[rt-users] managing ldap users / RT-Authen-ExternalAuth question

2010-09-29 Thread Val Polyakov 
Hi,

My RT-Authen-ExternalAuth works - as in, I can login to RT using my active
directory username/password.

however, when I login using my AD account I don't see many things. I only
see open tickets / closed tickets / new ticket  on the left side there..

how can I give the ability to view all queues to authenticated users, for
instance? I tried doing this in config - global - group rights:
SeeQueue to Everyone
but that didn't seem to help..


also, another question:

if I go to configuration - users I only see root there. I don't see the
LDAP account that I successfully logged in with previously. Why?

My RT_SiteConfig.pm and externalauth's RT_SiteConfig.pm are attached# Any configuration directives you include  here will override 
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
#   perl -c /path/to/your/etc/RT_SiteConfig.pm

Set( $rtname, 'rt.mydomain.org');
Set( $Organization, 'rt.mydomain.org');
Set($MinimumPasswordLength , 5);
Set($Timezone , 'US/Eastern');

Set(@Plugins, qw(
			RT::Authen::ExternalAuth
		));

Set($HomepageComponents, [qw(
			 QuickCreate
			 Quicksearch
			 MyAdminQueues
			 MySupportQueues
			 MyReminders
			 RefreshHomepage
			 Dashboards
			)]);

Set( $DatabaseType, 'mysql');
Set( $DatabaseHost, 'localhost');
Set( $DatabaseRTHost , 'localhost');
Set( $DatabaseName , 'rt3'); 
Set( $DatabasePort , '');
Set( $DatabaseUser , 'rtuser');
Set( $DatabasePassword , 'mypassword');

Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);

Set($SendmailArguments , -oi -t -f vpolya...@mydomain.org);

Set($MaxAttachmentSize , 1000);

Set($RTAddressRegexp , '^...@rt.mydomain.org$');
Set($CorrespondAddress , 'no-re...@rt.mydomain.org');
Set($CommentAddress , 'no-re...@rt.mydomain.org');

Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , \%s\ %s);
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat , \%s Ticket #%s\:;);

Set($NotifyActor , 0);
Set($RecordOutgoingEmail , 1);

Set($WebPath , /ticket);
Set($WebPort , 80);
Set($WebBaseURL , http://rt;);
Set($WebURL , $WebBaseURL . $WebPath . /);
Set($WebImagesURL , $WebURL . /NoAuth/images);

Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, HARD);

Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);

Set($OldestTransactionsFirst, '1');

Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);

require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm;
Set($Autocreate,			{Privileged = 1});

#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));
1;

RT_SiteConfig.pm.externalauth
Description: Binary data

RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] managing ldap users / RT-Authen-ExternalAuth question

2010-09-29 Thread Val Polyakov 
 Can you log in as root?

yes

 If so you should be able to search for the ldap user you logged in as and
 then grant them access.

how? where do I search? the only 'users' that I see is in configuration -
users, and you're saying thats the wrong place..



RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] managing ldap users / RT-Authen-ExternalAuth question

2010-09-29 Thread Val Polyakov 
perfect, that worked!

few more questions:

I downloaded rtldapimport and took a look at the readme, and here's the
thing: my users are spread out across 5 OUs - there's no single OU to
point rtldapimpoirt to and have it import all of my users. is there a way
for me to specify the 5 bases to search in?

and another:

what would be the easiest/quickest way to make all my ldap users
priveleged, after they are imported through rtldapimport?

thanks again for all your help

--Val


 Val,

 At the bottom of the COnfig-Users display page is a box you can check to
 include disabled users in the search. Check that you should see
 everyone.

 Kenn
 LBNL

 On Wed, Sep 29, 2010 at 9:11 AM, Val Polyakov v...@polyakov.me wrote:

  Can you log in as root?

 yes

  If so you should be able to search for the ldap user you logged in as
 and
  then grant them access.

 how? where do I search? the only 'users' that I see is in configuration
 -
 users, and you're saying thats the wrong place..



 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!


 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!



RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] managing ldap users / RT-Authen-ExternalAuth question

2010-09-29 Thread Val Polyakov 
 Val,

 You could set your RT_SiteConfigure.pm file with these settings:

 *Set($AutoCreate, ‘Privileged’=1);*


 This would ensure any additions would all be privileged.


awesome, thanks


 As to those that are already Users, I have no idea how to make them all
 Privileged.

it's a fresh install with no users, so far I was the only one who logged
in to this thing with my AD account.. and I already made that one
priveleged manually. so looks like I'm all set for now :)


I've asked this before on the list, but didnt get any replies.. I'll try
my luck again here, if you don't mind:

My users are spread across 5 OUs:

ou=users,ou=city,dc=mydomain,dc=org  where city is the city that they
reside in. there's no catchall OU with all of these users.

how can I set up RT-Authen-ExternalAuth to look in all 5 OUs for the user?

I have this now:
...
'base'  =  'ou=Users,ou=Yonkers,dc=mydomain,dc=org',
...

Feel like I'm overlooking something simple.

perhaps I need to set up 5 ldap sections inside
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
(My_LDAP, My_LDAP1, MY_LDAP2, etc), with them being absolutely identical
aside for the city OU?

Not sure


RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] ldap externalauth problem

2010-09-27 Thread Val Polyakov 
ldapsearch works, i can find myself using:

ldapsearch -LLL -x -H ldap://ADserver:389 -b
'ou=users,ou=yonkers,dc=mydomain,dc=org' -D 'cn=rt,ou=Service
Accounts,ou=Users,ou=HIGHSECURITY,dc=mydomain,dc=org' -w 'rtPassword'
'((ObjectClass=Person)(cn=Polyakov, Valeriy))'


I also turned on debug loging for externalauth, and here's what I see in
the log. the password im providing is correct, it seems to be able to find
my account, but then I get an auth failure..  why ? :/


[Mon Sep 27 17:11:18 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Sep 27 17:11:18 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Sep 27 17:11:18 2010] [debug]: Calling UserExists with $username
(polyva) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Sep 27 17:11:18 2010] [debug]: UserExists params:
username: polyva , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Sep 27 17:11:18 2010] [debug]: LDAP Search ===  Base:
ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter:
(((ObjectCategory=User))(sAMAccountName=polyva)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,mail
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Mon Sep 27 17:11:18 2010] [debug]: Password validation required for
service - Executing...
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Mon Sep 27 17:11:18 2010] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Mon Sep 27 17:11:18 2010] [debug]: LDAP Search ===  Base:
ou=Users,ou=Yonkers,dc=consumer,dc=org == Filter:
((sAMAccountName=polyva)((ObjectCategory=User))) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Mon Sep 27 17:11:18 2010] [debug]: Found LDAP DN: CN=Polyakov\,
Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Mon Sep 27 17:11:18 2010] [debug]: LDAP Search ===  Base:
ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter: (member=CN=Polyakov,
Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Mon Sep 27 17:11:18 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Mon Sep 27 17:11:18 2010] [debug]: LDAP password validation result: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Mon Sep 27 17:11:18 2010] [debug]: Password Validation Check Result:  0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Mon Sep 27 17:11:18 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, Password Invalid)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Sep 27 17:11:18 2010] [error]: FAILED LOGIN for polyva from
192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)



 Val,
 Have you verified that ldapsearch works for you on this box?

 I used something like this to test:


 ldapsearch -LLL -x -H ldap://ldap server:389 -b
 'DC=corp,DC=something,DC=com' -D 'ldapu...@corp.something.com' -w
 'ldapuser password' '((ObjectClass=Person)(cn=username to search
 for))'


 I had to request from our Windows AD guys to allow the ldapuser to be able
 to read all user information.  I also had to have them open the firewall
 to our server, because by default, they only allow certain servers to
 query the AD servers.

 John



 On 09/27/2010 10:14 AM, Val Polyakov wrote:

   Trying to get my RT 3.8.8 on RHEL5 to authenticate against our corporate
 AD.

   I followed this guide here:
   http://wiki.bestpractical.com/view/CentOS5InstallPlusSome

   I also checked that apache has access to over here
 (RT-Authen-ExternalAuth
   dir was chgrp -R'ed and chmod -R 770'ed):

   [r...@rt plugins]# pwd
   /opt/rt3/local/plugins
   [r...@rt plugins]# ls -ltr
   total 4
   drwxrwx--- 5 root apache 4096 Sep 13 14:16 RT-Authen-ExternalAuth
   [r...@rt plugins]# ps awwwux |grep httpd
   root  2313  0.1  4.1 348008 83360 ?Ss   10:32   0:02
   /usr/sbin/httpd
   apache2317  0.0  4.1 350272 82612 ?S10:32   0:00
   /usr/sbin/httpd
   apache2318  0.0  4.1 350272 82616 ?S10:32   0:00
   /usr/sbin/httpd
   apache2319  0.0  4.0 348204 82216 ?S10:32   0:00
   /usr/sbin/httpd
   apache2320  0.0  4.1 350272

Re: [rt-users] ldap externalauth problem

2010-09-27 Thread Val Polyakov 
sure

 'filter'=  '((ObjectCategory=User))',
 'd_filter'  =  '(userAccountControl=514)',


[Mon Sep 27 17:39:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Sep 27 17:39:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Sep 27 17:39:08 2010] [debug]: Calling UserExists with $username
(polyva) and $service (My_LDAP)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
[Mon Sep 27 17:39:08 2010] [debug]: UserExists params:
username: polyva , service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
[Mon Sep 27 17:39:08 2010] [debug]: LDAP Search ===  Base:
ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter:
(((ObjectCategory=User))(sAMAccountName=polyva)) == Attrs:
l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,mail
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
[Mon Sep 27 17:39:08 2010] [debug]: Password validation required for
service - Executing...
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
[Mon Sep 27 17:39:08 2010] [debug]: Trying external auth service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
[Mon Sep 27 17:39:08 2010] [debug]: LDAP Search ===  Base:
ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter:
((sAMAccountName=polyva)((ObjectCategory=User))) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
[Mon Sep 27 17:39:08 2010] [debug]: Found LDAP DN: CN=Polyakov\,
Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
[Mon Sep 27 17:39:08 2010] [debug]: LDAP Search ===  Base:
ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter: (member=CN=Polyakov,
Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org) == Attrs: dn
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
[Mon Sep 27 17:39:08 2010] [info]: My_LDAP AUTH FAILED: polyva
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
[Mon Sep 27 17:39:08 2010] [debug]: LDAP password validation result: 0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
[Mon Sep 27 17:39:08 2010] [debug]: Password Validation Check Result:  0
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
[Mon Sep 27 17:39:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, Password Invalid)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
[Mon Sep 27 17:39:08 2010] [error]: FAILED LOGIN for polyva from
192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
[Mon Sep 27 17:39:08 2010] [debug]: Reloading RT::User to work around a
bug in RT-3.8.0 and RT-3.8.1
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
[Mon Sep 27 17:39:08 2010] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon Sep 27 17:39:08 2010] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon Sep 27 17:39:08 2010] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

 Can you remove the d_filter you have?  Its different than what I have
 'd_filter' =  '(userAccountControl=514)',

 Jason Ledford
 Systems Analyst
 The Biltmore Company
 One North Pack Square
 Asheville, NC 28801
 (828) 225-6127
 
 From: rt-users-boun...@lists.bestpractical.com
 [rt-users-boun...@lists.bestpractical.com] On Behalf Of Val Polyakov
 [...@polyakov.me]
 Sent: Monday, September 27, 2010 1:19 PM
 To: John Alberts
 Cc: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] ldap externalauth problem

 ldapsearch works, i can find myself using:

 ldapsearch -LLL -x -H ldap://ADserver:389 -b
 'ou=users,ou=yonkers,dc=mydomain,dc=org' -D 'cn=rt,ou=Service
 Accounts,ou=Users,ou=HIGHSECURITY,dc=mydomain,dc=org' -w 'rtPassword'
 '((ObjectClass=Person)(cn=Polyakov, Valeriy))'


 I also turned on debug loging for externalauth, and here's what I see in
 the log. the password im providing is correct, it seems to be able to find
 my account, but then I get an auth failure..  why ? :/


 [Mon Sep 27 17:11:18 2010] [debug]: Reloading RT::User to work around a
 bug in RT-3.8.0 and RT-3.8.1
 (/opt/rt3/local/plugins/RT

Re: [rt-users] ldap externalauth problem

2010-09-27 Thread Val Polyakov 
 17:39:08 2010] [debug]: LDAP Search ===  Base:
 ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter: (member=CN=Polyakov,
 Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org) == Attrs: dn
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:100)
 [Mon Sep 27 17:39:08 2010] [info]: My_LDAP AUTH FAILED: polyva
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:127)
 [Mon Sep 27 17:39:08 2010] [debug]: LDAP password validation result: 0
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:334)
 [Mon Sep 27 17:39:08 2010] [debug]: Password Validation Check Result:  0
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159)
 [Mon Sep 27 17:39:08 2010] [debug]: Autohandler called ExternalAuth.
 Response: (0, Password Invalid)
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)
 [Mon Sep 27 17:39:08 2010] [error]: FAILED LOGIN for polyva from
 192.168.110.125 (/opt/rt3/bin/../lib/RT/Interface/Web.pm:424)
 [Mon Sep 27 17:39:08 2010] [debug]: Reloading RT::User to work around a
 bug in RT-3.8.0 and RT-3.8.1
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
 [Mon Sep 27 17:39:08 2010] [debug]: Attempting to use external auth
 service: My_LDAP
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
 [Mon Sep 27 17:39:08 2010] [debug]: SSO Failed and no user to test with.
 Nexting
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
 [Mon Sep 27 17:39:08 2010] [debug]: Autohandler called ExternalAuth.
 Response: (0, No User)
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:26)

 Can you remove the d_filter you have?  Its different than what I have
 'd_filter' =  '(userAccountControl=514)',

 Jason Ledford
 Systems Analyst
 The Biltmore Company
 One North Pack Square
 Asheville, NC 28801
 (828) 225-6127
 
 From: rt-users-boun...@lists.bestpractical.com
 [rt-users-boun...@lists.bestpractical.com] On Behalf Of Val Polyakov
 [...@polyakov.me]
 Sent: Monday, September 27, 2010 1:19 PM
 To: John Alberts
 Cc: rt-users@lists.bestpractical.com
 Subject: Re: [rt-users] ldap externalauth problem

 ldapsearch works, i can find myself using:

 ldapsearch -LLL -x -H ldap://ADserver:389 -b
 'ou=users,ou=yonkers,dc=mydomain,dc=org' -D 'cn=rt,ou=Service
 Accounts,ou=Users,ou=HIGHSECURITY,dc=mydomain,dc=org' -w 'rtPassword'
 '((ObjectClass=Person)(cn=Polyakov, Valeriy))'


 I also turned on debug loging for externalauth, and here's what I see in
 the log. the password im providing is correct, it seems to be able to
 find
 my account, but then I get an auth failure..  why ? :/


 [Mon Sep 27 17:11:18 2010] [debug]: Reloading RT::User to work around a
 bug in RT-3.8.0 and RT-3.8.1
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:14)
 [Mon Sep 27 17:11:18 2010] [debug]: Attempting to use external auth
 service: My_LDAP
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
 [Mon Sep 27 17:11:18 2010] [debug]: Calling UserExists with $username
 (polyva) and $service (My_LDAP)
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:105)
 [Mon Sep 27 17:11:18 2010] [debug]: UserExists params:
 username: polyva , service: My_LDAP
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:274)
 [Mon Sep 27 17:11:18 2010] [debug]: LDAP Search ===  Base:
 ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter:
 (((ObjectCategory=User))(sAMAccountName=polyva)) == Attrs:
 l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,mail
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:304)
 [Mon Sep 27 17:11:18 2010] [debug]: Password validation required for
 service - Executing...
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:155)
 [Mon Sep 27 17:11:18 2010] [debug]: Trying external auth service:
 My_LDAP
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:16)
 [Mon Sep 27 17:11:18 2010] [debug]: LDAP Search ===  Base:
 ou=Users,ou=Yonkers,dc=consumer,dc=org == Filter:
 ((sAMAccountName=polyva)((ObjectCategory=User))) == Attrs: dn
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:43)
 [Mon Sep 27 17:11:18 2010] [debug]: Found LDAP DN: CN=Polyakov\,
 Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:75)
 [Mon Sep 27 17:11:18 2010] [debug]: LDAP Search ===  Base:
 ou=Users,ou=Yonkers,dc=mydomain,dc=org == Filter: (member=CN=Polyakov,
 Valeriy,OU=Users,OU=YONKERS,DC=mydomain,DC=org) == Attrs: dn
 (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT

Re: [rt-users] Securing /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

2010-09-19 Thread Val Polyakov 
Any thoughts, anyone ?

 Hello,

 what are our options as far as securing RT_SiteConfig.pm goes?

 My company has pretty strict security requirements, and our security team
 will simply not allow us to store the ldap username/password in a plain
 text file on the RT server (and I can fully understand their concerns).

 What are some options here? Again, keeping in mind that the requirement is
 for the password (at least the password, that is) to NOT be plaintext in
 RT_SiteConfig.pm

 Solutions like well make the file only readable by root aren't going to
 be accepted (not by me, but by our security team). Needs to be a hashed
 password, may be, or something.. I don't know.. soliciting ideas.

 --Val


 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!




RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

[rt-users] Securing /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

2010-09-15 Thread Val Polyakov 
Hello,

what are our options as far as securing RT_SiteConfig.pm goes?

My company has pretty strict security requirements, and our security team
will simply not allow us to store the ldap username/password in a plain
text file on the RT server (and I can fully understand their concerns).

What are some options here? Again, keeping in mind that the requirement is
for the password (at least the password, that is) to NOT be plaintext in
RT_SiteConfig.pm

Solutions like well make the file only readable by root aren't going to
be accepted (not by me, but by our security team). Needs to be a hashed
password, may be, or something.. I don't know.. soliciting ideas.

--Val


RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] Securing /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm

2010-09-15 Thread Val Polyakov 
Plaintext.

But that doesnt matter - because its a RT db, with nothing else on it.
Security has no problem with it.

They only have a problem with storing the domain account credentials in
plaintext.

--Val

   On 09/15/2010 12:52 PM, Val Polyakov wrote:
 Hello,

 what are our options as far as securing RT_SiteConfig.pm goes?

 My company has pretty strict security requirements, and our security
 team
 will simply not allow us to store the ldap username/password in a plain
 text file on the RT server (and I can fully understand their concerns).

 What are some options here? Again, keeping in mind that the requirement
 is
 for the password (at least the password, that is) to NOT be plaintext in
 RT_SiteConfig.pm

 Solutions like well make the file only readable by root aren't going
 to
 be accepted (not by me, but by our security team). Needs to be a hashed
 password, may be, or something.. I don't know.. soliciting ideas.

 --Val
 How are you storing the database userid and password in that case?

 Jeff

 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!




RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

[rt-users] RT 3.8.8 rt-mailgate issues

2010-09-14 Thread Val Polyakov 
rt-mailgate doesn't seem to be injecting new tickets into a fresh install
of rt 3.8.8 on RHEL5

/var/log/maillog reports:

Sep 14 14:20:13 myhost sendmail[32687]: o8EIKDHh032687:
from=r...@myhost.mydomain.com, size=353, class=0, nrcpts=1,
msgid=201009141820.o8eikdoz032...@myhost.mydomain.com, proto=ESMTP,
daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Sep 14 14:20:13 myhost sendmail[32686]: o8EIKDoZ032686:
to...@myhost.mydomain.com, ctladdr=root (0/0), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30065, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (o8EIKDHh032687 Message accepted for delivery)
Sep 14 14:20:13 myhost sendmail[32688]: o8EIKDHh032687:
to=|/etc/smrsh/rt-mailgate --queue general --action correspond --url
http://myhost.mydomain.com/ticket;, ctladdr=r...@myhost.mydomain.com
(8/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=30576, dsn=2.0.0,
stat=Sent


I have the following in /etc/aliases :

rt: |/etc/smrsh/rt-mailgate --queue general --action correspond 
--url
http://myhost.mydomain.com/ticket;
rt-comment: |/etc/smrsh/rt-mailgate --queue general --action comment
--url http://myhost.mydomain.com/ticket;


The following produces no errors, but doesn't inject the ticket into RT
either:

[r...@myhost ~]# cat msg.txt | /etc/smrsh/rt-mailgate --queue general
--action correspond --url http://myhost.mydomain.com/ticket
[r...@myhost ~]#

[r...@myhost ~]# cat msg.txt
testing
[r...@myhost ~]#



Can anyone push me in the right direction on how to troubleshoot this?



RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] RT 3.8.8 rt-mailgate issues

2010-09-14 Thread Val Polyakov 
Hello, anyone ?

[r...@myhost ~]# echo hi | /etc/smrsh/rt-mailgate --queue General
--action correspond --url http://myhost.mydomain.com/ticket --debug
/etc/smrsh/rt-mailgate: temp file is '/tmp/Bsdm047j3r'
/etc/smrsh/rt-mailgate: connecting to
http://myhost.mydomain.com/ticket/REST/1.0/NoAuth/mail-gateway
not ok - Could not load a valid user
[r...@myhost ~]#

I have granted CreateTicket and ReplyToTicket rights to Everyone for the
general queue ...

does anyone know what's going on?


 rt-mailgate doesn't seem to be injecting new tickets into a fresh install
 of rt 3.8.8 on RHEL5

 /var/log/maillog reports:

 Sep 14 14:20:13 myhost sendmail[32687]: o8EIKDHh032687:
 from=r...@myhost.mydomain.com, size=353, class=0, nrcpts=1,
 msgid=201009141820.o8eikdoz032...@myhost.mydomain.com, proto=ESMTP,
 daemon=MTA, relay=localhost.localdomain [127.0.0.1]
 Sep 14 14:20:13 myhost sendmail[32686]: o8EIKDoZ032686:
 to...@myhost.mydomain.com, ctladdr=root (0/0), delay=00:00:00,
 xdelay=00:00:00, mailer=relay, pri=30065, relay=[127.0.0.1] [127.0.0.1],
 dsn=2.0.0, stat=Sent (o8EIKDHh032687 Message accepted for delivery)
 Sep 14 14:20:13 myhost sendmail[32688]: o8EIKDHh032687:
 to=|/etc/smrsh/rt-mailgate --queue general --action correspond --url
 http://myhost.mydomain.com/ticket;, ctladdr=r...@myhost.mydomain.com
 (8/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=30576, dsn=2.0.0,
 stat=Sent


 I have the following in /etc/aliases :

 rt:   |/etc/smrsh/rt-mailgate --queue general --action correspond 
 --url
 http://myhost.mydomain.com/ticket;
 rt-comment:   |/etc/smrsh/rt-mailgate --queue general --action comment
 --url http://myhost.mydomain.com/ticket;


 The following produces no errors, but doesn't inject the ticket into RT
 either:

 [r...@myhost ~]# cat msg.txt | /etc/smrsh/rt-mailgate --queue general
 --action correspond --url http://myhost.mydomain.com/ticket
 [r...@myhost ~]#

 [r...@myhost ~]# cat msg.txt
 testing
 [r...@myhost ~]#



 Can anyone push me in the right direction on how to troubleshoot this?



 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!




RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

[rt-users] rt 3.8.8 issue with CSS

2010-09-13 Thread Val Polyakov 
Hello,

I have a fresh install of rt-3.8.8 on RHEL5

when I go to http://serverIP/ticket   (/ticket is aliased in apache
configs to /opt/rt3/share/html, which is where the RT is installed) I get
the login screen, but alasa, with no CSS. so it looks ugly..

I don't see any errors at all in apache's access_log and error_log (no
404s or anything)

I see that I do, indeed, have CSS:

[r...@curt css]# pwd
/opt/rt3/share/html/NoAuth/css
[r...@curt css]# ls -l
total 28
drwxr-xr-x 2 root bin 4096 Sep  7 12:34 3.4-compat
drwxr-xr-x 2 root bin 4096 Sep  7 12:34 3.5-default
-rw-r--r-- 1 root bin 2390 Sep  7 12:34 autohandler
drwxr-xr-x 2 root bin 4096 Sep  7 12:34 base
-rw-r--r-- 1 root bin 2649 Sep  7 12:34 dhandler
-rw-r--r-- 1 root bin 3043 Sep  7 12:34 print.css
drwxr-xr-x 3 root bin 4096 Sep  7 12:34 web2
[r...@curt css]#

nothing's weird about the install, SELinux is disabled, etc..


any ideas?


RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] rt 3.8.8 issue with CSS

2010-09-13 Thread Val Polyakov 
Also, thought it might be a good idea to attach my RT_SiteConfig.pm ...

And this:

[r...@curt conf.d]# cat rt3.conf
Alias /ticket /opt/rt3/share/html

PerlRequire /opt/rt3/bin/webmux.pl

Directory /opt/rt3/share/html
  AllowOverride All
  Options ExecCGI FollowSymlinks
  RewriteEngine On
  RedirectMatch permanent (.*)/$ $1/index.html
  AddDefaultCharset UTF-8
  SetHandler perl-script
  PerlHandler RT::Mason
/Directory
[r...@curt conf.d]#

Any help is highly appreciated, this is sort of urgent :/

 Hello,

 I have a fresh install of rt-3.8.8 on RHEL5

 when I go to http://serverIP/ticket   (/ticket is aliased in apache
 configs to /opt/rt3/share/html, which is where the RT is installed) I get
 the login screen, but alasa, with no CSS. so it looks ugly..

 I don't see any errors at all in apache's access_log and error_log (no
 404s or anything)

 I see that I do, indeed, have CSS:

 [r...@curt css]# pwd
 /opt/rt3/share/html/NoAuth/css
 [r...@curt css]# ls -l
 total 28
 drwxr-xr-x 2 root bin 4096 Sep  7 12:34 3.4-compat
 drwxr-xr-x 2 root bin 4096 Sep  7 12:34 3.5-default
 -rw-r--r-- 1 root bin 2390 Sep  7 12:34 autohandler
 drwxr-xr-x 2 root bin 4096 Sep  7 12:34 base
 -rw-r--r-- 1 root bin 2649 Sep  7 12:34 dhandler
 -rw-r--r-- 1 root bin 3043 Sep  7 12:34 print.css
 drwxr-xr-x 3 root bin 4096 Sep  7 12:34 web2
 [r...@curt css]#

 nothing's weird about the install, SELinux is disabled, etc..


 any ideas?


 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!

# Any configuration directives you include  here will override 
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this comamnd:
#
#   perl -c /path/to/your/etc/RT_SiteConfig.pm

Set( $rtname, 'myhostname.mydomain.com');
Set( $Organization, 'myhostname.mydomain.com');
Set($MinimumPasswordLength , 5);
Set($Timezone , 'US/Eastern');

#Set(@Plugins, qw(
#			RT::Authen::ExternalAuth
#		));

Set($HomepageComponents, [qw(
			 QuickCreate
			 Quicksearch
			 MyAdminQueues
			 MySupportQueues
			 MyReminders
			 RefreshHomepage
			 Dashboards
			)]);

Set( $DatabaseType, 'mysql');
Set( $DatabaseHost, 'localhost');
Set( $DatabaseRTHost , 'localhost');
Set( $DatabaseName , 'rt3'); 
Set( $DatabasePort , '');
Set( $DatabaseUser , 'myrtuser');
Set( $DatabasePassword , 'myrtpass');

Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);

Set($SendmailArguments , -oi -t -f m...@mydomain.com);

Set($MaxAttachmentSize , 1000);

Set($RTAddressRegexp , '^...@myhostname.mydomain.com$');
Set($CorrespondAddress , 'no-re...@myhostname.mydomain.com');
Set($CommentAddress , 'no-re...@myhostname.mydomain.com');

Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , \%s\ %s);
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat , \%s Ticket #%s\:;);

Set($NotifyActor , 0);
Set($RecordOutgoingEmail , 1);

Set($WebPath , /ticket);
Set($WebPort , 80);
Set($WebBaseURL , http://curt;);
Set($WebURL , $WebBaseURL . $WebPath . /);
Set($WebImagesURL , $WebURL . /NoAuth/images);

Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, HARD);

Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);

Set($OldestTransactionsFirst, '1');

Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);

#require /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm;
#Set($Autocreate,			{Privileged = 1});

#Set(@Plugins,(qw(Extension::QuickDelete RT::FM)));
1;
RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!

Re: [rt-users] rt 3.8.8 issue with CSS

2010-09-13 Thread Val Polyakov 
another update:

when I go to http://myServer/ticket/NoAuth/css/index.html this is what I get:

Error during compilation of /opt/rt3/share/html/NoAuth/css/dhandler: Can't
locate CSS/Squish.pm in @INC (@INC contains: /opt/rt3/bin/../local/lib
/opt/rt3/bin/../lib /opt/rt3/lib
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .
/etc/httpd) at /opt/rt3/share/html/NoAuth/css/dhandler line 67. Stack:
[/opt/rt3/share/html/NoAuth/css/dhandler:67] [CSS/Squish.pm:67]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:817]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:445]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:773]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:256]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:212]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:97]
[/opt/rt3/bin/../lib/RT/Interface/Web/Request.pm:68]
[/usr/lib/perl5/site_perl/5.8.8/Class/Container.pm:275]
[/usr/lib/perl5/site_perl/5.8.8/Class/Container.pm:353]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:348]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:868]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:822]
[/opt/rt3/bin/webmux.pl:78] [CSS/Squish.pm:67] BEGIN failed--compilation
aborted at /opt/rt3/share/html/NoAuth/css/dhandler line 67. Stack:
[/opt/rt3/share/html/NoAuth/css/dhandler:67]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:817]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:445]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:773]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:256]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm:212]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:97]
[/opt/rt3/bin/../lib/RT/Interface/Web/Request.pm:68]
[/usr/lib/perl5/site_perl/5.8.8/Class/Container.pm:275]
[/usr/lib/perl5/site_perl/5.8.8/Class/Container.pm:353]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Interp.pm:348]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:868]
[/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm:822]
[/opt/rt3/bin/webmux.pl:78] [/opt/rt3/share/html/NoAuth/css/dhandler:67]

however:

[r...@curt ~]# perl -MCPAN -e 'install CSS::Squish'
CPAN: Storable loaded ok
Going to read /home/vpolya/.cpan/Metadata
  Database was generated on Mon, 13 Sep 2010 11:30:52 GMT
CSS::Squish is up to date.
[r...@curt ~]#


this is probably the source of my CSS issue..   why cant it find it, while
CPAN claims its installed? :/


 Also, thought it might be a good idea to attach my RT_SiteConfig.pm ...

 And this:

 [r...@curt conf.d]# cat rt3.conf
 Alias /ticket /opt/rt3/share/html

 PerlRequire /opt/rt3/bin/webmux.pl

 Directory /opt/rt3/share/html
   AllowOverride All
   Options ExecCGI FollowSymlinks
   RewriteEngine On
   RedirectMatch permanent (.*)/$ $1/index.html
   AddDefaultCharset UTF-8
   SetHandler perl-script
   PerlHandler RT::Mason
 /Directory
 [r...@curt conf.d]#

 Any help is highly appreciated, this is sort of urgent :/

 Hello,

 I have a fresh install of rt-3.8.8 on RHEL5

 when I go to http://serverIP/ticket   (/ticket is aliased in apache
 configs to /opt/rt3/share/html, which is where the RT is installed) I
 get
 the login screen, but alasa, with no CSS. so it looks ugly..

 I don't see any errors at all in apache's access_log and error_log (no
 404s or anything)

 I see that I do, indeed, have CSS:

 [r...@curt css]# pwd
 /opt/rt3/share/html/NoAuth/css
 [r...@curt css]# ls -l
 total 28
 drwxr-xr-x 2 root bin 4096 Sep  7 12:34 3.4-compat
 drwxr-xr-x 2 root bin 4096 Sep  7 12:34 3.5-default
 -rw-r--r-- 1 root bin 2390 Sep  7 12:34 autohandler
 drwxr-xr-x 2 root bin 4096 Sep  7 12:34 base
 -rw-r--r-- 1 root bin 2649 Sep  7 12:34 dhandler
 -rw-r--r-- 1 root bin 3043 Sep  7 12:34 print.css
 drwxr-xr-x 3 root bin 4096 Sep  7 12:34 web2
 [r...@curt css]#

 nothing's weird about the install, SELinux is disabled, etc..


 any ideas?


 RT Training in Washington DC, USA on Oct 25  26 2010
 Last one this year -- Learn how to get the most out of RT!





RT Training in Washington DC, USA on Oct 25  26 2010
Last one this year -- Learn how to get the most out of RT!