[rt-users] Is a time zone user preference available?

Eli Guzman eguzman at cvimellesgriot.com
Thu Apr 28 16:10:20 EDT 2011


Hey Ruslan,

I actually was able to get the time zone to switch properly for users, I had to install the following two packages:

- Bundle::Apache2
- Apache2::Reload

I also made the following change to /etc/httpd/conf/httpd.conf:

PerlOptions +GlobalRequest

Once the httpd service was restarted I was immediately able to see the change - so thanks for the suggestions they certainly helped.

I have one more issue, I am working on and this is enabling the full SSO (auto-login) function of RT::Authen::LDAP, but I keep running into some issues. AD users are able to authenticated against AD, but the RT interface won't automatically log them in. I think my RT_SiteConfig.pm (the one located at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:


less /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
   Set($ExternalAuthPriority,           [ 'My_LDAP' ] );
   Set($ExternalInfoPriority,           [ 'My_LDAP' ] );
   Set($ExternalServiceUsesSSLorTLS,    0);
   Set($AutoCreateNonExternalUsers,     0);

   Set($ExternalSettings,      {
                        'My_LDAP'               =>  {

                        'type'                  =>  'ldap',
                        'server'                =>  'IP-OF-SERVER',
                        'user'                  =>  'cvi-mg\ldap',  #'cn=ldap,cn=Services,dc=domain,dc=com', <--nw
                        'pass'                  =>  'userpassword',
                        'base'                  =>  'dc=domain,dc=com',

                        'filter'                =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
                        'd_filter'              =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',

                        'tls'                   =>  0,
   #                    'ssl_version'           =>  3,

                        'net_ldap_args'         => [    version =>  3           ],
                        'group'                 =>  'cn=RTUsers,ou=Services,dc=cvi-mg,dc=com',
                        'group_attr'            =>  'member',

                        'attr_match_list'       => [   'Name', 'EmailAddress'   ],
                        'attr_map'              => {   'Name' => 'sAMAccountName',
                                                       'EmailAddress' => 'mail',
                                                       'Organization' => 'physicalDeliveryOfficeName',
                                                       'RealName' => 'cn',
                                                       'ExternalAuthId' => 'sAMAccountName',
                                                       'Gecos' => 'sAMAccountName',
                                                       'WorkPhone' => 'telephoneNumber',
                                                       'Address1' => 'streetAddress',
                                                       'City' => 'l',
                                                       'State' => 'st',
                                                       'Zip' => 'postalCode',
                                                       'Country' => 'co'
                                                   }
                                                   }
                               }
   );

   1;


However, when a user who is part of the 'RTUsersGroup' within AD attempts to load the main RT page via any browser the following message gets generated by rt.log:

[Tue Apr 26 22:38:24 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User)  (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Tue Apr 26 22:38:24 2011] [debug]: Attempting to use external auth service: My_LDAP  (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Apr 26 22:38:24 2011] [debug]: SSO Failed and no user to test with. Nexting  (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Tue Apr 26 22:38:24 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User)  (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)

I have looked at the files mentioned above (ExternalAuth.pm, Doauth.pm, etc, etc) and have not been able to pinpoint the problem. My guess is that the credentials are either not being passed from LDAP to RT via the SSO check mentioned in this file '/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm' starting in line 71:


     71         #############################################################
     72         ####################### SSO Check ###########################
     73         #############################################################
     74         if ($config->{'type'} eq 'cookie') {
     75             # Currently, Cookie authentication is our only SSO method
     76             $username = RT::Authen::ExternalAuth::DBI::GetCookieAuth($config);
     77         }
     78         #############################################################
     79
     80         # If $username is defined, we have a good SSO $username and can
     81         # safely bypass the password checking later on; primarily because
     82         # it's VERY unlikely we even have a password to check if an SSO succeeded.
     83         $pass_bypass = 0;
     84         if(defined($username)) {
     85             $RT::Logger->debug("Pass not going to be checked, attempting SSO");
     86             $pass_bypass = 1;
     87         } else {
     88
     89             # SSO failed and no $user was passed for a login attempt
     90             # We only don't return here because the next iteration could be an SSO attempt
     91             unless(defined($given_user)) {
     92                 $RT::Logger->debug("SSO Failed and no user to test with. Nexting");
     93                 next;
     94             }
     95
     96             # We don't have an SSO login, so we will be using the credentials given
     97             # on RT's login page to do our authentication.
     98             $username = $given_user;

So here is where it gets a bit dicey for me, I am not entirely certain if the value for the $username variable (line 76) is being properly passed by our AD server and fails the SSO check (line 92), and then immediately jumps to line 98 to wait for the authentication to be manually entered (this part works if credentials are entered manually, LDAP authentication goes through normally). 

So my question is why is it nexting (as per the rt.log), and not picking up the user name from the operating environment (just as an FYI most of our users are on Windows XP, 7 clients, running IE8 and Mozilla Firefox 3.6+), and automatically picking up on the credentials for the user. 

My guess is that I have something probably not set correctly within the RT_SiteCOnfig.pm (for RT::Authen::LDAP), or the issue could be a missing Perl component (probably not being called from httpd.conf) I have not thought of as of yet. But as I said this are just initial guesses - any input anyone can offer would be great.

Thanks,
Eli


-----Original Message-----
From: ruslan.zakirov at gmail.com [mailto:ruslan.zakirov at gmail.com] On Behalf Of Ruslan Zakirov
Sent: Thursday, April 21, 2011 8:51 PM
To: Eli Guzman
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

Hello,

Look into logs for additional info about blank page.

You have several options:

* switch over fcgi
* figure out why modperl handler doesn't work
* find/write patch for RT that uses Env::C in Date.pm

On Fri, Apr 22, 2011 at 4:27 AM, Eli Guzman <eguzman at cvimellesgriot.com> wrote:
> ----Original Message----
> From: rt-users-bounces at lists.bestpractical.com
> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Eli 
> Guzman Sent: Wednesday, April 20, 2011 9:10 PM To: Ruslan Zakirov
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Is a time zone user preference available?
>
>> ----Original Message----
>> From: ruslan.zakirov at gmail.com [mailto:ruslan.zakirov at gmail.com] On 
>> Behalf Of Ruslan Zakirov Sent: Wednesday, April 20, 2011 7:43 PM To:
>> Eli Guzman
>> Cc: rt-users at lists.bestpractical.com
>> Subject: Re: [rt-users] Is a time zone user preference available?
>>
>>> Hello,
>>>
>>> Do you use mod_perl? Try "SetHandler modperl" instead of "SetHandler 
>>> perl-script" in apache's config. Don't forget to stop/start the 
>>> server.
>>>
>>> On Thu, Apr 21, 2011 at 12:14 AM, Eli Guzman 
>>> <eguzman at cvimellesgriot.com> wrote:
>>>> ----Original Message----
>>>> From: rt-users-bounces at lists.bestpractical.com
>>>> [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of 
>>>> Kevin Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
>>>> rt-users at lists.bestpractical.com Subject: Re: [rt-users] Is a time 
>>>> zone user preference available?
>>>>
>>>>> On Wed, Apr 20, 2011 at 01:25:41PM -0600, Eli Guzman wrote:
>>>>>>>> There's no need for elaborate schemes. Timezone, along with 
>>>>>>>> language, is on the user About Me page.
>>>>>>>>
>>>>>>>> Thomas
>>>>>>>
>>>>>>> Hey Thomas,
>>>>>>>
>>>>>>> Thanks a bunch, somehow I missed that ;).
>>>>>>>
>>>>>>> Eli
>>>>>>
>>>>>> Not sure how common this issue is, but I have changed the 'About 
>>>>>> Me' timezone preferences, however the change isn't reflected on 
>>>>>> the interface. See images below:
>>>>>>
>>>>>> http://min.us/mDnN4uxnfqIBg#1
>>>>>
>>>>> You've neglected to say:
>>>>>
>>>>> What you set it to in About Me.
>>>>> What time you expect to see.
>>>>>
>>>>> I see something roughly 2 hours behind the current time, so assume 
>>>>> it is showing in Mountain time
>>>>>
>>>>> -kevin
>>>>>
>>>>>> I had the $Timezone variable in RT_SiteConfig.pm set to the
>>>>>> following: Set($Timezone , 'US/Mountain'); but I commented this 
>>>>>> out (restarted httpd services)to see if there was any change to 
>>>>>> the interface, but nothing so far. Time is being synched via 
>>>>>> NTPD/system clock is not currently set to UTC/and system TZ is 
>>>>>> set to Denver TZ (-0700 GMT). Could I be missing something 
>>>>>> obvious here?
>>>>>>
>>>>>> Thanks for any insights!
>>>>>>
>>>>>> Regards,
>>>>>> Eli
>>>>
>>>> Hey Kevin,
>>>>
>>>> Yes you are correct, it is showing that it is currently set 
>>>> Mountain TZ (which was what the RT_SiteConfig was set to), and I 
>>>> went ahead and changed the preference under the about me section to 
>>>> 'Europe/London +0100', but for some reason the change has not taken 
>>>> effect.
>>>>
>>>> Just not sure as to why, could this perhaps be related to the 
>>>> database itself? Currently MySQL should be getting TZ data from the 
>>>> OS itself, but I believe I can hard-set it in the my.ini file, not 
>>>> sure if this is the preferred method for RT/or to be honest if it 
>>>> should matter if the DB should be set to a specific TZ.
>>>>
>>>> Regards,
>>>> Eli
>>
>> Hey Ruslan,
>>
>> I can give that a try and let you know if it fixes the issue; thanks 
>> for the input.
>>
>> Regards,
>> Eli
>
> Hey Ruslan,
>
> I have mod_perl installed on the system:
>
> [root at xxx ~]# yum list mod_perl
> Loaded plugins: rhnplugin, security
> Installed Packages
> mod_perl.x86_64                             2.0.4-6.el5 installed
>
> However I was not using it directly with RT3, here is my
> /etc/httpd/conf.d/rt3.conf:
>
> Alias /ticket "/opt/rt3/share/html"
>
> PerlRequire /opt/rt3/bin/webmux.pl
>
> <Directory "/opt/rt3/share/html">
>  AllowOverride All
>  Options ExecCGI FollowSymLinks
>
>  RewriteEngine On
>  RedirectMatch permanent (.*)/$ $1/index.html
>  AddDefaultCharset UTF-8
>  SetHandler perl-script
>  #SetHandler modperl <-- Interface did not load -- just a blank screen
>  PerlHandler RT::Mason
>
> At first I tried reloading apache with the 'SetHandler modperl' line 
> but this caused RT3 not to load (just a blank screen) so as you can 
> see I commented out the line, and reloaded httpd services, the RT app 
> was returned to normal at that point.
>
> So I am guessing that the RPM version I have installed of mod_perl is 
> not compatible with RT3, so this leaves me with being able to use 
> perl-script handler.
>
> I did change the system time to just use UTC:
>
> [root at xxx ~]# date
> Fri Apr 22 00:10:12 UTC 2011
>
> I reloaded MySQL services and this forced the database to use UTC 
> instead of MDT:
>
> mysql> select distinct @@system_time_zone from user;
> +--------------------+
> | @@system_time_zone |
> +--------------------+
> | UTC                |
> +--------------------+
> 1 row in set (0.00 sec)
>
> Now the database shows the time as UTC, and so do tickets on the RT 
> interface as well. However, I am still unable to change to different 
> timezones for any user.
>
> Could this be an inconsistency of using "SetHandler perl-script" 
> rather than 'mod_perl' in my RT3 specific Apache configuration? And if 
> this is the case, since I am unable to use the RPM version of 
> mod_perl; should I just build mod_perl from source and see if this corrects the problem?
> Could something be missing from my main Apache configuration (meaning 
> /etc/httpd/conf/httpd.conf)? At the moment I am still somewhat stumped 
> on this one, if anyone has any other input I would appreciate it.
>
> Best Regards,
> Eli
>
>
>
>
>



--
Best regards, Ruslan.



More information about the rt-users mailing list