Re: [rt-users] REST API for Assets
Hello! I also need a REST api for assets, so I decided to take a stab at writing one myself. The files are here: https://github.com/sbsroc/rt/tree/master/share/html/REST/1.0/Forms/asset This is my first contribution to RT. To install and test, place the files default and links into a new directory: /opt/rt4/share/html/REST/1.0/Forms/asset/ Then run: rm -Rf /opt/rt4/var/mason_data/obj/*; service apache2 reload I have working asset "show", "new" and updates. It used the same format as tickets: $ curl 'http://localhost/REST/1.0/asset/1/show?user=xxx&pass=xxx' RT/4.4.1 200 Ok id: asset/1 Name: testing Description: The test description is here Catalog: 1 Status: allocated Created: 2016-12-06 02:25:17 LastUpdated: 2016-12-07 04:05:57 Owner: myuser HeldBy: us...@example.com, us...@example.com, us...@example.com Contacts: us...@example.com, us...@example.com CF.{NCentralAssetID}: 34512 Custom fields are working, links work (show only) and updates work (mostly). I'm currently having trouble with the Contacts and HeldBy fields not removing entries for users that are no longer on the list when posted. I get an error from RT::Record::Role::Roles, when it's clearly listed when I query. Even more odd, the first time I try to remove a member, it acts without error. It's only on the second attempt that it shows an error. This suggested that maybe it's removing *something*, but not all. Appears to be a bug in other PMs. If this helps someone as-is, then great! If others can contribute, I welcome it. Anyone know if our pull request should go against master when we're done? Anyone willing to trust the code? LOL Steve On 2016-12-04 5:38 pm, Bart Bunting wrote: Josh, I may be able to get our company to contribute something, although I'm afraid it wouldn't be too much. We are tossing up between updating owr own existing solution or using RT to manage assets. Given the lack of an API it makes RT integration with our customer portal problematic. This is likely to push us away from RT and to just write our own specific implementation. If there is a commitment from Bestpractical to get the API implemented and funds were the only issue we would consider how we could help. Kind regards Bart Josh Tackitt writes: Hi Bart, Unfortunately there is no REST API for Assets. I've heard rumors that maybe they're working on it but pretty sure I've not seen anything official. Is anyone out there interested in combining funds to pay for the development of this much needed feature? I'm sure we could convince BestPractical to roll it into 'core' so that everyone would benefit. Best, Josh On Wed, Nov 23, 2016 at 3:26 PM, Bart Bunting wrote: Hi, Is there a REST API for assets in RT? I can't find any documentation for it. Can anyone shed any light on if it exists or is in the works? Kind regards Bart -- Bart Bunting - URSYS PH: 02 87452811 Mbl: 0409560005 - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017 -- Reed College Computer Hardware Services ETC 114 503-788-6661 Bart - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
Re: [rt-users] Adding ticket "Description" to the top of the page
Total shot in the dark here, but one idea might be to create a custom field (of type: “text”), and copy the initial request into that upon ticket creation (via a Scrip). You could probably truncate the text to keep it fairly small, with a “more” link that hyperlinks to the initial question. To do this, I’m betting you would need to run the Scrip in batch mode though, so you would have access to the new ticket number and transaction id (e.g. http://rt.example.com/Ticket/Display.html?id=41408#txn-1989052) If you wanted to get really fancy, you could look into incorporating a gist-ing routine instead of merely truncating – that would be very [geeky] cool! - Brent From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Chris McClement Sent: Sunday, December 4, 2016 6:26 PM To: rt-users@lists.bestpractical.com Subject: [rt-users] Adding ticket "Description" to the top of the page By default, I sort ticket History so that the newest entry is at the top. However, I would like to be able to have the original request visible when I first open a ticket. Does anyone have any suggestions for achieving this? In other words, the Display tab of a ticket would have a section containing the first comment/description, but the History section would still be sorted with newest item at the top of the list. - RT 4.4 and RTIR training sessions, and a new workshop day! https://bestpractical.com/training * Los Angeles - January 9-11 2017
Re: [rt-users] Issue With ExternalAuth
Hi Claude, Yes, your problem seems to be a little odd. I believe that this is the code that is rejecting your authentication from /opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm # If we got here and don't have a user loaded we must have failed to # get a full, valid user from an authoritative external source. unless ($session->{'CurrentUser'} && $session->{'CurrentUser'}->Id) { $session->{'CurrentUser'} = RT::CurrentUser->new; return (0, "No User"); } Do you have multiple external auth mechanisms configured?? Would you be able to post your full RT configuration, with sensitive information obfuscated obviously? Best Regards Martin On 2016-12-06 11:37, Claude EDUMA wrote: Martin, It request only the "dn" attribute because the user is not internal. once user is created, it will request the others attributes. I have seen our ldap administrator and for him all is OK. Accounts are well binded with LDAP. It seem like after binding account it request another validation wich failed. My question is why RT retreive all attributes on LDAP but still fail to grant acces to users ? I'm sorry to take your presious time and thank you once more. --- [4109] [Tue Dec 6 10:22:50 2016] [debug]: UserExists params: username: 20005528 , service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488) [4109] [Tue Dec 6 10:22:50 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(objectClass=privperson)(uid=20005528)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518) [4109] [Tue Dec 6 10:22:50 2016] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt4/sbin/../lib/RT/User.pm 699 with : Disabled: , EmailAddress: , Gecos: 20005528, Name: 20005528, Privileged: 1 (/opt/rt4/sbin/../lib/RT/User.pm:735) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752) [4109] [Tue Dec 6 10:22:50 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(objectClass=privperson)(uid=20005528)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406) [4109] [Tue Dec 6 10:22:50 2016] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: , Disabled: , EmailAddress: jonathan.lai...@ext.mycorpservices.com, Gecos: 20005528, Name: 20005528, Privileged: 1, RealName: JONATHAN LAIGLE (/opt/rt4/sbin/../lib/RT/User.pm:812) [4109] [Tue Dec 6 10:22:50 2016] [error]: Couldn't create user 20005528: Email address in use (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58) [4109] [Tue Dec 6 10:22:50 2016] [error]: FAILED LOGIN for 20005528 from 10.1.52.222 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) - Regards 2016-12-06 12:04 GMT+01:00 Martin Wheldon : Hi Claude, OK from your logs you can see successful lookup from LDAP of the user and a successful validation. So we can rule out issues with communication with the LDAP server and user credentials. The following line however is an issue as you seem to be only getting/requesting the dn attribute returned. I'm not quite certain which :) "... == Attrs: dn" [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn This is what I get on my test system: "... == Attrs: mail,cn,street,telephoneNumber,mobile,st,mail,ukFirmGhITAccOrg,postalCode,l" The configuration you sent earlier is expecting uid,mail,cn and co: 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'Gecos'=> 'uid', 'Country' => 'co', } Is your ldap search account able to get this information from the ldapserver? Best Regards Martin On 2016-12-06 10:25, Claude EDUMA wrote: Yes, But even if it'is a new user, user is create but I still have LOGIN FAILED. below log with a new user --- [4110] [Tue Dec 6 10:22:44 2016] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201) [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Found LDAP DN: uid=20005528,ou=people,ou=GO-LM,o=corp.mycorp.com [1] [1] (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:268) [4110] [Tue Dec 6 10:22:44 2016] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): 20005528 (/opt/rt4
Re: [rt-users] Issue With ExternalAuth
Hi Claude, OK from your logs you can see successful lookup from LDAP of the user and a successful validation. So we can rule out issues with communication with the LDAP server and user credentials. The following line however is an issue as you seem to be only getting/requesting the dn attribute returned. I'm not quite certain which :) "... == Attrs: dn" [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn This is what I get on my test system: "... == Attrs: mail,cn,street,telephoneNumber,mobile,st,mail,ukFirmGhITAccOrg,postalCode,l" The configuration you sent earlier is expecting uid,mail,cn and co: 'attr_map' => { 'Name' => 'uid', 'EmailAddress' => 'mail', 'RealName' => 'cn', 'Gecos'=> 'uid', 'Country' => 'co', } Is your ldap search account able to get this information from the ldapserver? Best Regards Martin On 2016-12-06 10:25, Claude EDUMA wrote: Yes, But even if it'is a new user, user is create but I still have LOGIN FAILED. below log with a new user --- [4110] [Tue Dec 6 10:22:44 2016] [debug]: Trying external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:201) [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] == Filter: (&(uid=20005528)(objectClass=privperson)) == Attrs: dn (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:234) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Found LDAP DN: uid=20005528,ou=people,ou=GO-LM,o=corp.mycorp.com [1] (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:268) [4110] [Tue Dec 6 10:22:44 2016] [info]: RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( My_LDAP ): 20005528 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:350) [4110] [Tue Dec 6 10:22:44 2016] [debug]: LDAP password validation result: 1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:558) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Password Validation Check Result: 1 (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:383) [4110] [Tue Dec 6 10:22:44 2016] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58) [4110] [Tue Dec 6 10:22:44 2016] [error]: FAILED LOGIN for 20005528 from 10.1.52.222 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286) [4109] [Tue Dec 6 10:22:50 2016] [debug]: Calling UserExists with $username (20005528) and $service (My_LDAP) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327) 2016-12-06 11:12 GMT+01:00 Martin Wheldon : Hi Claude, Seems you already have a user in the RT database with the same email address, but different user name. [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in use Best Regards Martin On 2016-12-06 08:05, Claude EDUMA wrote: Hi Martin, Thank you for your response. File permissions for my CA.cert are "rw-r--r-". below rt.log --- [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Calling UserExists with $username (20006583) and $service (My_LDAP) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327) [3605] [Tue Dec 6 07:58:02 2016] [debug]: UserExists params: username: 20006583 , service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518) [3605] [Tue Dec 6 07:58:02 2016] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos: 20006583, Name: 20006583, Privileged: 1 (/opt/rt4/sbin/../lib/RT/User.pm:735) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [1] [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406) [3605] [Tue Dec 6 07:58:02 2016] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: , Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos: 20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA (/opt/rt4/sbin/../lib/RT/User.pm:812) [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in u
Re: [rt-users] Issue With ExternalAuth
Hi Claude, Seems you already have a user in the RT database with the same email address, but different user name. [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in use Best Regards Martin On 2016-12-06 08:05, Claude EDUMA wrote: Hi Martin, Thank you for your response. File permissions for my CA.cert are "rw-r--r-". below rt.log --- [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:286) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Calling UserExists with $username (20006583) and $service (My_LDAP) (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:327) [3605] [Tue Dec 6 07:58:02 2016] [debug]: UserExists params: username: 20006583 , service: My_LDAP (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:488) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:518) [3605] [Tue Dec 6 07:58:02 2016] [debug]: RT::User::CanonicalizeUserInfoFromExternalAuth called by RT::User /opt/rt4/sbin/../lib/RT/User.pm 699 with: Disabled: , EmailAddress: , Gecos: 20006583, Name: 20006583, Privileged: 1 (/opt/rt4/sbin/../lib/RT/User.pm:735) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to get user info using this external service: My_LDAP (/opt/rt4/sbin/../lib/RT/User.pm:743) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Attempting to use this canonicalization key: Name (/opt/rt4/sbin/../lib/RT/User.pm:752) [3605] [Tue Dec 6 07:58:02 2016] [debug]: LDAP Search === Base: o=corp.mycorp.com [2] == Filter: (&(objectClass=privperson)(uid=20006583)) == Attrs: co,cn,mail,uid,uid (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:406) [3605] [Tue Dec 6 07:58:02 2016] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Country: , Disabled: , EmailAddress: claude.ed...@ext.mycorp.com, Gecos: 20006583, Name: 20006583, Privileged: 1, RealName: CLAUDE EDUMA (/opt/rt4/sbin/../lib/RT/User.pm:812) [3605] [Tue Dec 6 07:58:02 2016] [error]: Couldn't create user 20006583: Email address in use (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth.pm:353) [3605] [Tue Dec 6 07:58:02 2016] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt4/share/html/Elements/DoAuth:58) [3605] [Tue Dec 6 07:58:02 2016] [error]: FAILED LOGIN for 20006583 from 10.1.179.71 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:826) Thank you one more time. Regards. 2016-12-05 23:35 GMT+01:00 Martin Wheldon : Hi Claude, Your english is much better than my french :) I've cc'd the RT users list as they may have additional suggestions. The short answer is no I don't believe your problem is caused by TLS bugs. You seem to be mixing up the new RT 4.4 LDAP configuration syntax with the older RT::Authen::ExternalAuth syntax. If you are using RT 4.4.x then you don't need the following, because it is the old style syntax: Set($LDAPBase,'MYLDAPSERVER'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name=> 'uid', EmailAddress=> 'mail', RealName=> 'cn' }); The following option should also be removed when using RT4.4.x 'ssl_version' => 3, Is RT able to read your CAcert file? Please could you check the file permissions. Do you see any errors in the logs? Best Regards Martin On 2016-12-05 13:22, clauded...@gmail.com wrote: Hi Martin, I try to configure LDAP authentication but it don't work. I'm sure all my config is correct (see below). I tried with ladapsearch and all it's OK. I look my ldap's server logs and i bind users correctly. Do you thinks it's TLS bugs ? (sorry for my english I'm french) Thank you. -- Set($LDAPBase,'MYLDAPSERVER'); Set($LDAPFilter, '(&(objectClass=person))'); Set($LDAPMapping, { Name=> 'uid', EmailAddress=> 'mail', RealName=> 'cn' }); # Use the below LDAP source for both authentication, as well as user # information Set( $ExternalAuthPriority, ["My_LDAP"] ); Set( $ExternalInfoPriority, ["My_LDAP"] ); Set($ExternalServiceUsesSSLorTLS, 1); # Make users created from LDAP Privileged Set( $UserAutocreateDefaultsOnLogin, { Privileged => 1 } ); # Users should still be autocreated by RT as internal users if they # fail to exist in an external service; this is so requestors (who # are not in LDAP) can still be created when they email in. Set($AutoCreateNonExternalUsers, 0); # Minimal LDAP configuration; see RT::Authen::ExternalAuth::LDAP for # further details and examples Set($ExternalSettings, { 'My_LDAP' => { 'type' => 'ldap', 'server' => 'ldaps://MYLDAPSERVER', 'user' => 'MYUSER', 'pass' => 'MYPASS', 'base' => 'MYBASE', 'filter' => '(objectClass=privperson)', 'tls' => { verify => "requi