Re: [rt-users] Problems with external auth and double prompting for authentication

[Bart Bunting]

Jim,

Found it.

There was a random apache process running that was causing the error.
Somehow it must have been started by hand.

Resulted in odd behaviour as sometimes it would work and sometimes not.

Thanks for your help!


Kind regards

Bart

Jim Brandt  writes:

> Browser authentication is typically triggered by an Apache 
> configuration, so if your goal is to have just RT authentication, you 
> might compare your Apache configuration with the example in the docs:
>
> https://docs.bestpractical.com/rt/4.4.0/web_deployment.html
>
> On 5/11/16 3:50 AM, Bart Bunting wrote:
>>
>>
>> Hi everyone,
>>
>> I have been trying to get external authentication with ldapauth and
>> ldapimport working on a brand new rt 4.4 from the latest pull of
>> 4.4-trunk.
>>
>> I have the ldap authentication and rt-ldapimport working correctly
>> against our ldap server.
>>
>> The one issue I can not appear to resolve is that I am prompted first
>> by the browsers authentication prompt and then by the RT login screen.
>> So you need to enter your authentication credentials twice.
>>
>> I am hoping to just have the RT login screen, no browser authentication
>> prompt.
>>
>> I'm sure it's something simple but I'm pulling my hair out :).
>>
>> If someone could take a look at my config and tell me where the error is
>> I'd be eternally grateful:
>>
>> Here is the section of my rt config.
>>
>> The first few options are commented out as they are part of previous
>> attempts to make it work as expected.
>>
>> #* Authentication
>> # configure external authentication
>>
>> #Set($WebRemoteUserAuth, 1);
>> # check authentication on each request rather than just once
>> #Set($WebRemoteUserContinuous, 1);
>>
>> # fall back to rt login if external auth fails.
>> #Set($WebFallbackToRTLogin, 1);
>>
>> Set ($ExternalAuth, 1);
>> Set( $ExternalAuthPriority, ['URSYS_LDAP'] );
>> Set( $ExternalInfoPriority, ['URSYS_LDAP'] );
>>
>> # Make users created from LDAP Privileged
>> Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
>>
>> # Users should still be autocreated by RT as internal users if they
>> # fail to exist in an external service; this is so requestors (who
>> # are not in LDAP) can still be created when they email in.
>> Set($AutoCreateNonExternalUsers, 1);
>>
>> # LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
>> # further details and examples
>> Set($ExternalSettings, {
>> 'URSYS_LDAP'   =>  {
>>  'type' =>  'ldap',
>>  'server'   =>  'ldap.x,
>>  'base' =>  'cn=users,cn=accounts,dc=xx',
>>  'user' => 'uid=system,cn=sysaccounts,x',
>>  'pass' => 'xx',
>>  'filter' => '(&(memberOf=cn=helpdesk-*))',
>>  'attr_match_list'  => [
>>  'Name',
>>  ],
>>  'attr_map' => {
>>  'Name' => 'uid',
>>  'EmailAddress' => 'mail',
>>  },
>>  },
>> } );
>>
>> # * rt-ldapimport configuration
>> # enable plugin
>> Plugin( qw(RT::LDAPImport));
>>
>> Set($LDAPBase,'cn=users,cn=accounts,x');
>> Set($LDAPHost,'ldap.x');
>> Set($LDAPUser,'uid=system,cn=sysaccounts,xx');
>> Set($LDAPPassword,'');
>> Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))');
>> Set($LDAPMapping, {Name => 'uid', # required
>> EmailAddress => 'mail',
>> RealName => 'cn',
>> WorkPhone=> 'telephoneNumber',
>> Organization => 'departmentName'});
>> # create users as privileged
>>   Set($LDAPCreatePrivileged, 1);
>>
>> # sync Groups from LDAP into RT
>> Set($LDAPGroupBase, 'cn=accounts,x');
>> Set($LDAPGroupFilter, '(&(objectClass=groupofnames)(cn=helpdesk-*))');
>> Set($LDAPGroupMapping, {Name   => 'cn',
>>  Description   => 'description',
>>  Member_Attr=> 'member',
>>  Member_Attr_Value  => 'dn',
>> });
>>
>> As above all the ldap stuff appears to work apart from the double
>> request for authentication.
>>
>>
>>
>> Kind regards
>> Bart
>>
> -
> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
> * Washington DC - May 23 & 24, 2016
Bart
-- 

Bart Bunting - URSYS
PH: 02 87452811
Mbl: 0409560005
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Due dates

[Steven H]

I did not select level-xday option when creating a test ticket. When I
choose one and it works now. 

I want to set  different default level-xday value for each Queue. I goto
queue, edit "Queue2", select level-2days. But when creating ticket, the
default option value is still the value which defined in
/opt/rt4/etc/RT_Siteconfig.d/RT_Siteconfig-duedate.pm.



--
View this message in context: 
http://requesttracker.8502.n7.nabble.com/Due-dates-tp61729p61874.html
Sent from the Request Tracker - User mailing list archive at Nabble.com.
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Problems with external auth and double prompting for authentication

[Bart Bunting]

Hi Jim,

Thanks for the quick reply.

I should have included my apache virtualhost config:

Here it is for reference.  I did have ldap auth working at one point but
it is totally commented out in the  config.

Apache is apache2  2.4.18-2ubuntu3
amd64 debian Xenial LTS

# 
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# 


  ServerName helpdesk.in.urnet.com.au

  ## Vhost docroot
  DocumentRoot "/opt/rt4/share/html"
  ## Alias declarations for resources outside the DocumentRoot
  AliasMatch /NoAuth/images/ "/opt/rt4/share/html/NoAuth/images/"

  ## Directories, there should at least be a declaration for /opt/rt4/share/html
  
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
  

  ## Logging
  ErrorLog "/var/log/apache2/helpdesk.in.urnet.com.au_error.log"
  ServerSignature Off
  CustomLog "/var/log/apache2/helpdesk.in.urnet.com.au_access.log" combined 

  ## Custom fragment
  
AddDefaultCharset UTF-8
ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

DocumentRoot "/opt/rt4/share/html"

# bart: disabled for now until we move towards SSO
#   AuthType Basic
#   AuthName "Ursys LDAP"
#   AuthBasicProvider ldap
#   AuthLDAPURL ldap://ldap.:389/cn=accounts,?uid?sub
#   AuthLDAPBindDN uid=system,cn=sysaccounts,xxx
#   AuthLDAPBindPassword x
#   Require ldap-group cn=noc,cn=groups,xx

Require all granted

Options +ExecCGI
AddHandler fcgid-script fcgi






Is there anything wrong with that, it pritty much mirrors the config
described in the documentation.

If there is a better way of doing things other than mod_fastcgi I'm open to 
trying that.


Kind regards

Bart






Jim Brandt  writes:

> Browser authentication is typically triggered by an Apache 
> configuration, so if your goal is to have just RT authentication, you 
> might compare your Apache configuration with the example in the docs:
>
> https://docs.bestpractical.com/rt/4.4.0/web_deployment.html
>
> On 5/11/16 3:50 AM, Bart Bunting wrote:
>>
>>
>> Hi everyone,
>>
>> I have been trying to get external authentication with ldapauth and
>> ldapimport working on a brand new rt 4.4 from the latest pull of
>> 4.4-trunk.
>>
>> I have the ldap authentication and rt-ldapimport working correctly
>> against our ldap server.
>>
>> The one issue I can not appear to resolve is that I am prompted first
>> by the browsers authentication prompt and then by the RT login screen.
>> So you need to enter your authentication credentials twice.
>>
>> I am hoping to just have the RT login screen, no browser authentication
>> prompt.
>>
>> I'm sure it's something simple but I'm pulling my hair out :).
>>
>> If someone could take a look at my config and tell me where the error is
>> I'd be eternally grateful:
>>
>> Here is the section of my rt config.
>>
>> The first few options are commented out as they are part of previous
>> attempts to make it work as expected.
>>
>> #* Authentication
>> # configure external authentication
>>
>> #Set($WebRemoteUserAuth, 1);
>> # check authentication on each request rather than just once
>> #Set($WebRemoteUserContinuous, 1);
>>
>> # fall back to rt login if external auth fails.
>> #Set($WebFallbackToRTLogin, 1);
>>
>> Set ($ExternalAuth, 1);
>> Set( $ExternalAuthPriority, ['URSYS_LDAP'] );
>> Set( $ExternalInfoPriority, ['URSYS_LDAP'] );
>>
>> # Make users created from LDAP Privileged
>> Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );
>>
>> # Users should still be autocreated by RT as internal users if they
>> # fail to exist in an external service; this is so requestors (who
>> # are not in LDAP) can still be created when they email in.
>> Set($AutoCreateNonExternalUsers, 1);
>>
>> # LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
>> # further details and examples
>> Set($ExternalSettings, {
>> 'URSYS_LDAP'   =>  {
>>  'type' =>  'ldap',
>>  'server'   =>  'ldap.x,
>>  'base' =>  'cn=users,cn=accounts,dc=xx',
>>  'user' => 'uid=system,cn=sysaccounts,x',
>>  'pass' => 'xx',
>>  'filter' => '(&(memberOf=cn=helpdesk-*))',
>>  'attr_match_list'  => [
>>  'Name',
>>  ],
>>  'attr_map' => {
>>  'Name' => 'uid',
>>  'EmailAddress' => 'mail',
>>  },
>>  },
>> } );
>>
>> # * rt-ldapimport configuration
>> # enable plugin
>> Plugin( qw(RT::LDAPImport));
>>
>> Set($LDAPBase,'cn=users,cn=accounts,x');
>> Set($LDAPHost,'ldap.x');
>> Set($LDAPUser,'uid=system,cn=sysaccounts,xx');
>> Set($LDAPPassword,'');
>> Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))');
>> Set($LDAPMapping, {Name => 'uid', # r

Re: [rt-users] Angular web page breaks when I try to access it from the local/html directory of RT 4.4.2

[Keith Creasy]

Hi. I'm still stumped. Here is a function that fails. It's in the angular 
controller. It works if the page that includes it is outside RT but failes when 
within RT... I commented out everything but the essential code.

function getTableData(data) {
console.log(data);
//  var tickets = rt.parseForNumbers(data);
var tickets = {1: 'ticket/1'};
// line 174...
angular.forEach (tickets, function (value, key) {
console.log(key+", "+value);
});
}


The error is-

SyntaxError: illegal character
rt-progress.js:174:25

It is the comma ',' in line 174.

Does anyone have any clues?

Thanks.

Keith


-Original Message-
From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of 
Keith Creasy
Sent: Wednesday, May 11, 2016 4:30 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Angular web page breaks when I try to access it from 
the local/html directory of RT 4.4.2

Thanks Shawn. It is good to know at least that this could work. My problem is 
that the error I'm getting in the web-development console is pretty useless. It 
may be difficult to figure out just what's going wrong when I try to access it 
from the local/html directory in RT.


I am including the script like this, 

Re: [rt-users] Angular web page breaks when I try to access it from the local/html directory of RT 4.4.2

[Keith Creasy]

Thanks Shawn. It is good to know at least that this could work. My problem is 
that the error I'm getting in the web-development console is pretty useless. It 
may be difficult to figure out just what's going wrong when I try to access it 
from the local/html directory in RT.


I am including the script like this, 

Re: [rt-users] Angular web page breaks when I try to access it from the local/html directory of RT 4.4.2

[Shawn Moore]

On 2016年5月11日 at 13:54:01, Keith Creasy (kcre...@aph.org) wrote:
> Hello.

Hi Keith,

> We have a similar script, that doesn't use angular.js, that works.
>  
> Any idea if RT is simply not compatible with Angular.js markup?

I’ve done some prototyping with Angular (1.x) within RT’s UI and I don’t recall 
having any particular problems.

> Is there any hope of updating RT to be more REST and json compliant as well 
> as making it so  
> it doesn't try to mangle scripts?

We are eager to release a new REST API with JSON support, but as of right now 
it’s still in the works.

RT certainly shouldn’t be mangling scripts in any case!

> Keith

Thanks,
Shawn
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

[rt-users] Angular web page breaks when I try to access it from the local/html directory of RT 4.4.2

[Keith Creasy]

Hello.

I have a page that works if I am logged into rT and run it from my local 
public_html directory. It uses RT 4.4.2, the REST API and Angular.js.

https:///~keith/rt-progress.html

If I try to run it using a URI like

https:///rt/rt-progress.html

I get an error, "Illegal character in rt-progress.js at line 173:16. The 
character there is just a comma and belongs there. In any case it's exactly the 
same script just accessed from a different html directory.


We have a similar script, that doesn't use angular.js, that works.

Any idea if RT is simply not compatible with Angular.js markup?

Is there any hope of updating RT to be more REST and json compliant as well as 
making it so it doesn't try to mangle scripts?

Keith

-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

[rt-users] RT::Authen:ExternalAuth garbles our beautiful German umlauts

[Sinapius, Vinzenz]

Hi,

Since migrating from MariaDB, CentOs 6 to PostgreSQL, Ubuntu 14.04 LTS 
RT::Authen:ExternalAuth garbles our beautiful German umlauts:

[24732] [Wed May 11 13:34:00 2016] [debug]: Calling UserExists with $username 
(horst) and $service (My_LDAP) 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:465)
[...]
[24732] [Wed May 11 13:34:00 2016] [debug]: Found LDAP DN: CN=Testmäister\, 
Hörst,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=tracetronic,DC=local 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:221)
[...]
[24732] [Wed May 11 13:34:00 2016] [info]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning EmailAddress: , Name: 
horst, RealName: Testmäister, Hörst 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:868)
[24732] [Wed May 11 13:34:00 2016] [debug]: UPDATED user horst: User horst: 
RealName changed from 'Testmäister, Hörst' to 'Testmäister, Hörst' 
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:665)

I found that when running the value from LDAP through an additional 
$value_from_ldap = decode('utf-8', $value_from_ldap), the value gets 
ungarbled...(see attached patch). Which is an okay workaround for us, but maybe 
you know of a better workaround? Unfortunately my perl foo is not good enough 
to found the root cause of this issue.

Cheers,
Vinzenz
Vinzenz Sinapius
Information Technology | Informationstechnik

tracetronic GmbH
Stuttgarter Str. 3
01189 DRESDEN
GERMANY

Phone: +49 351 205768-167
Fax: +49 351 205768-999
E-mail: vinzenz.sinap...@tracetronic.de

Head Office | Hauptsitz: Stuttgarter Str. 3, 01189 DRESDEN, GERMANY
Managing Directors | Geschäftsführer: Dr.-Ing. Rocco Deutschmann, Dr.-Ing. 
Peter Strähle
Registration Court | Registergericht: Amtsgericht Dresden, HRB 23 086


diff --git 
a/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm 
b/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
index 912e8e6..6770221 100644
--- a/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -3,6 +3,7 @@ package RT::Authen::ExternalAuth::LDAP;
 use Net::LDAP qw(LDAP_SUCCESS LDAP_PARTIAL_RESULTS);
 use Net::LDAP::Util qw(ldap_error_name escape_filter_value);
 use Net::LDAP::Filter;
+use Encode;
 
 use strict;
 
@@ -401,8 +402,18 @@ sub CanonicalizeUserInfo {
 if ($RT::LdapAttrMap and $RT::LdapAttrMap->{$key} eq 'dn') {
 $params{$key} = $entry->dn();
 } else {
-$params{$key} =
-  ($entry->get_value($config->{'attr_map'}->{$key}))[0];
+my $val = 
($entry->get_value($config->{'attr_map'}->{$key}))[0];
+# Sometimes Net::LDAP returns garbled data which can be 
ungarbled
+# by runnning it through decode.
+# This is an ugly fix, but it works for us...
+if (defined($val)) {
+my $val_decoded = decode('utf-8', $val);
+if($val ne $val_decoded) {
+$RT::Logger->warning("Whoops: " . $val . " vs " . 
$val_decoded);
+$val = $val_decoded;
+}
+}
+$params{$key} = $val;
 }
 }
 $found = 1;
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Problems with external auth and double prompting for authentication

[Jim Brandt]

Browser authentication is typically triggered by an Apache 
configuration, so if your goal is to have just RT authentication, you 
might compare your Apache configuration with the example in the docs:


https://docs.bestpractical.com/rt/4.4.0/web_deployment.html

On 5/11/16 3:50 AM, Bart Bunting wrote:



Hi everyone,

I have been trying to get external authentication with ldapauth and
ldapimport working on a brand new rt 4.4 from the latest pull of
4.4-trunk.

I have the ldap authentication and rt-ldapimport working correctly
against our ldap server.

The one issue I can not appear to resolve is that I am prompted first
by the browsers authentication prompt and then by the RT login screen.
So you need to enter your authentication credentials twice.

I am hoping to just have the RT login screen, no browser authentication
prompt.

I'm sure it's something simple but I'm pulling my hair out :).

If someone could take a look at my config and tell me where the error is
I'd be eternally grateful:

Here is the section of my rt config.

The first few options are commented out as they are part of previous
attempts to make it work as expected.

#* Authentication
# configure external authentication

#Set($WebRemoteUserAuth, 1);
# check authentication on each request rather than just once
#Set($WebRemoteUserContinuous, 1);

# fall back to rt login if external auth fails.
#Set($WebFallbackToRTLogin, 1);

Set ($ExternalAuth, 1);
Set( $ExternalAuthPriority, ['URSYS_LDAP'] );
Set( $ExternalInfoPriority, ['URSYS_LDAP'] );

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);

# LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'URSYS_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ldap.x,
'base' =>  'cn=users,cn=accounts,dc=xx',
'user' => 'uid=system,cn=sysaccounts,x',
'pass' => 'xx',
'filter' => '(&(memberOf=cn=helpdesk-*))',
'attr_match_list'  => [
'Name',
],
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
},
},
} );

# * rt-ldapimport configuration
# enable plugin
Plugin( qw(RT::LDAPImport));

Set($LDAPBase,'cn=users,cn=accounts,x');
Set($LDAPHost,'ldap.x');
Set($LDAPUser,'uid=system,cn=sysaccounts,xx');
Set($LDAPPassword,'');
Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))');
Set($LDAPMapping, {Name => 'uid', # required
   EmailAddress => 'mail',
   RealName => 'cn',
   WorkPhone=> 'telephoneNumber',
   Organization => 'departmentName'});
# create users as privileged
  Set($LDAPCreatePrivileged, 1);

# sync Groups from LDAP into RT
Set($LDAPGroupBase, 'cn=accounts,x');
Set($LDAPGroupFilter, '(&(objectClass=groupofnames)(cn=helpdesk-*))');
Set($LDAPGroupMapping, {Name   => 'cn',
Description   => 'description',
Member_Attr=> 'member',
Member_Attr_Value  => 'dn',
});

As above all the ldap stuff appears to work apart from the double
request for authentication.



Kind regards
Bart


-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] Content search: NOT LIKE

[k...@rice.edu]

On Wed, May 11, 2016 at 10:43:17AM +, raymond.teunis...@kpn.com wrote:
> Hi all,
> 
> There seems to be an issue with the contentsearch in RT, or at least, I'm 
> experiencing it :)
> 
> When doing a search like : Queue = 'Queuename' AND Status = 'new' AND Content 
> LIKE 'searchphrase'
> 
> It works.
> 
> When doing a search like: Queue = 'Queuename' AND Status = 'new' AND Content 
> NOT LIKE 'searchphrase'
> 
> It doesn't. It still gives those tickets which have the criteria I specified 
> in the search (and thus don't want to see in the results). Is this a bug 
> perhaps?
> 
> RT4.2.12
> RHEL 6
> 
> Regards,
> Raymond
> 
> KPN NL


Hi Raymond,

This search is not doing what you expect. It is finding all tickets that have
at least one reply without the searchphrase.

Regards,
Ken
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

[rt-users] Content search: NOT LIKE

[raymond.teunissen]

Hi all,

There seems to be an issue with the contentsearch in RT, or at least, I'm 
experiencing it :)

When doing a search like : Queue = 'Queuename' AND Status = 'new' AND Content 
LIKE 'searchphrase'

It works.

When doing a search like: Queue = 'Queuename' AND Status = 'new' AND Content 
NOT LIKE 'searchphrase'

It doesn't. It still gives those tickets which have the criteria I specified in 
the search (and thus don't want to see in the results). Is this a bug perhaps?

RT4.2.12
RHEL 6

Regards,
Raymond

KPN NL
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

[rt-users] Problems with external auth and double prompting for authentication

[Bart Bunting]

Hi everyone,

I have been trying to get external authentication with ldapauth and
ldapimport working on a brand new rt 4.4 from the latest pull of
4.4-trunk.

I have the ldap authentication and rt-ldapimport working correctly
against our ldap server.

The one issue I can not appear to resolve is that I am prompted first
by the browsers authentication prompt and then by the RT login screen.
So you need to enter your authentication credentials twice.

I am hoping to just have the RT login screen, no browser authentication
prompt.

I'm sure it's something simple but I'm pulling my hair out :).

If someone could take a look at my config and tell me where the error is
I'd be eternally grateful:

Here is the section of my rt config.

The first few options are commented out as they are part of previous
attempts to make it work as expected.

#* Authentication
# configure external authentication

#Set($WebRemoteUserAuth, 1);
# check authentication on each request rather than just once
#Set($WebRemoteUserContinuous, 1);

# fall back to rt login if external auth fails.
#Set($WebFallbackToRTLogin, 1);

Set ($ExternalAuth, 1);
Set( $ExternalAuthPriority, ['URSYS_LDAP'] );
Set( $ExternalInfoPriority, ['URSYS_LDAP'] );

# Make users created from LDAP Privileged
Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } );

# Users should still be autocreated by RT as internal users if they
# fail to exist in an external service; this is so requestors (who
# are not in LDAP) can still be created when they email in.
Set($AutoCreateNonExternalUsers, 1);

# LDAP configuration; see RT::Authen::ExternalAuth::LDAP for
# further details and examples
Set($ExternalSettings, {
'URSYS_LDAP'   =>  {
'type' =>  'ldap',
'server'   =>  'ldap.x,
'base' =>  'cn=users,cn=accounts,dc=xx',
'user' => 'uid=system,cn=sysaccounts,x',
'pass' => 'xx',
'filter' => '(&(memberOf=cn=helpdesk-*))',
'attr_match_list'  => [
'Name',
],
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
},
},
} );

# * rt-ldapimport configuration
# enable plugin
Plugin( qw(RT::LDAPImport));

Set($LDAPBase,'cn=users,cn=accounts,x');
Set($LDAPHost,'ldap.x');
Set($LDAPUser,'uid=system,cn=sysaccounts,xx');
Set($LDAPPassword,'');
Set($LDAPFilter, '(&(memberOf=cn=helpdesk-*))');
Set($LDAPMapping, {Name => 'uid', # required
   EmailAddress => 'mail',
   RealName => 'cn',
   WorkPhone=> 'telephoneNumber',
   Organization => 'departmentName'});
# create users as privileged
  Set($LDAPCreatePrivileged, 1);

# sync Groups from LDAP into RT
Set($LDAPGroupBase, 'cn=accounts,x');
Set($LDAPGroupFilter, '(&(objectClass=groupofnames)(cn=helpdesk-*))');
Set($LDAPGroupMapping, {Name   => 'cn',
Description   => 'description',
Member_Attr=> 'member',
Member_Attr_Value  => 'dn',
});

As above all the ldap stuff appears to work apart from the double
request for authentication.



Kind regards
Bart
-- 

Bart Bunting - URSYS
PH: 02 87452811
Mbl: 0409560005
-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016

Re: [rt-users] API - Forward/Vb externally

[Joel Bergmark]

Thanks Brent,

We realized that this way is a good way for us to proceed, there were some 
backwards thinking on the requirements for communication from the CRM.

Thank you for the input :-)

Regards, Joel

Från: Parish, Brent [mailto:bpar...@cognex.com]
Skickat: den 10 maj 2016 14:56
Till: Joel Bergmark ; rt-users@lists.bestpractical.com
Ämne: RE: API - Forward/Vb externally

I hope I'm not oversimplifying and missing something here, but this seems to me 
like it is built into RT.

I'd think the best way would be to have the auto notifications turned on for 
the CRM queue.  Even if the Requestor of the ticket has an external email 
address, RT should send that user an email telling them they have a new ticket.

In reading your initial email, it sounds like you might have a queue that 
sometimes CRM tickets go into (with an external Requestor), but not all tickets 
in that queue should get auto-replies?
If that is true, maybe you can use a scrip something like this:
Condition:  User Defined
Action:  Notify Requestors
Template:  Autoreply in HTML
Applies to:  CRM Queue
add a Custom Condition something like this (completely untested!):
#  AUTO-NOTIFY REQUESTOR ONLY IF THEY HAVE EXTERNAL ADDRESS
#  (e.g. TICKET IS CREATED BY CRM)

#  BAIL OUT IF THIS IS NOT AN "On Create" ACTION:
return 0 unless $self->TransactionObj->Type eq "Create";

my $Ticket = $self->TicketObj;
my $Requestors = lc($self->TicketObj->RequestorAddresses);
$RT::Logger->debug("Requestors for ticket #:" . $Ticket->id . " are: 
$Requestors");

foreach my $Person (split(',', $Requestors)) {
return 1 if ( $Person  !~ m/@example\.com/i );
}

#  NO ONE WITH AN EXTERNAL ADDRESS (e.g. NOT "example.com"), SO
#  DON'T SEND AUTO-REPLY
return 0;

Alternatively, you could use a custom field (containing external email address) 
that is only populated if it was created from CRM, and make a scrip that fires 
on that condition (e.g. email address is present in that field), sending a 
notification to that address, but then you would may end up designing all sorts 
of triggers and conditions to handle other built-in RT functionality for 
external requestors?


-  Brent



From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of 
Joel Bergmark
Sent: Tuesday, May 10, 2016 3:22 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] API - Forward/Vb externally

Hi again,

Made a small but ugly flowchart on how i would like it to work. I also found 
several people asking for similar functionality. Does anyone know if this is 
possible with RT today? (Either create ticket then auto forward, or create 
ticket then use the api on that ticket to forward externally)?

https://docs.google.com/drawings/d/1QMptft9mywdzNtqp6Juq5RJw1tCJJy3-3DZ5ZlP8mB0/edit?usp=sharing

Regards, Joel

Från: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] För Joel 
Bergmark
Skickat: den 9 maj 2016 10:21
Till: rt-users@lists.bestpractical.com
Ämne: [rt-users] API - Forward/Vb externally

Hi everyone,

Just looking for some suggestions, we are in the processes of implementing our 
CRM system to talk to the REST API, and I got stuck a bit on the best way to 
use the API to create a ticket and then forward the information in the ticket 
to external party by email.

In our case we have 15 different Queues that different departments work in, 
many of them are for both internal (RT/CRM) and external communication. And 
some of them does not really fit for "On create autoreply to requestors".

Have anyone of you guys set up a similar thing, or does anyone have a better 
way to do this?

Regards, Joel.




-
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
* Washington DC - May 23 & 24, 2016