[rt-users] RT-Users Digest, Vol 74, Issue 26

redssr at linuxmail.org redssr at linuxmail.org
Thu Jun 3 05:37:23 EDT 2010



Hello,

Is anybody going to reply me?????????????

Regards,

SSR


On Tue, Apr 20, 2010 at 04:48:47AM -0400, redssr at linuxmail.org wrote:
>  First of all  i am very very sory for the late reply.
> 
>  Appreciable Thanks for your immediate reply. According to your suggestion i
>  can't change the setting in the file as it will require to change settings in 
my
>  AD server and my seniors are not allowing to do me so.
> 
> 
>  Is there any other way to solved this issue.
>  Thanks in Advance for the same.


>  >                           'group'                 =3D>  'svn Users',
>  >                           'group_attr'            =3D>  'svn Users',


I doubt that the name of your group attribute in AD is svn Users. 


Find out the actual name of the group attribute you want to search on
and change group_attr to that


-kevin


 

 


 

 

-----Original Message-----
From: rt-users-request at lists.bestpractical.com
To: rt-users at lists.bestpractical.com
Sent: Wed, May 12, 2010 3:16 pm
Subject: RT-Users Digest, Vol 74, Issue 26


Send RT-Users mailing list submissions to
    rt-users at lists.bestpractical.com


To subscribe or unsubscribe via the World Wide Web, visit
    http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
or, via email, send a message with subject or body 'help' to
    rt-users-request at lists.bestpractical.com


You can reach the person managing the list at
    rt-users-owner at lists.bestpractical.com


When replying, please edit your Subject line so it is more specific
than "Re: Contents of RT-Users digest..."

 
Today's Topics:


   1. Re: Problems with permissions (bug?) (Ruslan Zakirov)
   2. Re: No To: Field being generated. (Ruslan Zakirov)
   3. SkipTransaction after upgrade to 3.8.8 (Wim Wittesaele)
   4. Re: Can't call method "as_string" (Kevin Falcone) (Kevin Falcone)
   5. Re: RT & mysql / LDAP Auth (Julian Grunnell)

 
    
Attached Message
    
        
            
From:
            
Ruslan Zakirov <ruz at bestpractical.com>
        
        
            
To:
            
Markus.Kummer at t-systems.com
        
        
            
Cc:
            
rt-users at lists.bestpractical.com
        
        
            
Subject:
            
Re: [rt-users] Problems with permissions (bug?)
        
        
            
Date:
            
Tue, 11 May 2010 23:17:41 +0400
        
    


On Tue, May 11, 2010 at 8:47 PM,  <Markus.Kummer at t-systems.com> wrote:
> Dear list,
>
> I'm using rt 3.8.8 and facing problems in setting up permissions for a queue.
>
> What I want is that users see the tickets they have requested in a certain 
queue only.
> So user A cannot see tickets requested by user B and vice versa.
>
> So I applied the following rights
>
> -> Configuration -> Queues -> Group rights
>
> Roles
>
> Requestor:
>
> - CommentOnTicket

Do you really want requestors to comment and see comments?

> - DeleteTicket
> - ForwardMessage
> - ModifyCustomField
> - ModifyTicket
> - OwnTicket

Requestor can own a ticket? Wierd.

> - ReplyToTicket
> - SeeCustomField
> - ShowOutgoingEmail
> - ShowTicket
> - ShowTicketComments

> - StealTicket
> - TakeTicket

This is wierd as well as OwnTicket.

> - Watch
> - WatchAsAdminCc

This is something wierd too.



>
> User defined groups
>
> 1_rt_eval
>
> - SeeQueue
> - CreateTicket
>
> 2_rt_eval
>
> - SeeQueue
> - CreateTicket
>
> This basically works, but when a user logs in he finds an empty RT at a glance 
page.
> But searching for his email address gives the expected results.
> So my only problem is that the Queue is not displayed in the Quicksearch.
> After a lot of searching in the mailing list archives I got some hints.
>
> I applied the following rights additionally:
>
> System groups
>
> Privileged:
>
> - SeeQueue
> - CreateTicket
> - ShowTicket
>
> After login the Quicksearch is populated with that queue but all tickets are 
shown.
> So I removed the ShowTicket right from Privileged (while the user is still 
logged in). After a reload of the RT at a glance page the user sees the queue in 
the quicksearch. Following the link shows the correct tickets (the ticket count 
is wrong but this doesn't matter).
>
> Everything fine so far, but when the user logs out and in again Quicksearch is 
empty again. This is fully reproducible.
>
> Do I miss something here or is this a bug?

Sounds like it, but to be sure clean all sessions in the DB.

> Thanks for any help!

-- 
Best regards, Ruslan.


 
 


 
    
Attached Message
    
        
            
From:
            
Ruslan Zakirov <ruz at bestpractical.com>
        
        
            
To:
            
Mauricio Tavares <raubvogel at gmail.com>
        
        
            
Cc:
            
rt-users at lists.bestpractical.com
        
        
            
Subject:
            
Re: [rt-users] No To: Field being generated.
        
        
            
Date:
            
Tue, 11 May 2010 23:21:09 +0400
        
    


Mauricio,

Without logs and additional info we can not help you.

On Tue, May 11, 2010 at 6:25 PM, Mauricio Tavares <raubvogel at gmail.com> wrote:
> For some reason messages/tickets sent by RT have no To: Fields, only
> Reply-To:. Why would it be doing that? Looking into SendEmail.pm,
>
> sub To {
>    my $self = shift;
>    return ($self->_AddressesFromHeader('To'));
> }
>
> it makes me think the To: field in the head object was not
> extracted/populated. Am I on the right track or just idling aimlessly?
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>




-- 
Best regards, Ruslan.


 
 


 
    
Attached Message
    
        
            
From:
            
Wim Wittesaele <wim at wittesaele.eu>
        
        
            
To:
            
rt-users at lists.bestpractical.com
        
        
            
Subject:
            
[rt-users] SkipTransaction after upgrade to 3.8.8
        
        
            
Date:
            
Tue, 11 May 2010 21:40:25 +0200 (CEST)
        
    


I'm experiencing some problems after upgrading my installation from 3.8.7 to 3.8.8. It seems that my Callbacks are not working anymore. The most important one hides all system transactions as documented here: http://wiki.bestpractical.com/view/HideTransactions/4642.

The callback is in the same ath as before: /opt/rt3/local/html/Callbacks/MyCallbacks/Ticket/Elements/ShowHistory/SkipTransaction

Unfortunatly it does'nt seem to do anything. All system messages are still visible. Is there a way to troubleshoot/test callbacks ?


Wim Wittesaele



 
 


 
    
Attached Message
    
        
            
From:
            
Kevin Falcone <falcone at bestpractical.com>
        
        
            
To:
            
rt-users at lists.bestpractical.com
        
        
            
Subject:
            
Re: [rt-users] Can't call method "as_string" (Kevin Falcone)
        
        
            
Date:
            
Tue, 11 May 2010 12:00:50 -0400
        
    


On Tue, Apr 20, 2010 at 04:48:47AM -0400, redssr at linuxmail.org wrote:
>  First of all  i am very very sory for the late reply.
> 
>  Appreciable Thanks for your immediate reply. According to your suggestion i
>  can't change the setting in the file as it will require to change settings in 
my
>  AD server and my seniors are not allowing to do me so.
> 
> 
>  Is there any other way to solved this issue.
>  Thanks in Advance for the same.


>  >                           'group'                 =3D>  'svn Users',
>  >                           'group_attr'            =3D>  'svn Users',


I doubt that the name of your group attribute in AD is svn Users. 


Find out the actual name of the group attribute you want to search on
and change group_attr to that


-kevin

 
 


 
    
Attached Message
    
        
            
From:
            
Julian Grunnell <Julian.Grunnell at webfusion.com>
        
        
            
To:
            
rt-users at lists.bestpractical.com
        
        
            
Subject:
            
Re: [rt-users] RT & mysql / LDAP Auth
        
        
            
Date:
            
Wed, 12 May 2010 10:38:42 +0100
        
    


>-----Original Message-----
>From: Mike Peachey [mailto:mike.peachey at jennic.com]
>Sent: 10 May 2010 12:54
>To: Julian Grunnell
>Cc: rt-users at lists.bestpractical.com
>Subject: Re: [rt-users] RT & mysql / LDAP Auth
>
>Julian Grunnell wrote:
>> Hi - hoping someone can help me, I'm trying to get the
>> RT::Authen::ExternalAuth plugin to work so I can use LDAP for
>> authentication. Just using mysql at the moment, so want to keep this
>as
>> well. Running RT 3.8.5 on Centos, I'd like mysql auth first and then
>> LDAP next. I've managed to configure this without any errors and my
>> mysql authentication still works after a httpd restart. However LDAP
>> auth never works, I'm not that familiar with LDAP so am hoping if I
>> provide my config and rt.log below someone might be able to point me
>in
>> the right direction:
>
>Looks like the whole thing is dying during the MySQL check.
>
>1. Provide the whole config
>2. Are you sure you're supposed to be using ExternalAuth for MySQL
auth?
>Are you actually using it to check against an external MySQL source, or
>are you trying to use MySQL to check RT's own database?
>
[>] 

The whole config is:

##
## Local settings - overrides RT_Config.pm
##

Set($WebBaseURL, "https://xxx.xxx.xxx");
Set($rtname, 'xxx');
Set($Organization , "xxx");
Set($MinimumPasswordLength , "8");
Set($OwnerEmail , 'julian at xxx.xxx');
Set($SMTPFrom, 'support at xxx.xxx');
Set($Timezone , 'GB/London');
Set($UsernameFormat, 'concise');
Set($OldestTransactionsFirst, '0');
Set($SenderMustExistInExternalDatabase);
Set($LogToSyslog    , 'debug');
Set($UseFriendlyFromLine, 0);
Set($WebDomain, 'xxx.xxx.xxx');
Set($WebDefaultStylesheet, '3.5-default');
Set($WebPort, 443);
Set($MaxInlineBody, 148000);



## Display Webfusion logo / link
##
Set($WebImagesURL , $WebPath . "/NoAuth/images/");  # need this for
below
Set($LogoURL, $WebImagesURL . "xxx-logo.png");
Set($LogoLinkURL, 'http://xxx.xxx.xxx');
Set($LogoImageURL, $WebImagesURL . "xxx.xxx.png");
Set($LogoAltText, "xxx");



# {{{ Logging

Set($LogToSyslog    ,'critical');
Set($LogToScreen    , 'error');
Set($LogToFile      , 'debug');
Set($LogDir, '/opt/rt3/var/log/rt3');
Set($LogToFileNamed , "rt.log");    #log to rt.log



#Set(@Plugins,(qw(RT::Extension::SLA)));
#Set( %ServiceAgreements,
#        Default => '4h',
#        QueueDefault => {
#            'General' => '4h',
#        },
#        Levels => {
#            '2h' => {
#                       StartImmediately => 1,
#                       Resolve => { RealMinutes => 60*2 } },
#            '4h' => {
#                       StartImmediately => 1,
#                       Resolve => { RealMinutes => 60*4 } },
#        },
#    );



#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));



## MySQL / LDAP Configuration
#
# The order in which the services defined in ExternalSettings
# should be used to authenticate users. User is authenticated
# if successfully confirmed by any service - no more services
# are checked.
Set($ExternalAuthPriority,  [   'My_MySQL',
                                'My_LDAP'
                            ]
);

# The order in which the services defined in ExternalSettings
# should be used to get information about users. This includes
# RealName, Tel numbers etc, but also whether or not the user
# should be considered disabled.
#
# Once user info is found, no more services are checked.
#
# You CANNOT use a SSO cookie for authentication.
Set($ExternalInfoPriority,  [   'My_MySQL',
                                'My_LDAP'
                            ]
);

# If this is set to true, then the relevant packages will
# be loaded to use SSL/TLS connections. At the moment,
# this just means "use Net::SSLeay;"
Set($ExternalServiceUsesSSLorTLS,    0);

# If this is set to 1, then users should be autocreated by RT
# as internal users if they fail to authenticate from an
# external service.
Set($AutoCreateNonExternalUsers,    0);

# These are the full settings for each external service as a
HashOfHashes
# Note that you may have as many external services as you wish. They
will
# be checked in the order specified in the Priority directives above.
# e.g.
#
Set(ExternalAuthPriority,['My_LDAP','My_MySQL','My_Oracle','SecondaryLDA
P','Other-DB']);
#
Set($ExternalSettings,      {   # AN EXAMPLE DB SERVICE
                                'My_MySQL'   =>  {      ## GENERIC
SECTION
                                                        # The type of
service (db/ldap/cookie)
                                                        'type'
=>  'db',
                                                        # The server
hosting the service
                                                        'server'
=>  'resolver-db.xxx.com',
                                                        ##
SERVICE-SPECIFIC SECTION
                                                        # The database
name
                                                        'database'
=>  'rt3',
                                                        # The database
table
                                                        'table'
=>  'Users',
                                                        # The user to
connect to the database as
                                                        'user'
=>  'root',
                                                        # The password
to use to connect with
                                                        'pass'
=>  'xxx',
                                                        # The port to
use to connect with (e.g. 3306)
                                                        'port'
=>  '3306',
                                                        # The name of
the Perl DBI driver to use (e.g. mysql)
                                                        'dbi_driver'
=>  'mysql',
                                                        # The field in
the table that holds usernames
                                                        'u_field'
=>  'Name',
                                                        # The field in
the table that holds passwords
                                                        'p_field'
=>  'Password',
                                                        # The Perl
package & subroutine used to encrypt passwords
                                                        # e.g. if the
passwords are stored using the MySQL v3.23 "PASSWORD"
                                                        # function, then
you will need Crypt::MySQL::password, but for the
                                                        # MySQL4+
password function you will need Crypt::MySQL::password41
                                                        # Alternatively,
you could use Digest::MD5::md5_hex or any other
                                                        # encryption
subroutine you can load in your perl installation
                                                        'p_enc_pkg'
=>  'Crypt::MySQL',
                                                        'p_enc_sub'
=>  'password41',
                                                        # If your
p_enc_sub takes a salt as a second parameter,
                                                        # uncomment this
line to add your salt
                                                        #'p_salt'
=>  'SALT',
                                                        #
                                                        # The field and
values in the table that determines if a user should
                                                        # be disabled.
For example, if the field is 'user_status' and the values
                                                        # are
['0','1','2','disabled'] then the user will be disabled if their
                                                        # user_status is
set to '0','1','2' or the string 'disabled'.
                                                        # Otherwise,
they will be considered enabled.
                                                       # 'd_field'
=>  'disabled',
                                                       # 'd_values'
=>  ['0'],
                                                        ## RT ATTRIBUTE
MATCHING SECTION
                                                        # The list of RT
attributes that uniquely identify a user
 
'attr_match_list'           =>  [   'Gecos',
 
'Name'
 
],
                                                        # The mapping of
RT attributes on to field names
                                                        'attr_map'
=>  {   'Name' => 'username',
 
'EmailAddress' => 'email',
 
'ExternalAuthId' => 'username',
 
'Gecos' => 'userID'
 
}
                                                    },
                                # AN EXAMPLE LDAP SERVICE
                                'My_LDAP'       =>  {   ## GENERIC
SECTION
                                                        # The type of
service (db/ldap/cookie)
                                                        'type'
=>  'ldap',
                                                        # The server
hosting the service
                                                        'server'
=>  '172.17.2.1',
                                                        ##
SERVICE-SPECIFIC SECTION
                                                        # If you can
bind to your LDAP server anonymously you should
                                                        # remove the
user and pass config lines, otherwise specify them here:
                                                        #
                                                        # The username
RT should use to connect to the LDAP server
                                                        'user'
=>  'ldap-rt',
                                                        # The password
RT should use to connect to the LDAP server
                                                        'pass'
=>  'xxx',
                                                        #
                                                        # The LDAP
search base
                                                        'base'
=>  'ou=hosting,ou=corp,dc=internal,dc=hosteurope,dc=com',
                                                        #
                                                        # ALL FILTERS
MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES!
                                                        # YOU **MUST**
SPECIFY A filter AND A d_filter!!
                                                        #
                                                        # The filter to
use to match RT-Users
                                                        'filter'
=>  '(objectClass=User)',
                                                        # A catch-all
example filter: '(objectClass=*)'
                                                        #
                                                        # The filter
that will only match disabled users
                                                        'd_filter'
=>  '(objectClass=FooBarBaz)',
                                                        # A catch-none
example d_filter: '(objectClass=FooBarBaz)'
                                                        #
                                                        # Should we try
to use TLS to encrypt connections?
                                                        'tls'
=>  0,
                                                        # SSL Version to
provide to Net::SSLeay *if* using SSL
                                                        'ssl_version'
=>  3,
                                                        # What other
args should I pass to Net::LDAP->new($host, at args)?
                                                        'net_ldap_args'
=> [    version =>  3   ],
                                                        # Does
authentication depend on group membership? What group name?
                                                        'group'
=>  'GROUP_NAME',
                                                        # What is the
attribute for the group object that determines membership?
                                                        'group_attr'
=>  'GROUP_ATTR',
                                                        ## RT ATTRIBUTE
MATCHING SECTION
                                                        # The list of RT
attributes that uniquely identify a user
                                                        # This example
shows what you *can* specify.. I recommend reducing this
                                                        # to just the
Name and EmailAddress to save encountering problems later.
 
'attr_match_list'           => [    'Name',
 
'EmailAddress',
 
'RealName',
 
'WorkPhone',
 
'Address2'
 
],
                                                        # The mapping of
RT attributes on to LDAP attributes
                                                        'attr_map'
=>  {   'Name' => 'sAMAccountName',
 
'EmailAddress' => 'mail',
 
'Organization' => 'physicalDeliveryOfficeName',
 
'RealName' => 'cn',
 
'ExternalAuthId' => 'sAMAccountName',
 
'Gecos' => 'sAMAccountName',
 
'WorkPhone' => 'telephoneNumber',
 
'Address1' => 'streetAddress',
 
'City' => 'l',
 
'State' => 'st',
 
'Zip' => 'postalCode',
 
'Country' => 'co'
 
}
                                                    }
                                }
);

Set( @Plugins, qw(RT::Authen::ExternalAuth) );

1;



So at present users are just authenticating against RT's own DB for user
access. What I'd like to do is keep this but also have LDAP. The reason
being users now have multiple usernames / passwords for different
services we run and I want to use LDAP as a way to simplify this - BUT
in order for this to be done I also need to be able to keep the MySQL
access for now and not break RT for all the users.

The RT DB is on a different physical server and the fact that after I
restarted httpd with the config above and could still login with my
usual (mysql) credentials assumed that atleast part of it was working -
is this not the case?

Thanks.




 
 
_______________________________________________
RT-Users mailing list
RT-Users at lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100603/8780543a/attachment.htm>


More information about the rt-users mailing list