Re: [rt-users] Issues with RTExternalAuth

2016-07-06 Thread Trev
Plugin( "RT::Extension::LDAPImport" );
# Uncomment for debug
#Set($LogToSyslog, 'debug');
Set( $DatabaseRequireSSL, '' );
Set( $DatabaseType, 'mysql' );
Set( $WebDomain, '' );
Set( $WebPort, '80' );
Set( $rtname, 'DOMAIN_NAME' ); # or whatever you plan to name the site
## Email
Set( $CommentAddress, '' );
Set( $CorrespondAddress, '' );
## DB config
Set( $DatabaseHost, 'localhost' );
Set( $DatabaseName, 'rt4' );
Set( $DatabasePassword, 'password' );
Set( $DatabasePort, '' );
Set( $DatabaseUser, 'db_user_name' );
Set( $Organization, '' );
Set( $OwnerEmail, '' );
Set( $SendmailPath, '/usr/sbin/sendmail' );
# My server is running on port 443, leaving the port 80 lines as reference

#Set(@ReferrerWhitelist, qw(rt:80;
Set(@ReferrerWhitelist, qw(;
## LDAP Configurations
# LDAP Authentication
Set( @Plugins, qw(RT::Authen::ExternalAuth RT::Extension::LDAPImport));
Set($LDAPCreatePrivileged, 1);
Set($LDAPUpdateUsers, 1);
#my base OU for users, yours will probably differ
Set($LDAPFilter, '(&(objectClass=person))');
Set($LDAPMapping, {
Name => 'sAMAccountName',
EmailAddress => 'mail',
Organization => 'department',
RealName => 'cn',
NickName => 'givenName',
ExternalAuthId => 'sAMAccountName',
Gecos => 'sAMAccountName',
WorkPhone => 'telephoneNumber',
MobilePhone => 'mobile',
Address1 => 'streetAddress',
City => 'l',
State => 'st',
Zip => 'postalCode',
Country => 'co'
Set($LDAPGroupMapping, {Name => 'cn',
Member_Attr => 'member',
Member_Attr_Value => 'dn'});
#OU/basedn location of groups
Set($LDAPGroupBase, 'ou=groups,dc=domain_name,dc=com');
# LDAP GROUP FILTERING, Below are 2 examples
#Set($LDAPGroupFilter, 'cn=Information Technology');
# 2 group import example
Set($LDAPGroupFilter, '(|(cn=Information Technology)(cn=Facilities))');
## LDAP Authentication
Set($ExternalAuthPriority, [ 'My_LDAP',
Set($ExternalInfoPriority, [ 'My_LDAP',
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ldap://',
'user' => 'domain_name\ldapreader',
'pass' => 'ldapreader_password',
'base' => 'ou=users,ou=services,dc=domain_name,dc=com',
'filter' => '(objectClass=person)',
'tls' => 0,
'attr_match_list' => [
'attr_map' => {
'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'department',
'RealName' => 'cn',
'NickName' => 'givenName',
'ExternalAuthId'=> 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'MobilePhone' => 'mobile',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
} );

On Tue, Jul 5, 2016 at 2:11 AM, Davis Johny 

> try Enable the  ExternalAuth adding below
> Set($ExternalAuth, 1);
> Regards,
> Davis
> --
> *From:* rt-users  on behalf of
> Albert Shih 
> *Sent:* Thursday, June 30, 2016 6:00:26 PM
> *To:*
> *Subject:* [rt-users] Issues with RTExternalAuth
> Hi every one.
> I try to run a RT 4.4.0.
> The
>   RT::Authen::ExternalAuth
> don't seem to work correctly.
> I already check on this mailing list, and try the patch I seem. Nothing
> seem to work correctly.
> Here my
>   Set($WebExternalAuth, 1 );
>   Set($ExternalAuthPriority,  ['PLM']);
>   Set($ExternalInfoPriority,  ['PLM']);
>   Set($ExternalServiceUsesSSLorTLS,'0');
>   Set($AutoCreateNonExternalUsers, '1');
>   Set($ExternalSettings, { 'PLM' => {   'type' => 'ldap',
> 'server' => '*',
> 'user' => 'uid=nss,o=*',
> 'pass' => '*',
> 'base' => '*',
> 'filter' => '(objectClass=person)',
> 'd_filter' => '',
> 'tls' => '0',
> 'ssl_version' => '3',
> 'net_ldap_args' =>   [ 'version => 3', ],
> 'attr_match_list' =>   [ 'Name',  'EmailAddress', ],
> 'attr_map' =>{  'Name' => 'mail',  'EmailAddress' => 'mail',
> 'Organization' => 'ou',  'RealName' => 'displayName',  'WorkPhone' =>
> 'telephoneNumber',  'City' => 'l', },
>   }});
> in that case I can authenticate in local without problem. But not against
> my LDAP server.
> If I add a
> Set($ExternalAuth, 1 );
> I can't authenticate at all (either local or LDAP) and I get something
> like :
> Jun 30 14:22:37 rt RT: [5913] Expected 'PeerHost' at
> /usr/local/lib/perl5/site_perl/Net/ line 164.  Stack:
> [/usr/local/lib/perl5/site_perl/]
> [/usr/local/lib/perl5/site_perl/IO/Socket/]
> [/usr/local/lib/perl5/site_perl/IO/Socket/]
> [/usr/local/lib/perl5/5.20/mach/IO/

Re: [rt-users] Fetchmail

2016-07-05 Thread Trev
If your queue contains spaces in it, you may consider using single quotes:

poll protocol imap username "rt-correspondance"
password "my_password" mda "/opt/rt4/bin/rt-mailgate --queue 'IT General'
--action correspond --url"; no keep

On Tue, Jul 5, 2016 at 11:22 AM, Dunbar, Brian  wrote:

> Hello RT_Users,
> I have exim4 working to send mails from RT and I am trying to use
> fetchmail to poll exchange and collect the messages.
> Fetchmail returns  Fetchmail MDA returned nonzero status 2 in the syslog.
> I also get POP3 Protocol error 19
> I look at the exchange account and I can see that fetchmail is reading the
> messages.
> I have also tried with imap and get error writing to mda broken pipe
> Here is the fetchmail config
> set daemon 30:
> set invisible
> set no bouncemail
> set syslog
> poll protocol pop3
> auth password
> username "" password ""
> mda "/opt/rt4/bin/rt-mailgate --queue xxx --action correspond --url
> http://xxx/";
> no keep
> #sslfingerprint "xxx"
> Syslog
> reading message of 10 (3310 octets) (log
> message incomplete)
> not flushed
> -
> RT 4.4 and RTIR Training Sessions
> * Los Angeles - September, 2016
RT 4.4 and RTIR Training Sessions
* Los Angeles - September, 2016

Re: [rt-users] LDAP External Auth intermittent failure

2016-05-05 Thread Trev
Good Afternoon... T S.

  I apologize for not reading the back and forth you have already had here
with Lush, in advance. However, I did a post a while back regarding getting
LDAP authentication to work and there may be a couple of items here that
could help.

  My configuration is posted here as well:

  Hope you find this helpful, figured it couldn't hurt.



On Thu, May 5, 2016 at 12:05 PM, Lush, Aaron 

> The only thing that jumps out to me is that under "External Settings" you
> are domain\service name, whereas in Set$(  LDAPUser) you are using the
> DistinguishedName. I had similar issues in my RT 4.4 deployment until I
> made both of those settings follow the DistinguishedName.
> Sincerely,
> Aaron Lush
> Network Administrator
> South Central Community School Corporation
> (219) 767-2266 ext. 
> On Thu, May 5, 2016 at 10:05 AM, t s  wrote:
>> Here you go:
>> By the way, I just changed the line below from
>> 'server'=>  'LDAPSERVER:389' to 'server'
>> => 'LDAPSERVER.CORP.COMPANYNAME.NET:389' and restarted so I will see if
>> that has any effect on the error not coming back up or not.
>> Set($WebPath , "");
>> Set($WebBaseURL, "";);
>> Set($RestrictReferrer, '0');
>> Set($DatabaseAdmin, 'root');
>> Set($LogoURL, '');
>> Set($WebDefaultStylesheet, 'rudder');
>> Set($LogToFile, 'error');
>> Set($SetOutgoingMailFrom, "");
>> Set($SMTPFrom, "");
>> Set($ParseNewMessageForTicketCcs, 1);
>> Set($HomePageRefreshInterval, 120);
>> Set($NotifyActor,1)
>> Set($SendmailArguments, "-t");
>> Set($MailCommand, "sendmail");
>> Plugin( "RT::Authen::ExternalAuth" );
>> Plugin('RT::Extension::LDAPImport');
>> Set($LDAPUser,'cn=companyname\\svc.servicename,cn=Users,dc=Corp,DC=
>> companyname,DC=net');
>> Set($LDAPPassword,'password');
>> Set($LDAPBase,
>> 'OU=Corp,OU=Users,OU=companyname,DC=Corp,DC=companyname,DC=net');
>> Set($LDAPFilter, '(&(objectClass=person))');
>> Set($LDAPMapping, {Name => 'sAMAccountName', # required
>>EmailAddress => 'mail',
>>RealName => 'cn',
>>WorkPhone=> 'telephoneNumber',
>>Organization => 'departmentName'});
>> Set($LDAPSizeLimit, 1000);
>> Set($ExternalAuthPriority, ['companynameLDAP']);
>> Set($ExternalInfoPriority, ['companynameLDAP']);
>> Set($UserAutocreateDefaultsOnLogin, { Privileged => 0 } );
>> Set($AutoCreateNonExternalUsers, 1);
>> Set($ExternalSettings, {
>> 'companynameLDAP'   =>  {
>> 'type'  =>  'ldap',
>> 'server'=>  'LDAPSERVER:389',
>> 'user'  =>  'companyname
>> \\svc.servicename',
>> 'pass'  =>  'password',
>> 'base'  =>
>> 'OU=Corp,OU=Users,OU=companyname,DC=corp,DC=companyname,DC=net',
>> 'filter'=>  '(objectClass=person)',
>> 'd_filter'  =>  '(objectClass=asdf)',
>> 'net_ldap_args' => [version =>  3   ],
>> 'attr_match_list' => [
>>  'Name',
>>  'EmailAddress',
>> ],
>> 'attr_map' => {
>> 'Name' => 'sAMAccountName',
>> 'EmailAddress' => 'mail',
>> 'Organization' => 'physicalDeliveryOfficeName',
>> 'RealName' => 'cn',
>> 'ExternalAuthId' => 

[rt-users] Ticket Increment after Reboot/Restart

2016-01-12 Thread Trev
Good Morning,

  RT 4.2.12 on Debian/MySQL

  I have an odd situation where my ticket numbers seem to jump
significantly after a restart of services or a reboot of the server.

 For example:

40060 40059 40058 40057 40056 32988 29893 25564 24217 24216 24215 24214
24213 20555 20554 20553 20552
  And again previously:

19746 19727 19725 19717 19706 19684 18421 16252 13050 12989 12934 12886
12885 12878 12877 11916 11363 11154 10669 9868 9867

  Thoughts appreciated,



Re: [rt-users] Using 2 mail address for all ques

2015-12-29 Thread Trev
Oh, so..

  You do need to setup a mailbox for rt-comment and rt-correspondance as
they are, in fact, email accounts needing a mailbox for fetchmail to poll.

  Just to be clear.

  Worth noting -- although I do specify the Queue as 'IT General' -- RT
overrides this and adds the Reply or Correspondance to the correct ticket,
no matter the queue. I could probably clean this up as it is leftover from
my initial build and testing, but it works fine so I have left it.

 Fetchmailrc on my end accounts:

root@jamie:~# cat /etc/fetchmailrc
set daemon 60
set invisible
set no bouncemail
set syslog
set logfile /var/log/fetchmail.log

poll protocol imap username "rt-correspondance"
password "password" mda "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
'IT General' --action correspond --url"; no keep

poll protocol imap username "rt-comment" password
"password" mda "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue 'IT
General' --action correspond --url"; no keep

#other mailboxes below here, specifically for enabling email to support
(and other departments) to open tickets.

On Tue, Dec 29, 2015 at 1:30 PM, Trev  wrote:

> Yes,
>   RT parses the ticket id in the subject line to then apply the comments
> or correspondence based on the correct ticket id number (located in the
> subject line).
>   I am using fetchmail as well... without problems at this point...
> running on debian.
>   As I add queues, I am sure to keep the default Reply Address and Comment
> Address address fields blank and RT will use the defaults.
>   Currently have about 40 queues, some are using email accounts to create
> tickets with, some are not, but every queue uses the default Reply Address
> and Comment Address.
>   Rt 4.10.12 on Debian.
>I hope this helps.
> Trev
> On Tue, Dec 29, 2015 at 3:03 AM, Asanka Gunasekera <
>> wrote:
>> Hi Trevor, thank you for the reply, that is great! but as per
>> RT users the mail address in a particular way to sort the correspondence
>> and comments, does this works in your case?
>> I am using fetchmail to retrieve mail, do I need to change the mail
>> client? Can you direct me to an document to get this going?
>> I am sorry if this sounds out of the way, what are the precautions that I
>> need to change the current set-up?
>> Thanks and Best Regards
>> On Mon, 28/12/15, Trev  wrote:
>>  Subject: Re: [rt-users] Using 2 mail address for all ques
>>  To: "Asanka Gunasekera" 
>>  Cc: "RT-List" 
>>  Date: Monday, 28 December, 2015, 19:31
>>  You can
>>  use a shared rt-correspondance@ and rt-comment@ address. RT
>>  will use the ticket # when reading to modify the ticket
>>  accordingly.
>>  I have about 30
>>  or so queues, and I use common rt-correspondance@  and
>>  rt-comments@ as you are asking about, without
>>  issue.
>>  Trev
>>  On Mon, Dec 28, 2015 at
>>  6:42 AM, Asanka Gunasekera 
>>  wrote:
>>  Hi just
>>  wondering whether it is possible to use just 2 email
>>  addresses for all the queues. Once for correspondence and
>>  another for comment. In my RT implementation I have about 25
>>  queus and each queue needs minimum of 1 dedicated mail
>>  account. If above is possible please let me know guide hot
>>  to achieve this!
>>  Thanks and Regards

Re: [rt-users] Using 2 mail address for all ques

2015-12-29 Thread Trev

  RT parses the ticket id in the subject line to then apply the comments or
correspondence based on the correct ticket id number (located in the
subject line).

  I am using fetchmail as well... without problems at this point... running
on debian.

  As I add queues, I am sure to keep the default Reply Address and Comment
Address address fields blank and RT will use the defaults.

  Currently have about 40 queues, some are using email accounts to create
tickets with, some are not, but every queue uses the default Reply Address
and Comment Address.

  Rt 4.10.12 on Debian.

   I hope this helps.


On Tue, Dec 29, 2015 at 3:03 AM, Asanka Gunasekera <> wrote:

> Hi Trevor, thank you for the reply, that is great! but as per
> RT users the mail address in a particular way to sort the correspondence
> and comments, does this works in your case?
> I am using fetchmail to retrieve mail, do I need to change the mail
> client? Can you direct me to an document to get this going?
> I am sorry if this sounds out of the way, what are the precautions that I
> need to change the current set-up?
> Thanks and Best Regards
> ----
> On Mon, 28/12/15, Trev  wrote:
>  Subject: Re: [rt-users] Using 2 mail address for all ques
>  To: "Asanka Gunasekera" 
>  Cc: "RT-List" 
>  Date: Monday, 28 December, 2015, 19:31
>  You can
>  use a shared rt-correspondance@ and rt-comment@ address. RT
>  will use the ticket # when reading to modify the ticket
>  accordingly.
>  I have about 30
>  or so queues, and I use common rt-correspondance@  and
>  rt-comments@ as you are asking about, without
>  issue.
>  Trev
>  On Mon, Dec 28, 2015 at
>  6:42 AM, Asanka Gunasekera 
>  wrote:
>  Hi just
>  wondering whether it is possible to use just 2 email
>  addresses for all the queues. Once for correspondence and
>  another for comment. In my RT implementation I have about 25
>  queus and each queue needs minimum of 1 dedicated mail
>  account. If above is possible please let me know guide hot
>  to achieve this!
>  Thanks and Regards

Re: [rt-users] Using 2 mail address for all ques

2015-12-28 Thread Trev
You can use a shared rt-correspondance@ and rt-comment@ address. RT will
use the ticket # when reading to modify the ticket accordingly.

I have about 30 or so queues, and I use common rt-correspondance@  and
rt-comments@ as you are asking about, without issue.


On Mon, Dec 28, 2015 at 6:42 AM, Asanka Gunasekera <> wrote:

> Hi just wondering whether it is possible to use just 2 email addresses for
> all the queues. Once for correspondence and another for comment. In my RT
> implementation I have about 25 queus and each queue needs minimum of 1
> dedicated mail account. If above is possible please let me know guide hot
> to achieve this!
> Thanks and Regards

Re: [rt-users] Regarding incoming mails.

2015-09-29 Thread Trev

On Tue, Sep 29, 2015 at 2:28 PM, bharath reddy 

> Thanks Trev for the quick response, there was a problem with our mail
> sending server which was the reason RT was not able to receive the mails.
> We fixed it and now RT is able to receive the mails and generate the
> tickets automatically. Thanks once again for the help.
> Thanks,
> Bharath.
> On Tue, Sep 29, 2015 at 1:34 PM, Trev  wrote:
>> Just to be clear here:
>> *Broken*:   Fetchmail from your RT server, pulling email from an account
>> on your email server (exchange or whatever)
>> *Working*:  Sendmail from your RT server, pushing notifications from the
>> RT server to your email recipients
>> The error you post, looks like sendmail errors... not fetchmail...
>> /var/log/fetchmail.log
>> Also, the fetchmail configuration file could be useful. (please replace
>> passwords and other identifiers in your copy paste)
>> Thanks,
>> Trev
>> On Tue, Sep 29, 2015 at 1:10 PM, bharath reddy > > wrote:
>>> Hi Trev,
>>> I can see following error in my logs :
>>> Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: ruleset=check_rcpt,
>>> arg1=,
>>> [], reject=550 5.7.1 ...
>>> Relaying denied
>>> Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: from=<
>>>>, size=2400, class=0, nrcpts=0, proto=ESMTP,
>>> daemon=MTA, []
>>> and also this :
>>> Sep 29 12:33:05 devrt sm-mta[11503]: t8TGX4n2011503:
>>> [] did not issue
>>> MAIL/EXPN/VRFY/ETRN during connection to MTA
>>> Sep 29 12:33:25 devrt sm-mta[11504]: t8TGXOHh011504:
>>> [] did not issue
>>> MAIL/EXPN/VRFY/ETRN during connection to MTA
>>> Thanks,
>>> Bharath.
>>> On Tue, Sep 29, 2015 at 1:03 PM, Trev  wrote:
>>>> Are you using fetchmail ?
>>>> Error logs ?
>>>> On Tue, Sep 29, 2015 at 12:58 PM, bharath reddy <
>>>>> wrote:
>>>>> Dear All,
>>>>> I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not
>>>>> able to receive mails to the server but when I'm updating tickets from Web
>>>>> then users are receiving the update mails. Basically my machine is not 
>>>>> able
>>>>> to receive mails but able to send mails. Any help or pointers to this 
>>>>> issue
>>>>> will be appreciated.
>>>>> Thanks,
>>>>> Bharath.

Re: [rt-users] Regarding incoming mails.

2015-09-29 Thread Trev
Just to be clear here:

*Broken*:   Fetchmail from your RT server, pulling email from an account on
your email server (exchange or whatever)

*Working*:  Sendmail from your RT server, pushing notifications from the RT
server to your email recipients

The error you post, looks like sendmail errors... not fetchmail...


Also, the fetchmail configuration file could be useful. (please replace
passwords and other identifiers in your copy paste)



On Tue, Sep 29, 2015 at 1:10 PM, bharath reddy 

> Hi Trev,
> I can see following error in my logs :
> Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: ruleset=check_rcpt,
> arg1=,
> [], reject=550 5.7.1 ... Relaying
> denied
> Sep 29 10:30:52 devrt sm-mta[9167]: t8TEUpif009167: from=<
>>, size=2400, class=0, nrcpts=0, proto=ESMTP,
> daemon=MTA, []
> and also this :
> Sep 29 12:33:05 devrt sm-mta[11503]: t8TGX4n2011503:
> [] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA
> Sep 29 12:33:25 devrt sm-mta[11504]: t8TGXOHh011504:
> [] did not issue MAIL/EXPN/VRFY/ETRN
> during connection to MTA
> Thanks,
> Bharath.
> On Tue, Sep 29, 2015 at 1:03 PM, Trev  wrote:
>> Are you using fetchmail ?
>> Error logs ?
>> On Tue, Sep 29, 2015 at 12:58 PM, bharath reddy <
>>> wrote:
>>> Dear All,
>>> I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not
>>> able to receive mails to the server but when I'm updating tickets from Web
>>> then users are receiving the update mails. Basically my machine is not able
>>> to receive mails but able to send mails. Any help or pointers to this issue
>>> will be appreciated.
>>> Thanks,
>>> Bharath.

Re: [rt-users] Regarding incoming mails.

2015-09-29 Thread Trev
Are you using fetchmail ?
Error logs ?

On Tue, Sep 29, 2015 at 12:58 PM, bharath reddy 

> Dear All,
> I've upgraded RT from 4.0.8 to 4.2.12 recently and found that I'm not able
> to receive mails to the server but when I'm updating tickets from Web then
> users are receiving the update mails. Basically my machine is not able to
> receive mails but able to send mails. Any help or pointers to this issue
> will be appreciated.
> Thanks,
> Bharath.

Re: [rt-users] AD integration for external auth

2015-07-07 Thread Trev
Generally speaking, it is typical to create an 'LDAP User' for binding, and
reading purposes within AD itself.

LDAPImport does authenticate against the users in AD. And builds the user
records within RT as I have mapped in my example.

Cronjob to do the import, maybe every 15 minutes. Makes it much easier to
use AD groups within RT as well.

Very dynamic...

On Tue, Jul 7, 2015 at 4:50 PM, Yan Seiner  wrote:

>  I'm kicking this back to the list only.  I've been going round and round
> with this and I have some more information, but still not a solution.
> ldapsearch works:
>  ldapsearch -H ldap:// -b "dc=hpm,dc=net" -s sub
> "(sAMAccountName=yans)" -D 'HPM\yans' -x -W uid
> But notice that I need to use either 'HPM\yans' for the user or the older '
>' for the system to allow me to bind to the ldap server.  The
> way we're set up, any user can bind to the server with valid credentials,
> but anonymous binds are not allowed.
> But the way ExternalAuth is set up, I have to provide the ldap userid and
> password, which in our system would be a real user.
> 'user'  =>  'rt_ldap_username',
> 'pass'  =>  'rt_ldap_password',
> Is there any way to get ExternalAuth to use the credentials entered in the
> login to bind to the ldap server?
> (As near as I can figure, the LDAPImport extension imports the userids
> from ldap, which is not what I need.  I need to authenticate against AD in
> realtime.)
> --Yan
> On 7/7/2015 1:32 PM, Trev wrote:
> Sorry about that, review the blog entry I sent you prior. I do see I did
> add that plugin, again, it's been a while since I wrestled with LDAP
> authentication. So, I threw my working config with notes, into that blog.
> On Tue, Jul 7, 2015 at 1:30 PM, Trev  wrote:
>>  Use -->   Plugin( "RT::Extension::LDAPImport" );
>> Note the configuration I linked to you prior.
>> I had some issues with limited functionality using 
>> Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not 
>> even have had that extension working.
>> On Tue, Jul 7, 2015 at 1:28 PM, Trev < 
>>> wrote:
>>> If you mean during the login via RT Gui --  username is, sAMAccountName.
>>> THere shouldn't be any need to prefix with the domain as the domain is
>>> already be queried.
>>> On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner < 
>>>> wrote:
>>>>  What format do you use for the username?
>>>> When I try hpm\yans which should, in theory, work, I get:
>>>> [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
>>>> dc=hpm,dc=net == Filter: (&(objectClass=*)(sAMAccountName=hpm\5cyans)) ==
>>>> Attrs: sAMAccountName,mail
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>>> Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
>>>> searching for, then we have a problem.   :)
>>>> --Yan
>>>> On 7/7/2015 11:57 AM, Trev wrote:
>>>>  This may help:
>>>> On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner < 
>>>>> wrote:
>>>>> I'm coming back to RT after a few years.  I am trying to set up
>>>>> external auth against our AD server.
>>>>> I have a working implementation for mediawiki, so I know that it's
>>>>> possible on our system.  As far as possible I've duplicated the options
>>>>> from mediawiki/php to rt/perl, but I am still missing something important
>>>>> as all login attempts get rejected with a NoUser.
>>>>> The only thing that I find different (and I'm searching my memory from
>>>>> a few years ago when I set up mediawiki) there is a line where the user
>>>>> name is pre-pended with the domain for AD:
>>>>> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" );

Re: [rt-users] AD integration for external auth

2015-07-07 Thread Trev
Sorry about that, review the blog entry I sent you prior. I do see I did
add that plugin, again, it's been a while since I wrestled with LDAP
authentication. So, I threw my working config with notes, into that blog.

On Tue, Jul 7, 2015 at 1:30 PM, Trev  wrote:

> Use -->   Plugin( "RT::Extension::LDAPImport" );
> Note the configuration I linked to you prior.
> I had some issues with limited functionality using 
> Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may not 
> even have had that extension working.
> On Tue, Jul 7, 2015 at 1:28 PM, Trev  wrote:
>> If you mean during the login via RT Gui --  username is, sAMAccountName.
>> THere shouldn't be any need to prefix with the domain as the domain is
>> already be queried.
>> On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner  wrote:
>>>  What format do you use for the username?
>>> When I try hpm\yans which should, in theory, work, I get:
>>> [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
>>> dc=hpm,dc=net == Filter: (&(objectClass=*)(sAMAccountName=hpm\5cyans)) ==
>>> Attrs: sAMAccountName,mail
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>> Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
>>> searching for, then we have a problem.   :)
>>> --Yan
>>> On 7/7/2015 11:57 AM, Trev wrote:
>>>  This may help:
>>> On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner  wrote:
>>>> I'm coming back to RT after a few years.  I am trying to set up
>>>> external auth against our AD server.
>>>> I have a working implementation for mediawiki, so I know that it's
>>>> possible on our system.  As far as possible I've duplicated the options
>>>> from mediawiki/php to rt/perl, but I am still missing something important
>>>> as all login attempts get rejected with a NoUser.
>>>> The only thing that I find different (and I'm searching my memory from
>>>> a few years ago when I set up mediawiki) there is a line where the user
>>>> name is pre-pended with the domain for AD:
>>>> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" );
>>>> And I can't find anything like that in the RT config.
>>>> Does anyone have a working AD external auth they can share?
>>>> Thanks.
>>>> Here's the logfile snippet:
>>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
>>>> auth service: My_LDAP
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
>>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
>>>> $username (yans) and $service (My_LDAP)
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
>>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
>>>> username: yans , service: My_LDAP
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
>>>> ou=Staff,dc=hpm,dc=net == Filter:
>>>> (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
>>>> cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: (
>>>> My_LDAP ) yans User not found
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
>>>> ExternalAuth. Response: (0, No User)
>>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
>>>> [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
>>>> (/opt/rt4/sbin/../lib/RT/Interface/
>>>> And here's the setup in

Re: [rt-users] AD integration for external auth

2015-07-07 Thread Trev
Use -->   Plugin( "RT::Extension::LDAPImport" );

Note the configuration I linked to you prior.

I had some issues with limited functionality using
Plugin('RT::Authen::ExternalAuth').. it's been a while actually, I may
not even have had that extension working.

On Tue, Jul 7, 2015 at 1:28 PM, Trev  wrote:

> If you mean during the login via RT Gui --  username is, sAMAccountName.
> THere shouldn't be any need to prefix with the domain as the domain is
> already be queried.
> On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner  wrote:
>>  What format do you use for the username?
>> When I try hpm\yans which should, in theory, work, I get:
>> [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
>> dc=hpm,dc=net == Filter: (&(objectClass=*)(sAMAccountName=hpm\5cyans)) ==
>> Attrs: sAMAccountName,mail
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>> Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
>> searching for, then we have a problem.   :)
>> --Yan
>> On 7/7/2015 11:57 AM, Trev wrote:
>>  This may help:
>> On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner  wrote:
>>> I'm coming back to RT after a few years.  I am trying to set up external
>>> auth against our AD server.
>>> I have a working implementation for mediawiki, so I know that it's
>>> possible on our system.  As far as possible I've duplicated the options
>>> from mediawiki/php to rt/perl, but I am still missing something important
>>> as all login attempts get rejected with a NoUser.
>>> The only thing that I find different (and I'm searching my memory from a
>>> few years ago when I set up mediawiki) there is a line where the user name
>>> is pre-pended with the domain for AD:
>>> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" );
>>> And I can't find anything like that in the RT config.
>>> Does anyone have a working AD external auth they can share?
>>> Thanks.
>>> Here's the logfile snippet:
>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
>>> auth service: My_LDAP
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
>>> $username (yans) and $service (My_LDAP)
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
>>> username: yans , service: My_LDAP
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
>>> ou=Staff,dc=hpm,dc=net == Filter:
>>> (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
>>> cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: (
>>> My_LDAP ) yans User not found
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
>>> ExternalAuth. Response: (0, No User)
>>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
>>> [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
>>> (/opt/rt4/sbin/../lib/RT/Interface/
>>> And here's the setup in
>>> Plugin('RT::Authen::ExternalAuth');
>>> Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
>>> Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
>>> Set($ExternalSettings, {
>>>  'My_LDAP'   =>  {
>>>  'type' =>  'ldap',
>>>  'server'   =>  '',
>>> # By not passing 'user' and 'pass' we are using an
>>> anonymous
>>> # bind, which some servers to not allow
>>>  'base'   

Re: [rt-users] AD integration for external auth

2015-07-07 Thread Trev
If you mean during the login via RT Gui --  username is, sAMAccountName.
THere shouldn't be any need to prefix with the domain as the domain is
already be queried.

On Tue, Jul 7, 2015 at 1:24 PM, Yan Seiner  wrote:

>  What format do you use for the username?
> When I try hpm\yans which should, in theory, work, I get:
> [5367] [Tue Jul  7 17:07:28 2015] [debug]: LDAP Search ===  Base:
> dc=hpm,dc=net == Filter: (&(objectClass=*)(sAMAccountName=hpm\5cyans)) ==
> Attrs: sAMAccountName,mail
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> Notice the mangled sAMAccountName=hpm\5cyans .  If this is what it is
> searching for, then we have a problem.   :)
> --Yan
> On 7/7/2015 11:57 AM, Trev wrote:
>  This may help:
> On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner  wrote:
>> I'm coming back to RT after a few years.  I am trying to set up external
>> auth against our AD server.
>> I have a working implementation for mediawiki, so I know that it's
>> possible on our system.  As far as possible I've duplicated the options
>> from mediawiki/php to rt/perl, but I am still missing something important
>> as all login attempts get rejected with a NoUser.
>> The only thing that I find different (and I'm searching my memory from a
>> few years ago when I set up mediawiki) there is a line where the user name
>> is pre-pended with the domain for AD:
>> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" );
>> And I can't find anything like that in the RT config.
>> Does anyone have a working AD external auth they can share?
>> Thanks.
>> Here's the logfile snippet:
>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external
>> auth service: My_LDAP
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
>> $username (yans) and $service (My_LDAP)
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
>> username: yans , service: My_LDAP
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
>> ou=Staff,dc=hpm,dc=net == Filter:
>> (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
>> cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP
>> ) yans User not found
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
>> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
>> ExternalAuth. Response: (0, No User)
>> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
>> [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
>> (/opt/rt4/sbin/../lib/RT/Interface/
>> And here's the setup in
>> Plugin('RT::Authen::ExternalAuth');
>> Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
>> Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
>> Set($ExternalSettings, {
>>  'My_LDAP'   =>  {
>>  'type' =>  'ldap',
>>  'server'   =>  '',
>> # By not passing 'user' and 'pass' we are using an
>> anonymous
>> # bind, which some servers to not allow
>>  'base' =>  'dc=hpm,dc=net',
>>  'filter'   =>  '(objectClass=inetOrgPerson)',
>> # Users are allowed to log in via email address or account
>> # name
>>  'attr_match_list'  => [
>> #   'EmailAddress',
>> # Import the following properties of the user from LDAP
>> upon
>> # login
>> 'attr_map' => {
>> 'Name' => 'sAMAccountName',
>> 'EmailAddress' => 'mail',
>> 'RealName' => 'cn',
>> 'WorkPhone'=> 'telephoneNumber',
>> 'Address1' => 'streetAddress',
>> 'City' => 'l',
>> 'State'=> 'st',
>> 'Zip'  => 'postalCode',
>> 'Country'  => 'co',
>> },
>> },
>> } );

Re: [rt-users] AD integration for external auth

2015-07-07 Thread Trev
This may help:

On Tue, Jul 7, 2015 at 11:24 AM, Yan Seiner  wrote:

> I'm coming back to RT after a few years.  I am trying to set up external
> auth against our AD server.
> I have a working implementation for mediawiki, so I know that it's
> possible on our system.  As far as possible I've duplicated the options
> from mediawiki/php to rt/perl, but I am still missing something important
> as all login attempts get rejected with a NoUser.
> The only thing that I find different (and I'm searching my memory from a
> few years ago when I set up mediawiki) there is a line where the user name
> is pre-pended with the domain for AD:
> $wgLDAPSearchStrings = array( 'HPM' => "HPM\\USER-NAME" );
> And I can't find anything like that in the RT config.
> Does anyone have a working AD external auth they can share?
> Thanks.
> Here's the logfile snippet:
> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Attempting to use external auth
> service: My_LDAP
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Calling UserExists with
> $username (yans) and $service (My_LDAP)
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/
> [4835] [Tue Jul  7 15:17:14 2015] [debug]: UserExists params:
> username: yans , service: My_LDAP
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> [4835] [Tue Jul  7 15:17:14 2015] [debug]: LDAP Search ===  Base:
> ou=Staff,dc=hpm,dc=net == Filter:
> (&(objectClass=inetOrgPerson)(sAMAccountName=yans)) == Attrs:
> cn,co,telephoneNumber,l,postalCode,streetAddress,st,sAMAccountName,mail
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> [4835] [Tue Jul  7 15:17:14 2015] [debug]: User Check Failed :: ( My_LDAP
> ) yans User not found
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> [4835] [Tue Jul  7 15:17:14 2015] [debug]: Autohandler called
> ExternalAuth. Response: (0, No User)
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11)
> [4835] [Tue Jul  7 15:17:14 2015] [error]: FAILED LOGIN for yans from
> (/opt/rt4/sbin/../lib/RT/Interface/
> And here's the setup in
> Plugin('RT::Authen::ExternalAuth');
> Set($ExternalAuthPriority,  [ 'My_LDAP' ]);
> Set($ExternalInfoPriority,  [ 'My_LDAP' ]);
> Set($ExternalSettings, {
>  'My_LDAP'   =>  {
>  'type' =>  'ldap',
>  'server'   =>  '',
> # By not passing 'user' and 'pass' we are using an
> anonymous
> # bind, which some servers to not allow
>  'base' =>  'dc=hpm,dc=net',
>  'filter'   =>  '(objectClass=inetOrgPerson)',
> # Users are allowed to log in via email address or account
> # name
>  'attr_match_list'  => [
> #   'EmailAddress',
> # Import the following properties of the user from LDAP
> upon
> # login
> 'attr_map' => {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'RealName' => 'cn',
> 'WorkPhone'=> 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State'=> 'st',
> 'Zip'  => 'postalCode',
> 'Country'  => 'co',
> },
> },
> } );

Re: [rt-users] RT 4.2.10 and ExternalAuth using LDAP

2015-04-20 Thread Trev
Hello Indrek,

  I had some problems with External Auth as well. I ended up going with
LDAP Import, authentication works based on LDAP credentials being imported.
You have a bit more control as you can filter on groups or user names if
you choose that route.

  I threw together a how to:

  Hope this offers some help.



On Mon, Apr 20, 2015 at 5:16 AM, Indrek Paas  wrote:

> Hi,
> I'm setting up an RT server on:
> CentOS 7.1 x64
> Apache 2.4
> PostgreSQL
> Perl v5.16.3
> Trying to use ExternalAuth to LDAP (Microsoft AD) using these settings in
> Plugin( "RT::Authen::ExternalAuth" );
> Set( $ExternalAuthPriority, ["My_LDAP"] );
> Set( $ExternalInfoPriority, ["My_LDAP"] );
> Set($ExternalSettings, {
> 'My_LDAP'   =>  {
> 'type'  =>  'ldap',
> 'server'=>  '',
> 'user'  =>  'rtbinduser@domain.server
> ',
> 'pass'  =>  'rtbinduserpw',
> 'base'  =>  'ou=Dom Users,ou=Company
> AD,dc=domain,dc=server',
> 'attr_match_list' => [
> 'Name',
> 'EmailAddress',
> ],
> 'attr_map' => {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'sAMAccountName',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> },
> },
> } );
> I start the RT using it's own server : /opt/rt4/sbin/rt-server --port 8080
> Page loads in the browser and I can log in as root but when I try to log
> in using AD account I see in the logs:
> [warning]: Use of uninitialized value $filter in concatenation (.) or
> string at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> line 453.
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> I have been digging through google and the without success. When I
> messed with the 'base' value error changed:
> [25778] [Mon Apr 20 08:55:33 2015] [warning]: Use of uninitialized value
> $filter in concatenation (.) or string at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> line 453.
> (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> [25778] [Mon Apr 20 08:55:33 2015] [error]: Can't call method "as_string"
> on an undefined value at
> /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/
> line 357.
> Stack:
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/]
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/]
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/]
>   [/opt/rt4/sbin/../lib/RT/]
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/]
>   [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10]
> [/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Session:1]
>   [/opt/rt4/sbin/../lib/RT/Interface/]
>   [/opt/rt4/share/html/autohandler:53]
> (/opt/rt4/sbin/../lib/RT/Interface/Web/
> Any suggestions to a right direction are welcome.
> PS! Went with LDAP because other services on the server use it
> successfully. I have installed RT using Kerberos auth before but decided to
> use something "simpler". :D
> --
> Indrek

Re: [rt-users] TicketSQL to select all tickets with requestor "nobody in particular"

2015-03-13 Thread Trev
Use 'nobody' vs. 'nobody in particular' as your search criteria.

On Fri, Mar 13, 2015 at 4:02 PM, Al Joslin  wrote:

> What is the TicketSQL to select all tickets with requestor "nobody in
> particular” ?
> I can’t get  that list from the Search GUI either
> thanks
> al;

Re: [rt-users] RT 4.2.9 Incoming Email configuration with https

2015-02-24 Thread Trev
Worth noting, it may or may not impact your situation, is the
--no-verify-ssl flag you can put on your poll command.

I had a similar situation, different errors, but similar with the https /
cert issue.

set daemon 60
set invisible
set no bouncemail
set no syslog
set logfile /var/log/fetchmail.log
poll protocol imap username "rt-correspondance"
password "password" mda "/opt/rt4/bin/rt-mailgate *--no-verify-ssl* --queue
'IT General' --action correspond --url
" no keep

On Tue, Feb 24, 2015 at 3:19 PM, Daniel Moore 

>  HI,
> I am currently testing to upgrade to RT 4.2.9. I am running 4.2.6
> successfully under normal http: (port 80). I am not wanting to sacrifice
> the https: ability with the upgrade to 4.2.9 and would like to still be
> able to use the full email functionality of RT.
> Here is my setup. I am running Ubuntu 14.04.1 LTS; I have apache 2
> installed with mysql; postfix, and fetchmail. My email server is Microsoft
> Exchange 2010.
> I cannot, for the life of me, get the incoming email setup to work with
> https: enabled. In 4.2.6 I had to disable the redirect and go with just
> HTTP. Everything I have looked on the Wiki, forums, and blogs all point to
> Request Tracker 3 and other things. I have read documentation after
> documentation.
> I am getting the following
> Feb 24 15:14:25 hostname fetchmail[1178]: MDA returned nonzero status 75
> Feb 24 15:14:25 hostname fetchmail[1178]:  not flushed
> I know this means wrong queue. I went through that with 4.2.6 and, like I
> said, eventually found the resolution to be switch from HTTPS redirect to
> simple HTTP. I know this is supposed to work somehow.
> Here is my /etc/aliases file:
> root@servername:~# cat /etc/aliases
> # See man 5 aliases for format
> postmaster:root
> rt: "|/opt/rt4/bin/rt-mailgate --queue General --action correspond
> --url https://rttest.domain.local/";
> Here is my /etc/fetchmailrc file:
> #Daemon Mode
> # This file must be chmod 0600, owner fetchmail
> set daemon 20
> set syslog
> set invisible
> set no bouncemail
> ##
> # Hosts to Poool
> ##
> # Defaults ==
> # Set antispam to -1, since it is far easier to use that together with
> # no bouncemail
> # defaults:
> # timeout 300
> # antispam -1
> # batchlimit 100
> poll exchange.domain.local protocol pop3
> username ""  password "password" mda
> "/opt/rt4/bin/rt-mailgate --queue General --action correspond --url
> https://rttest.domain.local/";
> no keep;
> V/R,
> *Daniel Moore*
> IT Systems Technician
> Osborne Wood Products, Inc.
> [image:]
> P: 706.282.5764
> F: 888.777.4304

Re: [rt-users] ExternalAuth to active directory over SSL

2015-02-24 Thread Trev
Review some of your LDAP settings. I think you have CN and DN in places
where you may want OU, and your LDAP user should be in a different format,
see below.

Hopefully this helps.

Use mine(working.. also cleaned..) as example:

Set($ExternalSettings, {
'My_LDAP'   =>  {
'type'  =>  'ldap',
'server'=>  'ldap://',
'user'  =>  'domain_name\ldapreader',
'pass'  =>  'ldapreader_password',
'base'  =>  'ou=users,ou=services,dc=domain_name,dc=com',
'filter'=>  '(objectClass=person)',
'tls'   =>  0,

'attr_match_list' => [

'attr_map'  => {
'Name'  => 'sAMAccountName',
'EmailAddress'  => 'mail',
'Organization'  => 'department',
'RealName'  => 'cn',
'NickName'  => 'givenName',
'ExternalAuthId'=> 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'MobilePhone'   => 'mobile',
'Address1'  => 'streetAddress',
'City'  => 'l',
'State' => 'st',
'Zip'   => 'postalCode',
'Country'   => 'co'

On Tue, Feb 24, 2015 at 9:35 AM, Guillaume Hilt 

> No one is using LDAPS with Request Tracker ?
>   Guillaume Hilt
> Le 18/02/2015 15:43, Guillaume Hilt a écrit :
>  Hello,
>> I'm using a fresh install of RT 4.0.19 on Ubuntu 14.04 AMD64, using .deb
>> packages.
>> I'm trying to make ExternalAuth work with LDAP over SSL (Active Directory
>> on 2008 R2 x64), we an internal CA managed under Windows 2008 R2 x64.
>> I added the CA cert in /etc/ssl/certs/srv2.lan.domain.com_ca.pem.
>> I followed a previous discussion on this matter here :
>> I'm facing the same issue.
>> $ openssl s_client -connect -CApath
>> /etc/ssl/certs
>> Return Verify return code: 21 (unable to verify the first certificate)
>> $ openssl verify -CAfile /etc/ssl/certs/srv2.lan.domain.com_ca.pem
>> /etc/ssl/certs/srv2.lan.domain.com_cert.pem
>> /etc/ssl/certs/srv2.lan.domain.com_cert.pem: OK
>> Running LDP.exe on the domain controllers running in SSL mode works fine.
>> RT's log gives the following :
>> RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind:
>> An ldapsearch gives me this (snipped hex code) :
>> ldap_initialize( ldaps:// )
>> tls_write: want=117, written=117
>> tls_read: want=3422, got=1443
>> tls_read: want=1979, got=1448
>> tls_read: want=531, got=531
>> tls_write: want=12, written=12
>> tls_write: want=267, written=267
>> tls_write: want=6, written=6
>> tls_write: want=117, written=117
>> tls_read: want=5, got=5
>> tls_read: want=1, got=1
>> tls_read: want=5, got=5
>> tls_read: want=80, got=80
>> TLS: can't connect: (unknown error code).
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>> Here's my configuration :
>> 'AD_LAN' => {
>> 'type'  =>  'ldap',
>> 'server'=> '',
>> 'user'  =>
>> 'CN=r2-d2,CN=Users,DC=lan,DC=domain,DC=com',
>> 'pass'  =>  'XXX',
>> 'base'  => 'CN=Utilisateurs,DC=lan,DC=
>> domain,DC=com',
>> 'filter'=> '(&(objectClass=
>> organizationalPerson)(mail=*))',
>> 'd_filter'  =>
>> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
>> 'group' =>  '',
>> 'group_attr'=>  '',
>> 'tls'   =>  0,
>> 'ssl_version'   =>  3,
>> 'net_ldap_args' =>  [ version => 3, port =>
>> 636, debug => 8 ],
>> 'attr_match_list' => [
>> 'Name',
>> 'EmailAddress',
>> ],
>> 'attr_map' => {
>> 'Name' => 'sAMAccountName',
>> 'EmailAddress' => 'mail',
>> 'Organization' => 'physicalDeliveryOfficeName',
>> 'RealName' => 'cn',
>> 'ExternalAuthId' => 'sAMAccountName',
>> 'Gecos' => 'sAMAccountName',
>> 'WorkPhone' => 'telephoneNumber',
>> 'Address1' => 'streetAddress',
>> 'City' => 'l',
>> 'State' => 'st',
>> 'Zip' => 'postalCode',
>> 'Country' => 'co'

[rt-users] Repeat Ticket - Not creating tickets

2015-02-15 Thread Trev
Odd situation, permissions probably/maybe ?!

Cronjob is run as root, as was the command launched manually a few moments

Root is still an account in RT and has full rights 'do anything and

The Bogus Ticket part, caught my eye...

Any thoughts appreciated.


I have 3 tickets setup for re-occurrence, manually firing off the cron job
with logging set to debug returns the following:

Command line is run:
[25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 682
[25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than
0, forcing to 0: [-1] (/opt/rt4/lib/RT/
[25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than
0, forcing to 0: [-1] (/opt/rt4/lib/RT/
[25855] [Mon Feb 16 00:56:53 2015] [notice]: Passed a unix time less than
0, forcing to 0: [-1] (/opt/rt4/lib/RT/
[25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 1448
[25855] [Mon Feb 16 00:56:53 2015] [info]: Repeating ticket 1458

Syslog entries:
Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 682
Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted
lead time date 2015-03-01
*Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: ''
Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing
to 0: [-1]
*Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: ''
Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing
to 0: [-1]
Feb 15 19:56:53 jamie RT: [25855] Checking date 1970-01-20 with adjusted
lead time date 1970-02-03
*Feb 15 19:56:53 jamie RT: [25855] Tried to load a bogus ticket id: ''
Feb 15 19:56:53 jamie RT: [25855] Passed a unix time less than 0, forcing
to 0: [-1]
Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 1448
Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted
lead time date 2015-03-01
Feb 15 19:56:53 jamie RT: [25855] RT::Date used Time::ParseDate to make
'2015-02-15' 1423976400 (/opt/rt4/lib/RT/
Feb 15 19:56:53 jamie RT: [25855] Checking date 2015-02-15 with adjusted
lead time date 2015-03-01
Feb 15 19:56:53 jamie RT: [25855] RT::Date used Time::ParseDate to make
'2015-02-15' 1423976400 (/opt/rt4/lib/RT/
Feb 15 19:56:53 jamie RT: [25855] Repeating ticket 1458

Re: [rt-users] user privilleges: can not assign tickets to some users

2015-02-10 Thread Trev
Check their group or explicit user rights vs rights perhaps applied to

Are they a member of group(s) that have have different permission sets...

On Tue, Feb 10, 2015 at 12:45 PM, Boris Epstein 

> Trev,
> Thanks, this is a thought. However, those same users can indeed own those
> same tickets - that does not seem to be a problem as long as somebody other
> than the two users in question does the assigning. That is the part that
> mystifies me.
> Boris.
> On Tue, Feb 10, 2015 at 12:13 PM, Trev  wrote:
>> Permissions for the other users to 'Own a Ticket'.
>> On Tue, Feb 10, 2015 at 12:10 PM, Boris Epstein 
>> wrote:
>>> Hello all,
>>> If I have a user who seemingly should be able to assign tickets to any
>>> other user but can only assign them to some - what are the positive causes
>>> of that? I have two such users, they seem to have configurations identical
>>> to those of other users who can assign tickets to everyone - so I am a bit
>>> puzzled.
>>> Thanks in advance for any and all help.
>>> Cheers,
>>> Boris.

Re: [rt-users] user privilleges: can not assign tickets to some users

2015-02-10 Thread Trev
Permissions for the other users to 'Own a Ticket'.

On Tue, Feb 10, 2015 at 12:10 PM, Boris Epstein 

> Hello all,
> If I have a user who seemingly should be able to assign tickets to any
> other user but can only assign them to some - what are the positive causes
> of that? I have two such users, they seem to have configurations identical
> to those of other users who can assign tickets to everyone - so I am a bit
> puzzled.
> Thanks in advance for any and all help.
> Cheers,
> Boris.

[rt-users] Stripping Attachments During Create

2015-02-02 Thread Trev
My situation is this, I have users sending in support requests and they are
processing just fine. I am using fetchmail and mailgate, no problems,
tickets get created etc...

I want to strip attachments however, specifically those associated with
signatures internal to the company.

How can I best go about stripping these?

Preferably based on attachment name:

Thanks in advance!

Re: [rt-users] Auto Create Ticket Scrip

2015-01-11 Thread Trev
I figured my issue out, set the logging to debug mode and just, worked the

Template Syntax Issue

Queue => vs. Queue:


Thanks for the help either way, appreciated!

On Sun, Jan 11, 2015 at 12:32 PM, Trev  wrote:

> Syslog Errors -- The $template_id seems warning level to me, but may be an
> issue. I went into the database and confirmed the data correct for template
> ids etc.. etc..
> Attached configuration snapshots..
> Any further thoughts appreciated, thanks!
> Jan 11 12:23:16 jamie RT: [9697] Committing scrip #13 on txn #1759 of
> ticket #125 (/opt/rt4/sbin/../lib/RT/
> Jan 11 12:23:16 jamie RT: [9697] Line: ===
> (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] ===Create Ticket: ticket1
> (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
> in hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
> Jan 11 12:23:16 jamie RT: [9697] Subject: Auto Generation Test
>  (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
> in hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
> Jan 11 12:23:16 jamie RT: [9697] Queue => RT Testing
> (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
> in hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
> Jan 11 12:23:16 jamie RT: [9697] Content: Someone has created a ticket.
> you should review and approve it,
> (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
> in hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
> Jan 11 12:23:16 jamie RT: [9697] so they can finish their work
> (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
> in hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
> Jan 11 12:23:16 jamie RT: [9697] ENDOFCONTENT
> (/opt/rt4/sbin/../lib/RT/Action/
> Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id
> in hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
> ​
> On Sat, Jan 10, 2015 at 7:51 PM, Alex Peters  wrote:
>> A "user-defined" action will do nothing if the corresponding "custom
>> action code" boxes are empty.  (That should probably actually trigger an
>> error.)
>> Setting your scrip's action to "Create Tickets" should have your scrip
>> working as expected.
>> You can also use queue names in create-ticket templates if you'd prefer
>> the template to be a little more self-explanatory.
>> On 11 January 2015 at 08:00, Trev  wrote:
>>> Hi all,
>>>   4.2.4 on Debian
>>>   Created a scrip that calls a custom template to create a ticket in a
>>> queue when another ticket is created. Seems easy enough, but I am having a
>>> little bit of difficulty implementing it.
>>>   So this is applied to a queue that I am opening tickets selecting...
>>> no 'auto tickets' are creating.
>>>   What am I doing wrong or missing?
>>>   Thanks!
>>>   The Scrip:
>>>- Description: New User - Auto Create Tickets
>>>- Condition:On Create
>>>- Action:User Defined (I've toggled this back and forth from
>>>Open Tickets to User Defined)
>>>- Template:New User - Tickets
>>>- The 3 boxes below are EMPTY (custom conditions, prep and action...)
>>>   The Template:
>>>- Name: New User - Tickets
>>>- Description:
>>>- Type:  Perl (default)
>>> ===Create-Ticket: IT Security Modifications
>>> Queue   => 14
>>> Subject: Access for {$Tickets{'TOP'}->Subject()}
>>> Owner: {$Tickets{'TOP'}->Owner()}
>>> Depended-On-By: {$Tickets{'TOP'}->Id()}
>>> Content: Please attach approved changes for further approvals and
>>> implementation.

Re: [rt-users] Auto Create Ticket Scrip

2015-01-11 Thread Trev
Syslog Errors -- The $template_id seems warning level to me, but may be an
issue. I went into the database and confirmed the data correct for template
ids etc.. etc..

Attached configuration snapshots..

Any further thoughts appreciated, thanks!

Jan 11 12:23:16 jamie RT: [9697] Committing scrip #13 on txn #1759 of
ticket #125 (/opt/rt4/sbin/../lib/RT/
Jan 11 12:23:16 jamie RT: [9697] Line: ===
Jan 11 12:23:16 jamie RT: [9697] ===Create Ticket: ticket1
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
Jan 11 12:23:16 jamie RT: [9697] Subject: Auto Generation Test
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
Jan 11 12:23:16 jamie RT: [9697] Queue => RT Testing
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
Jan 11 12:23:16 jamie RT: [9697] Content: Someone has created a ticket. you
should review and approve it,
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
Jan 11 12:23:16 jamie RT: [9697] so they can finish their work
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.
Jan 11 12:23:16 jamie RT: [9697] ENDOFCONTENT
Jan 11 12:23:16 jamie RT: [9697] Use of uninitialized value $template_id in
hash element at /opt/rt4/sbin/../lib/RT/Action/ line 594.


On Sat, Jan 10, 2015 at 7:51 PM, Alex Peters  wrote:

> A "user-defined" action will do nothing if the corresponding "custom
> action code" boxes are empty.  (That should probably actually trigger an
> error.)
> Setting your scrip's action to "Create Tickets" should have your scrip
> working as expected.
> You can also use queue names in create-ticket templates if you'd prefer
> the template to be a little more self-explanatory.
> On 11 January 2015 at 08:00, Trev  wrote:
>> Hi all,
>>   4.2.4 on Debian
>>   Created a scrip that calls a custom template to create a ticket in a
>> queue when another ticket is created. Seems easy enough, but I am having a
>> little bit of difficulty implementing it.
>>   So this is applied to a queue that I am opening tickets selecting... no
>> 'auto tickets' are creating.
>>   What am I doing wrong or missing?
>>   Thanks!
>>   The Scrip:
>>- Description: New User - Auto Create Tickets
>>- Condition:On Create
>>- Action:User Defined (I've toggled this back and forth from
>>Open Tickets to User Defined)
>>- Template:New User - Tickets
>>- The 3 boxes below are EMPTY (custom conditions, prep and action...)
>>   The Template:
>>- Name: New User - Tickets
>>- Description:
>>- Type:  Perl (default)
>> ===Create-Ticket: IT Security Modifications
>> Queue   => 14
>> Subject: Access for {$Tickets{'TOP'}->Subject()}
>> Owner: {$Tickets{'TOP'}->Owner()}
>> Depended-On-By: {$Tickets{'TOP'}->Id()}
>> Content: Please attach approved changes for further approvals and
>> implementation.

[rt-users] Auto Create Ticket Scrip

2015-01-10 Thread Trev
Hi all,

  4.2.4 on Debian

  Created a scrip that calls a custom template to create a ticket in a
queue when another ticket is created. Seems easy enough, but I am having a
little bit of difficulty implementing it.

  So this is applied to a queue that I am opening tickets selecting... no
'auto tickets' are creating.

  What am I doing wrong or missing?


  The Scrip:

   - Description: New User - Auto Create Tickets
   - Condition:On Create
   - Action:User Defined (I've toggled this back and forth from
   Open Tickets to User Defined)
   - Template:New User - Tickets
   - The 3 boxes below are EMPTY (custom conditions, prep and action...)

  The Template:

   - Name: New User - Tickets
   - Description:
   - Type:  Perl (default)

===Create-Ticket: IT Security Modifications
Queue   => 14
Subject: Access for {$Tickets{'TOP'}->Subject()}
Owner: {$Tickets{'TOP'}->Owner()}
Depended-On-By: {$Tickets{'TOP'}->Id()}
Content: Please attach approved changes for further approvals and