[rt-users] RT3 and LDAP

John Jasen jjasen at datafoundation.com
Wed Oct 29 10:58:22 EST 2003


Hi ...

I was in the same position as you, a few months ago. I did a lot of 
digging, asked a lot of questions (some more stupid than others, I 
suppose) and came to a conclusion that is being used now.

I believe there are about 4 things you need to get rt3 working with LDAP: 
a few modifications to $RT_BASE/etc/RT_SiteConfig.pm, the addition of an 
$RT_BASE/lib/RT/EmailParser_Local.pm, modifying 
$RT_BASE/var/mason_data/obj/standard/autohandler, and an appropriate 
httpd.conf.

I've included sanitized versions of my files, working on rt 3.0.4, to 
demonstrate.

To use: change LDAPSERVER to your values, change DOMAIN to your values, 
and change CHANGEME! to a real password. 

Let me know if these are too confusing.


On Wed, 29 Oct 2003, Senoner Samuel wrote:

> You can say to rt to do an external authentication this means using the
> web server, normally apache.
> 
> You will find very much informations in the archive if you search.
> 
> Samuel 
> 
> 
> -----Original Message-----
> From: Tim Stoop [mailto:cvd at il.fontys.nl] 
> Sent: Wednesday,29 October,2003 11:46
> To: rt-users at lists.fsck.com
> 
> Hi people,
> 
> I'm new to this list and I couldn't find my answer in (recent) archives.
> Is there a way to have RT3 connect to an LDAP db for authentication? Any
> help is appreciated.
> 
> 
> --
> Gegroet,
> Tim
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
> 
> Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
> 
> 
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
> 
> Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm
> 



-------------- next part --------------
ServerType standalone
ServerRoot "/etc/httpd"
LockFile /var/run/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile logs/apache_runtime_status

Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

MinSpareServers 2
MaxSpareServers 10
StartServers 6
MaxClients 50
MaxRequestsPerChild 500

LoadModule access_module      modules/mod_access.so
LoadModule auth_module        modules/mod_auth.so
LoadModule anon_auth_module   modules/mod_auth_anon.so
LoadModule db_auth_module     modules/mod_auth_db.so
LoadModule auth_ldap_module   modules/mod_auth_ldap.so
<IfDefine HAVE_PERL>
LoadModule perl_module        modules/libperl.so
</IfDefine>
<IfDefine HAVE_SSL>
LoadModule ssl_module         modules/libssl.so
</IfDefine>

ClearModuleList
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_db.c
AddModule auth_ldap.c
<IfDefine HAVE_PERL>
AddModule mod_perl.c
</IfDefine>
<IfDefine HAVE_SSL>
AddModule mod_ssl.c
</IfDefine>

Port 80

<IfDefine HAVE_SSL>
Listen 80
Listen 443
</IfDefine>

User apache
Group apache

ServerAdmin root at DOMAIN.com

DocumentRoot "/home/httpd/html"

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/home/httpd/html">
    Options Indexes Includes FollowSymLinks ExecCGI 
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

UseCanonicalName On

<IfDefine HAVE_SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>

<IfModule mod_ssl.c>

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SSLLog      logs/ssl_engine_log
SSLLogLevel error

</IfModule>

<IfDefine HAVE_SSL>

<VirtualHost _default_:443>

DocumentRoot "/home/httpd/ssl"
ServerName www.DOMAIN.com
ErrorLog logs/error_log
TransferLog logs/access_log
<Location />
</Location>

Alias /internal /home/httpd/internal
<Location /internal>
        AuthType Basic
        AuthName "DFI Intranet"
        AuthLDAPURL ldap://SERVER.DOMAIN.com/ou=People,dc=DOMAIN,dc=com
        AuthLDAPStartTLS on
        require valid-user
</Location>

SSLEngine on

SSLCertificateFile /usr/share/ssl/certs/apache.crt

SSLCertificateKeyFile /usr/share/ssl/certs/apache.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Alias /rt /usr/local/rt3/share/html

<Location /rt>
	PerlModule Apache::DBI
        PerlRequire /usr/local/rt3/bin/webmux.pl
        SetHandler perl-script
        PerlHandler RT::Mason
	AuthType Basic
	AuthName "Request Tracker"
	AuthLDAPURL ldap://SERVER.DOMAIN.com/ou=People,dc=DOMAIN,dc=com
        AuthLDAPStartTLS on
	require valid-user
</Location>

<LocationMatch "/NoAuth/">
	SetHandler perl-script
        PerlHandler RT::Mason
        Order Deny,Allow
        Deny from all
        Allow from DOMAIN.com localhost 127.0.0.1 localhost.localdomain 10.0.0.28 10.0.0.31
        require valid-user
        Satisfy any
</LocationMatch>

</VirtualHost>                                  

</IfDefine>

-------------- next part --------------
# MASON COMPILER ID: 2097!28098
package HTML::Mason::Commands;
use strict;
use vars qw($m %session $r);
HTML::Mason::Component::FileBased->new(
'code' => sub {
HTML::Mason::Exception::Params->throw
    ( error =>
      "Odd number of parameters passed to component expecting name/value pairs"
    ) if @_ % 2;
my %ARGS = @_;
my ( $user, $pass, $menu );
{
    my %pos;
    for ( my $x = 0; $x < @_; $x += 2 )
    {
        $pos{ $_[$x] } = $x + 1;
    }
#line 175 /usr/local/rt3/share/html/autohandler
     $user = exists $pos{'user'} ? $_[ $pos{'user'} ] :  undef;
#line 176 /usr/local/rt3/share/html/autohandler
     $pass = exists $pos{'pass'} ? $_[ $pos{'pass'} ] :  undef;
#line 177 /usr/local/rt3/share/html/autohandler
     $menu = exists $pos{'menu'} ? $_[ $pos{'menu'} ] :  undef;
}
$m->debug_hook( $m->current_comp->path ) if ( %DB:: );

#line 24 /usr/local/rt3/share/html/autohandler


# Roll back any dangling transactions from a previous failed connection
$RT::Handle->ForceRollback() if $RT::Handle->TransactionDepth;


local *session;
%ARGS = map {
    # if they've passed multiple values, they'll be an array. if they've passed just one, a scalar
    # whatever they are, mark them as utf8
    my $type = ref($_);
    (!$type)
	? Encode::decode(utf8 => $_, Encode::FB_PERLQQ) :
    ($type eq 'ARRAY')
	? [ map { ref($_) ? $_ : Encode::decode(utf8 => $_, Encode::FB_PERLQQ) } @$_ ] :
    ($type eq 'HASH')
	? { map { ref($_) ? $_ : Encode::decode(utf8 => $_, Encode::FB_PERLQQ) } %$_ } : $_
} %ARGS;

if ($ARGS{'Debug'}) {
        require Time::HiRes;
        $m->{'rt_base_time'} = [Time::HiRes::gettimeofday()];
        
}
else {
        $m->{'rt_base_time'} = time;
}
$m->comp('/Elements/SetupSessionCookie', %ARGS);

unless ($session{'CurrentUser'} && $session{'CurrentUser'}->Id) {
    $session{'CurrentUser'} = RT::CurrentUser->new();
}

# Set the proper encoding for the current language handle
$r->content_type("text/html; charset=utf-8");

# If it's a noauth file, don't ask for auth.
if ($m->base_comp->path =~ '^/+NoAuth/' ||
    $m->base_comp->path =~ '^/+REST/\d+\.\d+/NoAuth/')
{
    $m->call_next(%ARGS);
    $m->abort();
}

# If RT is configured for external auth, let's get REMOTE_USER
elsif ($RT::WebExternalAuth and length($ENV{'REMOTE_USER'})) {
    my $orig_user = $user;

    $user = $ENV{'REMOTE_USER'};
    $session{'CurrentUser'} = RT::CurrentUser->new();
    my $load_method = $RT::WebExternalGecos ? 'LoadByGecos' : 'Load';
    
    if ($^O eq 'MSWin32' and $RT::WebExternalGecos) {
    	my $NodeName = Win32::NodeName();
    	$user =~ s/^\Q$NodeName\E\\//i;
    }

    $session{'CurrentUser'}->$load_method($user);

    if ($RT::WebExternalAuto and !$session{'CurrentUser'}->Id() ) {
	# Create users on-the-fly with default attributes

	my $UserObj = RT::User->new(RT::CurrentUser->new('root'));

	#Lines inserted for LDAP User Lookup

        my %UserInfo = ();
        my $UserFoundInExternalDatabase;
        ( $UserFoundInExternalDatabase, %UserInfo) =
             RT::EmailParser::LookupExternalUserInfo($user, $user);

	my ($val, $msg) = $UserObj->Create(
	    %{ref($RT::AutoCreate) ? $RT::AutoCreate : {}},
	    Name	 => $user,
	    Gecos	 => $user,
	    %UserInfo    #added by SeS
	);

	if ($val) {
	    $UserObj->SetPrivileged(1);

	    if ($^O !~ /^(?:riscos|MacOS|MSWin32|dos|os2)$/) {
		# Populate fields with information from Unix /etc/passwd

		my ($comments, $realname) = (getpwnam($user))[5, 6];
		$UserObj->SetComments($comments) if defined $comments;
		$UserObj->SetRealName($realname) if defined $realname;
	    }
	    elsif ($^O eq 'MSWin32' and eval 'use Net::AdminMisc; 1') {
		# Populate fields with information from NT domain controller
	    }

	    $session{'CurrentUser'}->Load($user);
	}
	else {
	    delete $session{'CurrentUser'};
	    $m->abort() unless $RT::WebFallbackToInternalAuth;
	    $m->comp('/Elements/Login', %ARGS, Error=> loc('Cannot create user: [_1]', $msg));
	}
    }

    unless ( $session{'CurrentUser'}->Id() ) {
        delete $session{'CurrentUser'};
        $user = $orig_user;

	if ( $RT::WebExternalOnly ) {	        
	    $m->comp('/Elements/Login', %ARGS, Error=> loc('You are not an authorized user'));
	    $m->abort();
	}
    }
}

delete $session{'CurrentUser'}
    unless $session{'CurrentUser'} and defined $session{'CurrentUser'}->Id;

# Process per-page authentication callbacks
$m->comp('/Elements/Callback', %ARGS, _CallbackName => 'Auth');

# If the user is logging in, let's authenticate
if (!$session{'CurrentUser'} && defined ($user) && defined ($pass) ){
    $session{'CurrentUser'} = RT::CurrentUser->new();
    $session{'CurrentUser'}->Load($user);

    if (!$session{'CurrentUser'}->id() ||
        !$session{'CurrentUser'}->IsPassword($pass))
    {
        delete $session{'CurrentUser'};
        $m->comp('/Elements/Login', %ARGS,
                 Error => loc('Your username or password is incorrect'));
        $m->abort();
    }
}
  
# If we've got credentials, let's serve the file up.
if ( (defined $session{'CurrentUser'}) and 
     ( $session{'CurrentUser'}->Id) ) {
    
    # Process per-page global callbacks
    $m->comp('/Elements/Callback', %ARGS);

    # If the user isn't privileged, they can only see SelfService
    if ((! $session{'CurrentUser'}->Privileged) and
	($m->base_comp->path !~ '^(/+)SelfService/') ) {
	$m->comp('/SelfService/index.html');
	$m->abort();
    }
    else {
	$m->call_next(%ARGS);
    }
}

# If we have no credentials
else {
    $m->comp('/Elements/Login', %ARGS);
    $m->abort();
}
#line 1 /usr/local/rt3/share/html/autohandler
# BEGIN LICENSE BLOCK
# 
# Copyright (c) 1996-2003 Jesse Vincent <jesse at bestpractical.com>
# 
# (Except where explictly superceded by other copyright notices)
# 
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
# 
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
# 
# Unless otherwise specified, all modifications, corrections or
# extensions to this work which alter its source code become the
# property of Best Practical Solutions, LLC when submitted for
# inclusion in the work.
# 
# 
# END LICENSE BLOCK
$m->comp( '/Elements/Footer', %ARGS );
#line 173 /usr/local/rt3/share/html/autohandler
$m->print( '
' );
return undef;
},
'compiler_id' => '2097!28098',
'declared_args' => {
  '$menu' => { default => ' undef' },
  '$pass' => { default => ' undef' },
  '$user' => { default => ' undef' }
},
'load_time' => 1059414313,
'object_size' => 6432,

)
;
-------------- next part --------------
no warnings qw(redefine);

sub LookupExternalUserInfo {
# Taken from an unknoen source
# If the original author sees this please email
# stewart.james at vu.edu.au so I can place your credit here.
# I only modified this to work with my LDAP host and to make it function
# within RT

	my %UserInf = {};
	$UserInfo{'EmailAddress'} = shift;
	$UserInfo{'RealName'} = shift;
	$UserInfo{'RealName'} =~ s/\"//g;
	my ($FoundUser);

	# {{{ load up ldap modules

	use Net::LDAP;
	use Net::LDAP::Constant qw(LDAP_SUCCESS);

	# }}}

	# {{{ defined constants we're going to need

	use constant LDAP      => q(LDAPSERVER.DOMAIN.com);
	use constant LDAP_PORT => q(389);
	use constant LDAP_BASE => q(dc=DOMAIN,dc=com);
	# If you're using a server that doesn't require you to
	# bind with a password, set LDAP_BIND and LDAP_BINDPASS to q();

	use constant LDAP_BIND => q();

	use constant LDAP_BINDPASS => q();



	# }}}

	# {{{ connect to the ldap server
	my $ldap = new Net::LDAP(LDAP, port => LDAP_PORT); # ||
	#   $RT::Logger->critical("GetExternalUserWithLDAP: ".
	#                        "Cannot connect to LDAP'\n"),
	#      return (0, %UserInfo);

	# If we're running against a server that
	#  if (LDAP_BIND) {
	#        my $mesg = $ldap->bind(LDAP_BIND, password => LDAP_BINDPASS );
	#        if ($mesg->code != LDAP_SUCCESS) {
	#            $RT::Logger->critical("GetExternalUserWithLDAP: Cannot bind to LDAP:",
	#                                  $mesg->code, "\n");
	#            return (0, %UserInfo);
	#        }
	#}
	# }}}

	# {{{ search for this user by email address

	my $filter = "uid=".$UserInfo{'EmailAddress'};
	$RT::Logger->debug("GetExternalUserWithLDAP: First search filter '$filter'\n");
	$mesg = $ldap->search(base   => LDAP_BASE,
		filter => $filter,
		attrs  => ['mail', 'cn', 'ou', 'uid', 'telephonenumber', 'l', 'roomnumber', 'mobile']);
	if ($mesg->code != LDAP_SUCCESS)  {
		$RT::Logger->critical("GetExternalUserWithLDAP: Could not search for $filter: ",
			$mesg->code, "\n");

		return (0, %UserInfo);
	}

	$RT::Logger->debug("GetExternalUserWithLDAP: First search produced ",
		$mesg->count, " results\n");


	# }}}

	# {{{ if the E-mail search failed, try searching by cn
	unless ($mesg->count == 1) {
		$filter = "mail=".$UserInfo{'RealName'};
		$RT::Logger->debug("GetExternalUserWithLDAP: Second search filter '$filter'\n"); 
		$mesg = $ldap->search(base   => LDAP_BASE,
	filter => $filter,
			attrs  => ['mail', 'cn', 'ou', 'uid']);
		if ($mesg->code != LDAP_SUCCESS)  {
			$RT::Logger->critical("GetExternalUserWithLDAP: Could not search for $filter: ", 
				$mesg->code, "\n");

			return (0, %UserInfo);
		}                          
	}            

	$RT::Logger->debug("GetExternalUserWithLDAP: Second search produced ", $mesg->count, 
		" results with filter $filter\n");
	# }}} 

	# One of the two searches succeeded with just one match
	if ($mesg->count == 1) {
		$UserInfo{'EmailAddress'} = ($mesg->first_entry->get_value('mail'))[0];
		$UserInfo{'RealName'} = ($mesg->first_entry->get_value('cn'))[0];
		$UserInfo{'Name'} = ($mesg->first_entry->get_value('uid'))[0];
		$UserInfo{'Address1'} = ($mesg->first_entry->get_value('ou'))[0];
		$UserInfo{'Address2'} = ($mesg->first_entry->get_value('ou'))[1];
		$UserInfo{'City'} = ($mesg->first_entry->get_value('l'))[0];
		$UserInfo{'Country'} = ($mesg->first_entry->get_value('roomnumber'))[0];
		$UserInfo{'WorkPhone'} = ($mesg->first_entry->get_value('telephonenumber'))[0]; 
		$UserInfo{'MobilePhone'} = ($mesg->first_entry->get_value('mobile'))[0]; 
		$FoundUser = 1;
	}

	# {{{ close down the ldap connection
	$mesg = $ldap->unbind();
	if ($mesg->code != LDAP_SUCCESS) {
		$RT::Logger->critical("GetExternalUserWithLDAP: Could not unbind from LDAP: ", 
			$mesg->code, "\n");
	}
	# }}}

	return ($FoundUser, %UserInfo);

}   


1;
-------------- next part --------------
#
# WARNING: NEVER EDIT RT_Config.pm. Instead, copy any sections you want to change to RT_SiteConfig.pm
# and edit them there.
#

package RT;

=head1 NAME

RT::Config

=for testing

use RT::Config;

=cut

# {{{ Base Configuration

# $rtname the string that RT will look for in mail messages to
# figure out what ticket a new piece of mail belongs to

# Your domain name is recommended, so as not to pollute the namespace.
# once you start using a given tag, you should probably never change it.
# (otherwise, mail for existing tickets won't get put in the right place

Set($rtname , "DOMAIN.com");

# You should set this to your organization's DNS domain. For example,
# fsck.com or asylum.arkham.ma.us. It's used by the linking interface to
# guarantee that ticket URIs are unique and easy to construct.

Set($Organization , "DOMAIN.com");

# $user_passwd_min defines the minimum length for user passwords. Setting
# it to 0 disables this check
Set($MinimumPasswordLength , "5");

# $Timezone is used to convert times entered by users into GMT and back again
# It should be set to a timezone recognized by your local unix box.
Set($Timezone , 'US/Eastern');

# }}}

# }}}

# {{{ Database Configuration

# Database driver beeing used. Case matters
# Valid types are "mysql" and "Pg"

Set($DatabaseType , 'mysql');

# The domain name of your database server
# If you're running mysql and it's on localhost,
# leave it blank for enhanced performance
Set($DatabaseHost   , 'localhost');
Set($DatabaseRTHost , 'localhost');

# The port that your database server is running on.  Ignored unless it's
# a positive integer. It's usually safe to leave this blank
Set($DatabasePort , '');

#The name of the database user (inside the database)
Set($DatabaseUser , 'rt_user');

# Password the DatabaseUser should use to access the database
Set($DatabasePassword , 'CHANGEME!');

# The name of the RT's database on your database server
Set($DatabaseName , 'rt3');

# If you're using Postgres and have compiled in SSL support,
# set DatabaseRequireSSL to 1 to turn on SSL communication
Set($DatabaseRequireSSL , undef);

# }}}

# {{{ Incoming mail gateway configuration

# OwnerEmail is the address of a human who manages RT. RT will send
# errors generated by the mail gateway to this address.  This address
# should _not_ be an address that's managed by your RT instance.

Set($OwnerEmail , 'root');

# If $LoopsToRTOwner is defined, RT will send mail that it believes
# might be a loop to $RT::OwnerEmail

Set($LoopsToRTOwner , 1);

# If $StoreLoopss is defined, RT will record messages that it believes
# to be part of mail loops.
# As it does this, it will try to be careful not to send mail to the
# sender of these messages

Set($StoreLoops , undef);

# $MaxAttachmentSize sets the maximum size (in bytes) of attachments stored
# in the database.

# For mysql and oracle, we set this size at 10 megabytes.
# If you're running a postgres version earlier than 7.1, you will need
# to drop this to 8192. (8k)

Set($MaxAttachmentSize , 10000000);

# $TruncateLongAttachments: if this is set to a non-undef value,
# RT will truncate attachments longer than MaxAttachmentLength.

Set($TruncateLongAttachments , undef);

# $DropLongAttachments: if this is set to a non-undef value,
# RT will silently drop attachments longer than MaxAttachmentLength.

Set($DropLongAttachments , undef);

# If $ParseNewMessageForTicketCcs is true, RT will attempt to divine
# Ticket 'Cc' watchers from the To and Cc lines of incoming messages
# Be forewarned that if you have _any_ addresses which forward mail to
# RT automatically and you enable this option without modifying
# "RTAddressRegexp" below, you will get yourself into a heap of trouble.

Set($ParseNewMessageForTicketCcs , undef);

# RTAddressRegexp is used to make sure RT doesn't add itself as a ticket CC if
# the setting above is enabled.

Set($RTAddressRegexp , '^rt\@DOMAIN.com$');

# RT provides functionality which allows the system to rewrite
# incoming email addresses.  In its simplest form,
# you can substitute the value in CanonicalizeEmailAddressReplace
# for the value in CanonicalizeEmailAddressMatch
# (These values are passed to the CanonicalizeEmailAddress subroutine in RT/User.pm)
# By default, that routine performs a s/$Match/$Replace/gi on any address passed to it

Set($CanonicalizeEmailAddressMatch   , 'LDAPSERVER.DOMAIN.com$');
Set($CanonicalizeEmailAddressReplace , 'DOMAIN.com');

# If $SenderMustExistInExternalDatabase is true, RT will refuse to
# create non-privileged accounts for unknown users if you are using
# the "LookupSenderInExternalDatabase" option.
# Instead, an error message will be mailed and RT will forward the
# message to $RTOwner.
#
# If you are not using $LookupSenderInExternalDatabase, this option
# has no effect.
#
# If you define an AutoRejectRequest template, RT will use this
# template for the rejection message.

Set($SenderMustExistInExternalDatabase , undef);

# }}}

# {{{ Outgoing mail configuration

# RT is designed such that any mail which already has a ticket-id associated
# with it will get to the right place automatically.

# $CorrespondAddress and $CommentAddress are the default addresses
# that will be listed in From: and Reply-To: headers of correspondence
# and comment mail tracked by RT, unless overridden by a queue-specific
# address.

Set($CorrespondAddress , 'rt at DOMAIN.com');

Set($CommentAddress , 'rt at DOMAIN.com');

#Sendmail Configuration

# $MailCommand defines which method RT will use to try to send mail
# We know that 'sendmailpipe' works fairly well.
# If 'sendmailpipe' doesn't work well for you, try 'sendmail'
#
# Note that you should remove the '-t' from $SendmailArguments
# if you use 'sendmail rather than 'sendmailpipe'

Set($MailCommand , 'sendmailpipe');

# $SendmailArguments defines what flags to pass to $Sendmail
# assuming you picked 'sendmail' or 'sendmailpipe' as the $MailCommand above.
# If you picked 'sendmailpipe', you MUST add a -t flag to $SendmailArguments

# These options are good for most sendmail wrappers and workalikes
Set($SendmailArguments , "-oi -t");

# These arguments are good for sendmail brand sendmail 8 and newer
#Set($SendmailArguments,"-oi -t -ODeliveryMode=b -OErrorMode=m");

# If you selected 'sendmailpipe' above, you MUST specify the path
# to your sendmail binary in $SendmailPath.
# !! If you did not # select 'sendmailpipe' above, this has no effect!!
Set($SendmailPath , "/usr/sbin/sendmail");

# By default, RT sets the outgoing mail's "From:" header to
# "SenderName via RT".  Setting this option to 0 disables it.

Set($UseFriendlyFromLine , 1);

# sprintf() format of the friendly 'From:' header; its arguments
# are SenderName and SenderEmailAddress.
Set($FriendlyFromLineFormat , "\"%s via RT\" <%s>");

# RT can optionally set a "Friendly" 'To:' header when sending messages to
# Ccs or AdminCcs (rather than having a blank 'To:' header.

# This feature DOES NOT WORK WITH SENDMAIL[tm] BRAND SENDMAIL
# If you are using sendmail, rather than postfix, qmail, exim or some other MTA,
# you _must_ disable this option.

Set($UseFriendlyToLine , 0);

# sprintf() format of the friendly 'From:' header; its arguments
# are WatcherType and TicketId.
Set($FriendlyToLineFormat, "\"%s of $RT::rtname Ticket #%s\":;");

# By default RT doesn't notify the person who performs an update, as they
# already know what they've done. If you'd like to change this behaviour,
# Set $NotifyActor to 1

Set($NotifyActor, 0);


# }}}

# {{{ Logging

# Logging.  The default is to log anything except debugging
# information to syslog.  Check the Log::Dispatch POD for
# information about how to get things by syslog, mail or anything
# else, get debugging info in the log, etc.

#  It might generally make
# sense to send error and higher by email to some administrator.
# If you do this, be careful that this email isn't sent to this RT instance.

# the minimum level error that will be logged to the specific device.
# levels from lowest to highest:
#  debug info notice warning error critical alert emergency

#  Mail loops will generate a critical log message.
Set($LogToSyslog    , 'debug');
Set($LogToScreen    , 'error');
Set($LogToFile      , 'debug');
Set($LogDir, '/usr/local/rt3/var/log');
Set($LogToFileNamed , "rt.log");    #log to rt.log

# }}}

# {{{ Web interface configuration

# Define the directory name to be used for images in rt web
# documents.

# If you're putting the web ui somewhere other than at the root of
# your server
# $WebPath requires a leading / but no trailing /

Set($WebPath , "/rt");

# This is the Scheme, server and port for constructing urls to webrt
# $WebBaseURL doesn't need a trailing /

Set($WebBaseURL , "https://www.DOMAIN.com:443");

Set($WebURL , $WebBaseURL . $WebPath . "/");

# $WebImagesURL points to the base URL where RT can find its images.
# If you're running the FastCGI version of the RT web interface,
# you should make RT's WebRT/html/NoAuth/images directory available on
# a static web server and supply that URL as $WebImagesURL.

Set($WebImagesURL , $WebURL . "NoAuth/images/");

# $RTLogoURL points to the URL of the RT logo displayed in the web UI

Set($LogoURL , $WebImagesURL . "rt.jpg");

# if TrustHTMLAttachments is not defined, we will display them
# as text. This prevents malicious HTML and javascript from being
# sent in a request (although there is probably more to it than that)
Set($TrustHTMLAttachments , undef);

# If $WebExternalAuth is defined, RT will defer to the environment's
# REMOTE_USER variable.

Set($WebExternalAuth , 1);

# If $WebFallbackToInternalAuth is undefined, the user is allowed a chance
# of fallback to the login screen, even if REMOTE_USER failed.

Set($WebFallbackToInternalAuth , 0);

# $WebExternalGecos means to match 'gecos' field as the user identity);
# useful with mod_auth_pwcheck and IIS Integrated Windows logon.

Set($WebExternalGecos , 1);

# $WebExternalAuto will create users under the same name as REMOTE_USER
# upon login, if it's missing in the Users table.

Set($WebExternalAuto , 1);

# $WebSessionClass is the class you wish to use for managing Sessions.
# It defaults to use your SQL database, but if you are using MySQL 3.x and
# plans to use non-ascii Queue names, uncomment and add this line to
# RT_SiteConfig.pm will prevent session corruption.

# Set($WebSessionClass , 'Apache::Session::File');

# }}}

# {{{ RT UTF-8 Settings

# An array that contains languages supported by RT's internationalization
# interface.  Defaults to all *.po lexicons; set it to qw(en ja) will make
# RT bilingual instead of multilingual, but will save same memory.

#@LexiconLanguages = qw(en);

# An array that contains default encodings used to guess which charset
# an attachment uses if not specified.  Must be recognized by
# Encode::Guess.

@EmailInputEncodings = qw(utf-8 iso-8859-1 us-ascii);

# The charset for localized email.  Must be recognized by Encode.

Set($EmailOutputEncoding , 'utf-8');

# }}}

# {{{ RT Date Handling Options (for Time::ParseDate)

# Set this to 1 if your local date convention looks like "dd/mm/yy"
# instead of "mm/dd/yy".

Set($DateDayBeforeMonth , 1);

# Should "Tuesday" default to meaning "Next Tuesday" or "Last Tuesday"?
# Set to 0 for "Next" or 1 for "Last".

Set($AmbiguousDayInPast , 1);

# }}}

1;


More information about the rt-users mailing list