Re: [rt-users] RT 4.2.6 Need a scrip that will check email address and not send email multiple times
On Tue, 24 Feb 2015 14:42:23 + Daniel Moore daniel.mo...@osbornewood.com wrote: Example, I have a user that belongs to an exchange group that is currently the email for a contractors group that I have set up. He receives multiple emails when he is requestor, admin cc and so on. Use one scrip with a Notify action that notifies all of the folks you care about. This isn't the default because AdminCc's get different email than requestors. - Alex
[rt-users] RT 4.2.9 Incoming Email configuration with https
HI, I am currently testing to upgrade to RT 4.2.9. I am running 4.2.6 successfully under normal http: (port 80). I am not wanting to sacrifice the https: ability with the upgrade to 4.2.9 and would like to still be able to use the full email functionality of RT. Here is my setup. I am running Ubuntu 14.04.1 LTS; I have apache 2 installed with mysql; postfix, and fetchmail. My email server is Microsoft Exchange 2010. I cannot, for the life of me, get the incoming email setup to work with https: enabled. In 4.2.6 I had to disable the redirect and go with just HTTP. Everything I have looked on the Wiki, forums, and blogs all point to Request Tracker 3 and other things. I have read documentation after documentation. I am getting the following Feb 24 15:14:25 hostname fetchmail[1178]: MDA returned nonzero status 75 Feb 24 15:14:25 hostname fetchmail[1178]: not flushed I know this means wrong queue. I went through that with 4.2.6 and, like I said, eventually found the resolution to be switch from HTTPS redirect to simple HTTP. I know this is supposed to work somehow. Here is my /etc/aliases file: root@servername:~# cat /etc/aliases # See man 5 aliases for format postmaster:root rt: |/opt/rt4/bin/rt-mailgate --queue General --action correspond --url https://rttest.domain.local/; Here is my /etc/fetchmailrc file: #Daemon Mode # This file must be chmod 0600, owner fetchmail set daemon 20 set syslog set invisible set no bouncemail ## # Hosts to Poool ## # Defaults == # Set antispam to -1, since it is far easier to use that together with # no bouncemail # defaults: # timeout 300 # antispam -1 # batchlimit 100 poll exchange.domain.local protocol pop3 username u...@domain.com password password mda /opt/rt4/bin/rt-mailgate --queue General --action correspond --url https://rttest.domain.local/; no keep; V/R, Daniel Moore IT Systems Technician Osborne Wood Products, Inc. [http://hosting-source.bm23.com/9241/public/OsborneLogo111.jpg] P: 706.282.5764 F: 888.777.4304 http://www.osbornewood.com
Re: [rt-users] [SOLVED] Restoring from backup - admins lost privileges
On Fri, 13 Feb 2015 18:41:45 + Andrew Wippler andrew.wipp...@lancasterbaptist.org wrote: After a few hours of sleep, I managed to get it working with this code: [snip] For posterity, this is not the solution you want. If your users did not come across as Privileged, there are likely a huge slew of other hidden problems. Attempting to paper over it via this method is dangerous -- you just made every email address that has ever sent your RT spam into a Privileged user. Fix your database backups. - Alex
Re: [rt-users] RT 4.2.9 Incoming Email configuration with https
Worth noting, it may or may not impact your situation, is the --no-verify-ssl flag you can put on your poll command. I had a similar situation, different errors, but similar with the https / cert issue. set daemon 60 set invisible set no bouncemail set no syslog set logfile /var/log/fetchmail.log poll myexchangeserver.domain.com protocol imap username rt-correspondance password password mda /opt/rt4/bin/rt-mailgate *--no-verify-ssl* --queue 'IT General' --action correspond --url https://rt.domain.com/ http://jamie.vsecu.com/ no keep On Tue, Feb 24, 2015 at 3:19 PM, Daniel Moore daniel.mo...@osbornewood.com wrote: HI, I am currently testing to upgrade to RT 4.2.9. I am running 4.2.6 successfully under normal http: (port 80). I am not wanting to sacrifice the https: ability with the upgrade to 4.2.9 and would like to still be able to use the full email functionality of RT. Here is my setup. I am running Ubuntu 14.04.1 LTS; I have apache 2 installed with mysql; postfix, and fetchmail. My email server is Microsoft Exchange 2010. I cannot, for the life of me, get the incoming email setup to work with https: enabled. In 4.2.6 I had to disable the redirect and go with just HTTP. Everything I have looked on the Wiki, forums, and blogs all point to Request Tracker 3 and other things. I have read documentation after documentation. I am getting the following Feb 24 15:14:25 hostname fetchmail[1178]: MDA returned nonzero status 75 Feb 24 15:14:25 hostname fetchmail[1178]: not flushed I know this means wrong queue. I went through that with 4.2.6 and, like I said, eventually found the resolution to be switch from HTTPS redirect to simple HTTP. I know this is supposed to work somehow. Here is my /etc/aliases file: root@servername:~# cat /etc/aliases # See man 5 aliases for format postmaster:root rt: |/opt/rt4/bin/rt-mailgate --queue General --action correspond --url https://rttest.domain.local/; Here is my /etc/fetchmailrc file: #Daemon Mode # This file must be chmod 0600, owner fetchmail set daemon 20 set syslog set invisible set no bouncemail ## # Hosts to Poool ## # Defaults == # Set antispam to -1, since it is far easier to use that together with # no bouncemail # defaults: # timeout 300 # antispam -1 # batchlimit 100 poll exchange.domain.local protocol pop3 username u...@domain.com password password mda /opt/rt4/bin/rt-mailgate --queue General --action correspond --url https://rttest.domain.local/; no keep; V/R, *Daniel Moore* IT Systems Technician Osborne Wood Products, Inc. [image: http://hosting-source.bm23.com/9241/public/OsborneLogo111.jpg] P: 706.282.5764 F: 888.777.4304 http://www.osbornewood.com
Re: [rt-users] RT install, apache problem.
On Thu, 19 Feb 2015 18:06:05 -0500 Joseph Mays m...@win.net wrote: I have an installation or RT4.2 under Apache 2.4 on FreeBSD 10.1. Sorry -- we've not updated the documentation for Apache 2.4 yet. Replace: Order allow,deny Allow from all ..with: Require all granted Or use the mod_access_compat module. See http://httpd.apache.org/docs/2.4/upgrading.html#access - Alex
[rt-users] Raising the standard of passwords in our RT instance
Is there a way to check new passwords against a policy? I don't want users being able to change their password to weak ones like 123456 och Password123 etc. Also... what is the recommended way to change all users passwords in one go? -- Fredrik Rambris fredrik.ramb...@cdon.com CDON IT Google Talk: fredrik.ramb...@cdon.com Telefon: 0700-807 626 PGP: 01C1 B593 3394 3739 168F 37BB BD20 7D3A 54AB 5A3A [CDON.COM] http://www.cdon.com
Re: [rt-users] Resolve ticket dependant and correspond.
Chris, Thanks a lot for your help, it's exactly what I need ! And yes, it works in 4.2.6 . Elisabeth
[rt-users] RT 4.2.6 Need a scrip that will check email address and not send email multiple times
Hi, I am looking for a scrip that I can put somewhere in RT that will check for a particular email address and not send more than one email to address. Example, I have a user that belongs to an exchange group that is currently the email for a contractors group that I have set up. He receives multiple emails when he is requestor, admin cc and so on. I have tried to use a scrip I found on the Wiki from the Notifications patch which proved to not work at all for 4.2.6. I am new to Perl but I catch on quick. I am having hard times trying to get the language right. Anyone have an example scrip for this issue? V/R, Daniel Moore IT Systems Technician Osborne Wood Products, Inc. [http://hosting-source.bm23.com/9241/public/OsborneLogo111.jpg] P: 706.282.5764 F: 888.777.4304 http://www.osbornewood.com
Re: [rt-users] Raising the standard of passwords in our RT instance
Switching to an alternate authentication source, like LDAP, is probably the only way you're going to enforce any type of password policy. -- Later, Darin On Tue, Feb 24, 2015 at 3:27 AM, Fredrik Rambris fredrik.ramb...@cdon.com wrote: Is there a way to check new passwords against a policy? I don't want users being able to change their password to weak ones like 123456 och Password123 etc. Also... what is the recommended way to change all users passwords in one go? -- Fredrik Rambris fredrik.ramb...@cdon.com CDON IT Google Talk: fredrik.ramb...@cdon.com Telefon: 0700-807 626 PGP: 01C1 B593 3394 3739 168F 37BB BD20 7D3A 54AB 5A3A [CDON.COM] http://www.cdon.com
Re: [rt-users] ExternalAuth to active directory over SSL
No one is using LDAPS with Request Tracker ?
Guillaume Hilt
Le 18/02/2015 15:43, Guillaume Hilt a écrit :
Hello,
I'm using a fresh install of RT 4.0.19 on Ubuntu 14.04 AMD64, using
.deb packages.
I'm trying to make ExternalAuth work with LDAP over SSL (Active
Directory on 2008 R2 x64), we an internal CA managed under Windows
2008 R2 x64.
I added the CA cert in /etc/ssl/certs/srv2.lan.domain.com_ca.pem.
I followed a previous discussion on this matter here :
http://lists.bestpractical.com/pipermail/rt-users/2012-March/075690.html
I'm facing the same issue.
$ openssl s_client -connect srv2.lan.domain.com:636 -CApath
/etc/ssl/certs
Return Verify return code: 21 (unable to verify the first certificate)
$ openssl verify -CAfile /etc/ssl/certs/srv2.lan.domain.com_ca.pem
/etc/ssl/certs/srv2.lan.domain.com_cert.pem
/etc/ssl/certs/srv2.lan.domain.com_cert.pem: OK
Running LDP.exe on the domain controllers running in SSL mode works fine.
RT's log gives the following :
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_OPERATIONS_ERROR 1
An ldapsearch gives me this (snipped hex code) :
ldap_initialize( ldaps://srv2.lan.domain.com:636/??base )
tls_write: want=117, written=117
tls_read: want=3422, got=1443
tls_read: want=1979, got=1448
tls_read: want=531, got=531
tls_write: want=12, written=12
tls_write: want=267, written=267
tls_write: want=6, written=6
tls_write: want=117, written=117
tls_read: want=5, got=5
tls_read: want=1, got=1
tls_read: want=5, got=5
tls_read: want=80, got=80
TLS: can't connect: (unknown error code).
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here's my configuration :
'AD_LAN' = {
'type' = 'ldap',
'server'= 'srv2.lan.domain.com',
'user' =
'CN=r2-d2,CN=Users,DC=lan,DC=domain,DC=com',
'pass' = 'XXX',
'base' =
'CN=Utilisateurs,DC=lan,DC=domain,DC=com',
'filter'=
'((objectClass=organizationalPerson)(mail=*))',
'd_filter' =
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'group' = '',
'group_attr'= '',
'tls' = 0,
'ssl_version' = 3,
'net_ldap_args' = [ version = 3, port
= 636, debug = 8 ],
'attr_match_list' = [
'Name',
'EmailAddress',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
Setting tls to 1 give me his different error :
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_SERVER_DOWN 81
Regards,
Re: [rt-users] ExternalAuth to active directory over SSL
Review some of your LDAP settings. I think you have CN and DN in places
where you may want OU, and your LDAP user should be in a different format,
see below.
Hopefully this helps.
Use mine(working.. also cleaned..) as example:
Set($ExternalSettings, {
'My_LDAP' = {
'type' = 'ldap',
'server'= 'ldap://domain_name.com',
'user' = 'domain_name\ldapreader',
'pass' = 'ldapreader_password',
'base' = 'ou=users,ou=services,dc=domain_name,dc=com',
'filter'= '(objectClass=person)',
'tls' = 0,
'attr_match_list' = [
'Name',
'EmailAddress',
'RealName',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'department',
'RealName' = 'cn',
'NickName' = 'givenName',
'ExternalAuthId'= 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'MobilePhone' = 'mobile',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
On Tue, Feb 24, 2015 at 9:35 AM, Guillaume Hilt gh...@shadowprojects.org
wrote:
No one is using LDAPS with Request Tracker ?
Guillaume Hilt
Le 18/02/2015 15:43, Guillaume Hilt a écrit :
Hello,
I'm using a fresh install of RT 4.0.19 on Ubuntu 14.04 AMD64, using .deb
packages.
I'm trying to make ExternalAuth work with LDAP over SSL (Active Directory
on 2008 R2 x64), we an internal CA managed under Windows 2008 R2 x64.
I added the CA cert in /etc/ssl/certs/srv2.lan.domain.com_ca.pem.
I followed a previous discussion on this matter here :
http://lists.bestpractical.com/pipermail/rt-users/2012-March/075690.html
I'm facing the same issue.
$ openssl s_client -connect srv2.lan.domain.com:636 -CApath
/etc/ssl/certs
Return Verify return code: 21 (unable to verify the first certificate)
$ openssl verify -CAfile /etc/ssl/certs/srv2.lan.domain.com_ca.pem
/etc/ssl/certs/srv2.lan.domain.com_cert.pem
/etc/ssl/certs/srv2.lan.domain.com_cert.pem: OK
Running LDP.exe on the domain controllers running in SSL mode works fine.
RT's log gives the following :
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_OPERATIONS_ERROR 1
An ldapsearch gives me this (snipped hex code) :
ldap_initialize( ldaps://srv2.lan.domain.com:636/??base )
tls_write: want=117, written=117
tls_read: want=3422, got=1443
tls_read: want=1979, got=1448
tls_read: want=531, got=531
tls_write: want=12, written=12
tls_write: want=267, written=267
tls_write: want=6, written=6
tls_write: want=117, written=117
tls_read: want=5, got=5
tls_read: want=1, got=1
tls_read: want=5, got=5
tls_read: want=80, got=80
TLS: can't connect: (unknown error code).
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Here's my configuration :
'AD_LAN' = {
'type' = 'ldap',
'server'= 'srv2.lan.domain.com',
'user' =
'CN=r2-d2,CN=Users,DC=lan,DC=domain,DC=com',
'pass' = 'XXX',
'base' = 'CN=Utilisateurs,DC=lan,DC=
domain,DC=com',
'filter'= '((objectClass=
organizationalPerson)(mail=*))',
'd_filter' =
'(userAccountControl:1.2.840.113556.1.4.803:=2)',
'group' = '',
'group_attr'= '',
'tls' = 0,
'ssl_version' = 3,
'net_ldap_args' = [ version = 3, port =
636, debug = 8 ],
'attr_match_list' = [
'Name',
'EmailAddress',
],
'attr_map' = {
'Name' = 'sAMAccountName',
'EmailAddress' = 'mail',
'Organization' = 'physicalDeliveryOfficeName',
'RealName' = 'cn',
'ExternalAuthId' = 'sAMAccountName',
'Gecos' = 'sAMAccountName',
'WorkPhone' = 'telephoneNumber',
'Address1' = 'streetAddress',
'City' = 'l',
'State' = 'st',
'Zip' = 'postalCode',
'Country' = 'co'
},
},
Setting tls to 1 give me his different error :
RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
LDAP_SERVER_DOWN 81
Regards,
