Re: [rt-users] Issues with RTExternalAuth
Plugin( "RT::Extension::LDAPImport" ); # Uncomment for debug #Set($LogToSyslog, 'debug'); Set( $DatabaseRequireSSL, '' ); Set( $DatabaseType, 'mysql' ); Set( $WebDomain, 'rt.domain_name.com' ); Set( $WebPort, '80' ); Set( $rtname, 'DOMAIN_NAME' ); # or whatever you plan to name the site ## Email Set( $CommentAddress, 'rt-comments@domain_name.com' ); Set( $CorrespondAddress, 'rt-correspondance@domain_name.com' ); ## DB config Set( $DatabaseHost, 'localhost' ); Set( $DatabaseName, 'rt4' ); Set( $DatabasePassword, 'password' ); Set( $DatabasePort, '' ); Set( $DatabaseUser, 'db_user_name' ); Set( $Organization, '' ); Set( $OwnerEmail, 'email_address@domain_name.com' ); Set( $SendmailPath, '/usr/sbin/sendmail' ); # My server is running on port 443, leaving the port 80 lines as reference #Set(@ReferrerWhitelist, qw(rt:80 rt.domain_name.com:80)); Set(@ReferrerWhitelist, qw(rt.domain_name.com:443)); ## LDAP Configurations # LDAP Authentication Set( @Plugins, qw(RT::Authen::ExternalAuth RT::Extension::LDAPImport)); ## LDAP USER IMPORT Set($LDAPCreatePrivileged, 1); Set($LDAPUpdateUsers, 1); Set($LDAPHost,'domain_name.com'); Set($LDAPUser,'domain_name\ldapreader'); Set($LDAPPassword,'your_ldapreader_password_here'); #my base OU for users, yours will probably differ Set($LDAPBase,'ou=users,ou=services,dc=domain_name,dc=com'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name => 'sAMAccountName', EmailAddress => 'mail', Organization => 'department', RealName => 'cn', NickName => 'givenName', ExternalAuthId => 'sAMAccountName', Gecos => 'sAMAccountName', WorkPhone => 'telephoneNumber', MobilePhone => 'mobile', Address1 => 'streetAddress', City => 'l', State => 'st', Zip => 'postalCode', Country => 'co' }); ## LDAP GROUP IMPORT AND MAPPINGS Set($LDAPGroupMapping, {Name => 'cn', Member_Attr => 'member', Member_Attr_Value => 'dn'}); #OU/basedn location of groups Set($LDAPGroupBase, 'ou=groups,dc=domain_name,dc=com'); # LDAP GROUP FILTERING, Below are 2 examples #Set($LDAPGroupFilter, 'cn=Information Technology'); # 2 group import example Set($LDAPGroupFilter, '(|(cn=Information Technology)(cn=Facilities))'); ## LDAP Authentication Set($ExternalAuthPriority, [ 'My_LDAP', ] ); Set($ExternalInfoPriority, [ 'My_LDAP', ] ); Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldap://domain_name.com', 'user' => 'domain_name\ldapreader', 'pass' => 'ldapreader_password', 'base' => 'ou=users,ou=services,dc=domain_name,dc=com', 'filter' => '(objectClass=person)', 'tls' => 0, 'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName', ], 'attr_map' => { 'Name' => 'sAMAccountName', 'EmailAddress' => 'mail', 'Organization' => 'department', 'RealName' => 'cn', 'NickName' => 'givenName', 'ExternalAuthId'=> 'sAMAccountName', 'Gecos' => 'sAMAccountName', 'WorkPhone' => 'telephoneNumber', 'MobilePhone' => 'mobile', 'Address1' => 'streetAddress', 'City' => 'l', 'State' => 'st', 'Zip' => 'postalCode', 'Country' => 'co' }, }, } ); 1; 1; On Tue, Jul 5, 2016 at 2:11 AM, Davis Johnywrote: > try Enable the ExternalAuth adding below > > > > Set($ExternalAuth, 1); > > > Regards, > > Davis > -- > *From:* rt-users on behalf of > Albert Shih > *Sent:* Thursday, June 30, 2016 6:00:26 PM > *To:* rt-users@lists.bestpractical.com > *Subject:* [rt-users] Issues with RTExternalAuth > > Hi every one. > > I try to run a RT 4.4.0. > > The > > RT::Authen::ExternalAuth > > don't seem to work correctly. > > I already check on this mailing list, and try the patch I seem. Nothing > seem to work correctly. > > Here my RT_SiteConfig.pm > > Set($WebExternalAuth, 1 ); > Set($ExternalAuthPriority, ['PLM']); > Set($ExternalInfoPriority, ['PLM']); > Set($ExternalServiceUsesSSLorTLS,'0'); > Set($AutoCreateNonExternalUsers, '1'); > Set($ExternalSettings, { 'PLM' => { 'type' => 'ldap', > 'server' => '*', > 'user' => 'uid=nss,o=*', > 'pass' => '*', > 'base' => '*', > 'filter' => '(objectClass=person)', > 'd_filter' => '', > 'tls' => '0', > 'ssl_version' => '3', > 'net_ldap_args' => [ 'version => 3', ], > 'attr_match_list' => [ 'Name', 'EmailAddress', ], > 'attr_map' =>{ 'Name' => 'mail', 'EmailAddress' => 'mail', > 'Organization' => 'ou', 'RealName' => 'displayName', 'WorkPhone' => > 'telephoneNumber', 'City' => 'l', }, > }}); > > in that case I can authenticate in local without problem. But not against > my LDAP server. > > If I add a > > Set($ExternalAuth, 1 ); > > I can't authenticate at all (either local or LDAP) and I get something > like : > > > Jun 30 14:22:37 rt RT: [5913] Expected 'PeerHost' at > /usr/local/lib/perl5/site_perl/Net/LDAP.pm line 164. Stack: > [/usr/local/lib/perl5/site_perl/Carp.pm:167] > [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:485] >
Re: [rt-users] Fetchmail
If your queue contains spaces in it, you may consider using single quotes: poll oa-internal.domain.com protocol imap username "rt-correspondance" password "my_password" mda "/opt/rt4/bin/rt-mailgate --queue 'IT General' --action correspond --url http://rt.domain.com/; no keep On Tue, Jul 5, 2016 at 11:22 AM, Dunbar, Brianwrote: > Hello RT_Users, > > > > I have exim4 working to send mails from RT and I am trying to use > fetchmail to poll exchange and collect the messages. > > Fetchmail returns Fetchmail MDA returned nonzero status 2 in the syslog. > I also get POP3 Protocol error 19 > > I look at the exchange account and I can see that fetchmail is reading the > messages. > > > > I have also tried with imap and get error writing to mda broken pipe > > > > > > Here is the fetchmail config > > > > set daemon 30: > > set invisible > > set no bouncemail > > set syslog > > > > poll mail.server.ca protocol pop3 > > auth password > > username "...@server.ca" password "" > > mda "/opt/rt4/bin/rt-mailgate --queue xxx --action correspond --url > http://xxx/; > > no keep > > #sslfingerprint "xxx" > > > > Syslog > > reading message xx...@server.ca@mail.server.ca:9 of 10 (3310 octets) (log > message incomplete) > > not flushed > > > > > > > > - > RT 4.4 and RTIR Training Sessions https://bestpractical.com/training > * Los Angeles - September, 2016 > > - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Los Angeles - September, 2016
Re: [rt-users] LDAP External Auth intermittent failure
Good Afternoon... T S. I apologize for not reading the back and forth you have already had here with Lush, in advance. However, I did a post a while back regarding getting LDAP authentication to work and there may be a couple of items here that could help. My configuration is posted here as well: http://trevthorpe.blogspot.com/ Hope you find this helpful, figured it couldn't hurt. Thanks, Trev On Thu, May 5, 2016 at 12:05 PM, Lush, Aaron <al...@scentral.k12.in.us> wrote: > The only thing that jumps out to me is that under "External Settings" you > are domain\service name, whereas in Set$( LDAPUser) you are using the > DistinguishedName. I had similar issues in my RT 4.4 deployment until I > made both of those settings follow the DistinguishedName. > > Sincerely, > > Aaron Lush > Network Administrator > South Central Community School Corporation > (219) 767-2266 ext. > > On Thu, May 5, 2016 at 10:05 AM, t s <zzz...@hotmail.com> wrote: > >> Here you go: >> >> By the way, I just changed the line below from >> 'server'=> 'LDAPSERVER:389' to 'server' >> => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if >> that has any effect on the error not coming back up or not. >> >> >> >> Set($WebPath , ""); >> Set($WebBaseURL, "http://rt.servername.companyname.com;); >> >> Set($RestrictReferrer, '0'); >> >> Set($DatabaseAdmin, 'root'); >> >> Set($LogoURL, 'https://bestpractical.com/images/logo.png'); >> Set($WebDefaultStylesheet, 'rudder'); >> >> Set($LogToFile, 'error'); >> >> Set($SetOutgoingMailFrom, "rt_trac...@companyname.com"); >> Set($SMTPFrom, "mail-out.smtp.companyname.com"); >> Set($ParseNewMessageForTicketCcs, 1); >> Set($HomePageRefreshInterval, 120); >> Set($NotifyActor,1) >> >> Set($SendmailArguments, "-t"); >> Set($MailCommand, "sendmail"); >> Plugin( "RT::Authen::ExternalAuth" ); >> Plugin('RT::Extension::LDAPImport'); >> >> >> Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389'); >> Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC= >> companyname,DC=net'); >> Set($LDAPPassword,'password'); >> Set($LDAPBase, >> 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net'); >> Set($LDAPFilter, '(&(objectClass=person))'); >> Set($LDAPMapping, {Name => 'sAMAccountName', # required >>EmailAddress => 'mail', >>RealName => 'cn', >>WorkPhone=> 'telephoneNumber', >>Organization => 'departmentName'}); >> Set($LDAPSizeLimit, 1000); >> >> >> Set($ExternalAuthPriority, ['companynameLDAP']); >> Set($ExternalInfoPriority, ['companynameLDAP']); >> Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } ); >> Set($AutoCreateNonExternalUsers, 1); >> >> >> >> Set($ExternalSettings, { >> >> 'companynameLDAP' => { >> 'type' => 'ldap', >> 'server'=> 'LDAPSERVER:389', >> 'user' => 'companyname >> \\svc.servicename', >> 'pass' => 'password', >> 'base' => >> 'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net', >> 'filter'=> '(objectClass=person)', >> 'd_filter' => '(objectClass=asdf)', >> 'net_ldap_args' => [version => 3 ], >> 'attr_match_list' => [ >> 'Name', >> 'EmailAddress', >> ], >> 'attr_map' => { >> 'Name' => 'sAMAccountName', >> 'EmailAddress' => 'mail', >> 'Organization' => 'physicalDeliveryOfficeName', >> 'RealName' => 'cn', >> 'ExternalAuthId' => 'sAMAccountName', >> 'Gecos' => 'sAMAccountName', >> 'WorkPhone' => 'telephoneNumber', >> 'Address1' => 'streetAddress', >> 'City' => 'l', >> 'State' => 'st', >> 'Zip' => 'postalCode', >> 'Country' => >> 'co' >> }, >> }, >> } ); >> >> >> >> Set
[rt-users] Ticket Increment after Reboot/Restart
Good Morning, RT 4.2.12 on Debian/MySQL I have an odd situation where my ticket numbers seem to jump significantly after a restart of services or a reboot of the server. For example: 40060 40059 40058 40057 40056 32988 29893 25564 24217 24216 24215 24214 24213 20555 20554 20553 20552 And again previously: 19746 19727 19725 19717 19706 19684 18421 16252 13050 12989 12934 12886 12885 12878 12877 11916 11363 11154 10669 9868 9867 Thoughts appreciated, Thanks, Trev
Re: [rt-users] Using 2 mail address for all ques
Oh, so.. You do need to setup a mailbox for rt-comment and rt-correspondance as they are, in fact, email accounts needing a mailbox for fetchmail to poll. Just to be clear. Worth noting -- although I do specify the Queue as 'IT General' -- RT overrides this and adds the Reply or Correspondance to the correct ticket, no matter the queue. I could probably clean this up as it is leftover from my initial build and testing, but it works fine so I have left it. Fetchmailrc on my end accounts: root@jamie:~# cat /etc/fetchmailrc set daemon 60 set invisible set no bouncemail set syslog set logfile /var/log/fetchmail.log poll oa-internal.domain.com protocol imap username "rt-correspondance" password "password" mda "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue 'IT General' --action correspond --url http://jamie.domain.com/; no keep poll oa-internal.domain.com protocol imap username "rt-comment" password "password" mda "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue 'IT General' --action correspond --url http://jamie.domain.com/; no keep #other mailboxes below here, specifically for enabling email to support (and other departments) to open tickets. On Tue, Dec 29, 2015 at 1:30 PM, Trev <tre...@onepost.net> wrote: > Yes, > > RT parses the ticket id in the subject line to then apply the comments > or correspondence based on the correct ticket id number (located in the > subject line). > > I am using fetchmail as well... without problems at this point... > running on debian. > > As I add queues, I am sure to keep the default Reply Address and Comment > Address address fields blank and RT will use the defaults. > > Currently have about 40 queues, some are using email accounts to create > tickets with, some are not, but every queue uses the default Reply Address > and Comment Address. > > Rt 4.10.12 on Debian. > >I hope this helps. > > Trev > > On Tue, Dec 29, 2015 at 3:03 AM, Asanka Gunasekera < > asanka_gunasek...@yahoo.co.uk> wrote: > >> Hi Trevor, thank you for the reply, that is great! but as per >> >> http://kb.mit.edu/confluence/pages/viewpage.action?pageId=151106427 >> >> RT users the mail address in a particular way to sort the correspondence >> and comments, does this works in your case? >> >> I am using fetchmail to retrieve mail, do I need to change the mail >> client? Can you direct me to an document to get this going? >> >> I am sorry if this sounds out of the way, what are the precautions that I >> need to change the current set-up? >> >> Thanks and Best Regards >> >> >> On Mon, 28/12/15, Trev <tre...@onepost.net> wrote: >> >> Subject: Re: [rt-users] Using 2 mail address for all ques >> To: "Asanka Gunasekera" <asanka_gunasek...@yahoo.co.uk> >> Cc: "RT-List" <rt-users@lists.bestpractical.com> >> Date: Monday, 28 December, 2015, 19:31 >> >> You can >> use a shared rt-correspondance@ and rt-comment@ address. RT >> will use the ticket # when reading to modify the ticket >> accordingly. >> I have about 30 >> or so queues, and I use common rt-correspondance@ and >> rt-comments@ as you are asking about, without >> issue. >> Trev >> On Mon, Dec 28, 2015 at >> 6:42 AM, Asanka Gunasekera <asanka_gunasek...@yahoo.co.uk> >> wrote: >> Hi just >> wondering whether it is possible to use just 2 email >> addresses for all the queues. Once for correspondence and >> another for comment. In my RT implementation I have about 25 >> queus and each queue needs minimum of 1 dedicated mail >> account. If above is possible please let me know guide hot >> to achieve this! >> >> >> >> Thanks and Regards >> >> >> >
Re: [rt-users] Using 2 mail address for all ques
Yes, RT parses the ticket id in the subject line to then apply the comments or correspondence based on the correct ticket id number (located in the subject line). I am using fetchmail as well... without problems at this point... running on debian. As I add queues, I am sure to keep the default Reply Address and Comment Address address fields blank and RT will use the defaults. Currently have about 40 queues, some are using email accounts to create tickets with, some are not, but every queue uses the default Reply Address and Comment Address. Rt 4.10.12 on Debian. I hope this helps. Trev On Tue, Dec 29, 2015 at 3:03 AM, Asanka Gunasekera < asanka_gunasek...@yahoo.co.uk> wrote: > Hi Trevor, thank you for the reply, that is great! but as per > > http://kb.mit.edu/confluence/pages/viewpage.action?pageId=151106427 > > RT users the mail address in a particular way to sort the correspondence > and comments, does this works in your case? > > I am using fetchmail to retrieve mail, do I need to change the mail > client? Can you direct me to an document to get this going? > > I am sorry if this sounds out of the way, what are the precautions that I > need to change the current set-up? > > Thanks and Best Regards > > ---- > On Mon, 28/12/15, Trev <tre...@onepost.net> wrote: > > Subject: Re: [rt-users] Using 2 mail address for all ques > To: "Asanka Gunasekera" <asanka_gunasek...@yahoo.co.uk> > Cc: "RT-List" <rt-users@lists.bestpractical.com> > Date: Monday, 28 December, 2015, 19:31 > > You can > use a shared rt-correspondance@ and rt-comment@ address. RT > will use the ticket # when reading to modify the ticket > accordingly. > I have about 30 > or so queues, and I use common rt-correspondance@ and > rt-comments@ as you are asking about, without > issue. > Trev > On Mon, Dec 28, 2015 at > 6:42 AM, Asanka Gunasekera <asanka_gunasek...@yahoo.co.uk> > wrote: > Hi just > wondering whether it is possible to use just 2 email > addresses for all the queues. Once for correspondence and > another for comment. In my RT implementation I have about 25 > queus and each queue needs minimum of 1 dedicated mail > account. If above is possible please let me know guide hot > to achieve this! > > > > Thanks and Regards > > >
Re: [rt-users] Using 2 mail address for all ques
You can use a shared rt-correspondance@ and rt-comment@ address. RT will use the ticket # when reading to modify the ticket accordingly. I have about 30 or so queues, and I use common rt-correspondance@ and rt-comments@ as you are asking about, without issue. Trev On Mon, Dec 28, 2015 at 6:42 AM, Asanka Gunasekera < asanka_gunasek...@yahoo.co.uk> wrote: > Hi just wondering whether it is possible to use just 2 email addresses for > all the queues. Once for correspondence and another for comment. In my RT > implementation I have about 25 queus and each queue needs minimum of 1 > dedicated mail account. If above is possible please let me know guide hot > to achieve this! > > Thanks and Regards >
Re: [rt-users] Regarding incoming mails.
Are you using fetchmail ? Error logs ? On Tue, Sep 29, 2015 at 12:58 PM, bharath reddywrote: > Dear All, > > I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not able > to receive mails to the server but when I'm updating tickets from Web then > users are receiving the update mails. Basically my machine is not able to > receive mails but able to send mails. Any help or pointers to this issue > will be appreciated. > > Thanks, > Bharath. >
Re: [rt-users] Regarding incoming mails.
Just to be clear here: *Broken*: Fetchmail from your RT server, pulling email from an account on your email server (exchange or whatever) *Working*: Sendmail from your RT server, pushing notifications from the RT server to your email recipients The error you post, looks like sendmail errors... not fetchmail... /var/log/fetchmail.log Also, the fetchmail configuration file could be useful. (please replace passwords and other identifiers in your copy paste) Thanks, Trev On Tue, Sep 29, 2015 at 1:10 PM, bharath reddy <vangoor.bhar...@gmail.com> wrote: > Hi Trev, > > I can see following error in my logs : > > Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: ruleset=check_rcpt, > arg1=<de...@cs.stonybrook.edu>, relay=mail-wi0-f179.google.com > [209.85.212.179], reject=550 5.7.1 <de...@cs.stonybrook.edu>... Relaying > denied > Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: from=< > bvang...@cs.stonybrook.edu>, size=2400, class=0, nrcpts=0, proto=ESMTP, > daemon=MTA, relay=mail-wi0-f179.google.com [209.85.212.179] > > and also this : > > Sep 29 12:33:05 devrt sm-mta[11503]: t8TGX4n2011503: > devrt.cs.stonybrook.edu [130.245.27.22] did not issue MAIL/EXPN/VRFY/ETRN > during connection to MTA > Sep 29 12:33:25 devrt sm-mta[11504]: t8TGXOHh011504: > devrt.cs.stonybrook.edu [130.245.27.22] did not issue MAIL/EXPN/VRFY/ETRN > during connection to MTA > > Thanks, > Bharath. > > > On Tue, Sep 29, 2015 at 1:03 PM, Trev <tre...@onepost.net> wrote: > >> Are you using fetchmail ? >> Error logs ? >> >> On Tue, Sep 29, 2015 at 12:58 PM, bharath reddy < >> vangoor.bhar...@gmail.com> wrote: >> >>> Dear All, >>> >>> I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not >>> able to receive mails to the server but when I'm updating tickets from Web >>> then users are receiving the update mails. Basically my machine is not able >>> to receive mails but able to send mails. Any help or pointers to this issue >>> will be appreciated. >>> >>> Thanks, >>> Bharath. >>> >> >> >
Re: [rt-users] AD integration for external auth
Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode', 'Country' = 'co', }, }, } );
Re: [rt-users] AD integration for external auth
Sorry about that, review the blog entry I sent you prior. I do see I did add that plugin, again, it's been a while since I wrestled with LDAP authentication. So, I threw my working config with notes, into that blog. On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net wrote: Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [4835] [Tue Jul 7 15:17:14 2015] [error]: FAILED LOGIN for yans from 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810) And here's the setup in RTSiteConfig.pm: Plugin('RT::Authen::ExternalAuth'); Set($ExternalAuthPriority, [ 'My_LDAP' ]); Set($ExternalInfoPriority, [ 'My_LDAP' ]); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server' = 'file_print.hpm.net', # By not passing 'user' and 'pass' we are using an anonymous # bind, which some servers to not allow 'base' = 'dc=hpm,dc=net', 'filter' = '(objectClass=inetOrgPerson)', # Users are allowed to log in via email address or account # name 'attr_match_list' = [ 'Name', # 'EmailAddress', ], # Import the following properties of the user from LDAP upon # login 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'WorkPhone'= 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State'= 'st', 'Zip' = 'postalCode
Re: [rt-users] AD integration for external auth
Generally speaking, it is typical to create an 'LDAP User' for binding, and reading purposes within AD itself. LDAPImport does authenticate against the users in AD. And builds the user records within RT as I have mapped in my example. Cronjob to do the import, maybe every 15 minutes. Makes it much easier to use AD groups within RT as well. Very dynamic... On Tue, Jul 7, 2015 at 4:50 PM, Yan Seiner y...@seiner.com wrote: I'm kicking this back to the list only. I've been going round and round with this and I have some more information, but still not a solution. ldapsearch works: ldapsearch -H ldap://file_print.hpm.net -b dc=hpm,dc=net -s sub (sAMAccountName=yans) -D 'HPM\yans' -x -W uid But notice that I need to use either 'HPM\yans' for the user or the older ' y...@hpm.net' for the system to allow me to bind to the ldap server. The way we're set up, any user can bind to the server with valid credentials, but anonymous binds are not allowed. But the way ExternalAuth is set up, I have to provide the ldap userid and password, which in our system would be a real user. 'user' = 'rt_ldap_username', 'pass' = 'rt_ldap_password', Is there any way to get ExternalAuth to use the credentials entered in the login to bind to the ldap server? (As near as I can figure, the LDAPImport extension imports the userids from ldap, which is not what I need. I need to authenticate against AD in realtime.) --Yan On 7/7/2015 1:32 PM, Trev wrote: Sorry about that, review the blog entry I sent you prior. I do see I did add that plugin, again, it's been a while since I wrestled with LDAP authentication. So, I threw my working config with notes, into that blog. On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net wrote: Use -- Plugin( RT::Extension::LDAPImport ); Note the configuration I linked to you prior. I had some issues with limited functionality using Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not even have had that extension working. On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net tre...@onepost.net wrote: If you mean during the login via RT Gui -- username is, sAMAccountName. THere shouldn't be any need to prefix with the domain as the domain is already be queried. On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com y...@seiner.com wrote: What format do you use for the username? When I try hpm\yans which should, in theory, work, I get: [5367] [Tue Jul 7 17:07:28 2015] [debug]: LDAP Search === Base: dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) == Attrs: sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) Notice the mangled sAMAccountName=hpm\5cyans . If this is what it is searching for, then we have a problem. :) --Yan On 7/7/2015 11:57 AM, Trev wrote: This may help: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com y...@seiner.com wrote: I'm coming back to RT after a few years. I am trying to set up external auth against our AD server. I have a working implementation for mediawiki, so I know that it's possible on our system. As far as possible I've duplicated the options from mediawiki/php to rt/perl, but I am still missing something important as all login attempts get rejected with a NoUser. The only thing that I find different (and I'm searching my memory from a few years ago when I set up mediawiki) there is a line where the user name is pre-pended with the domain for AD: $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME ); And I can't find anything like that in the RT config. Does anyone have a working AD external auth they can share? Thanks. Here's the logfile snippet: [4835] [Tue Jul 7 15:17:14 2015] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424) [4835] [Tue Jul 7 15:17:14 2015] [debug]: Calling UserExists with $username (yans) and $service (My_LDAP) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465) [4835] [Tue Jul 7 15:17:14 2015] [debug]: UserExists params: username: yans , service: My_LDAP (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439) [4835] [Tue Jul 7 15:17:14 2015] [debug]: LDAP Search === Base: ou=Staff,dc=hpm,dc=net == Filter: ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs: cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469) [4835] [Tue Jul 7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP ) yans User not found (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth
Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP
Hello Indrek, I had some problems with External Auth as well. I ended up going with LDAP Import, authentication works based on LDAP credentials being imported. You have a bit more control as you can filter on groups or user names if you choose that route. I threw together a how to: http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html Hope this offers some help. Thanks, Trev On Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas indrekp...@gmail.com wrote: Hi, I'm setting up an RT server on: CentOS 7.1 x64 Apache 2.4 PostgreSQL Perl v5.16.3 Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in RT_SiteConfig.pm: Plugin( RT::Authen::ExternalAuth ); Set( $ExternalAuthPriority, [My_LDAP] ); Set( $ExternalInfoPriority, [My_LDAP] ); Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= '1.1.1.1', 'user' = 'rtbinduser@domain.server ', 'pass' = 'rtbinduserpw', 'base' = 'ou=Dom Users,ou=Company AD,dc=domain,dc=server', 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' }, }, } ); I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080 Page loads in the browser and I can log in as root but when I try to log in using AD account I see in the logs: [warning]: Use of uninitialized value $filter in concatenation (.) or string at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 453. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) I have been digging through google and the LDAP.pm without success. When I messed with the 'base' value error changed: [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value $filter in concatenation (.) or string at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 453. (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451) [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method as_string on an undefined value at /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm line 357. Stack: [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885] [/opt/rt4/sbin/../lib/RT/User.pm:141] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10] [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1] [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310] [/opt/rt4/share/html/autohandler:53] (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208) Any suggestions to a right direction are welcome. PS! Went with LDAP because other services on the server use it successfully. I have installed RT using Kerberos auth before but decided to use something simpler. :D -- Indrek
Re: [rt-users] TicketSQL to select all tickets with requestor nobody in particular
Use 'nobody' vs. 'nobody in particular' as your search criteria. On Fri, Mar 13, 2015 at 4:02 PM, Al Joslin allen.jos...@gmail.com wrote: What is the TicketSQL to select all tickets with requestor nobody in particular” ? I can’t get that list from the Search GUI either thanks al;
Re: [rt-users] RT 4.2.9 Incoming Email configuration with https
Worth noting, it may or may not impact your situation, is the --no-verify-ssl flag you can put on your poll command. I had a similar situation, different errors, but similar with the https / cert issue. set daemon 60 set invisible set no bouncemail set no syslog set logfile /var/log/fetchmail.log poll myexchangeserver.domain.com protocol imap username rt-correspondance password password mda /opt/rt4/bin/rt-mailgate *--no-verify-ssl* --queue 'IT General' --action correspond --url https://rt.domain.com/ http://jamie.vsecu.com/ no keep On Tue, Feb 24, 2015 at 3:19 PM, Daniel Moore daniel.mo...@osbornewood.com wrote: HI, I am currently testing to upgrade to RT 4.2.9. I am running 4.2.6 successfully under normal http: (port 80). I am not wanting to sacrifice the https: ability with the upgrade to 4.2.9 and would like to still be able to use the full email functionality of RT. Here is my setup. I am running Ubuntu 14.04.1 LTS; I have apache 2 installed with mysql; postfix, and fetchmail. My email server is Microsoft Exchange 2010. I cannot, for the life of me, get the incoming email setup to work with https: enabled. In 4.2.6 I had to disable the redirect and go with just HTTP. Everything I have looked on the Wiki, forums, and blogs all point to Request Tracker 3 and other things. I have read documentation after documentation. I am getting the following Feb 24 15:14:25 hostname fetchmail[1178]: MDA returned nonzero status 75 Feb 24 15:14:25 hostname fetchmail[1178]: not flushed I know this means wrong queue. I went through that with 4.2.6 and, like I said, eventually found the resolution to be switch from HTTPS redirect to simple HTTP. I know this is supposed to work somehow. Here is my /etc/aliases file: root@servername:~# cat /etc/aliases # See man 5 aliases for format postmaster:root rt: |/opt/rt4/bin/rt-mailgate --queue General --action correspond --url https://rttest.domain.local/; Here is my /etc/fetchmailrc file: #Daemon Mode # This file must be chmod 0600, owner fetchmail set daemon 20 set syslog set invisible set no bouncemail ## # Hosts to Poool ## # Defaults == # Set antispam to -1, since it is far easier to use that together with # no bouncemail # defaults: # timeout 300 # antispam -1 # batchlimit 100 poll exchange.domain.local protocol pop3 username u...@domain.com password password mda /opt/rt4/bin/rt-mailgate --queue General --action correspond --url https://rttest.domain.local/; no keep; V/R, *Daniel Moore* IT Systems Technician Osborne Wood Products, Inc. [image: http://hosting-source.bm23.com/9241/public/OsborneLogo111.jpg] P: 706.282.5764 F: 888.777.4304 http://www.osbornewood.com
Re: [rt-users] ExternalAuth to active directory over SSL
Review some of your LDAP settings. I think you have CN and DN in places where you may want OU, and your LDAP user should be in a different format, see below. Hopefully this helps. Use mine(working.. also cleaned..) as example: Set($ExternalSettings, { 'My_LDAP' = { 'type' = 'ldap', 'server'= 'ldap://domain_name.com', 'user' = 'domain_name\ldapreader', 'pass' = 'ldapreader_password', 'base' = 'ou=users,ou=services,dc=domain_name,dc=com', 'filter'= '(objectClass=person)', 'tls' = 0, 'attr_match_list' = [ 'Name', 'EmailAddress', 'RealName', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'department', 'RealName' = 'cn', 'NickName' = 'givenName', 'ExternalAuthId'= 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'MobilePhone' = 'mobile', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' }, }, On Tue, Feb 24, 2015 at 9:35 AM, Guillaume Hilt gh...@shadowprojects.org wrote: No one is using LDAPS with Request Tracker ? Guillaume Hilt Le 18/02/2015 15:43, Guillaume Hilt a écrit : Hello, I'm using a fresh install of RT 4.0.19 on Ubuntu 14.04 AMD64, using .deb packages. I'm trying to make ExternalAuth work with LDAP over SSL (Active Directory on 2008 R2 x64), we an internal CA managed under Windows 2008 R2 x64. I added the CA cert in /etc/ssl/certs/srv2.lan.domain.com_ca.pem. I followed a previous discussion on this matter here : http://lists.bestpractical.com/pipermail/rt-users/2012-March/075690.html I'm facing the same issue. $ openssl s_client -connect srv2.lan.domain.com:636 -CApath /etc/ssl/certs Return Verify return code: 21 (unable to verify the first certificate) $ openssl verify -CAfile /etc/ssl/certs/srv2.lan.domain.com_ca.pem /etc/ssl/certs/srv2.lan.domain.com_cert.pem /etc/ssl/certs/srv2.lan.domain.com_cert.pem: OK Running LDP.exe on the domain controllers running in SSL mode works fine. RT's log gives the following : RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_OPERATIONS_ERROR 1 An ldapsearch gives me this (snipped hex code) : ldap_initialize( ldaps://srv2.lan.domain.com:636/??base ) tls_write: want=117, written=117 tls_read: want=3422, got=1443 tls_read: want=1979, got=1448 tls_read: want=531, got=531 tls_write: want=12, written=12 tls_write: want=267, written=267 tls_write: want=6, written=6 tls_write: want=117, written=117 tls_read: want=5, got=5 tls_read: want=1, got=1 tls_read: want=5, got=5 tls_read: want=80, got=80 TLS: can't connect: (unknown error code). ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Here's my configuration : 'AD_LAN' = { 'type' = 'ldap', 'server'= 'srv2.lan.domain.com', 'user' = 'CN=r2-d2,CN=Users,DC=lan,DC=domain,DC=com', 'pass' = 'XXX', 'base' = 'CN=Utilisateurs,DC=lan,DC= domain,DC=com', 'filter'= '((objectClass= organizationalPerson)(mail=*))', 'd_filter' = '(userAccountControl:1.2.840.113556.1.4.803:=2)', 'group' = '', 'group_attr'= '', 'tls' = 0, 'ssl_version' = 3, 'net_ldap_args' = [ version = 3, port = 636, debug = 8 ], 'attr_match_list' = [ 'Name', 'EmailAddress', ], 'attr_map' = { 'Name' = 'sAMAccountName', 'EmailAddress' = 'mail', 'Organization' = 'physicalDeliveryOfficeName', 'RealName' = 'cn', 'ExternalAuthId' = 'sAMAccountName', 'Gecos' = 'sAMAccountName', 'WorkPhone' = 'telephoneNumber', 'Address1' = 'streetAddress', 'City' = 'l', 'State' = 'st', 'Zip' = 'postalCode', 'Country' = 'co' }, }, Setting tls to 1 give me his different error : RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_SERVER_DOWN 81 Regards,
[rt-users] Repeat Ticket - Not creating tickets
4.2.9 Odd situation, permissions probably/maybe ?! Cronjob is run as root, as was the command launched manually a few moments ago. Root is still an account in RT and has full rights 'do anything and everything'. The Bogus Ticket part, caught my eye... Any thoughts appreciated. Thanks! I have 3 tickets setup for re-occurrence, manually firing off the cron job with logging set to debug returns the following: Command line is run: [25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 682 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/bin/rt-repeat-ticket:38) [25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than 0, forcing to 0: [-1] (/opt/rt4/lib/RT/Date.pm:563) [25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than 0, forcing to 0: [-1] (/opt/rt4/lib/RT/Date.pm:563) [25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than 0, forcing to 0: [-1] (/opt/rt4/lib/RT/Date.pm:563) [25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 1448 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/bin/rt-repeat-ticket:38) [25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 1458 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/bin/rt-repeat-ticket:38) Syslog entries: Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 682 Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted lead time date 2015-03-01 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180) *Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: '' (/opt/rt4/lib/RT/Ticket.pm:139)* Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing to 0: [-1] *Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: '' (/opt/rt4/lib/RT/Ticket.pm:139)* Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing to 0: [-1] Feb 15 19:56:53 jamie RT: [25855] Checking date 1970-01-20 with adjusted lead time date 1970-02-03 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180) *Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: '' (/opt/rt4/lib/RT/Ticket.pm:139)* Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing to 0: [-1] Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 1448 Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted lead time date 2015-03-01 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180) Feb 15 19:56:53 jamie RT: [25855] RT::Date used Time::ParseDate to make '2015-02-15' 1423976400 (/opt/rt4/lib/RT/Date.pm:240) Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted lead time date 2015-03-01 (/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180) Feb 15 19:56:53 jamie RT: [25855] RT::Date used Time::ParseDate to make '2015-02-15' 1423976400 (/opt/rt4/lib/RT/Date.pm:240) Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 1458
Re: [rt-users] user privilleges: can not assign tickets to some users
Permissions for the other users to 'Own a Ticket'. On Tue, Feb 10, 2015 at 12:10 PM, Boris Epstein borepst...@gmail.com wrote: Hello all, If I have a user who seemingly should be able to assign tickets to any other user but can only assign them to some - what are the positive causes of that? I have two such users, they seem to have configurations identical to those of other users who can assign tickets to everyone - so I am a bit puzzled. Thanks in advance for any and all help. Cheers, Boris.
Re: [rt-users] user privilleges: can not assign tickets to some users
Check their group or explicit user rights vs rights perhaps applied to everyone/privileged/unprivileged. Are they a member of group(s) that have have different permission sets... On Tue, Feb 10, 2015 at 12:45 PM, Boris Epstein borepst...@gmail.com wrote: Trev, Thanks, this is a thought. However, those same users can indeed own those same tickets - that does not seem to be a problem as long as somebody other than the two users in question does the assigning. That is the part that mystifies me. Boris. On Tue, Feb 10, 2015 at 12:13 PM, Trev tre...@onepost.net wrote: Permissions for the other users to 'Own a Ticket'. On Tue, Feb 10, 2015 at 12:10 PM, Boris Epstein borepst...@gmail.com wrote: Hello all, If I have a user who seemingly should be able to assign tickets to any other user but can only assign them to some - what are the positive causes of that? I have two such users, they seem to have configurations identical to those of other users who can assign tickets to everyone - so I am a bit puzzled. Thanks in advance for any and all help. Cheers, Boris.
[rt-users] Stripping Attachments During Create
My situation is this, I have users sending in support requests and they are processing just fine. I am using fetchmail and mailgate, no problems, tickets get created etc... I want to strip attachments however, specifically those associated with signatures internal to the company. How can I best go about stripping these? Preferably based on attachment name: image001.png image002.png Thanks in advance!
Re: [rt-users] Auto Create Ticket Scrip
Syslog Errors -- The $template_id seems warning level to me, but may be an issue. I went into the database and confirmed the data correct for template ids etc.. etc.. Attached configuration snapshots.. Any further thoughts appreciated, thanks! Jan 11 12:23:16 jamie RT: [9697] Committing scrip #13 on txn #1759 of ticket #125 (/opt/rt4/sbin/../lib/RT/Scrips.pm:306) Jan 11 12:23:16 jamie RT: [9697] Line: === (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:541) Jan 11 12:23:16 jamie RT: [9697] ===Create Ticket: ticket1 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] Subject: Auto Generation Test (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] Queue = RT Testing (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] Content: Someone has created a ticket. you should review and approve it, (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] so they can finish their work (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] ENDOFCONTENT (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. On Sat, Jan 10, 2015 at 7:51 PM, Alex Peters a...@peters.net wrote: A user-defined action will do nothing if the corresponding custom action code boxes are empty. (That should probably actually trigger an error.) Setting your scrip's action to Create Tickets should have your scrip working as expected. You can also use queue names in create-ticket templates if you'd prefer the template to be a little more self-explanatory. On 11 January 2015 at 08:00, Trev tre...@onepost.net wrote: Hi all, 4.2.4 on Debian Created a scrip that calls a custom template to create a ticket in a queue when another ticket is created. Seems easy enough, but I am having a little bit of difficulty implementing it. So this is applied to a queue that I am opening tickets selecting... no 'auto tickets' are creating. What am I doing wrong or missing? Thanks! The Scrip: - Description: New User - Auto Create Tickets - Condition:On Create - Action:User Defined (I've toggled this back and forth from Open Tickets to User Defined) - Template:New User - Tickets - The 3 boxes below are EMPTY (custom conditions, prep and action...) The Template: - Name: New User - Tickets - Description: - Type: Perl (default) ===Create-Ticket: IT Security Modifications Queue = 14 Subject: Access for {$Tickets{'TOP'}-Subject()} Owner: {$Tickets{'TOP'}-Owner()} Depended-On-By: {$Tickets{'TOP'}-Id()} Content: Please attach approved changes for further approvals and implementation. ENDOFCONTENT
Re: [rt-users] Auto Create Ticket Scrip
I figured my issue out, set the logging to debug mode and just, worked the errors. Template Syntax Issue Queue = vs. Queue: ../sigh Thanks for the help either way, appreciated! On Sun, Jan 11, 2015 at 12:32 PM, Trev tre...@onepost.net wrote: Syslog Errors -- The $template_id seems warning level to me, but may be an issue. I went into the database and confirmed the data correct for template ids etc.. etc.. Attached configuration snapshots.. Any further thoughts appreciated, thanks! Jan 11 12:23:16 jamie RT: [9697] Committing scrip #13 on txn #1759 of ticket #125 (/opt/rt4/sbin/../lib/RT/Scrips.pm:306) Jan 11 12:23:16 jamie RT: [9697] Line: === (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:541) Jan 11 12:23:16 jamie RT: [9697] ===Create Ticket: ticket1 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] Subject: Auto Generation Test (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] Queue = RT Testing (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] Content: Someone has created a ticket. you should review and approve it, (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] so they can finish their work (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. Jan 11 12:23:16 jamie RT: [9697] ENDOFCONTENT (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544) Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594. On Sat, Jan 10, 2015 at 7:51 PM, Alex Peters a...@peters.net wrote: A user-defined action will do nothing if the corresponding custom action code boxes are empty. (That should probably actually trigger an error.) Setting your scrip's action to Create Tickets should have your scrip working as expected. You can also use queue names in create-ticket templates if you'd prefer the template to be a little more self-explanatory. On 11 January 2015 at 08:00, Trev tre...@onepost.net wrote: Hi all, 4.2.4 on Debian Created a scrip that calls a custom template to create a ticket in a queue when another ticket is created. Seems easy enough, but I am having a little bit of difficulty implementing it. So this is applied to a queue that I am opening tickets selecting... no 'auto tickets' are creating. What am I doing wrong or missing? Thanks! The Scrip: - Description: New User - Auto Create Tickets - Condition:On Create - Action:User Defined (I've toggled this back and forth from Open Tickets to User Defined) - Template:New User - Tickets - The 3 boxes below are EMPTY (custom conditions, prep and action...) The Template: - Name: New User - Tickets - Description: - Type: Perl (default) ===Create-Ticket: IT Security Modifications Queue = 14 Subject: Access for {$Tickets{'TOP'}-Subject()} Owner: {$Tickets{'TOP'}-Owner()} Depended-On-By: {$Tickets{'TOP'}-Id()} Content: Please attach approved changes for further approvals and implementation. ENDOFCONTENT
[rt-users] Auto Create Ticket Scrip
Hi all, 4.2.4 on Debian Created a scrip that calls a custom template to create a ticket in a queue when another ticket is created. Seems easy enough, but I am having a little bit of difficulty implementing it. So this is applied to a queue that I am opening tickets selecting... no 'auto tickets' are creating. What am I doing wrong or missing? Thanks! The Scrip: - Description: New User - Auto Create Tickets - Condition:On Create - Action:User Defined (I've toggled this back and forth from Open Tickets to User Defined) - Template:New User - Tickets - The 3 boxes below are EMPTY (custom conditions, prep and action...) The Template: - Name: New User - Tickets - Description: - Type: Perl (default) ===Create-Ticket: IT Security Modifications Queue = 14 Subject: Access for {$Tickets{'TOP'}-Subject()} Owner: {$Tickets{'TOP'}-Owner()} Depended-On-By: {$Tickets{'TOP'}-Id()} Content: Please attach approved changes for further approvals and implementation. ENDOFCONTENT