Re: [rt-users] Issues with RTExternalAuth

[Trev]

Plugin( "RT::Extension::LDAPImport" );
# Uncomment for debug
#Set($LogToSyslog, 'debug');
Set( $DatabaseRequireSSL, '' );
Set( $DatabaseType, 'mysql' );
Set( $WebDomain, 'rt.domain_name.com' );
Set( $WebPort, '80' );
Set( $rtname, 'DOMAIN_NAME' ); # or whatever you plan to name the site
## Email
Set( $CommentAddress, 'rt-comments@domain_name.com' );
Set( $CorrespondAddress, 'rt-correspondance@domain_name.com' );
## DB config
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $DatabasePassword, 'password' );
Set( $DatabasePort, '' );
Set( $DatabaseUser, 'db_user_name' );
Set( $Organization, '' );
Set( $OwnerEmail, 'email_address@domain_name.com' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
# My server is running on port 443, leaving the port 80 lines as reference


#Set(@ReferrerWhitelist, qw(rt:80 rt.domain_name.com:80));
Set(@ReferrerWhitelist, qw(rt.domain_name.com:443));
## LDAP Configurations
# LDAP Authentication
Set( @Plugins, qw(RT::Authen::ExternalAuth RT::Extension::LDAPImport));
## LDAP USER IMPORT
Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);
Set($LDAPHost,'domain_name.com');
Set($LDAPUser,'domain_name\ldapreader');
Set($LDAPPassword,'your_ldapreader_password_here');
#my base OU for users, yours will probably differ
Set($LDAPBase,'ou=users,ou=services,dc=domain_name,dc=com');
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name => 'sAMAccountName',
EmailAddress => 'mail',
Organization => 'department',
RealName => 'cn',
NickName => 'givenName',
ExternalAuthId => 'sAMAccountName',
Gecos => 'sAMAccountName',
WorkPhone => 'telephoneNumber',
MobilePhone => 'mobile',
Address1 => 'streetAddress',
City => 'l',
State => 'st',
Zip => 'postalCode',
Country => 'co'
});
## LDAP GROUP IMPORT AND MAPPINGS
Set($LDAPGroupMapping, {Name => 'cn',
Member_Attr => 'member',
Member_Attr_Value => 'dn'});
#OU/basedn location of groups
Set($LDAPGroupBase, 'ou=groups,dc=domain_name,dc=com');
# LDAP GROUP FILTERING, Below are 2 examples
#Set($LDAPGroupFilter, 'cn=Information Technology');
# 2 group import example
Set($LDAPGroupFilter, '(|(cn=Information Technology)(cn=Facilities))');
## LDAP Authentication
Set($ExternalAuthPriority, [ 'My_LDAP',
]
);
Set($ExternalInfoPriority, [ 'My_LDAP',
]
);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldap://domain_name.com',
'user' => 'domain_name\ldapreader',
'pass' => 'ldapreader_password',
'base' => 'ou=users,ou=services,dc=domain_name,dc=com',
'filter' => '(objectClass=person)',
'tls' => 0,
'attr_match_list' => [
'Name',
'EmailAddress',
'RealName',
],
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'department',
'RealName' => 'cn',
'NickName' => 'givenName',
'ExternalAuthId'=> 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'MobilePhone' => 'mobile',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
},
},
} );
1;
1;

On Tue, Jul 5, 2016 at 2:11 AM, Davis Johny 
wrote:

> try Enable the  ExternalAuth adding below
>
>
>
> Set($ExternalAuth, 1);
>
>
> Regards,
>
> Davis
> --
> *From:* rt-users  on behalf of
> Albert Shih 
> *Sent:* Thursday, June 30, 2016 6:00:26 PM
> *To:* rt-users@lists.bestpractical.com
> *Subject:* [rt-users] Issues with RTExternalAuth
>
> Hi every one.
>
> I try to run a RT 4.4.0.
>
> The
>
>   RT::Authen::ExternalAuth
>
> don't seem to work correctly.
>
> I already check on this mailing list, and try the patch I seem. Nothing
> seem to work correctly.
>
> Here my RT_SiteConfig.pm
>
>   Set($WebExternalAuth, 1 );
>   Set($ExternalAuthPriority,  ['PLM']);
>   Set($ExternalInfoPriority,  ['PLM']);
>   Set($ExternalServiceUsesSSLorTLS,'0');
>   Set($AutoCreateNonExternalUsers, '1');
>   Set($ExternalSettings, { 'PLM' => {   'type' => 'ldap',
> 'server' => '*',
> 'user' => 'uid=nss,o=*',
> 'pass' => '*',
> 'base' => '*',
> 'filter' => '(objectClass=person)',
> 'd_filter' => '',
> 'tls' => '0',
> 'ssl_version' => '3',
> 'net_ldap_args' =>   [ 'version => 3', ],
> 'attr_match_list' =>   [ 'Name',  'EmailAddress', ],
> 'attr_map' =>{  'Name' => 'mail',  'EmailAddress' => 'mail',
> 'Organization' => 'ou',  'RealName' => 'displayName',  'WorkPhone' =>
> 'telephoneNumber',  'City' => 'l', },
>   }});
>
> in that case I can authenticate in local without problem. But not against
> my LDAP server.
>
> If I add a
>
> Set($ExternalAuth, 1 );
>
> I can't authenticate at all (either local or LDAP) and I get something
> like :
>
>
> Jun 30 14:22:37 rt RT: [5913] Expected 'PeerHost' at
> /usr/local/lib/perl5/site_perl/Net/LDAP.pm line 164.  Stack:
> [/usr/local/lib/perl5/site_perl/Carp.pm:167]
> [/usr/local/lib/perl5/site_perl/IO/Socket/IP.pm:485]
> 

Re: [rt-users] Fetchmail

[Trev]

If your queue contains spaces in it, you may consider using single quotes:

poll oa-internal.domain.com protocol imap username "rt-correspondance"
password "my_password" mda "/opt/rt4/bin/rt-mailgate --queue 'IT General'
--action correspond --url http://rt.domain.com/; no keep



On Tue, Jul 5, 2016 at 11:22 AM, Dunbar, Brian  wrote:

> Hello RT_Users,
>
>
>
> I have exim4 working to send mails from RT and I am trying to use
> fetchmail to poll exchange and collect the messages.
>
> Fetchmail returns  Fetchmail MDA returned nonzero status 2 in the syslog.
> I also get POP3 Protocol error 19
>
> I look at the exchange account and I can see that fetchmail is reading the
> messages.
>
>
>
> I have also tried with imap and get error writing to mda broken pipe
>
>
>
>
>
> Here is the fetchmail config
>
>
>
> set daemon 30:
>
> set invisible
>
> set no bouncemail
>
> set syslog
>
>
>
> poll mail.server.ca protocol pop3
>
> auth password
>
> username "...@server.ca" password ""
>
> mda "/opt/rt4/bin/rt-mailgate --queue xxx --action correspond --url
> http://xxx/;
>
> no keep
>
> #sslfingerprint "xxx"
>
>
>
> Syslog
>
> reading message xx...@server.ca@mail.server.ca:9 of 10 (3310 octets) (log
> message incomplete)
>
> not flushed
>
>
>
>
>
>
>
> -
> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
> * Los Angeles - September, 2016
>
>
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Los Angeles - September, 2016

Re: [rt-users] LDAP External Auth intermittent failure

[Trev]

Good Afternoon... T S.

  I apologize for not reading the back and forth you have already had here
with Lush, in advance. However, I did a post a while back regarding getting
LDAP authentication to work and there may be a couple of items here that
could help.

  My configuration is posted here as well:

  http://trevthorpe.blogspot.com/

  Hope you find this helpful, figured it couldn't hurt.

  Thanks,

Trev

On Thu, May 5, 2016 at 12:05 PM, Lush, Aaron <al...@scentral.k12.in.us>
wrote:

> The only thing that jumps out to me is that under "External Settings" you
> are domain\service name, whereas in Set$(  LDAPUser) you are using the
> DistinguishedName. I had similar issues in my RT 4.4 deployment until I
> made both of those settings follow the DistinguishedName.
>
> Sincerely,
>
> Aaron Lush
> Network Administrator
> South Central Community School Corporation
> (219) 767-2266 ext. 
>
> On Thu, May 5, 2016 at 10:05 AM, t s <zzz...@hotmail.com> wrote:
>
>> Here you go:
>>
>> By the way, I just changed the line below from
>> 'server'=>  'LDAPSERVER:389' to 'server'
>> => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if
>> that has any effect on the error not coming back up or not.
>>
>>
>>
>> Set($WebPath , "");
>> Set($WebBaseURL, "http://rt.servername.companyname.com;);
>>
>> Set($RestrictReferrer, '0');
>>
>> Set($DatabaseAdmin, 'root');
>>
>> Set($LogoURL, 'https://bestpractical.com/images/logo.png');
>> Set($WebDefaultStylesheet, 'rudder');
>>
>> Set($LogToFile, 'error');
>>
>> Set($SetOutgoingMailFrom, "rt_trac...@companyname.com");
>> Set($SMTPFrom, "mail-out.smtp.companyname.com");
>> Set($ParseNewMessageForTicketCcs, 1);
>> Set($HomePageRefreshInterval, 120);
>> Set($NotifyActor,1)
>>
>> Set($SendmailArguments, "-t");
>> Set($MailCommand, "sendmail");
>> Plugin( "RT::Authen::ExternalAuth" );
>> Plugin('RT::Extension::LDAPImport');
>>
>>
>> Set($LDAPHost,'LDAPSERVER.CORP.COMPANYNAME.NET:389');
>> Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=
>> companyname,DC=net');
>> Set($LDAPPassword,'password');
>> Set($LDAPBase,
>> 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');
>> Set($LDAPFilter, '(&(objectClass=person))');
>> Set($LDAPMapping, {Name => 'sAMAccountName', # required
>>EmailAddress => 'mail',
>>RealName => 'cn',
>>WorkPhone=> 'telephoneNumber',
>>Organization => 'departmentName'});
>> Set($LDAPSizeLimit, 1000);
>>
>>
>> Set($ExternalAuthPriority, ['companynameLDAP']);
>> Set($ExternalInfoPriority, ['companynameLDAP']);
>> Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
>> Set($AutoCreateNonExternalUsers, 1);
>>
>>
>>
>> Set($ExternalSettings, {
>>
>> 'companynameLDAP'   =>  {
>> 'type'  =>  'ldap',
>> 'server'=>  'LDAPSERVER:389',
>> 'user'  =>  'companyname
>> \\svc.servicename',
>> 'pass'  =>  'password',
>> 'base'  =>
>> 'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',
>> 'filter'=>  '(objectClass=person)',
>> 'd_filter'  =>  '(objectClass=asdf)',
>> 'net_ldap_args' => [version =>  3   ],
>> 'attr_match_list' => [
>>  'Name',
>>  'EmailAddress',
>> ],
>> 'attr_map' => {
>> 'Name' => 'sAMAccountName',
>> 'EmailAddress' => 'mail',
>> 'Organization' => 'physicalDeliveryOfficeName',
>> 'RealName' => 'cn',
>> 'ExternalAuthId' => 'sAMAccountName',
>> 'Gecos' => 'sAMAccountName',
>> 'WorkPhone' => 'telephoneNumber',
>> 'Address1' => 'streetAddress',
>> 'City' => 'l',
>> 'State' => 'st',
>> 'Zip' => 'postalCode',
>> 'Country' =>
>> 'co'
>> },
>> },
>> } );
>>
>>
>>
>> Set

[rt-users] Ticket Increment after Reboot/Restart

[Trev]

Good Morning,

  RT 4.2.12 on Debian/MySQL

  I have an odd situation where my ticket numbers seem to jump
significantly after a restart of services or a reboot of the server.

 For example:

40060 40059 40058 40057 40056 32988 29893 25564 24217 24216 24215 24214
24213 20555 20554 20553 20552
  And again previously:

19746 19727 19725 19717 19706 19684 18421 16252 13050 12989 12934 12886
12885 12878 12877 11916 11363 11154 10669 9868 9867

  Thoughts appreciated,

  Thanks,

Trev

Re: [rt-users] Using 2 mail address for all ques

[Trev]

Oh, so..

  You do need to setup a mailbox for rt-comment and rt-correspondance as
they are, in fact, email accounts needing a mailbox for fetchmail to poll.

  Just to be clear.

  Worth noting -- although I do specify the Queue as 'IT General' -- RT
overrides this and adds the Reply or Correspondance to the correct ticket,
no matter the queue. I could probably clean this up as it is leftover from
my initial build and testing, but it works fine so I have left it.


 Fetchmailrc on my end accounts:

root@jamie:~# cat /etc/fetchmailrc
set daemon 60
set invisible
set no bouncemail
set syslog
set logfile /var/log/fetchmail.log

poll oa-internal.domain.com protocol imap username "rt-correspondance"
password "password" mda "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
'IT General' --action correspond --url http://jamie.domain.com/; no keep

poll oa-internal.domain.com protocol imap username "rt-comment" password
"password" mda "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue 'IT
General' --action correspond --url http://jamie.domain.com/; no keep

#other mailboxes below here, specifically for enabling email to support
(and other departments) to open tickets.






On Tue, Dec 29, 2015 at 1:30 PM, Trev <tre...@onepost.net> wrote:

> Yes,
>
>   RT parses the ticket id in the subject line to then apply the comments
> or correspondence based on the correct ticket id number (located in the
> subject line).
>
>   I am using fetchmail as well... without problems at this point...
> running on debian.
>
>   As I add queues, I am sure to keep the default Reply Address and Comment
> Address address fields blank and RT will use the defaults.
>
>   Currently have about 40 queues, some are using email accounts to create
> tickets with, some are not, but every queue uses the default Reply Address
> and Comment Address.
>
>   Rt 4.10.12 on Debian.
>
>I hope this helps.
>
> Trev
>
> On Tue, Dec 29, 2015 at 3:03 AM, Asanka Gunasekera <
> asanka_gunasek...@yahoo.co.uk> wrote:
>
>> Hi Trevor, thank you for the reply, that is great! but as per
>>
>> http://kb.mit.edu/confluence/pages/viewpage.action?pageId=151106427
>>
>> RT users the mail address in a particular way to sort the correspondence
>> and comments, does this works in your case?
>>
>> I am using fetchmail to retrieve mail, do I need to change the mail
>> client? Can you direct me to an document to get this going?
>>
>> I am sorry if this sounds out of the way, what are the precautions that I
>> need to change the current set-up?
>>
>> Thanks and Best Regards
>>
>> 
>> On Mon, 28/12/15, Trev <tre...@onepost.net> wrote:
>>
>>  Subject: Re: [rt-users] Using 2 mail address for all ques
>>  To: "Asanka Gunasekera" <asanka_gunasek...@yahoo.co.uk>
>>  Cc: "RT-List" <rt-users@lists.bestpractical.com>
>>  Date: Monday, 28 December, 2015, 19:31
>>
>>  You can
>>  use a shared rt-correspondance@ and rt-comment@ address. RT
>>  will use the ticket # when reading to modify the ticket
>>  accordingly.
>>  I have about 30
>>  or so queues, and I use common rt-correspondance@  and
>>  rt-comments@ as you are asking about, without
>>  issue.
>>  Trev
>>  On Mon, Dec 28, 2015 at
>>  6:42 AM, Asanka Gunasekera <asanka_gunasek...@yahoo.co.uk>
>>  wrote:
>>  Hi just
>>  wondering whether it is possible to use just 2 email
>>  addresses for all the queues. Once for correspondence and
>>  another for comment. In my RT implementation I have about 25
>>  queus and each queue needs minimum of 1 dedicated mail
>>  account. If above is possible please let me know guide hot
>>  to achieve this!
>>
>>
>>
>>  Thanks and Regards
>>
>>
>>
>

Re: [rt-users] Using 2 mail address for all ques

[Trev]

Yes,

  RT parses the ticket id in the subject line to then apply the comments or
correspondence based on the correct ticket id number (located in the
subject line).

  I am using fetchmail as well... without problems at this point... running
on debian.

  As I add queues, I am sure to keep the default Reply Address and Comment
Address address fields blank and RT will use the defaults.

  Currently have about 40 queues, some are using email accounts to create
tickets with, some are not, but every queue uses the default Reply Address
and Comment Address.

  Rt 4.10.12 on Debian.

   I hope this helps.

Trev

On Tue, Dec 29, 2015 at 3:03 AM, Asanka Gunasekera <
asanka_gunasek...@yahoo.co.uk> wrote:

> Hi Trevor, thank you for the reply, that is great! but as per
>
> http://kb.mit.edu/confluence/pages/viewpage.action?pageId=151106427
>
> RT users the mail address in a particular way to sort the correspondence
> and comments, does this works in your case?
>
> I am using fetchmail to retrieve mail, do I need to change the mail
> client? Can you direct me to an document to get this going?
>
> I am sorry if this sounds out of the way, what are the precautions that I
> need to change the current set-up?
>
> Thanks and Best Regards
>
> ----
> On Mon, 28/12/15, Trev <tre...@onepost.net> wrote:
>
>  Subject: Re: [rt-users] Using 2 mail address for all ques
>  To: "Asanka Gunasekera" <asanka_gunasek...@yahoo.co.uk>
>  Cc: "RT-List" <rt-users@lists.bestpractical.com>
>  Date: Monday, 28 December, 2015, 19:31
>
>  You can
>  use a shared rt-correspondance@ and rt-comment@ address. RT
>  will use the ticket # when reading to modify the ticket
>  accordingly.
>  I have about 30
>  or so queues, and I use common rt-correspondance@  and
>  rt-comments@ as you are asking about, without
>  issue.
>  Trev
>  On Mon, Dec 28, 2015 at
>  6:42 AM, Asanka Gunasekera <asanka_gunasek...@yahoo.co.uk>
>  wrote:
>  Hi just
>  wondering whether it is possible to use just 2 email
>  addresses for all the queues. Once for correspondence and
>  another for comment. In my RT implementation I have about 25
>  queus and each queue needs minimum of 1 dedicated mail
>  account. If above is possible please let me know guide hot
>  to achieve this!
>
>
>
>  Thanks and Regards
>
>
>

Re: [rt-users] Using 2 mail address for all ques

[Trev]

You can use a shared rt-correspondance@ and rt-comment@ address. RT will
use the ticket # when reading to modify the ticket accordingly.

I have about 30 or so queues, and I use common rt-correspondance@  and
rt-comments@ as you are asking about, without issue.

Trev

On Mon, Dec 28, 2015 at 6:42 AM, Asanka Gunasekera <
asanka_gunasek...@yahoo.co.uk> wrote:

> Hi just wondering whether it is possible to use just 2 email addresses for
> all the queues. Once for correspondence and another for comment. In my RT
> implementation I have about 25 queus and each queue needs minimum of 1
> dedicated mail account. If above is possible please let me know guide hot
> to achieve this!
>
> Thanks and Regards
>

Re: [rt-users] Regarding incoming mails.

[Trev]

Are you using fetchmail ?
Error logs ?

On Tue, Sep 29, 2015 at 12:58 PM, bharath reddy 
wrote:

> Dear All,
>
> I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not able
> to receive mails to the server but when I'm updating tickets from Web then
> users are receiving the update mails. Basically my machine is not able to
> receive mails but able to send mails. Any help or pointers to this issue
> will be appreciated.
>
> Thanks,
> Bharath.
>

Re: [rt-users] Regarding incoming mails.

[Trev]

Just to be clear here:

*Broken*:   Fetchmail from your RT server, pulling email from an account on
your email server (exchange or whatever)

*Working*:  Sendmail from your RT server, pushing notifications from the RT
server to your email recipients

The error you post, looks like sendmail errors... not fetchmail...

/var/log/fetchmail.log

Also, the fetchmail configuration file could be useful. (please replace
passwords and other identifiers in your copy paste)

Thanks,

Trev

On Tue, Sep 29, 2015 at 1:10 PM, bharath reddy <vangoor.bhar...@gmail.com>
wrote:

> Hi Trev,
>
> I can see following error in my logs :
>
> Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: ruleset=check_rcpt,
> arg1=<de...@cs.stonybrook.edu>, relay=mail-wi0-f179.google.com
> [209.85.212.179], reject=550 5.7.1 <de...@cs.stonybrook.edu>... Relaying
> denied
> Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: from=<
> bvang...@cs.stonybrook.edu>, size=2400, class=0, nrcpts=0, proto=ESMTP,
> daemon=MTA, relay=mail-wi0-f179.google.com [209.85.212.179]
>
> and also this :
>
> Sep 29 12:33:05 devrt sm-mta[11503]: t8TGX4n2011503:
> devrt.cs.stonybrook.edu [130.245.27.22] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA
> Sep 29 12:33:25 devrt sm-mta[11504]: t8TGXOHh011504:
> devrt.cs.stonybrook.edu [130.245.27.22] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA
>
> Thanks,
> Bharath.
>
>
> On Tue, Sep 29, 2015 at 1:03 PM, Trev <tre...@onepost.net> wrote:
>
>> Are you using fetchmail ?
>> Error logs ?
>>
>> On Tue, Sep 29, 2015 at 12:58 PM, bharath reddy <
>> vangoor.bhar...@gmail.com> wrote:
>>
>>> Dear All,
>>>
>>> I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not
>>> able to receive mails to the server but when I'm updating tickets from Web
>>> then users are receiving the update mails. Basically my machine is not able
>>> to receive mails but able to send mails. Any help or pointers to this issue
>>> will be appreciated.
>>>
>>> Thanks,
>>> Bharath.
>>>
>>
>>
>

Re: [rt-users] AD integration for external auth

[Trev]

Use --   Plugin( RT::Extension::LDAPImport );

Note the configuration I linked to you prior.

I had some issues with limited functionality using
Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may
not even have had that extension working.



On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net wrote:

 If you mean during the login via RT Gui --  username is, sAMAccountName.
 THere shouldn't be any need to prefix with the domain as the domain is
 already be queried.



 On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote:

  What format do you use for the username?

 When I try hpm\yans which should, in theory, work, I get:

 [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
 dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) ==
 Attrs: sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)

 Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
 searching for, then we have a problem.   :)

 --Yan


 On 7/7/2015 11:57 AM, Trev wrote:

  This may help:


 http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html



 On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote:

 I'm coming back to RT after a few years.  I am trying to set up external
 auth against our AD server.

 I have a working implementation for mediawiki, so I know that it's
 possible on our system.  As far as possible I've duplicated the options
 from mediawiki/php to rt/perl, but I am still missing something important
 as all login attempts get rejected with a NoUser.

 The only thing that I find different (and I'm searching my memory from a
 few years ago when I set up mediawiki) there is a line where the user name
 is pre-pended with the domain for AD:

 $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME );

 And I can't find anything like that in the RT config.

 Does anyone have a working AD external auth they can share?

 Thanks.

 Here's the logfile snippet:

 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
 auth service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
 $username (yans) and $service (My_LDAP)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
 username: yans , service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
 ou=Staff,dc=hpm,dc=net == Filter:
 ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
 cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: (
 My_LDAP ) yans User not found
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
 ExternalAuth. Response: (0, No User)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
 [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)

 And here's the setup in RTSiteConfig.pm:

 Plugin('RT::Authen::ExternalAuth');
 Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
 Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
 Set($ExternalSettings, {
  'My_LDAP'   =  {
  'type' =  'ldap',
  'server'   =  'file_print.hpm.net',
 # By not passing 'user' and 'pass' we are using an
 anonymous
 # bind, which some servers to not allow
  'base' =  'dc=hpm,dc=net',
  'filter'   =  '(objectClass=inetOrgPerson)',
 # Users are allowed to log in via email address or
 account
 # name
  'attr_match_list'  = [
'Name',
 #   'EmailAddress',
],
 # Import the following properties of the user from LDAP
 upon
 # login
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'RealName' = 'cn',
 'WorkPhone'= 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State'= 'st',
 'Zip'  = 'postalCode',
 'Country'  = 'co',
 },
 },
 } );

Re: [rt-users] AD integration for external auth

[Trev]

This may help:

http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html



On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote:

 I'm coming back to RT after a few years.  I am trying to set up external
 auth against our AD server.

 I have a working implementation for mediawiki, so I know that it's
 possible on our system.  As far as possible I've duplicated the options
 from mediawiki/php to rt/perl, but I am still missing something important
 as all login attempts get rejected with a NoUser.

 The only thing that I find different (and I'm searching my memory from a
 few years ago when I set up mediawiki) there is a line where the user name
 is pre-pended with the domain for AD:

 $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME );

 And I can't find anything like that in the RT config.

 Does anyone have a working AD external auth they can share?

 Thanks.

 Here's the logfile snippet:

 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external auth
 service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
 $username (yans) and $service (My_LDAP)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
 username: yans , service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
 ou=Staff,dc=hpm,dc=net == Filter:
 ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
 cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP
 ) yans User not found
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
 ExternalAuth. Response: (0, No User)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
 [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)

 And here's the setup in RTSiteConfig.pm:

 Plugin('RT::Authen::ExternalAuth');
 Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
 Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
 Set($ExternalSettings, {
  'My_LDAP'   =  {
  'type' =  'ldap',
  'server'   =  'file_print.hpm.net',
 # By not passing 'user' and 'pass' we are using an
 anonymous
 # bind, which some servers to not allow
  'base' =  'dc=hpm,dc=net',
  'filter'   =  '(objectClass=inetOrgPerson)',
 # Users are allowed to log in via email address or account
 # name
  'attr_match_list'  = [
'Name',
 #   'EmailAddress',
],
 # Import the following properties of the user from LDAP
 upon
 # login
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'RealName' = 'cn',
 'WorkPhone'= 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State'= 'st',
 'Zip'  = 'postalCode',
 'Country'  = 'co',
 },
 },
 } );

Re: [rt-users] AD integration for external auth

[Trev]

If you mean during the login via RT Gui --  username is, sAMAccountName.
THere shouldn't be any need to prefix with the domain as the domain is
already be queried.



On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote:

  What format do you use for the username?

 When I try hpm\yans which should, in theory, work, I get:

 [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
 dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) ==
 Attrs: sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)

 Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
 searching for, then we have a problem.   :)

 --Yan


 On 7/7/2015 11:57 AM, Trev wrote:

  This may help:


 http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html



 On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote:

 I'm coming back to RT after a few years.  I am trying to set up external
 auth against our AD server.

 I have a working implementation for mediawiki, so I know that it's
 possible on our system.  As far as possible I've duplicated the options
 from mediawiki/php to rt/perl, but I am still missing something important
 as all login attempts get rejected with a NoUser.

 The only thing that I find different (and I'm searching my memory from a
 few years ago when I set up mediawiki) there is a line where the user name
 is pre-pended with the domain for AD:

 $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME );

 And I can't find anything like that in the RT config.

 Does anyone have a working AD external auth they can share?

 Thanks.

 Here's the logfile snippet:

 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
 auth service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
 $username (yans) and $service (My_LDAP)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
 username: yans , service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
 ou=Staff,dc=hpm,dc=net == Filter:
 ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
 cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP
 ) yans User not found
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
 ExternalAuth. Response: (0, No User)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
 [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)

 And here's the setup in RTSiteConfig.pm:

 Plugin('RT::Authen::ExternalAuth');
 Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
 Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
 Set($ExternalSettings, {
  'My_LDAP'   =  {
  'type' =  'ldap',
  'server'   =  'file_print.hpm.net',
 # By not passing 'user' and 'pass' we are using an
 anonymous
 # bind, which some servers to not allow
  'base' =  'dc=hpm,dc=net',
  'filter'   =  '(objectClass=inetOrgPerson)',
 # Users are allowed to log in via email address or account
 # name
  'attr_match_list'  = [
'Name',
 #   'EmailAddress',
],
 # Import the following properties of the user from LDAP
 upon
 # login
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'RealName' = 'cn',
 'WorkPhone'= 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State'= 'st',
 'Zip'  = 'postalCode',
 'Country'  = 'co',
 },
 },
 } );

Re: [rt-users] AD integration for external auth

[Trev]

Sorry about that, review the blog entry I sent you prior. I do see I did
add that plugin, again, it's been a while since I wrestled with LDAP
authentication. So, I threw my working config with notes, into that blog.



On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net wrote:

 Use --   Plugin( RT::Extension::LDAPImport );

 Note the configuration I linked to you prior.

 I had some issues with limited functionality using 
 Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not 
 even have had that extension working.



 On Tue, Jul 7, 2015 at 1:28 PM, Trev tre...@onepost.net wrote:

 If you mean during the login via RT Gui --  username is, sAMAccountName.
 THere shouldn't be any need to prefix with the domain as the domain is
 already be queried.



 On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner y...@seiner.com wrote:

  What format do you use for the username?

 When I try hpm\yans which should, in theory, work, I get:

 [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
 dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) ==
 Attrs: sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)

 Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
 searching for, then we have a problem.   :)

 --Yan


 On 7/7/2015 11:57 AM, Trev wrote:

  This may help:


 http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html



 On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner y...@seiner.com wrote:

 I'm coming back to RT after a few years.  I am trying to set up
 external auth against our AD server.

 I have a working implementation for mediawiki, so I know that it's
 possible on our system.  As far as possible I've duplicated the options
 from mediawiki/php to rt/perl, but I am still missing something important
 as all login attempts get rejected with a NoUser.

 The only thing that I find different (and I'm searching my memory from
 a few years ago when I set up mediawiki) there is a line where the user
 name is pre-pended with the domain for AD:

 $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME );

 And I can't find anything like that in the RT config.

 Does anyone have a working AD external auth they can share?

 Thanks.

 Here's the logfile snippet:

 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
 auth service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
 $username (yans) and $service (My_LDAP)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
 username: yans , service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
 ou=Staff,dc=hpm,dc=net == Filter:
 ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
 cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: (
 My_LDAP ) yans User not found
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:483)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
 ExternalAuth. Response: (0, No User)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
 [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
 10.10.30.51 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:810)

 And here's the setup in RTSiteConfig.pm:

 Plugin('RT::Authen::ExternalAuth');
 Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
 Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
 Set($ExternalSettings, {
  'My_LDAP'   =  {
  'type' =  'ldap',
  'server'   =  'file_print.hpm.net',
 # By not passing 'user' and 'pass' we are using an
 anonymous
 # bind, which some servers to not allow
  'base' =  'dc=hpm,dc=net',
  'filter'   =  '(objectClass=inetOrgPerson)',
 # Users are allowed to log in via email address or
 account
 # name
  'attr_match_list'  = [
'Name',
 #   'EmailAddress',
],
 # Import the following properties of the user from LDAP
 upon
 # login
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'RealName' = 'cn',
 'WorkPhone'= 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State'= 'st',
 'Zip'  = 'postalCode

Re: [rt-users] AD integration for external auth

[Trev]

Generally speaking, it is typical to create an 'LDAP User' for binding, and
reading purposes within AD itself.

LDAPImport does authenticate against the users in AD. And builds the user
records within RT as I have mapped in my example.

Cronjob to do the import, maybe every 15 minutes. Makes it much easier to
use AD groups within RT as well.


Very dynamic...



On Tue, Jul 7, 2015 at 4:50 PM, Yan Seiner y...@seiner.com wrote:

  I'm kicking this back to the list only.  I've been going round and round
 with this and I have some more information, but still not a solution.

 ldapsearch works:

  ldapsearch -H ldap://file_print.hpm.net -b dc=hpm,dc=net -s sub
 (sAMAccountName=yans) -D 'HPM\yans' -x -W uid

 But notice that I need to use either 'HPM\yans' for the user or the older '
 y...@hpm.net' for the system to allow me to bind to the ldap server.  The
 way we're set up, any user can bind to the server with valid credentials,
 but anonymous binds are not allowed.

 But the way ExternalAuth is set up, I have to provide the ldap userid and
 password, which in our system would be a real user.

 'user'  =  'rt_ldap_username',
 'pass'  =  'rt_ldap_password',

 Is there any way to get ExternalAuth to use the credentials entered in the
 login to bind to the ldap server?

 (As near as I can figure, the LDAPImport extension imports the userids
 from ldap, which is not what I need.  I need to authenticate against AD in
 realtime.)

 --Yan



 On 7/7/2015 1:32 PM, Trev wrote:

 Sorry about that, review the blog entry I sent you prior. I do see I did
 add that plugin, again, it's been a while since I wrestled with LDAP
 authentication. So, I threw my working config with notes, into that blog.



 On Tue, Jul 7, 2015 at 1:30 PM, Trev tre...@onepost.net wrote:

  Use --   Plugin( RT::Extension::LDAPImport );
 Note the configuration I linked to you prior.
 I had some issues with limited functionality using 
 Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not 
 even have had that extension working.


 On Tue, Jul 7, 2015 at 1:28 PM, Trev  tre...@onepost.net
 tre...@onepost.net wrote:

 If you mean during the login via RT Gui --  username is, sAMAccountName.
 THere shouldn't be any need to prefix with the domain as the domain is
 already be queried.



 On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner  y...@seiner.com
 y...@seiner.com wrote:

  What format do you use for the username?

 When I try hpm\yans which should, in theory, work, I get:

 [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
 dc=hpm,dc=net == Filter: ((objectClass=*)(sAMAccountName=hpm\5cyans)) ==
 Attrs: sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)

 Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
 searching for, then we have a problem.   :)

 --Yan


 On 7/7/2015 11:57 AM, Trev wrote:

  This may help:


 http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html



 On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner  y...@seiner.com
 y...@seiner.com wrote:

 I'm coming back to RT after a few years.  I am trying to set up
 external auth against our AD server.

 I have a working implementation for mediawiki, so I know that it's
 possible on our system.  As far as possible I've duplicated the options
 from mediawiki/php to rt/perl, but I am still missing something important
 as all login attempts get rejected with a NoUser.

 The only thing that I find different (and I'm searching my memory from
 a few years ago when I set up mediawiki) there is a line where the user
 name is pre-pended with the domain for AD:

 $wgLDAPSearchStrings = array( 'HPM' = HPM\\USER-NAME );

 And I can't find anything like that in the RT config.

 Does anyone have a working AD external auth they can share?

 Thanks.

 Here's the logfile snippet:

 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
 auth service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:424)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
 $username (yans) and $service (My_LDAP)
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
 username: yans , service: My_LDAP
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:439)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
 ou=Staff,dc=hpm,dc=net == Filter:
 ((objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
 cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:469)
 [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: (
 My_LDAP ) yans User not found
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth

Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP

[Trev]

Hello Indrek,

  I had some problems with External Auth as well. I ended up going with
LDAP Import, authentication works based on LDAP credentials being imported.
You have a bit more control as you can filter on groups or user names if
you choose that route.

  I threw together a how to:


http://trevthorpe.blogspot.com/2015/01/request-tracker-424-ldap-authentication.html

  Hope this offers some help.

  Thanks,

Trev


On Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas indrekp...@gmail.com wrote:

 Hi,

 I'm setting up an RT server on:
 CentOS 7.1 x64
 Apache 2.4
 PostgreSQL
 Perl v5.16.3

 Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
 RT_SiteConfig.pm:

 Plugin( RT::Authen::ExternalAuth );

 Set( $ExternalAuthPriority, [My_LDAP] );
 Set( $ExternalInfoPriority, [My_LDAP] );

 Set($ExternalSettings, {
 'My_LDAP'   =  {
 'type'  =  'ldap',
 'server'=  '1.1.1.1',
 'user'  =  'rtbinduser@domain.server
 ',
 'pass'  =  'rtbinduserpw',
 'base'  =  'ou=Dom Users,ou=Company
 AD,dc=domain,dc=server',

 'attr_match_list' = [
 'Name',
 'EmailAddress',
 ],
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'Organization' = 'physicalDeliveryOfficeName',
 'RealName' = 'cn',
 'ExternalAuthId' = 'sAMAccountName',
 'Gecos' = 'sAMAccountName',
 'WorkPhone' = 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State' = 'st',
 'Zip' = 'postalCode',
 'Country' = 'co'
 },
 },
 } );

 I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
 Page loads in the browser and I can log in as root but when I try to log
 in using AD account I see in the logs:

 [warning]: Use of uninitialized value $filter in concatenation (.) or
 string at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
 line 453.
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)

 I have been digging through google and the LDAP.pm without success. When I
 messed with the 'base' value error changed:

 [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
 $filter in concatenation (.) or string at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
 line 453.
 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:451)
 [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method as_string
 on an undefined value at
 /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
 line 357.

 Stack:

 [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:357]

 [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:843]

 [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:885]
   [/opt/rt4/sbin/../lib/RT/User.pm:141]

 [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:486]
   [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]

 [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
   [/opt/rt4/sbin/../lib/RT/Interface/Web.pm:310]
   [/opt/rt4/share/html/autohandler:53]
 (/opt/rt4/sbin/../lib/RT/Interface/Web/Handler.pm:208)


 Any suggestions to a right direction are welcome.

 PS! Went with LDAP because other services on the server use it
 successfully. I have installed RT using Kerberos auth before but decided to
 use something simpler. :D

 --
 Indrek

Re: [rt-users] TicketSQL to select all tickets with requestor nobody in particular

[Trev]

Use 'nobody' vs. 'nobody in particular' as your search criteria.

On Fri, Mar 13, 2015 at 4:02 PM, Al Joslin allen.jos...@gmail.com wrote:

 What is the TicketSQL to select all tickets with requestor nobody in
 particular” ?

 I can’t get  that list from the Search GUI either

 thanks
 al;

Re: [rt-users] RT 4.2.9 Incoming Email configuration with https

[Trev]

Worth noting, it may or may not impact your situation, is the
--no-verify-ssl flag you can put on your poll command.

I had a similar situation, different errors, but similar with the https /
cert issue.

set daemon 60
set invisible
set no bouncemail
set no syslog
set logfile /var/log/fetchmail.log
poll myexchangeserver.domain.com protocol imap username rt-correspondance
password password mda /opt/rt4/bin/rt-mailgate *--no-verify-ssl* --queue
'IT General' --action correspond --url https://rt.domain.com/
http://jamie.vsecu.com/ no keep




On Tue, Feb 24, 2015 at 3:19 PM, Daniel Moore daniel.mo...@osbornewood.com
wrote:

  HI,



 I am currently testing to upgrade to RT 4.2.9. I am running 4.2.6
 successfully under normal http: (port 80). I am not wanting to sacrifice
 the https: ability with the upgrade to 4.2.9 and would like to still be
 able to use the full email functionality of RT.



 Here is my setup. I am running Ubuntu 14.04.1 LTS; I have apache 2
 installed with mysql; postfix, and fetchmail. My email server is Microsoft
 Exchange 2010.



 I cannot, for the life of me, get the incoming email setup to work with
 https: enabled. In 4.2.6 I had to disable the redirect and go with just
 HTTP. Everything I have looked on the Wiki, forums, and blogs all point to
 Request Tracker 3 and other things. I have read documentation after
 documentation.



 I am getting the following



 Feb 24 15:14:25 hostname fetchmail[1178]: MDA returned nonzero status 75

 Feb 24 15:14:25 hostname fetchmail[1178]:  not flushed



 I know this means wrong queue. I went through that with 4.2.6 and, like I
 said, eventually found the resolution to be switch from HTTPS redirect to
 simple HTTP. I know this is supposed to work somehow.



 Here is my /etc/aliases file:



 root@servername:~# cat /etc/aliases

 # See man 5 aliases for format

 postmaster:root



 rt: |/opt/rt4/bin/rt-mailgate --queue General --action correspond
 --url https://rttest.domain.local/;





 Here is my /etc/fetchmailrc file:



 #Daemon Mode

 # This file must be chmod 0600, owner fetchmail



 set daemon 20

 set syslog

 set invisible

 set no bouncemail







 ##



 # Hosts to Poool



 ##



 # Defaults ==



 # Set antispam to -1, since it is far easier to use that together with



 # no bouncemail



 # defaults:



 # timeout 300

 # antispam -1

 # batchlimit 100



 poll exchange.domain.local protocol pop3



 username u...@domain.com  password password mda
 /opt/rt4/bin/rt-mailgate --queue General --action correspond --url
 https://rttest.domain.local/;



 no keep;





 V/R,



 *Daniel Moore*

 IT Systems Technician

 Osborne Wood Products, Inc.

 [image: http://hosting-source.bm23.com/9241/public/OsborneLogo111.jpg]

 P: 706.282.5764

 F: 888.777.4304

 http://www.osbornewood.com

Re: [rt-users] ExternalAuth to active directory over SSL

[Trev]

Review some of your LDAP settings. I think you have CN and DN in places
where you may want OU, and your LDAP user should be in a different format,
see below.

Hopefully this helps.

Use mine(working.. also cleaned..) as example:

Set($ExternalSettings, {
'My_LDAP'   =  {
'type'  =  'ldap',
'server'=  'ldap://domain_name.com',
'user'  =  'domain_name\ldapreader',
'pass'  =  'ldapreader_password',
'base'  =  'ou=users,ou=services,dc=domain_name,dc=com',
'filter'=  '(objectClass=person)',
'tls'   =  0,

'attr_match_list' = [
'Name',
'EmailAddress',
'RealName',
],

'attr_map'  = {
'Name'  = 'sAMAccountName',
'EmailAddress'  = 'mail',
'Organization'  = 'department',
'RealName'  = 'cn',
'NickName'  = 'givenName',
'ExternalAuthId'= 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'MobilePhone'   = 'mobile',
'Address1'  = 'streetAddress',
'City'  = 'l',
'State' = 'st',
'Zip'   = 'postalCode',
'Country'   = 'co'
},
},








On Tue, Feb 24, 2015 at 9:35 AM, Guillaume Hilt gh...@shadowprojects.org
wrote:

 No one is using LDAPS with Request Tracker ?

   Guillaume Hilt

 Le 18/02/2015 15:43, Guillaume Hilt a écrit :

  Hello,

 I'm using a fresh install of RT 4.0.19 on Ubuntu 14.04 AMD64, using .deb
 packages.

 I'm trying to make ExternalAuth work with LDAP over SSL (Active Directory
 on 2008 R2 x64), we an internal CA managed under Windows 2008 R2 x64.
 I added the CA cert in /etc/ssl/certs/srv2.lan.domain.com_ca.pem.

 I followed a previous discussion on this matter here :
 http://lists.bestpractical.com/pipermail/rt-users/2012-March/075690.html
 I'm facing the same issue.

 $ openssl s_client -connect srv2.lan.domain.com:636 -CApath
 /etc/ssl/certs
 Return Verify return code: 21 (unable to verify the first certificate)

 $ openssl verify -CAfile /etc/ssl/certs/srv2.lan.domain.com_ca.pem
 /etc/ssl/certs/srv2.lan.domain.com_cert.pem
 /etc/ssl/certs/srv2.lan.domain.com_cert.pem: OK

 Running LDP.exe on the domain controllers running in SSL mode works fine.


 RT's log gives the following :

 RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
 LDAP_OPERATIONS_ERROR 1


 An ldapsearch gives me this (snipped hex code) :

 ldap_initialize( ldaps://srv2.lan.domain.com:636/??base )
 tls_write: want=117, written=117
 tls_read: want=3422, got=1443
 tls_read: want=1979, got=1448
 tls_read: want=531, got=531
 tls_write: want=12, written=12
 tls_write: want=267, written=267
 tls_write: want=6, written=6
 tls_write: want=117, written=117
 tls_read: want=5, got=5
 tls_read: want=1, got=1
 tls_read: want=5, got=5
 tls_read: want=80, got=80
 TLS: can't connect: (unknown error code).
 ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


 Here's my configuration :

 'AD_LAN' = {
 'type'  =  'ldap',
 'server'= 'srv2.lan.domain.com',
 'user'  =
 'CN=r2-d2,CN=Users,DC=lan,DC=domain,DC=com',
 'pass'  =  'XXX',

 'base'  = 'CN=Utilisateurs,DC=lan,DC=
 domain,DC=com',
 'filter'= '((objectClass=
 organizationalPerson)(mail=*))',
 'd_filter'  =
 '(userAccountControl:1.2.840.113556.1.4.803:=2)',

 'group' =  '',
 'group_attr'=  '',

 'tls'   =  0,
 'ssl_version'   =  3,
 'net_ldap_args' =  [ version = 3, port =
 636, debug = 8 ],

 'attr_match_list' = [
 'Name',
 'EmailAddress',
 ],
 'attr_map' = {
 'Name' = 'sAMAccountName',
 'EmailAddress' = 'mail',
 'Organization' = 'physicalDeliveryOfficeName',
 'RealName' = 'cn',
 'ExternalAuthId' = 'sAMAccountName',
 'Gecos' = 'sAMAccountName',
 'WorkPhone' = 'telephoneNumber',
 'Address1' = 'streetAddress',
 'City' = 'l',
 'State' = 'st',
 'Zip' = 'postalCode',
 'Country' = 'co'
 },
 },


 Setting tls to 1 give me his different error :

 RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
 LDAP_SERVER_DOWN 81


 Regards,

[rt-users] Repeat Ticket - Not creating tickets

[Trev]

4.2.9
Odd situation, permissions probably/maybe ?!

Cronjob is run as root, as was the command launched manually a few moments
ago.

Root is still an account in RT and has full rights 'do anything and
everything'.

The Bogus Ticket part, caught my eye...

Any thoughts appreciated.

Thanks!

I have 3 tickets setup for re-occurrence, manually firing off the cron job
with logging set to debug returns the following:

Command line is run:
[25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 682
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/bin/rt-repeat-ticket:38)
[25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than
0, forcing to 0: [-1] (/opt/rt4/lib/RT/Date.pm:563)
[25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than
0, forcing to 0: [-1] (/opt/rt4/lib/RT/Date.pm:563)
[25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than
0, forcing to 0: [-1] (/opt/rt4/lib/RT/Date.pm:563)
[25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 1448
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/bin/rt-repeat-ticket:38)
[25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 1458
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/bin/rt-repeat-ticket:38)

Syslog entries:
Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 682
Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted
lead time date 2015-03-01
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180)
*Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: ''
(/opt/rt4/lib/RT/Ticket.pm:139)*
Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing
to 0: [-1]
*Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: ''
(/opt/rt4/lib/RT/Ticket.pm:139)*
Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing
to 0: [-1]
Feb 15 19:56:53 jamie RT: [25855] Checking date 1970-01-20 with adjusted
lead time date 1970-02-03
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180)
*Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: ''
(/opt/rt4/lib/RT/Ticket.pm:139)*
Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing
to 0: [-1]
Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 1448
Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted
lead time date 2015-03-01
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180)
Feb 15 19:56:53 jamie RT: [25855] RT::Date used Time::ParseDate to make
'2015-02-15' 1423976400 (/opt/rt4/lib/RT/Date.pm:240)
Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted
lead time date 2015-03-01
(/opt/rt4/local/plugins/RT-Extension-RepeatTicket/lib/RT/Extension/RepeatTicket.pm:180)
Feb 15 19:56:53 jamie RT: [25855] RT::Date used Time::ParseDate to make
'2015-02-15' 1423976400 (/opt/rt4/lib/RT/Date.pm:240)
Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 1458

Re: [rt-users] user privilleges: can not assign tickets to some users

[Trev]

Permissions for the other users to 'Own a Ticket'.

On Tue, Feb 10, 2015 at 12:10 PM, Boris Epstein borepst...@gmail.com
wrote:

 Hello all,

 If I have a user who seemingly should be able to assign tickets to any
 other user but can only assign them to some - what are the positive causes
 of that? I have two such users, they seem to have configurations identical
 to those of other users who can assign tickets to everyone - so I am a bit
 puzzled.

 Thanks in advance for any and all help.

 Cheers,

 Boris.

Re: [rt-users] user privilleges: can not assign tickets to some users

[Trev]

Check their group or explicit user rights vs rights perhaps applied to
everyone/privileged/unprivileged.

Are they a member of group(s) that have have different permission sets...



On Tue, Feb 10, 2015 at 12:45 PM, Boris Epstein borepst...@gmail.com
wrote:

 Trev,

 Thanks, this is a thought. However, those same users can indeed own those
 same tickets - that does not seem to be a problem as long as somebody other
 than the two users in question does the assigning. That is the part that
 mystifies me.

 Boris.

 On Tue, Feb 10, 2015 at 12:13 PM, Trev tre...@onepost.net wrote:

 Permissions for the other users to 'Own a Ticket'.

 On Tue, Feb 10, 2015 at 12:10 PM, Boris Epstein borepst...@gmail.com
 wrote:

 Hello all,

 If I have a user who seemingly should be able to assign tickets to any
 other user but can only assign them to some - what are the positive causes
 of that? I have two such users, they seem to have configurations identical
 to those of other users who can assign tickets to everyone - so I am a bit
 puzzled.

 Thanks in advance for any and all help.

 Cheers,

 Boris.

[rt-users] Stripping Attachments During Create

[Trev]

My situation is this, I have users sending in support requests and they are
processing just fine. I am using fetchmail and mailgate, no problems,
tickets get created etc...

I want to strip attachments however, specifically those associated with
signatures internal to the company.

How can I best go about stripping these?

Preferably based on attachment name:
image001.png
image002.png

Thanks in advance!

Re: [rt-users] Auto Create Ticket Scrip

[Trev]

Syslog Errors -- The $template_id seems warning level to me, but may be an
issue. I went into the database and confirmed the data correct for template
ids etc.. etc..

Attached configuration snapshots..

Any further thoughts appreciated, thanks!

Jan 11 12:23:16 jamie RT: [9697] Committing scrip #13 on txn #1759 of
ticket #125 (/opt/rt4/sbin/../lib/RT/Scrips.pm:306)
Jan 11 12:23:16 jamie RT: [9697] Line: ===
(/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:541)
Jan 11 12:23:16 jamie RT: [9697] ===Create Ticket: ticket1
(/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
Jan 11 12:23:16 jamie RT: [9697] Subject: Auto Generation Test
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
Jan 11 12:23:16 jamie RT: [9697] Queue = RT Testing
(/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
Jan 11 12:23:16 jamie RT: [9697] Content: Someone has created a ticket. you
should review and approve it,
(/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
Jan 11 12:23:16 jamie RT: [9697] so they can finish their work
(/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
Jan 11 12:23:16 jamie RT: [9697] ENDOFCONTENT
(/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.




​


On Sat, Jan 10, 2015 at 7:51 PM, Alex Peters a...@peters.net wrote:

 A user-defined action will do nothing if the corresponding custom
 action code boxes are empty.  (That should probably actually trigger an
 error.)

 Setting your scrip's action to Create Tickets should have your scrip
 working as expected.

 You can also use queue names in create-ticket templates if you'd prefer
 the template to be a little more self-explanatory.

 On 11 January 2015 at 08:00, Trev tre...@onepost.net wrote:

 Hi all,

   4.2.4 on Debian

   Created a scrip that calls a custom template to create a ticket in a
 queue when another ticket is created. Seems easy enough, but I am having a
 little bit of difficulty implementing it.

   So this is applied to a queue that I am opening tickets selecting... no
 'auto tickets' are creating.

   What am I doing wrong or missing?

   Thanks!

   The Scrip:

- Description: New User - Auto Create Tickets
- Condition:On Create
- Action:User Defined (I've toggled this back and forth from
Open Tickets to User Defined)
- Template:New User - Tickets
- The 3 boxes below are EMPTY (custom conditions, prep and action...)


   The Template:

- Name: New User - Tickets
- Description:
- Type:  Perl (default)


 ===Create-Ticket: IT Security Modifications
 Queue   = 14
 Subject: Access for {$Tickets{'TOP'}-Subject()}
 Owner: {$Tickets{'TOP'}-Owner()}
 Depended-On-By: {$Tickets{'TOP'}-Id()}
 Content: Please attach approved changes for further approvals and
 implementation.
 ENDOFCONTENT

Re: [rt-users] Auto Create Ticket Scrip

[Trev]

I figured my issue out, set the logging to debug mode and just, worked the
errors.

Template Syntax Issue

Queue = vs. Queue:


../sigh

Thanks for the help either way, appreciated!




On Sun, Jan 11, 2015 at 12:32 PM, Trev tre...@onepost.net wrote:

 Syslog Errors -- The $template_id seems warning level to me, but may be an
 issue. I went into the database and confirmed the data correct for template
 ids etc.. etc..

 Attached configuration snapshots..

 Any further thoughts appreciated, thanks!

 Jan 11 12:23:16 jamie RT: [9697] Committing scrip #13 on txn #1759 of
 ticket #125 (/opt/rt4/sbin/../lib/RT/Scrips.pm:306)
 Jan 11 12:23:16 jamie RT: [9697] Line: ===
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:541)
 Jan 11 12:23:16 jamie RT: [9697] ===Create Ticket: ticket1
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
 Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
 in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
 Jan 11 12:23:16 jamie RT: [9697] Subject: Auto Generation Test
  (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
 Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
 in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
 Jan 11 12:23:16 jamie RT: [9697] Queue = RT Testing
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
 Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
 in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
 Jan 11 12:23:16 jamie RT: [9697] Content: Someone has created a ticket.
 you should review and approve it,
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
 Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
 in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
 Jan 11 12:23:16 jamie RT: [9697] so they can finish their work
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
 Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
 in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.
 Jan 11 12:23:16 jamie RT: [9697] ENDOFCONTENT
 (/opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm:544)
 Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
 in hash element at /opt/rt4/sbin/../lib/RT/Action/CreateTickets.pm line 594.




 ​


 On Sat, Jan 10, 2015 at 7:51 PM, Alex Peters a...@peters.net wrote:

 A user-defined action will do nothing if the corresponding custom
 action code boxes are empty.  (That should probably actually trigger an
 error.)

 Setting your scrip's action to Create Tickets should have your scrip
 working as expected.

 You can also use queue names in create-ticket templates if you'd prefer
 the template to be a little more self-explanatory.

 On 11 January 2015 at 08:00, Trev tre...@onepost.net wrote:

 Hi all,

   4.2.4 on Debian

   Created a scrip that calls a custom template to create a ticket in a
 queue when another ticket is created. Seems easy enough, but I am having a
 little bit of difficulty implementing it.

   So this is applied to a queue that I am opening tickets selecting...
 no 'auto tickets' are creating.

   What am I doing wrong or missing?

   Thanks!

   The Scrip:

- Description: New User - Auto Create Tickets
- Condition:On Create
- Action:User Defined (I've toggled this back and forth from
Open Tickets to User Defined)
- Template:New User - Tickets
- The 3 boxes below are EMPTY (custom conditions, prep and action...)


   The Template:

- Name: New User - Tickets
- Description:
- Type:  Perl (default)


 ===Create-Ticket: IT Security Modifications
 Queue   = 14
 Subject: Access for {$Tickets{'TOP'}-Subject()}
 Owner: {$Tickets{'TOP'}-Owner()}
 Depended-On-By: {$Tickets{'TOP'}-Id()}
 Content: Please attach approved changes for further approvals and
 implementation.
 ENDOFCONTENT

[rt-users] Auto Create Ticket Scrip

[Trev]

Hi all,

  4.2.4 on Debian

  Created a scrip that calls a custom template to create a ticket in a
queue when another ticket is created. Seems easy enough, but I am having a
little bit of difficulty implementing it.

  So this is applied to a queue that I am opening tickets selecting... no
'auto tickets' are creating.

  What am I doing wrong or missing?

  Thanks!

  The Scrip:

   - Description: New User - Auto Create Tickets
   - Condition:On Create
   - Action:User Defined (I've toggled this back and forth from
   Open Tickets to User Defined)
   - Template:New User - Tickets
   - The 3 boxes below are EMPTY (custom conditions, prep and action...)


  The Template:

   - Name: New User - Tickets
   - Description:
   - Type:  Perl (default)


===Create-Ticket: IT Security Modifications
Queue   = 14
Subject: Access for {$Tickets{'TOP'}-Subject()}
Owner: {$Tickets{'TOP'}-Owner()}
Depended-On-By: {$Tickets{'TOP'}-Id()}
Content: Please attach approved changes for further approvals and
implementation.
ENDOFCONTENT