[rt-users] Automatically Set "Let this user be granted rights"

Chris Ditri Cditri at experi-metal.com
Mon Apr 7 15:13:44 EDT 2014


HI again,

OK... I found this
https://docs.bullardisd.net/public/helpdesk/rt.html

Which isn't a help per se, but it did give me an idea.  When a user that was imported from ldapimport tries to login, the login fails, and the logs say "Couldn't create user xyz: email address in use".  So, I wiped the email address from the imported user - and suddenly, the user can login.... Or so I thought.  Instead, what is happening is that it is creating a second user with the same name!  And, we have come full circle, because the 2nd instance of the user is not privileged.

So, I have a whole slew of accounts now imported from ldap/Active Directory, and they are now only debris in my way.  I'm really wondering if running that script in the first place was the way to go.... Because even though everyone on the network now has a user, they system seems to insist upon creating them a new account.  All the accounts seem to have imported - but they are not useable.

Is there something I need to turn off in RT that says "Stop making new accounts when one already exists" or something?  What can I do to fix this?  Can I/should I delete all the imported accounts?

Thanks.

-Chris


From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Chris Ditri
Sent: Friday, April 04, 2014 9:49 AM
To: Jon Witts
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Automatically Set "Let this user be granted rights"

Hello again,

I'm afraid I'm experiencing a problem now.  The import worked, and I have everyone with an account showing up in RT, and the "Let this user be granted right" checkbox is checked as it should...

BUT

Now I'm finding that any account imported does not work - that is, they cannot log in.  In the log files I see this line:

"[Fri Apr  4 13:21:07 2014] [error]: Couldn't create user jjjameson: Email address in use (/usr/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:237)"

So all the users are they, but they cannot log in.  Curiously, the few users I used as a test account for external auth do work, but anyone who was imported, and has never logged in prior to the import, cannot log in.

What can I do to address this?

Thanks.

-Chris









From: Jon Witts [mailto:jwitts at queenmargarets.com]
Sent: Wednesday, March 26, 2014 4:43 AM
To: Chris Ditri
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"

Good to hear Chris.

Jon

-----------------------------------------------------

Jon Witts
Director of Digital Strategy
Queen Margaret's School
Escrick Park
York YO19 6EU

Telephone: 01904 727600
Fax: 01904 728150

Website: www.queenmargarets.com<http://www.queenmargarets.com/>

From: Chris Ditri [mailto:Cditri at experi-metal.com]
Sent: 24 March 2014 21:25
To: Jon Witts
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"

Thanks Jon,  this works for me.










From: Jon Witts [mailto:jwitts at queenmargarets.com]
Sent: Wednesday, March 19, 2014 7:42 PM
To: Chris Ditri
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"

Try looking at the LDAP Import plugin http://search.cpan.org/~tsibley/RT-Extension-LDAPImport-0.33/lib/RT/Extension/LDAPImport.pm it will let set imported users as privileged as well as adding them to a group of their own.

Jon

Sent from my Android phone using TouchDown (www.nitrodesk.com<http://www.nitrodesk.com>)

-----Original Message-----
From: Chris Ditri [Cditri at experi-metal.com]
Received: Wednesday, 19 Mar 2014, 23:19
To: rt-users at lists.bestpractical.com<mailto:rt-users at lists.bestpractical.com> [rt-users at lists.bestpractical.com]
Subject: [rt-users] Automatically Set "Let this user be granted rights"
Hello,

I am using RT 4.0.2, which is stable in Debian Squeeze.

I have external auth set to authenticate against AD.  The problem I'm running into is that people who are logging in with AD accounts do not have the "Let this user be granted rights" box automatically checked, and therefore, they are not getting the permissions that I have set to the everyone group.

I have set up the everyone group as per the docs so that they should be able create tickets and to search for tickets for which they are the requestor.  As it stands right now, AD users login, and they cannot do either (can't do anything, really).

In order to check this box, an AD user must first login. We have many end-users working 24/7 on 5 different shifts, there is no way to coordinate this, so I really need the system to just allow an AD user to inherit the permissions of the everyone group upon first login.

How can this be achieved?

Thank you.

-Chris

Christopher Ditri
Manager, Information Systems
Experi-Metal Inc.
6385 Wall Street
Sterling Heights, MI 48312
Phone: (586) 977-7800
Fax: (586) 977-6981
www.experi-metal.com<http://www.experi-metal.com/>

[cid:image001.png at 01CF5273.86CEF320]<http://www.experi-metal.com/>


Connnect with Us!  [cid:image002.png at 01CF5273.86CEF320] <http://www.twitter.com/experimetalinc>   [cid:image003.png at 01CF5273.86CEF320] <http://www.facebook.com/pages/Experi-Metal-INC/150560074972339?v=app_4949752878#!/pages/Experi-Metal-INC/150560074972339?v=wall>   [cid:image004.png at 01CF5273.86CEF320] <http://www.linkedin.com/companies/73915>












________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.

WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.

Thank you very much for your cooperation.


This email has been processed by Smoothwall Anti-Spam - www.smoothwall.net<http://www.smoothwall.net/>

________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.

WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.

Thank you very much for your cooperation.


This email has been processed by Smoothwall Anti-Spam - www.smoothwall.net<http://www.smoothwall.net/>

________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.

WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.

Thank you very much for your cooperation.

________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.

WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.

Thank you very much for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/01f33f5e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18167 bytes
Desc: image001.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/01f33f5e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 981 bytes
Desc: image002.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/01f33f5e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1225 bytes
Desc: image003.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/01f33f5e/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1232 bytes
Desc: image004.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/01f33f5e/attachment-0003.png>


More information about the rt-users mailing list