[rt-users] Automatically Set "Let this user be granted rights"
Jon Witts
jwitts at queenmargarets.com
Mon Apr 7 15:34:47 EDT 2014
Can you post your config for LDAPImport and for externalauth as this should not be happening; at least it does not happen with my install?
Obviously remove your passwords etc...
Jon
________________________________
Director of Digital Strategy
Queen Margaret's School
01904 727600
http://www.queenmargarets.com
________________________________
From: Chris Ditri [Cditri at experi-metal.com]
Sent: 07 April 2014 8:13 PM
To: Chris Ditri; Jon Witts
Cc: rt-users at lists.bestpractical.com
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"
HI again,
OK… I found this
https://docs.bullardisd.net/public/helpdesk/rt.html
Which isn’t a help per se, but it did give me an idea. When a user that was imported from ldapimport tries to login, the login fails, and the logs say “Couldn’t create user xyz: email address in use”. So, I wiped the email address from the imported user – and suddenly, the user can login…. Or so I thought. Instead, what is happening is that it is creating a second user with the same name! And, we have come full circle, because the 2nd instance of the user is not privileged.
So, I have a whole slew of accounts now imported from ldap/Active Directory, and they are now only debris in my way. I’m really wondering if running that script in the first place was the way to go…. Because even though everyone on the network now has a user, they system seems to insist upon creating them a new account. All the accounts seem to have imported – but they are not useable.
Is there something I need to turn off in RT that says “Stop making new accounts when one already exists” or something? What can I do to fix this? Can I/should I delete all the imported accounts?
Thanks.
-Chris
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Chris Ditri
Sent: Friday, April 04, 2014 9:49 AM
To: Jon Witts
Cc: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Automatically Set "Let this user be granted rights"
Hello again,
I’m afraid I’m experiencing a problem now. The import worked, and I have everyone with an account showing up in RT, and the “Let this user be granted right” checkbox is checked as it should…
BUT
Now I’m finding that any account imported does not work – that is, they cannot log in. In the log files I see this line:
“[Fri Apr 4 13:21:07 2014] [error]: Couldn't create user jjjameson: Email address in use (/usr/share/request-tracker4/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:237)”
So all the users are they, but they cannot log in. Curiously, the few users I used as a test account for external auth do work, but anyone who was imported, and has never logged in prior to the import, cannot log in.
What can I do to address this?
Thanks.
-Chris
From: Jon Witts [mailto:jwitts at queenmargarets.com]
Sent: Wednesday, March 26, 2014 4:43 AM
To: Chris Ditri
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"
Good to hear Chris.
Jon
-----------------------------------------------------
Jon Witts
Director of Digital Strategy
Queen Margaret's School
Escrick Park
York YO19 6EU
Telephone: 01904 727600
Fax: 01904 728150
Website: www.queenmargarets.com<http://www.queenmargarets.com/>
From: Chris Ditri [mailto:Cditri at experi-metal.com]
Sent: 24 March 2014 21:25
To: Jon Witts
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"
Thanks Jon, this works for me.
From: Jon Witts [mailto:jwitts at queenmargarets.com]
Sent: Wednesday, March 19, 2014 7:42 PM
To: Chris Ditri
Subject: RE: [rt-users] Automatically Set "Let this user be granted rights"
Try looking at the LDAP Import plugin http://search.cpan.org/~tsibley/RT-Extension-LDAPImport-0.33/lib/RT/Extension/LDAPImport.pm it will let set imported users as privileged as well as adding them to a group of their own.
Jon
Sent from my Android phone using TouchDown (www.nitrodesk.com<http://www.nitrodesk.com>)
-----Original Message-----
From: Chris Ditri [Cditri at experi-metal.com]
Received: Wednesday, 19 Mar 2014, 23:19
To: rt-users at lists.bestpractical.com<mailto:rt-users at lists.bestpractical.com> [rt-users at lists.bestpractical.com]
Subject: [rt-users] Automatically Set "Let this user be granted rights"
Hello,
I am using RT 4.0.2, which is stable in Debian Squeeze.
I have external auth set to authenticate against AD. The problem I’m running into is that people who are logging in with AD accounts do not have the “Let this user be granted rights” box automatically checked, and therefore, they are not getting the permissions that I have set to the everyone group.
I have set up the everyone group as per the docs so that they should be able create tickets and to search for tickets for which they are the requestor. As it stands right now, AD users login, and they cannot do either (can’t do anything, really).
In order to check this box, an AD user must first login. We have many end-users working 24/7 on 5 different shifts, there is no way to coordinate this, so I really need the system to just allow an AD user to inherit the permissions of the everyone group upon first login.
How can this be achieved?
Thank you.
-Chris
Christopher Ditri
Manager, Information Systems
Experi-Metal Inc.
6385 Wall Street
Sterling Heights, MI 48312
Phone: (586) 977-7800
Fax: (586) 977-6981
www.experi-metal.com<http://www.experi-metal.com/>
[cid:image001.png at 01CB5F05.02F97850]<http://www.experi-metal.com/>
Connnect with Us! [cid:image002.png at 01CB6C41.F5E3C450] <http://www.twitter.com/experimetalinc> [cid:image009.png at 01CB5F04.51EAEE90] <http://www.facebook.com/pages/Experi-Metal-INC/150560074972339?v=app_4949752878#!/pages/Experi-Metal-INC/150560074972339?v=wall> [cid:image010.png at 01CB5F04.51EAEE90] <http://www.linkedin.com/companies/73915>
________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.
WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.
Thank you very much for your cooperation.
This email has been processed by Smoothwall Anti-Spam - www.smoothwall.net<http://www.smoothwall.net/>
________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.
WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.
Thank you very much for your cooperation.
This email has been processed by Smoothwall Anti-Spam - www.smoothwall.net<http://www.smoothwall.net/>
________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.
WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.
Thank you very much for your cooperation.
________________________________
DISCLAIMER: This message, including all attachments and/or linked documents, is intended for the exclusive use of the individual or entity to which it is addressed and may contain privileged, proprietary and confidential information. You are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited without permission from the author. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If this message has been received in error, please destroy the original message and all copies without reading it and notify Experi-Metal Inc. immediately via telephone at (586) 977-7800.
WARNING: This document may contain technical data whose export is restricted by the Arms Export Control Act (Title 22 U.S.C. 2751, et seq.) International Traffic in Arms Regulations (ITAR). Disclosure of any technical data to foreign persons without prior U.S. Government authorization is strictly prohibited. Violations of these laws and regulations are subject to severe criminal penalties.
Thank you very much for your cooperation.
This email has been processed by Smoothwall Anti-Spam - www.smoothwall.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/61d40be8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 18167 bytes
Desc: image001.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/61d40be8/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 981 bytes
Desc: image002.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/61d40be8/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1225 bytes
Desc: image003.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/61d40be8/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1232 bytes
Desc: image004.png
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20140407/61d40be8/attachment-0003.png>
More information about the rt-users
mailing list