<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Kevin,<br>
Comments inline:<br>
<br>
On 2/13/2012 12:06 PM, Kevin Falcone wrote:
<blockquote cite="mid:20120213170658.GH96259@jibsheet.com"
type="cite">
<pre wrap="">On Fri, Feb 10, 2012 at 03:45:25PM -0500, Scott Pestana wrote:
</pre>
<blockquote type="cite">
<pre wrap=""> For example: one user can send in emails to the RT queue and
proceed normally. However if he tries to log in to the web version,
the RT system treats him like is associated with a different queue
than the rest of our users. When he tried to create a ticket
through the web RT would create the ticket in this wrong queue, and
he immediately got an error that he did not have permissions to view
his ticket.
</pre>
</blockquote>
<pre wrap="">
It'd be useful to see some sort of screenshot of what he's seeing.
</pre>
</blockquote>
When logged in he got the RT at a glance page, with an empty
queue in the upper right hand corner next to "new ticket", and all
the sections (10 highest priority tickets I own, 10 newest unowned
tickets, bookmarked tickets, quick ticket creation, my reminders,
quick search, dashboards, refresh) all load up / display normally,
but without any content.<br>
<br>
<blockquote cite="mid:20120213170658.GH96259@jibsheet.com"
type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap=""> RT creates an internal user for him, unlike the rest of our
employees who don't show up in the user list because they exist in
the configured LDAP. I disabled the (discontinued) queue, and
</pre>
</blockquote>
<pre wrap="">
As a heads up, RT *always* create an internal user, even for users
pulled from LDAP.
There is no password stored, but RT must have an internal user account,
otherwise the user can't be associated with tickets.
</pre>
</blockquote>
Noted, I had seen them by directly querying the SQL tables I'm
just a bit confused by why they don't show up under the Privileged
Users display. <br>
<br>
<blockquote cite="mid:20120213170658.GH96259@jibsheet.com"
type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">edited the user created form him to disassociate it from him
(rename, re-email, etc), and then had him try to log in again.
Again, RT created a user with his name/credentials in its own SQL
database instead of querying LDAP, and associated his user with the
now disabled queue. He can no longer create tickets because the
queue is disabled, and I can't figure out how to alter his account
to associate him with the proper queue.
</pre>
</blockquote>
<pre wrap="">
As I mentioned on your other mail, debug level logs of what happens on
login are much more likely to show us what is going on than
descriptions of the problem.
I'll also note that your ExternalAuth config didn't allow for LDAP
auth, so I'm not sure what password your users are using.
-kevin</pre>
</blockquote>
<br>
Here are debug level logs of our little misadventure. ilewin is
the new employee. I'm wondering now if the users have been imported
into the internal RT database by an export / import, and now new
users (employees) aren't pre-loaded into the DB. The way we're
doing this, is there an option I could change to allow LDAP auth? I
heard some back and forth from the admin who set up this instance
that there was so incompatibility with ExternalAuth & LDAP auth.<br>
<br>
[Tue Jan 24 17:47:48 2012] [debug]: Attempting to use external auth
service: Lingua_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)<br>
[Tue Jan 24 17:47:48 2012] [debug]: SSO Failed and no user to test
with. Nexting
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)<br>
[Tue Jan 24 17:47:48 2012] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)<br>
[Tue Jan 24 17:48:08 2012] [error]: WebRT: Queue could not be
loaded. (/opt/rt4/share/html/Elements/Error:82)<br>
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24282 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24283 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24284 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24285 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24286 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24287 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:28 2012] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E<br>
xternalAuth.pm 553 with: Disabled: 0, EmailAddress: , Gecos: ilewin,
Name: ilewin, Privileged: 1
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)<br>
[Tue Jan 24 17:49:28 2012] [debug]: Attempting to get user info
using this external service: Lingua_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.<br>
pm:458)<br>
[Tue Jan 24 17:49:28 2012] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)<br>
[Tue Jan 24 17:49:28 2012] [debug]: LDAP Search === Base:
ou=users,dc=linguamatics,dc=com == Filter:
(&(|(objectClass=posixAccount)(objectClass=account))) == Attrs:
cn,mail,uid,g<br>
ecos,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)<br>
[Tue Jan 24 17:49:28 2012] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled:
0, EmailAddress: , Gecos: ilewin, Name: ilewin, Privileged: 1
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)<br>
[Tue Jan 24 17:49:28 2012] [debug]: About to think about scrips for
transaction #24288 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:28 2012] [debug]: About to think about scrips for
transaction #24289 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:28 2012] [debug]: About to think about scrips for
transaction #24290 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)<br>
[Tue Jan 24 17:49:52 2012] [debug]: Attempting to use external auth
service: Lingua_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)<br>
[Tue Jan 24 17:49:52 2012] [debug]: SSO Failed and no user to test
with. Nexting
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)<br>
[Tue Jan 24 17:49:52 2012] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)<br>
[Tue Jan 24 17:50:07 2012] [error]: WebRT: Queue could not be
loaded. (/opt/rt4/share/html/Elements/Error:82)<br>
<br>
<br>
<blockquote cite="mid:20120213170658.GH96259@jibsheet.com"
type="cite">
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--------
RT Training Sessions (<a class="moz-txt-link-freetext" href="http://bestpractical.com/services/training.html">http://bestpractical.com/services/training.html</a>)
* Boston — March 5 & 6, 2012</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
N. Scott Pestana<br>
IT Infrastructure<br>
Linguamatics<br>
275 Grove Street, Suite 2-400<br>
Newton, MA 02466<br>
<br>
Tel: +1-774-571-7135<br>
<br>
US Tel: +1-617-674-3256<br>
UK Tel: 011-44-1223-421360<br>
UK Fax: 011-44-1223-421361<br>
Web: <a class="moz-txt-link-abbreviated" href="http://www.linguamatics.com">www.linguamatics.com</a> <br>
<br>
</div>
</body>
</html>