[rt-users] RT::Extension::LDAPImport and nested groups in Active Directory

2015-11-03 Thread Benjamin Klier 
I'm trying to import my users and groups from Active Directory. Getting 
in the users works just fine, but importing the groups (with a 
$LDAPGroupFilter like (|(CN=MY_RT_USERS_*)) ) is giving some errors.


searching with: base => 'OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' control => 
'Net::LDAP::Control::Paged=HASH(0x93cc210)' filter => 
'(|(CN=MY_RT_USERS_*))' scope => 'sub'

search found 2 objects
Processing group MY_RT_USERS_AGENTS
Found new group MY_RT_USERS_AGENTS to create in RT
RT FieldRT Value -> LDAP Value
Description unset => Imported from LDAP
Member_Attr unset => ARRAY(0x9834d90)
Nameunset => MY_RT_USERS_AGENTS
Processing group membership for MY_RT_USERS_AGENTS
No group in RT, would create with members:
searching with: base => 
'CN=ANOTHER_GROUP,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX' control => 
'Net::LDAP::Control::Paged=HASH(0x983cfc0)' filter => 
'(&(objectClass=user)(!(cn=*Template*))(!(enabled=false))(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*)(lastLogonTimestamp>=1302514560))' 
scope => 'base'

search found 0 objects
Imported 1/2 groups

The problem seems to be that in our AD the main groups norally just 
concatenate other subgroups so that they doesn't include users but just 
other groups, for example


MY_RT_USERS_AGENTS
  +
  +-> SOME_SUBGROUP
  |   +
  |   +> USER_1
  |   |
  |   +> USER_2
  |   |
  |   +> USER_3
  |
  +-> ANOTHER_SUBGROUP
  +
  +> USER_4
  |
  +> USER_5
  |
  +> ...

Unfortunately it's not an option to rework our AD group structure :-(

Crawling the rt-users archive didn't get me anywhat closer to find a 
solution to that problem.


I'm using RT::Extension::LDAPImport v0.36

Maybe anyone has some experience with a configuration like that and 
would be able to give me the missing hint :-)


--

Benjamin Klier
Systemadministration

Max-Planck-Institut für die Physik des Lichts
Guenther-Scharowsky-Str. 1/Bau 24
D-91058 Erlangen

Tel.: 09131-6877-511
Fax : 09131-6877-199

eMail : benjamin.kl...@mpl.mpg.de
http://www.mpl.mpg.de




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [rt-users] RT::Extension::LDAPImport and nested groups in Active Directory

2015-11-03 Thread Jeffrey Pilant 
Benjamin Klier writes:
>I'm trying to import my users and groups from Active Directory. Getting 
>in the users works just fine, but importing the groups (with a 
>$LDAPGroupFilter like (|(CN=MY_RT_USERS_*)) ) is giving some errors.
>

>
>The problem seems to be that in our AD the main groups norally just 
>concatenate other subgroups so that they doesn't include users but just 
>other groups, for example
>
>MY_RT_USERS_AGENTS
>   +
>   +-> SOME_SUBGROUP
>   |   +
>   |   +> USER_1
>   |   |
>   |   +> USER_2
>   |   |
>   |   +> USER_3
>   |
>   +-> ANOTHER_SUBGROUP
>   +
>   +> USER_4
>   |
>   +> USER_5
>   |
>   +> ...
>
>Unfortunately it's not an option to rework our AD group structure :-(
>
>Crawling the rt-users archive didn't get me anywhat closer to find a 
>solution to that problem.
>
>I'm using RT::Extension::LDAPImport v0.36
>
>Maybe anyone has some experience with a configuration like that and 
>would be able to give me the missing hint :-)

Why flatten the AD structure?  You should be able to recreate it entirely with 
RT groups.

Psuedocode:
  Sub AddAGroup(SomeGroup)
  Obj = LDAP(SomeGroup)
  RT->AddGroiupName(Obj->Name)
  For each member in Obj:
If member is a group then AddAGroup(member)
RT->AddUserToGroup(Obj->Name, member)
  next.

This recursive algorithm should duplicate the AD layout below a node if you 
give it an AD node.

/jeff

The information contained in this e-mail is for the exclusive use of the 
intended recipient(s) and may be confidential, proprietary, and/or 
legally privileged.  Inadvertent disclosure of this message does not 
constitute a waiver of any privilege.  If you receive this message in 
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail 
and all copies and notify the sender.  Thank you. 

For alternate languages please go to http://bayerdisclaimer.bayerweb.com

Re: [rt-users] Automatically adding CC from mails to Watchers/CC in ticket

2015-11-03 Thread Todd Wade 

On 11/2/15 6:01 AM, Primoz Jeroncic wrote:

Now if I want replies to go automatically to requestor (to his personal
mail, from which they opened ticket) and also to their group mail, I
need to add this group mail under each ticket (People->Add new watchers)
by hand.
As this is time consuming, and I'm not by machine checking this 24/7, to
be able to add them by hand, I was hoping there could be way for RT to
add these CC addresses from original mail which opened the new ticket,
as watchers (as CC:) in RT ticket automatically.


This sounds like you could use the $ParseNewMessageForTicketCcs 
configuration variable:


https://www.bestpractical.com/docs/rt/4.2/RT_Config.html#ParseNewMessageForTicketCcs

Please be sure to observe the note in there about setting 
RTAddressRegexp when using $ParseNewMessageForTicketCcs.

Re: [rt-users] Group rights

2015-11-03 Thread Todd Wade 

On 10/20/15 6:45 AM, Kobus Bensch wrote:

I have now tried every setting possible. How do I give a group
permissions to see all the tickets in a particular queue, even if the
ticket owner has been changed to a person not in that group?


Theres no way to say "If a user is an owner of a ticket in the given 
queue, let them see all other tickets in the queue" if I'm reading your 
description correctly.


If you want all privileged users to be able to see tickets in the queue, 
grant the relevant rights to the SYSTEM group Privileged under the 
queue's group rights (Admin -> Queues -> Click Queue Name -> Group 
Rights) (/Admin/Queues/GroupRights.html?id=XXX).


If you want owners of tickets to see the tickets they own in the queue 
but not other tickets (which I think is a little different than what you 
describe above), then grant the relevant rights to the Owner role in the 
queue's group rights.

Re: [rt-users] Group rights

2015-11-03 Thread Duncan McEwan 
On Tue, 20 Oct 2015 11:45:54 +0100
Kobus Bensch  wrote:


> I have now tried every setting possible. How do I give a group 
> permissions to see all the tickets in a particular queue, even if the 
> ticket owner has been changed to a person not in that group?

I may be misinterpreting what you want here, but this sounds like you just need
to grant the appropriate rights for that queue to that group and then also to
the owner role for that queue (so that owners who aren't members of the group
have the same rights).

So select the queue, click on "group rights", enter the group name into the
"Add Group" box and then enable the rights you want under the "General rights",
"Rights for Staff" and "Rights for Administrators" categories.

This is the way all our queues are set up but I did it quite a while ago so
exactly which rights are strictly needed to allow the above and which we have
added for other purposes I can't now recall...!  But I'd think you'd need at
least "View Queue" and "View Ticket Summaries" under "General Rights", as well
as "Modify Tickets", "Own Tickets", "Take Tickets", "View exact outgoing email
messages and their recipients" and "View ticket private commentary" under
"Rights for Staff".

 It's been a while since

Re: [rt-users] fail to upgrade with sql syntax error 'ARRAY()'

2015-11-03 Thread Todd Wade 


Hello,

This looks like make upgrade-database is being ran with an old 
DBIx::SearchBuilder. Perhaps recheck the output of 'make testdeps' and 
if it reports issues run 'make fixdeps'?


Regards,

On 11/1/15 11:51 PM, Yaobin Shi wrote:

We are using RT as one internal project, thanks for your good work.

when we are trying to upgrade 4.0.13 to 4.2.12 on rhel6, met one problem, did 
not find useful solution in doc/wiki/maliing list archive.

part of the error msg below when execute 'make upgrade-database'

Processing 4.2.11
Now inserting data.
[20433] [Fri Oct 23 09:58:16 2015] [warning]: DBD::mysql::st execute failed: You have 
an error in your SQL syntax; check the manual that corresponds to your MySQL server 
version for the right syntax to use near ''ARRAY(0xe1a3128)')' at line 1 at 
/usr/share/perl5/vendor_perl/DBIx/SearchBuilder/Handle.pm line 617, <$handle> 
line 1. (/usr/share/perl5/vendor_perl/DBIx/SearchBuilder/Handle.pm:617)
[20433] [Fri Oct 23 09:58:16 2015] [warning]: RT::Handle=HASH(0xd1466c0) couldn't 
execute the query, error: You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use near 
''ARRAY(0xe1a3128)')' at line 1, query: 'SELECT count(main.id) FROM ACL main  WHERE ( 
( main.ObjectType = 'RT::System' AND main.ObjectId = 1 ) ) AND (main.PrincipalId = 
'9' OR main.PrincipalId = '8' OR main.PrincipalId = '6' OR main.PrincipalId = '7') 
AND (main.RightName IN 'ARRAY(0xe1a3128)') ' at 
/usr/share/perl5/vendor_perl/DBIx/SearchBuilder/Handle.pm line 641, <$handle> 
line 1.
 DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0xd1466c0), "SELECT 
count(main.id) FROM ACL main  WHERE ( ( main.ObjectTyp"...) called at 
/usr/share/perl5/vendor_perl/DBIx/SearchBuilder.pm line 291

seems that we are missing some dependencies, not sure, can not find the root 
cause.
thanks in advance.

[rt-users] search custom field with custom date format

2015-11-03 Thread rb1980 
I need to search a custom field with 'today' in a specific format.
The field is in the format: "-mm-dd"

I want do do something like this (which works):
Queue = 'test' AND Due = 'today'

This does not work:
Queue = 'test' AND 'CF.{My Date Field}' = 'today'

but this works:
Queue = 'test' AND 'CF.{My Date Field}' = '2015-11-03'

how can I (in a saved search) represent the date for 'today' in -mm-dd
format?

TIA



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/search-custom-field-with-custom-date-format-tp60850.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] search custom field with custom date format

2015-11-03 Thread rb1980 
PS: the custom field is of type: "Select Date"



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/search-custom-field-with-custom-date-format-tp60850p60851.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.

Re: [rt-users] fail to upgrade with sql syntax error 'ARRAY()'

2015-11-03 Thread Yaobin Shi 
Hi Todd,

make testdeps return everything is ok
my DBIx::SearchBuilder is 1.61

then I went through ./sbin/rt-test-dependencies, found that the required 
version should be 1.65.
thanks very much.

-Larry
- Original Message -
> From: "Todd Wade" 
> To: rt-users@lists.bestpractical.com
> Sent: Wednesday, November 4, 2015 4:28:45 AM
> Subject: Re: [rt-users] fail to upgrade with sql syntax error 'ARRAY()'
> 
> 
> Hello,
> 
> This looks like make upgrade-database is being ran with an old
> DBIx::SearchBuilder. Perhaps recheck the output of 'make testdeps' and
> if it reports issues run 'make fixdeps'?
> 
> Regards,
> 
> On 11/1/15 11:51 PM, Yaobin Shi wrote:
> > We are using RT as one internal project, thanks for your good work.
> >
> > when we are trying to upgrade 4.0.13 to 4.2.12 on rhel6, met one problem,
> > did not find useful solution in doc/wiki/maliing list archive.
> >
> > part of the error msg below when execute 'make upgrade-database'
> >
> > Processing 4.2.11
> > Now inserting data.
> > [20433] [Fri Oct 23 09:58:16 2015] [warning]: DBD::mysql::st execute
> > failed: You have an error in your SQL syntax; check the manual that
> > corresponds to your MySQL server version for the right syntax to use near
> > ''ARRAY(0xe1a3128)')' at line 1 at
> > /usr/share/perl5/vendor_perl/DBIx/SearchBuilder/Handle.pm line 617,
> > <$handle> line 1.
> > (/usr/share/perl5/vendor_perl/DBIx/SearchBuilder/Handle.pm:617)
> > [20433] [Fri Oct 23 09:58:16 2015] [warning]: RT::Handle=HASH(0xd1466c0)
> > couldn't execute the query, error: You have an error in your SQL syntax;
> > check the manual that corresponds to your MySQL server version for the
> > right syntax to use near ''ARRAY(0xe1a3128)')' at line 1, query: 'SELECT
> > count(main.id) FROM ACL main  WHERE ( ( main.ObjectType = 'RT::System' AND
> > main.ObjectId = 1 ) ) AND (main.PrincipalId = '9' OR main.PrincipalId =
> > '8' OR main.PrincipalId = '6' OR main.PrincipalId = '7') AND
> > (main.RightName IN 'ARRAY(0xe1a3128)') ' at
> > /usr/share/perl5/vendor_perl/DBIx/SearchBuilder/Handle.pm line 641,
> > <$handle> line 1.
> >  DBIx::SearchBuilder::Handle::SimpleQuery(RT::Handle=HASH(0xd1466c0),
> >  "SELECT count(main.id) FROM ACL main  WHERE ( ( main.ObjectTyp"...)
> >  called at /usr/share/perl5/vendor_perl/DBIx/SearchBuilder.pm line 291
> >
> > seems that we are missing some dependencies, not sure, can not find the
> > root cause.
> > thanks in advance.
> 
> 

-- 
Regards,
Yaobin Shi(石要宾)
Red Hat Asia Pacific, Beijing-Raycom
CN ENG Engineering Services
Ph: 8389367
IRC Account: yashi at #rpmdiff-dev #eng-china