[rt-users] Problems with new users
Scott Pestana
scott.pestana at linguamatics.com
Tue Feb 14 15:22:49 EST 2012
Kevin,
Comments inline:
On 2/13/2012 12:06 PM, Kevin Falcone wrote:
> On Fri, Feb 10, 2012 at 03:45:25PM -0500, Scott Pestana wrote:
>> For example: one user can send in emails to the RT queue and
>> proceed normally. However if he tries to log in to the web version,
>> the RT system treats him like is associated with a different queue
>> than the rest of our users. When he tried to create a ticket
>> through the web RT would create the ticket in this wrong queue, and
>> he immediately got an error that he did not have permissions to view
>> his ticket.
> It'd be useful to see some sort of screenshot of what he's seeing.
When logged in he got the RT at a glance page, with an empty queue
in the upper right hand corner next to "new ticket", and all the
sections (10 highest priority tickets I own, 10 newest unowned tickets,
bookmarked tickets, quick ticket creation, my reminders, quick search,
dashboards, refresh) all load up / display normally, but without any
content.
>> RT creates an internal user for him, unlike the rest of our
>> employees who don't show up in the user list because they exist in
>> the configured LDAP. I disabled the (discontinued) queue, and
> As a heads up, RT *always* create an internal user, even for users
> pulled from LDAP.
>
> There is no password stored, but RT must have an internal user account,
> otherwise the user can't be associated with tickets.
Noted, I had seen them by directly querying the SQL tables I'm just
a bit confused by why they don't show up under the Privileged Users
display.
>> edited the user created form him to disassociate it from him
>> (rename, re-email, etc), and then had him try to log in again.
>> Again, RT created a user with his name/credentials in its own SQL
>> database instead of querying LDAP, and associated his user with the
>> now disabled queue. He can no longer create tickets because the
>> queue is disabled, and I can't figure out how to alter his account
>> to associate him with the proper queue.
> As I mentioned on your other mail, debug level logs of what happens on
> login are much more likely to show us what is going on than
> descriptions of the problem.
>
> I'll also note that your ExternalAuth config didn't allow for LDAP
> auth, so I'm not sure what password your users are using.
>
> -kevin
Here are debug level logs of our little misadventure. ilewin is
the new employee. I'm wondering now if the users have been imported into
the internal RT database by an export / import, and now new users
(employees) aren't pre-loaded into the DB. The way we're doing this, is
there an option I could change to allow LDAP auth? I heard some back
and forth from the admin who set up this instance that there was so
incompatibility with ExternalAuth & LDAP auth.
[Tue Jan 24 17:47:48 2012] [debug]: Attempting to use external auth
service: Lingua_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Jan 24 17:47:48 2012] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Tue Jan 24 17:47:48 2012] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Tue Jan 24 17:48:08 2012] [error]: WebRT: Queue could not be loaded.
(/opt/rt4/share/html/Elements/Error:82)
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24282 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24283 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24284 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24285 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24286 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:16 2012] [debug]: About to think about scrips for
transaction #24287 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:28 2012] [debug]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by
RT::Authen::ExternalAuth
/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E
xternalAuth.pm 553 with: Disabled: 0, EmailAddress: , Gecos: ilewin,
Name: ilewin, Privileged: 1
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:450)
[Tue Jan 24 17:49:28 2012] [debug]: Attempting to get user info using
this external service: Lingua_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.
pm:458)
[Tue Jan 24 17:49:28 2012] [debug]: Attempting to use this
canonicalization key: EmailAddress
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:472)
[Tue Jan 24 17:49:28 2012] [debug]: LDAP Search === Base:
ou=users,dc=linguamatics,dc=com == Filter:
(&(|(objectClass=posixAccount)(objectClass=account))) == Attrs:
cn,mail,uid,g
ecos,uid
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Tue Jan 24 17:49:28 2012] [info]:
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: 0,
EmailAddress: , Gecos: ilewin, Name: ilewin, Privileged: 1
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:536)
[Tue Jan 24 17:49:28 2012] [debug]: About to think about scrips for
transaction #24288 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:28 2012] [debug]: About to think about scrips for
transaction #24289 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:28 2012] [debug]: About to think about scrips for
transaction #24290 (/opt/rt4/sbin/../lib/RT/Transaction.pm:173)
[Tue Jan 24 17:49:52 2012] [debug]: Attempting to use external auth
service: Lingua_LDAP
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Jan 24 17:49:52 2012] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Tue Jan 24 17:49:52 2012] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
[Tue Jan 24 17:50:07 2012] [error]: WebRT: Queue could not be loaded.
(/opt/rt4/share/html/Elements/Error:82)
>
>
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston --- March 5& 6, 2012
--
N. Scott Pestana
IT Infrastructure
Linguamatics
275 Grove Street, Suite 2-400
Newton, MA 02466
Tel: +1-774-571-7135
US Tel: +1-617-674-3256
UK Tel: 011-44-1223-421360
UK Fax: 011-44-1223-421361
Web: www.linguamatics.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120214/6cc3c7bc/attachment.htm>
More information about the rt-users
mailing list