max_size = 8M upload_max_filesize = 4M conf.d/fcgid.conf: FcgidMaxRequestLen 400 RT_SiteConfig.pm: Set($MaxAttachmentSize, 10_000_000); Set($DropLongAttachments, 10_000_000); Problem persists. Anyone know what I'm missing here? -- RT Training - Boston, September 9-10 http://bestpractical.com/training
Re: [rt-users] Problem with attachment size limits
Hi, It was 1 Mb. I upped it to 4 Mb in my.cnf and everything is now good. Thanks a lot! Duncan. - Original Message - what's the mysql max_allowed_packet set to? Also RT doesn't use PHP, it's written in perl so any php setting would have no effect. -- Later, Darin On Thu, May 29, 2014 at 4:04 PM, Duncan Napier dgnap...@sfu.ca wrote: Hi, I'm running RT 4.0.8, Apache 2.2.24, on CentOS 6.4 (final) with Mysql 5.1.67-1 I cannot attach files larger in size than a couple of hundred kb to tickets. Yes ... I've changed made all the upload max size parameters that I'm aware of, restarted apache and restarted the server: php.ini: post_max_size = 8M upload_max_filesize = 4M conf.d/fcgid.conf: FcgidMaxRequestLen 400 RT_SiteConfig.pm: Set($MaxAttachmentSize, 10_000_000); Set($DropLongAttachments, 10_000_000); Problem persists. Anyone know what I'm missing here? -- RT Training - Boston, September 9-10 http://bestpractical.com/training -- RT Training - Boston, September 9-10 http://bestpractical.com/training
Re: [rt-users] Problem with attachment size limits
The only errors I found in the Apache log were the mod_fastcgi errors, as the default upload size for fastCGI is 128K. Once I upped that, the errors went away, but uploads were still for failing uploads 1 Mb. Unfortunately, the mySQL packet errors don't appear in the Apache error logs. Duncan. - Original Message - On 05/29/2014 04:42 PM, Duncan Napier wrote: It was 1 Mb. I upped it to 4 Mb in my.cnf and everything is now good. Thanks a lot! RT already explicitly warns during database setup, as well as during server startup, if the max_allowed_packet is 1M or less. Always read the warning messages, and check your Apache error logs! - Alex -- Submit IT support requests for MBB to http://at.sfu.ca/ohIkbR Regards, Duncan. --- Duncan Napier duncan_nap...@sfu.ca http://www.sfu.ca/~dgnapier/ IT Consultant Faculty of Science Simon Fraser University It takes ten years to become good at being a kid. Then another ten years to become good at not being a kid - Larry Wall. -- RT Training - Boston, September 9-10 http://bestpractical.com/training
[rt-users] Assets for RT versus RTx::AssetTracker
Hi, Can anyone summarize the advantages of the new Assets for RT versus those of RTx::AssetTracker? I have been using RT-AssetTracker version 2.0.0b4 on RT 4.0.8 and it seems adequate for most my needs. Can anyone suggest what benefits I would be able to leverage from switching to the new Assets for RT? Duncan. -- RT Training - Boston, September 9-10 http://bestpractical.com/training
[rt-users] Security/restrictions/revocation/removal of RSS and iCal feeds in RT and related issue of open access through Go to Ticket ... box in SelfService
Hello, Sorry if this is documented somewhere, but I haven't been able to locate it. I am running an RT 4.0.8 system with a few privileged Administrators and a few hundred unprivileged users who log into an RT SelfService interface to communicate (as well as by rt-mail) for support purposes. One of the Admins has requested access to the contents of a queue be given to a small group of unprivileged users. The most obvious way is to use a query to generate an RSS feed. So far so good. However, we may want to restrict access of the feed to a select few people in the organization. One way is to keep the feed URL confidential. This might work, but I was wondering is there is anything more robust than security-through-secrecy. Also I cannot find any way to manage the RSS feeds such as deleting or shutting it down when it has outlived its usefulness. Can anyone suggest where I can find this out. Another related topic is the Go to Ticket ... box where unprivileged users using the SelfServe interface can type in any ticket IDnumber and access the entire ticket. I can see how useful this is, but I'm wondering how to restrict access to this practice in the case where each tickets is to be considered confidential/privileged between each staff member and the support Administrators. So far, there is no issue of confidentiality in our organization, but it may come to the attention of management that naiive staff or even people who should know better and show lack of judgement by disclosing passwords, access codes or confidential information in their support requests that may be read or mined by others without privilege to this information. Again, we are not a super-secret organization, but I would not want to be in a situation where one unprivileged RT user has divulged confidential information to another unprivileged RT user who has been able to mine the RT SelfService page or a forgotten RSS feed for information. We have a policy right now that no confidential information or passwords/codes etc be included in tickets, but people are very fallible and any advice to target access a little better would be appreciated! Duncan.
Re: [rt-users] Restrictions and limitations on use of ReferrerWhitelist, RestrictReferrer, RestrictReferrer (cross-site request forgery warning message)
Hi .. . Date: Mon, 28 Oct 2013 12:20:42 -0400 From: Kevin Falcone falc...@bestpractical.com To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Restrictions and limitations on use of ReferrerWhitelist, RestrictReferrer, RestrictReferrer (cross-site request forgery warning message) Message-ID: 20131028162042.ga1...@jibsheet.com Content-Type: text/plain; charset=us-ascii On Sat, Oct 26, 2013 at 11:31:29PM -0700, Duncan Napier wrote: As for @ReferrerWhitelist, you'd have to show an actual error message to compare with the domains that you're whitelisting in order to know what's wrong. This is the preferred solution (white list the source of your ticket form submissions). -kevin OK ... thanks for clarification. I think my problem with the Whitelist is that I have whitespace in my $Organization name. The Apache error log shows [Fri Oct 25 20:03:48 2013] [error]: your $Organization setting (Another Company) appears to contain whitespace. Please fix this. (/usr/local/rt/sbin/../lib/RT/Config.pm:505) [Fri Oct 25 20:03:48 2013] [notice]: Possible CSRF: your browser did not supply a Referrer header (/usr/local/rt/sbin/../lib/RT/Interface/Web.pm:1458) Does Whitelist use $Organization as a reference/lookup? When I set RT up, using my domain didn't make much sense because MY domain is different from the organizational unit that I am supporting, so I put in the ACTUAL NAME of the the other organizational unit I support. I realize now that spaces in $Organization are not allowed in RT, but I have not had any problems up to now. I am prepared to change it if necessary and I have seen instructions on this list to do an $Organization search-and-replace in MySQL to preserve links. While this is an error, and will cause you problems in Linking and if you ever use Articles, it is unrelated to your CSRF problem. I actually meant the error message printed in the browser for the end user. Normally when linking from an external form, it will say 'invalid referred' for the host of the external form. However, if you're getting no Referrer, why is that? -kevin The error in the browser is RT has detected a possible cross-site request forgery for this request, because your browser did not supply a Referrer header. A malicious attacker may be trying to create a ticket on your behalf. If you did not initiate this request, then you should alert your security team. If you really intended to visit /Ticket/Create.html and create a ticket, then click here to resume your request. Clicking on the link here to resume your request sends the user to the ticket creation page. I have done some research and apparently referrer headers are turned on and off in the browser. There are options to enable/diable referer headers in various browsers, but that doesn't make much sense from an organizational standpoint to ask hundreds of users to configure their browser settings. So I have no idea how whitelisting gets around this issue. Anyway, I have figured out how to do what I need (namely to allow non-privileged users to create a SelfService ticket) with Set($RestrictReferrer, '0') and simply changing the direct link I was using http://server-alias1.example.com/Ticket/Create.html?Queue=12Subject=Computer%20Setup%20Request... to http://support1.mbb.sfu.ca/SelfService/Create.html?Queue=12Subject=Computer%20Setup%20Request... Thanks for all you help! Duncan.
Re: [rt-users] rt-users Digest, Vol 115, Issue 35
Date: Tue, 22 Oct 2013 13:08:05 -0400 From: Kevin Falcone falc...@bestpractical.com To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Restrictions and limitations on use of ReferrerWhitelist, RestrictReferrer, RestrictReferrer (cross-site request forgery warning message) Message-ID: 20131022170805.gy37...@jibsheet.com Content-Type: text/plain; charset=us-ascii On Mon, Oct 21, 2013 at 03:30:08PM -0700, Duncan Napier wrote: ReferrerWhitelist [(Set(@ReferrerWhitelist, qw(*.example.com:443 *.example.com:80));] and Set RestrictLoginReferrer=0 do not seem to work at all and all users, priviliged and unpriviliged and all users get the cross-site request forgery message. As for @ReferrerWhitelist, you'd have to show an actual error message to compare with the domains that you're whitelisting in order to know what's wrong. This is the preferred solution (white list the source of your ticket form submissions). -kevin OK ... thanks for clarification. I think my problem with the Whitelist is that I have whitespace in my $Organization name. The Apache error log shows [Fri Oct 25 20:03:48 2013] [error]: your $Organization setting (Another Company) appears to contain whitespace. Please fix this. (/usr/local/rt/sbin/../lib/RT/Config.pm:505) [Fri Oct 25 20:03:48 2013] [notice]: Possible CSRF: your browser did not supply a Referrer header (/usr/local/rt/sbin/../lib/RT/Interface/Web.pm:1458) Does Whitelist use $Organization as a reference/lookup? When I set RT up, using my domain didn't make much sense because MY domain is different from the organizational unit that I am supporting, so I put in the ACTUAL NAME of the the other organizational unit I support. I realize now that spaces in $Organization are not allowed in RT, but I have not had any problems up to now. I am prepared to change it if necessary and I have seen instructions on this list to do an $Organization search-and-replace in MySQL to preserve links.
Re: [rt-users] How to customize/redirect default Logout
Yes ... it was fine once I cleared the Mason cache. Thanks. And as someone else pointed out, a callback inside of Logout.html could be used to redirect, instead of rewriting the Logout.html file. Duncan. Date: Fri, 12 Jul 2013 15:04:43 +1000 From: Chris O'Kelly chris.oke...@minecorp.com.au To: rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com Subject: Re: [rt-users] How to customize/redirect default Logout Page? Message-ID: B89A54C7F08E894CBA881F53986A8AAE502C8AC5C4@DCSERVER.minecorp.local Content-Type: text/plain; charset=utf-8 I haven't touched CAS before, so I am grasping at straws here, but lets start by making the assumption that you edited ./share/html/NoAuth/Logout.html (I think best practises would dictate that you edit a local copy in local/html/NoAuth/Logout.html, but I do not believe it is a necessity). I would be really surprised if you were not seeing any changes after modifying that file, but I have been got by all of these before, and they seem possible: -Have you cleared your mason cache? (you'll need to rm -rf /your_rt_directory/var/mason_data/obj/*) -Have you restarted your web server? (if it's apache, sudo service apache2 restart) -Have you cleared your browser cache? These are the first places I'd look if applied changes are not being reflected. Regards Regards Chris O'Kelly
Re: [rt-users] RT4 installation on Centos 6.4
Hi Pedro, I (mostly) followed the instructions here and it tells you yum install a whole whack of packages http://net.cmed.us/Home/unixlinux/centos-systems/rt and I was able to successfully build using it as a guide. Duncan. - Original Message - -- Message: 8 Date: Fri, 12 Jul 2013 16:11:48 +0100 From: Pedro Albuquerque pedro...@ebi.ac.uk To: rt-users@lists.bestpractical.com rt-users@lists.bestpractical.com Subject: [rt-users] RT4 installation on Centos 6.4 Message-ID: 51e01cb4.5030...@ebi.ac.uk Content-Type: text/plain; charset=iso-8859-1; Format=flowed Hi, Which redhat packages are needed to run sucessfully make fixdeps? Thanks, Pedro. -- next part -- An HTML attachment was scrubbed... URL: http://lists.bestpractical.com/pipermail/rt-users/attachments/20130712/f39b8872/attachment-0001.html --
[rt-users] How to customize/redirect default Logout Page?
Hi, I Run RT 4.0.8 using CAS Authentication and when an authenticated user selects the Logout item on the Settings/Logout menu, the web server forwards briefly to the share/html/NoAuth/Logout.html and then re-logs CAS Authenticated users back in. I would like to Logout.html to forward to a URL on the CAS server that causes the browser to clear the CAS login tokens/cookies, and effectively log out authenticated CAS users. I tried editing Logout.html to redirect to the CAS logout page, but changing the contents of Logout.html has no effect on the Logout page as Logout.html seems to be defined somewhere else. Is there a .po file or something for replacing the RT default with a custom or forwarded logout page? Regards, Duncan.
Re: [rt-users] How to modify/get rid of Custom Field Label
Thanks! Custom en.po did the trick! Duncan. - Date: Thu, 27 Jun 2013 16:03:27 -0400 From: Kevin Falcone falc...@bestpractical.com To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] How to modify/get rid of Custom Field Label Input must match [Mandatory] Message-ID: 20130627200327.gs71...@jibsheet.com Content-Type: text/plain; charset=us-ascii On Thu, Jun 27, 2013 at 07:00:38AM -0700, Duncan Napier wrote: The label is cryptic and confusing to my end-users. I don't really need any regular expressions (other than the standard checks for escape or overflow inputs) as users input their supervisor/dept in one mandatory custom field and their location in a second. I've looked around at suggestions this maillist and at the code in rt/local/lib/RT/CustomField.pm I don't want to change any functionality within the module - it seems to be a whole lot of questionable modification to change a trivial label. Any suggestions? To hide it, use the css class on that div. To change it, make a custom en.po with something like msgid Input must match %1 msgstr Enter something -kevin -- Regards, Duncan. --- Duncan Napier duncan_nap...@sfu.ca http://www.sfu.ca/~dgnapier/ IT Instrumentation Consultant Dept of Molecular Biology and Biochemistry Simon Fraser University It takes ten years to become good at being a kid. Then another ten years to become good at not being a kid - Larry Wall.
[rt-users] Change ordering of queues (alphabetical order by default) in SelfService Create a ticket
Hi, We use self-service and allow users to create new tickets on our RT Website. When they go to create a new ticket, they are shown a list of queues available to them and click on the queue of their choice. The queues are listed in alphabetical order. Is there a way to put one queue - the one that is the most probable/popular - at the the top of the list, and out of the alphabetical order? -- Regards, Duncan.
Re: [rt-users] Unprivileged/Self-Serve users unable to view Custom Fields
- Original Message - Hi, I want everyone so see custom fields, including Self-Serve requesters. I'm running RT 4.0.8 on CentOS 6.2/Apache2.2.24/Postfix-2.2.6. I have everything set up and have implelented some custom fields through the Custom Fields menu. Administrators can see custom fields fine. But unpriviliged users (externally authenticated users in CAS created at their first login cannot. I have Globalm Everyone and Unpriviliged General Rights - SeeCustomField , Custom Fields-Everyone/Unprivileged still no luck. Strangely enough only one user who used to be priviliged/administrator but now is unpriviliged can see custom fields. -- OK ... fixed this one. In or Problem resolved by setting Tools-Global-Group Rights -Add, for Unpriviliged Users, Rights for Staff tab check modify and delete custom field values for objects (ModifyCustomField)
[rt-users] How to modify/get rid of Custom Field Label Input must match [Mandatory]
Hi, I'm running 4.0.8. Is there a way to customize the label so it can say something simple and unambiguous like Required Field ? The label is cryptic and confusing to my end-users. I don't really need any regular expressions (other than the standard checks for escape or overflow inputs) as users input their supervisor/dept in one mandatory custom field and their location in a second. I've looked around at suggestions this maillist and at the code in rt/local/lib/RT/CustomField.pm I don't want to change any functionality within the module - it seems to be a whole lot of questionable modification to change a trivial label. Any suggestions? -- Regards, Duncan.
[rt-users] Unprivileged/Self-Serve users unable to view Custom Fields
Hi, I want everyone so see custom fields, including Self-Serve requesters. I'm running RT 4.0.8 on CentOS 6.2/Apache2.2.24/Postfix-2.2.6. I have everything set up and have implelented some custom fields through the Custom Fields menu. Administrators can see custom fields fine. But unpriviliged users (externally authenticated users in CAS created at their first login cannot. I have Globalm Everyone and Unpriviliged General Rights - SeeCustomField , Custom Fields-Everyone/Unprivileged still no luck. Strangely enough only one user who used to be priviliged/administrator but now is unpriviliged can see custom fields. -- Regards, Duncan. --- Duncan Napier duncan_nap...@sfu.ca http://www.sfu.ca/~dgnapier/ IT Instrumentation Consultant Dept of Molecular Biology and Biochemistry Simon Fraser University It takes ten years to become good at being a kid. Then another ten years to become good at not being a kid - Larry Wall.
Re: [rt-users] RT 4.0.8 - rt-mailgate hangs on authenticated RT server
- Original Message - Message: 6 Date: Mon, 17 Jun 2013 15:21:19 -0700 From: Thomas Sibley t...@bestpractical.com To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] RT 4.0.8 - rt-mailgate hangs on authenticated RT server Message-ID: 51bf8bdf@bestpractical.com Content-Type: text/plain; charset=UTF-8 On 06/17/2013 03:06 PM, Duncan Napier wrote: I understand that to get around this, you open up areas of the server to the the localhost (127.0.0.1) so no authentication is required. I have tried a bunch of fixes, but none seem to work. They seem require NoAuth areas of the rt directory have authentication disabled using Apache Location or Directory directives, as in: # # Begin Code Fragment # LocationMatch /share/html/NoAuth Satisfy Any Allow from all /LocationMatch LocationMatch /share/html/REST/1.0/NoAuth Satisfy Any Allow from all /LocationMatch Your Apache configuration directives are wrong. Location/LocationMatch take a URL location, not a directory path (that's what Directory/DirectoryMatch are for). You also aren't using the matching power of LocationMatch, and don't need it, so you want something like: Location /REST/1.0/NoAuth/mail-gateway Satisfy any Allow from 127.0.0.1 /Location You don't need to allow /NoAuth for mailgate. Hi Thomas, Thanks very much. I did succeed in making it work, but still using LocatioMatch directive. I changed # # Begin Code Fragment # LocationMatch /share/html/NoAuth Satisfy Any Allow from all /LocationMatch LocationMatch /share/html/REST/1.0/NoAuth Satisfy Any Allow from all /LocationMatch by changing the above fragment (and putting in required quotes that were missing! Doh!) to LocationMatch /NoAuth Satisfy Any Allow from all /LocationMatch LocationMatch /REST Satisfy Any Allow from all /LocationMatch It works fine now and I'm not going to mess with it (the cardinal rule of RT - don't mess with what works!!!), unless you have some additional comments or advice about it. Regards, Duncan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] RT 4.0.8 - rt-mailgate hangs on authenticated RT server
Hello, I know this has been raised before and a few solutions have been given, but it seems that all of them are different and none of them seem to work on my system. I am running CAS-authenticed RT 4.0.8 on an CentOS 6.2/Apache2.2.24/Postfix-2.2.6 and everything seems to run fine. I now want to implement rt-mailgate. The mailer etc all works fine, but when I send emails to the aliases for correspond/comment, the maillog shows (temporary failure. Command output: An Error Occurred xxx 302 Found ) Running /usr/local/rt/bin/rt-mailgate --queue general --action correspond --url http://www.mysite.com --debug just hangs indefinitely with no debug message. So it appears that the MTA hangs because the system is awaiting CAS authentication. I understand that to get around this, you open up areas of the server to the the localhost (127.0.0.1) so no authentication is required. I have tried a bunch of fixes, but none seem to work. They seem require NoAuth areas of the rt directory have authentication disabled using Apache Location or Directory directives, as in: # # Begin Code Fragment # LocationMatch /share/html/NoAuth Satisfy Any Allow from all /LocationMatch LocationMatch /share/html/REST/1.0/NoAuth Satisfy Any Allow from all /LocationMatch # # End Code Fragment # My rt.conf folder looks like this # # Begin rt.conf # AddDefaultCharset UTF-8 Alias /rt/NoAuth/images /usr/local/rt/share/html/NoAuth/images/ ScriptAlias / /usr/local/rt/sbin/rt-server.fcgi/ DocumentRoot /usr/local/rt/share/html Directory /usr/local/rt Options FollowSymLinks AllowOverride AuthConfig AuthType CAS /Directory Location /rt Order allow,deny Allow from all Options +ExecCGI AddHandler fcgid-script fcgi /Location LocationMatch /share/html/NoAuth Satisfy Any Allow from all /LocationMatch LocationMatch /share/html/REST/1.0/NoAuth Satisfy Any Allow from all /LocationMatch # # End rt.conf # Any suggestions? -- Regards, Duncan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
[rt-users] Auto creating user email addresses from CAS authenticated RT SelfService
Hello, I am currently migrating from RT 3.4.5-2 (2006) on Fedora Core 4 to RT 4.0.8 on Centos 6.2. The reasons are many, including aging platform, move to virtualization etc. The new RT, like the old one, does external authentication through CAS (Central Authentication Service). Basically users always initiate a support request through the RT SelfServe website by authenticating with single sign-on credentails (username, password). The system generates a new user the first time the user logs in populates the Identity Username and Unix login Username from their login credentials. On the old system, loggin in for the first time also autogenerates an email by concatenating the Identity with the email domain suffix (@mydomain.com). So for example, person with ID newuser, logs in for the first time, and their Email field is populated with newu...@mydomain.com, and nothing needs to be done from my end. For some reason, it does not do this on the new system. I seem to recall some 7 years ago adding a hack to set this autocreation of the email field using the username. I have searched but can't find anything and searched through the code to see where/how it was implemented, but I am at a loss. Does anyone know how this is done in RT 4.x? Other than putting it in manually, I haven't been able to figure out how to do this. Thanks in advance. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Auto creating user email addresses from CAS authenticated RT SelfService
OK ... I solved the problem. After some looking around and re-examining my old code, I found for RT 4.0.8, go to /lib in your rt directory (eg /var/rt or /usr/local/rt) so for me I edited in /usr/local/rt/lib/RT/Interface/Web.pm find ### Start Code Fragment sub WebExternalAutoInfo { my $user = shift; my %user_info; # default to making Privileged users, even if they specify # some other default Attributes if ( !$RT::AutoCreate || ( ref($RT::AutoCreate) not exists $RT::AutoCreate-{Privileged} ) ) { $user_info{'Privileged'} = 1; } ## End Code Fragment and add the line $user_info{'EmailAddress'} = $user\@mycompany.com; ### Start Code Fragment sub WebExternalAutoInfo { my $user = shift; my %user_info; $user_info{'EmailAddress'} = $user\@mycompany.com; # default to making Privileged users, even if they specify # some other default Attributes if ( !$RT::AutoCreate || ( ref($RT::AutoCreate) not exists $RT::AutoCreate-{Privileged} ) ) { $user_info{'Privileged'} = 1; } ## End Code Fragment You may (?) also have to add $user_info{'Privileged'} = 0; along with $user_info{'EmailAddress'} = $user\@mycompany.com; if you want your newly-created user to be Unpriviliged, which is standard for RT SelfServe. I'm not sure what happens when you ask to autocreate priviliged (internal) users ... I believe in the case of RT_SiteConfig.pm to enable external authentication (like CAS or LDAP): Set($WebExternalAuth , '1'); Set($WebFallbackToInternalAuth , '1'); Set($WebExternalGecos , undef); Set($WebExternalAuto , '1'); And now for each new user, the field 'EmailAddress'is populated with $u...@mycompany.com Have fun with it, people! Duncan. - Original Message - Hello, I am currently migrating from RT 3.4.5-2 (2006) on Fedora Core 4 to RT 4.0.8 on Centos 6.2. The reasons are many, including aging platform, move to virtualization etc. The new RT, like the old one, does external authentication through CAS (Central Authentication Service). Basically users always initiate a support request through the RT SelfServe website by authenticating with single sign-on credentails (username, password). The system generates a new user the first time the user logs in populates the Identity Username and Unix login Username from their login credentials. On the old system, loggin in for the first time also autogenerates an email by concatenating the Identity with the email domain suffix (@mydomain.com). So for example, person with ID newuser, logs in for the first time, and their Email field is populated with newu...@mydomain.com, and nothing needs to be done from my end. For some reason, it does not do this on the new system. I seem to recall some 7 years ago adding a hack to set this autocreation of the email field using the username. I have searched but can't find anything and searched through the code to see where/how it was implemented, but I am at a loss. Does anyone know how this is done in RT 4.x? Other than putting it in manually, I haven't been able to figure out how to do this. Thanks in advance. -- Regards, Duncan. --- Duncan Napier duncan_nap...@sfu.ca http://www.sfu.ca/~dgnapier/ IT Instrumentation Consultant Dept of Molecular Biology and Biochemistry Simon Fraser University It takes ten years to become good at being a kid. Then another ten years to become good at not being a kid - Larry Wall. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training