Re: [rt-users] Enabling full text index, getting "MySQL server has gone away"

2016-11-14 Thread James Zuelow 
That’s good.  I was concerned that you had the same issue with MySQL 5.7 and 
the implications for RT on Stretch.

Max_allowed_packet does not work with 5.6.29 or 5.6.30 (at least not the Debian 
packages at those versions).


James



From: Alex Hall [mailto:ah...@autodist.com]
Sent: Monday, November 14, 2016 1:33 PM
To: James Zuelow
Cc: martin.whel...@greenhills-it.co.uk; rt-users
Subject: Re: [rt-users] Enabling full text index, getting "MySQL server has 
gone away"

For future readers, my own solution was--thankfully--much simpler. Nowhere that 
I found in the docs I was reading did it say you had to add the 
max_allowed_packet setting under a section called [mysqld] in my.cnf. As soon 
as I did that, my setting took effect, and the full text setup ran perfectly.

On Mon, Nov 14, 2016 at 12:10 PM, James Zuelow 
mailto:james.zue...@juneau.org>> wrote:
I had success by using Debian’s snapshot server and downgrading MySQL 5.6.27-2 
and then running rt-setup-fulltext-index.  That worked perfectly.

You can safely “upgrade” back to your current version after the setup script 
runs – the fulltext index maintenance script will run fine.

If downgrading worked, please update my Debian bug report with the version that 
did not work for you:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840780


James
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Enabling full text index, getting "MySQL server has gone away"

2016-11-14 Thread James Zuelow 
I had success by using Debian’s snapshot server and downgrading MySQL 5.6.27-2 
and then running rt-setup-fulltext-index.  That worked perfectly.

You can safely “upgrade” back to your current version after the setup script 
runs – the fulltext index maintenance script will run fine.

If downgrading worked, please update my Debian bug report with the version that 
did not work for you:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840780


James

From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of 
Alex Hall
Sent: Monday, November 14, 2016 7:57 AM
To: martin.whel...@greenhills-it.co.uk
Cc: rt-users
Subject: Re: [rt-users] Enabling full text index, getting "MySQL server has 
gone away"

Thanks for the correction. I hate to say it, but this didn't change the results 
I'm seeing at all. I just updated /etc/mysql/conf.d/mysql.cnf, restarted MySQL, 
and ran the full-text index command again. I got the exact same errors as 
before.

On Mon, Nov 14, 2016 at 11:50 AM, Martin Wheldon 
mailto:martin.whel...@greenhills-it.co.uk>> 
wrote:
Hi Alex,

I think the mysql configuration be "max_allowed_packet" rather than 
"max_packet_size".

Best Regards

Martin


On 2016-11-14 13:54, Alex Hall wrote:
I should also say that I've already tried setting my MySQL
max_packet_size. 500M didn't do it, so I upped it to 5000M, restarting
the service both times. That hasn't changed the warnings I'm getting,
and I really don't think any attachments are over 5GB. Plus, the first
few warnings are that "st execute failed", not about attachments not
being indexed.

On Mon, Nov 14, 2016 at 7:46 AM, Alex Hall 
mailto:ah...@autodist.com>> wrote:
Hi all,
As the subject says, I'm trying to enable full text indexing. I've
updated MySQL to 5.7 (on Debian 8) and ran

/opt/rt4/sbin/rt-setup-fulltext-index --dba root --dba-password pwd

However, I get a bunch of warnings about executing the SQL
statements and, after that, that attachments can't be indexed. In
all cases, the main problem is the same: "the MySQL server has gone
away". The initial connection was successful, so I'm not sure what
the problem is. I also tested the root login after the 5.7 update,
just to be sure it worked, and it was fine. Has anyone ever seen
this happen? Any suggestions on what to do about it? Thanks!

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day!
https://bestpractical.com/training
* Los Angeles - January 9-11 2017
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017



--
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Los Angeles - January 9-11 2017

Re: [rt-users] Perl upgrade on Debian 9 causes JSON error

2016-10-27 Thread James Zuelow 
OK, to answer my own question, I edited line 197 of 
/usr/share/request-tracker4/lib/RT/Interface/Web.pm

I just added the allow_blessed => 1 to get rid of the error message.

> sub EncodeJSON {
> my $s = JSON::to_json(shift, { allow_blessed => 1, allow_nonref => 1 });
> $s =~ s{/}{\\/}g;
> return $s;
> }

Now the question remains - am I silently breaking something else with that 
little hack?

I know just enough Perl to be dangerous, so freely admit I'm not aware of all 
of the possible ramifications of the edit.


James Zuelow
Systems Operations Manager
City and Borough of Juneau - MIS
(907) 586-0236

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

[rt-users] Perl upgrade on Debian 9 causes JSON error

2016-10-27 Thread James Zuelow 
Upgrading the Perl packages on Debian testing causes external auth to fail:

> 16594] [Thu Oct 27 16:22:52 2016] [error]: encountered object '1', but 
> neither allow_blessed, convert_blessed nor allow_tags settings are enabled 
> (or TO_JSON/FREEZE method missing) at /usr/share/perl5/JSON.pm line 154.
>
> Stack:
>   [/usr/share/perl5/JSON.pm:154]
>   [/usr/share/request-tracker4/lib/RT/Interface/Web.pm:197]
>   [/usr/share/request-tracker4/lib/RT/Interface/Web.pm:4065]
>   [/usr/share/request-tracker4/html/Elements/JavascriptConfig:79]
>   [/usr/share/request-tracker4/html/Elements/Header:64]
>   [/usr/share/request-tracker4/html/index.html:4]
>   [/usr/share/request-tracker4/lib/RT/Interface/Web.pm:681]
>   [/usr/share/request-tracker4/lib/RT/Interface/Web.pm:369]
>   [/usr/share/request-tracker4/html/autohandler:53] 
> (/usr/share/request-tracker4/lib/RT/Interface/Web/Handler.pm:209)A quick 
> google doesn't show this particular error.

Any hints as to what might be wrong?  I was using external auth and thought 
that might be causing the problem, but turning that off leaves the JSON error.

I'm using the Debian packages for everything, which had JSON at 3.02 and 
JSON::XS at 2.98 after the upgrade.  Upgrading JSON::XS with CPAN worked and 
now CPAN says that JSON and JSON::XS packages are both up to date (3.02)

The rest of the system works as advertised, just not the web UI.

James Zuelow
Systems Operations Manager
City and Borough of Juneau - MIS
(907) 586-0236

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] rt-setup-fulltext-index dropped DB connections with MySQL

2016-10-14 Thread James Zuelow 
> 
> I will experiment with Debian Snapshots and see if I can roll back MySQL to
> 5.6.28, and report what happens.

My Debian Snapshots foo is a little weak, so I ended up with MySQL 5.6.27-2 
instead of 5.6.28.

However, the rt-setup-fulltext-index script ran perfectly at that point.  I 
will pin MySQL at that version until 5.6.31 shows up in the archives.

Thank you for your help!

James
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

Re: [rt-users] rt-setup-fulltext-index dropped DB connections with MySQL

2016-10-14 Thread James Zuelow 


> -Original Message-
> From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of
> Jim Brandt
> Sent: Friday, October 14, 2016 4:37 AM
> To: rt-users@lists.bestpractical.com
> Subject: Re: [rt-users] rt-setup-fulltext-index dropped DB connections with
> MySQL
> 
> We have also run into a possible mysql bug related to indexing starting in
> version 5.6.29. The symptom is similar to your report and we saw this sort of
> error in the mysql log:
> 
> InnoDB: Assertion failure in thread 140011690678016 in file row0merge.cc line
> 794
> 
> At the time our solution was to revert back to mysql 5.6.28 which didn't have
> the issue. We don't know yet if this is fixed in a newer release.

OK.  I don't have this exact error, but I do see that MySQL 5.6.31 is supposed 
to resolve an issue with InnoDB fulltext indices crashing the server.

So I think I'm waiting for 5.6.31 to enter Debian - hopefully before Wheezy 
freezes or it will be messy.

> On 10/14/16 1:29 AM, Alex Vandiver wrote:

> > For reference, your perl versions are not comprehensible.  Wheezy
> > ships perl 5.14.2, per https://packages.debian.org/wheezy/perl, and
> > there has never been a perl version 5.2 or 5.4 -- 5.002 was released
> > in 1996,
> > 5.004 in 1997, and 5.6 in 2000.

Sorry, a typo on my part.  I have Perl 5.22.2 installed, not 5.2.22.

> >
> > Check your "max_allowed_packet" setting in mysqld.  The most common
> > cause is the MySQL client (here, rt-fulltext-indexer) sending
> > something in the MySQL wire protocol which is larger than that limit,
> > which causes the server to unceremoniously drop the connection.
> >
> > Raise that limit and restart mysql, and it should resolve the issue.

I started at 256M, and slowly raised it to 4096M without success.

I will experiment with Debian Snapshots and see if I can roll back MySQL to 
5.6.28, and report what happens.

James 

-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

[rt-users] rt-setup-fulltext-index dropped DB connections with MySQL

2016-10-13 Thread James Zuelow 
I'm having trouble setting up the fulltext index on a Debian installation.  
Admittedly this is a Wheezy installation, not Jessie as we wanted to track a 
newer version of rt4, so some things may be broken.  Hopefully the freeze comes 
soon though.



Package versions at the moment are MySQL 5.6.30, Perl 5.2.22, and 
request-tracker 4.2.13.  There is a Perl 5.4 upgrade available, but that breaks 
my rt4 installation.



Anyway, here's what I see:

##



root@mis-rt-lnx:/usr/sbin# ./rt-setup-fulltext-index --dba rtuser 
--dba-password secret

MySQL 5.6 and above support native full-text indexing; for compatibility

with earlier versions of RT, the external Sphinx indexer is still

supported.



Which indexing solution would you prefer?



[mysql]: mysql



Enter the name of a new MySQL table that will be used to store the

full-text content and indexes:

[AttachmentsIndex]: AttachmentsIndex



Going to run the following in the DB:

 CREATE TABLE AttachmentsIndex ( id INT UNSIGNED AUTO_INCREMENT NOT

NULL PRIMARY KEY,Content LONGTEXT ) ENGINE=InnoDB CHARACTER SET utf8



Indexing existing data...

Going to run the following in the DB:

 CREATE FULLTEXT INDEX AttachmentsIndex ON AttachmentsIndex(Content)



[58876] [Thu Oct 13 02:23:42 2016] [warning]: DBD::mysql::db do failed:

Lost connection to MySQL server during query at

./rt-setup-fulltext-index line 736,  line 2.

(./rt-setup-fulltext-index:736)

[58876] [Thu Oct 13 02:23:42 2016] [critical]: DBD::mysql::db do failed:

Lost connection to MySQL server during query at

./rt-setup-fulltext-index line 736,  line 2.

(/usr/share/request-tracker4/lib/RT.pm:389)

DBD::mysql::db do failed: Lost connection to MySQL server during query

at ./rt-setup-fulltext-index line 736,  line 2.



##



The "Lost connection to MySQL" error often occurs when a child kills the 
database connection for the parent, so I've tried different permutations of 
InactiveDestroy in the script itself, for example adding the third line below:



my $dbh = $RT::Handle->dbh;

$dbh->{'RaiseError'} = 1;

$dbh->{'PrintError'} = 1;

$dbh->{'InactiveDestroy'} = 1;  ##THIS LINE ADDED TO SCRIPT##

But I'm unable to find a magic fix this way.  I've also tried running the 
script as the MySQL root user without success.

This appears to be a slightly different issue than what I see in the archives.

Has anyone else seen this or can point me in the right direction to chase down 
the lost connections?

Thanks!

James
-
RT 4.4 and RTIR training sessions, and a new workshop day! 
https://bestpractical.com/training
* Boston - October 24-26
* Los Angeles - Q1 2017

[rt-users] IE8 very slow RT 4.0.2

2011-09-22 Thread James Zuelow 
I've got an RT 4.0.2 install that the tech staff has been working with.

However we've noticed that Internet Explorer 8 is extremely slow when browsing, 
and can hang completely.

For example, when viewing a ticket with this URL:

/rt/Ticket/History.html?id=FOO

IE8 can take up to 90 seconds to retrieve small gifs like this:

/rt/NoAuth/images/css/rollup-arrow.gif

It is *ONLY* IE that does this, and compatibility mode does not work.

So far I've tested the following:

IE8 on XP compatibility off - extremely slow, CPU on the box jumps to 60%+ 
while IE is waiting and the fan kicks in.  We really notice this.

IE8 on XP compatibility on - not quite as slow, but still too slow for users' 
patience. CPU at 55-60%.

IE8 on Win7 compatibility off - extremely slow. CPU only gets to 50%, but the 
page is never done.  The status bar always says it is waiting for bpslogo.png, 
even though I can see the Best Practical logo in the lower right.

IE8 on Win7 compatibility on - extremely slow.  As above.

Firefox 6.0.2 on XP - very responsive.  CPU in the high 40%, but the page load 
is fast so it is just a spike.

Iceweasel 6.0.2 on Debian Squeeze - very responsive.  CPU peaks at 36%.

Except for the IE8/Firefox on XP, these are all different boxes, so the CPU 
values do not exactly correlate.  I put them in just to show that IE8 seems to 
be working a lot harder than Firefox/Iceweasel.

There are no errors in the Apache log.  I can see that IE8 is taking longer to 
load the pages, but other than that nothing shows up from the web server side.

Similarly, the rt.log is on debug, and all I see are the "rendering 
attachment..." lines when a Ticket history page is refreshed.  Nothing to 
indicate any difference between an IE8 visit and a Firefox visit.

It seems as if the trouble is mainly with URLs under /rt/Ticket/ that are slow, 
where the others are not *as* slow.  The history page is slowest.  I thought it 
might be a DB issue, but the fast Firefox results tell me that MySQL is keeping 
up just fine.

RT 4.0.2 running on Debian Wheezy, kernel 3.0, Apache 2.2.20, MySQL 5.1.58.  
We've got the default theme running.  The only customization done to the theme 
was adding a custom logo into the upper right and lower left corners.  Removing 
the logos doesn't change response times.

(We're on Wheezy because I wanted to go to RT 4 before the backport was 
available, and decided not to move back to Squeeze when it became available)

Has anyone seen this behavior with IE, specifically IE8?

Thanks!

James 

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26 & 27, 2011
*  San Francisco, CA, USA  October 18 & 19, 2011
*  Washington DC, USA  October 31 & November 1, 2011
*  Melbourne VIC, Australia  November 28 & 29, 2011
*  Barcelona, Spain  November 28 & 29, 2011

Re: [rt-users] Has anyone sucessfully configured LDAP to authenticate against AD with version 4.0.1?

2011-08-29 Thread James Zuelow 
Josh,

I have been just barely following this thread, so please forgive me if I'm off 
base here.

I think an issue is this:

'attr_match_list' => [   'ExternalAuthId','EmailAddress' ],


And your LDAP is failing because:

> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E
> xternalAuth.pm:458) [Mon Aug 29 23:15:41 2011] [debug]: Attempting to
> use this canonicalization key: ExternalAuthId
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/E
> xternalAuth.pm:472) [Mon Aug 29 23:15:41 2011] [debug]: This
> attribute ( 
> ExternalAuthId ) is
> null or incorrectly defined in the attr_map for this service (
> Active_Directory )

Your AD schema does not have an "ExternalAuthID" field in it.

You have ExternalAuthID mapped to sAMAccountName.  What happens if you try:

'attr_match_list' =>  [ 'sAMAccountName','EmailAddress' ],

James Zuelow
Systems Operations Manager
City and Borough of Juneau MIS
(907) 586-0236 


RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26 & 27, 2011
*  San Francisco, CA, USA  October 18 & 19, 2011
*  Washington DC, USA  October 31 & November 1, 2011
*  Melbourne VIC, Australia  November 28 & 29, 2011
*  Barcelona, Spain  November 28 & 29, 2011

Re: [rt-users] Missing Menu on Left

2011-08-11 Thread James Zuelow 
Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf
Of Kevin Falcone
Sent: Thursday, August 11, 2011 8:42 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Missing Menu on Left


> 
> The path we request is actually correct.
> Loading ckeditor.js directly is going to cause issues down the road.
> 
OK, I changed it back.

> The problem is that RT intentionally requests numerous things that
> don't exist on disk.  We use HTML::Mason's dhandler functionality to
> then dynamically serve the proper thing.
> 
> It sounds like the only solution is to add a note to
> web_deployment.pod and then in a future release provide configs for
> turning this and mod_cache off.
> 

Hmm, that's too bad.  I am primarily interested in users being able to get to 
SelfService even if they manually type in selfservice, etc.

Most of them will follow links, but eventually someone will type it and not get 
the right address.  Probably mod_rewrite to catch common errors is the solution 
here.

> Thanks for your help in researching this.
> 

No worries.  Sorry it took so long!

James

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26 & 27, 2011
*  San Francisco, CA, USA  October 18 & 19, 2011
*  Washington DC, USA  October 31 & November 1, 2011
*  Melbourne VIC, Australia  November 28 & 29, 2011
*  Barcelona, Spain  November 28 & 29, 2011

Re: [rt-users] Missing Menu on Left

2011-08-11 Thread James Zuelow 
Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf
Of Kevin Falcone
Sent: Wednesday, July 27, 2011 1:12 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Missing Menu on Left


> 
> Unfortunately, no, I haven't received any further information.
> 
> Look at the top of your HTML source for the css and js links,
> something like /NoAuth/css/*squished and /NoAuth/js/*squished
> and try loading them to see what error you get
> 
> -kevin
> 

I found one error, but unfortunately fixing it didn't resolve the issue.  With 
mod_speling enabled, and check spelling turned on this line in the code 
generates and error:



Generates this Apache error message:



Errors:

Multiple Choices
The document name you requested (/rt/NoAuth/RichText/ckeditor.js) could not be 
found on this server. However, we found documents with names similar to the one 
you requested.
Available documents: 

/rt/NoAuth/RichText/ckeditor (common basename) 



I went looking for ckeditor.js thinking it would be an easy fix.  Editing 
request_tracker4/html/Elements/HeaderJavascript to correct the path (it should 
be /rt/NoAuth/RichText/ckeditor/ckeditor.js, at least with the Debian Wheezy 
package installation) doesn't seem to fix it though.

After I fixed the path in HeaderJavascript I restarted apache, and the source 
code still shows the same incorrect path to ckeditor.js, and I get this 
Internet Explorer error:


=

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; 
.NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR 
3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 
3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC EA 2)
Timestamp: Thu, 11 Aug 2011 16:25:23 UTC


Message: Syntax error
Line: 1
Char: 1
Code: 0
URI: http://rt.cbj.local/rt/NoAuth/RichText/ckeditor.js


Message: 'CKEDITOR' is undefined
Line: 128
Char: 113
Code: 0
URI: 
http://rt.cbj.local/rt/NoAuth/js/squished-0d827a85fc350fae22bf999015a8d153.js

======

At that point, I am out of my depth.

James Zuelow
Systems Operations Manager
City and Borough of Juneau MIS
(907) 586-0236 

RT Training Sessions (http://bestpractical.com/services/training.html)
*  Chicago, IL, USA  September 26 & 27, 2011
*  San Francisco, CA, USA  October 18 & 19, 2011
*  Washington DC, USA  October 31 & November 1, 2011
*  Melbourne VIC, Australia  November 28 & 29, 2011
*  Barcelona, Spain  November 28 & 29, 2011

Re: [rt-users] Missing Menu on Left

2011-07-27 Thread James Zuelow 
Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf
Of Kevin Falcone
Sent: Wednesday, July 20, 2011 2:51 PM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Missing Menu on Left

> On Wed, Jul 20, 2011 at 10:46:48PM +, Roberto Hoyle wrote:
>> James Zuelow  ci.juneau.ak.us> writes:
>> 
>>> You don't, by chance, have mod_speling enabled do you?
>>> 
>>> When I started testing 4.0.1 I had mod_speling enabled to fix
>>> capitalization, and that broke the RT menus.
>> 
>> Thanks, James!  That was exactly my problem.  Disabling mod_speling
>> brought the menus out.
> 
> I'd be fascinated to know what URL it is breaking so we can add a
> note to the documentation. 
> 
> -kevin

I know this is stale, and I am hoping that Roberto gave you more information.

I have had just a little bit of time to play with this, and it is really odd to 
me.

With mod_speling turned on, none of the drop-down menus in the title field are 
there.

(Everything from "logged on as..." and to the left.

Same behavior with IE8 and Firefox 3.6/Firefox 5.

But if I look at the HTML source for the page, I can find the menus in the 
source!

There are no errors in the Apache logs.  From Apache's point of view everything 
was sent to the client as it should have been.

I suppose that there is something breaking in the css that is telling the 
browser not to display the menus.

I'm not at all a web designer though, so I have a hard time following what is 
going on.

If you have anything specific you would like me to try, just let me know.

James Zuelow
Systems Operations Manager
City and Borough of Juneau MIS
(907) 586-0236 



2011 Training: http://bestpractical.com/services/training.html

Re: [rt-users] Missing Menu on Left

2011-07-19 Thread James Zuelow 
Original Message
From: rt-users-boun...@lists.bestpractical.com
[mailto:rt-users-boun...@lists.bestpractical.com] On Behalf
Of Roberto Hoyle
Sent: Tuesday, July 19, 2011 12:49 PM
To: rt-us...@lists.fsck.com
Subject: [rt-users] Missing Menu on Left

> I started anew with an upgrade of RT 3.8 to 4.0 in a new directory,
> and got the system up and running, however the menu in the left-hand
> side 
> is not visible,
> nor is the top pane that normally should say:
>  "Logged in as Roberto J. Hoyle | Preferences | Logout"
> 
> I can view the source of the page and see the menu in the
> HTML, but it is
> not visible when the page loads.
> 
> Any hints as to what may be causing this?  The URL for the site is
>  https://libdesign.dartmouth.edu/rt/index.html
> 

You don't, by chance, have mod_speling enabled do you?

When I started testing 4.0.1 I had mod_speling enabled to fix capitalization, 
and that broke the RT menus.

James Zuelow
Systems Operations Manager
City and Borough of Juneau MIS
(907) 586-0236 


2011 Training: http://bestpractical.com/services/training.html

[rt-users] RT::Authen::ExternalAuth and SSO via Apache authentication for RT4

2011-07-17 Thread James Zuelow 

Google tells me there are people interested in this question that 
aren't finding a solution, so hopefully this is useful to some of them.

I've been evaluating RT for the past week or so, looking at it as an
alternative to our current ticket system. 

One of my requirements is Active Directory integration for our users 
and helpdesk staff allowing for passwordless login/account creation 
with a web browser and correct user information for RT users created via
e-mail. This is easy to accomplish for RT3 with the various overlays on
the wiki, combined with NTLM authentication for Apache.  But I didn't
want to start a new deployment on RT3 now that RT4 is out.  (And I like
the layout better anyway.)

Rewriting the overlays for RT4 looks like too much work.  The simplest
AD method for RT4 is using RT::Authen::ExternalAuth version 0.9's LDAP 
lookup.  That works well, but it presents a problem in that users have 
to enter their username/password to see their self service page.

In testing I noticed that the debug log was complaining about there not
being a user to authenticate.  Since I still had Apache performing NTLM
authentication, I knew there was user information available via REMOTE_USER.

Modifying RT::Authen::ExternalAuth's ExternalAuth.pm to take that information
from Apache turned out to be a three line edit. (1)

I am somewhat familiar with Perl, although I am not a Perl guru.  I
didn't audit anything to see if there were any issues.  Right now I am
happy because "It Works For Me" and there are no obvious failures. I
did not sanitize the REMOTE_USER input because I trust winbind not to put
something crazy in there.

I do wonder about the two lines in my log (2) discussing a failure to enable
the user, followed by a successful enabling of the user.

Is this normal for RT::Authen::ExternalAuth, or did I break something?

James Zuelow
Systems Operations Manager
City and Borough of Juneau MIS
(907) 586-0236

===

(1)

(probably get munged by word wrap)
RT::Authen::ExternalAuth version 0.9
Modified: ExternalAuth.pm around line 85

### CBJ BELOW

#if(defined($username)) {
#$RT::Logger->debug("Pass not going to be checked, attempting SSO"); 
#$pass_bypass = 1;
if ( defined $ENV{'REMOTE_USER'} ) {
$username = $ENV{'REMOTE_USER'};
$RT::Logger->debug("Apache returned REMOTE_USER $username, attempting 
SSO"); 
$pass_bypass = 1;

### CBJ ABOVE
} else {

==

(2)


8<- snip -8<
[Sun Jul 17 22:07:54 2011] [warning]: Couldn't enable user 41 
(/usr/share/request-tracker4/lib/RT/User.pm:1066) 
[Sun Jul 17 22:07:54 2011] [info]: User marked as ENABLED ( James_Zuelow ) per 
External Service (, )
-8<- snip -8<- 


2011 Training: http://bestpractical.com/services/training.html