Active directory synchronization in Request tracker

I ave upgraded my RT to 4.4. The active directory synchronization is missing there. Could any one please let me know shall I update LDAP imort extension? I can see the LDAPImport is cored in RT so how to adjust the cron job . could anyone please brief me?

If it helps, our RT LDAP import crontab entry is:

30 2 * * * /opt/rt4/sbin/rt-ldapimport --import --no-groups

In RT 4.4.4 shall I keep the LDAPImport extension or I need to remove?

I have just updated my LDAP Import extension. DO I need to remove the extension and add the crontab entry mentioned above? If yes please let me know what is the path , I mean where to add this entry?

There’s a nice summary of the changes between major upgrades on the docs page:

https://docs.bestpractical.com/rt/4.4.4/UPGRADING-4.4.html#UPGRADING-FROM-RT-4.2.0-and-greater

Yes I just went through it. I f my understanding is correct I need to remove the LDAPImport extension and add the crontab. But Could you please let me know in which path I need to add the cronjob?

Greenjim mentioned that there is now a sbin/rt-ldapimport file available, this it most likely where your cronjob should be pointed to

Ok…In CentOS it seems I need to go to the command cronjob -e

I can see
5 * * * * /usr/bin/rtldapimport --import >> /ds1/var/log/RT/ldapimport_$(date +%Y%m%d).log 2>&1

So How I need to modify it?

You probably need to replace the /usr/bin/rtldapimport with whereever the script now lives on your new RT installation.

I just replaced the cron job to
5 * * * * /ds1/app/RT/RT4/sbin/rt-ldapimport --import >> /ds1/var/log/RT/ldapimport_$(date +%Y%m%d).log 2>&1
Here /ds1/app/RT/RT4 is the installation directory for RT
It should work right?
It seems the cron job should run in every 5 mins.
Still i am seeing it cannot create the user. I am waiting for some time may this logs will replace.

I am still figuring out how can I test it…

Please let me know if I missed something or if you got any new idea

Hi,
I have replaced the cron job as mentioned above. Still I am seeing the below messages in the log file.Please let me know whether it is working fine or not

2] [Tue May 21 09:01:06 2019] [warning]: DBD::Oracle::st execute failed: ORA-00904: “EXTERNALAUTHID”: invalid identifier (DBD ERROR: error possibly near <> indicator at char 178 in 'INSERT INTO Users (RealName, City, EmailAddress, State, Password, WorkPhone, Zip, id, LastUpdated, Organization, Creator, Gecos, LastUpdatedBy, Country, Address1, Created, Name, <>ExternalAuthId) VALUES (:p1, :p2, :p3, :p4, :p5, :p6, :p7, :p8, :p9, :p10, :p11, :p12, :p13, :p14, :p15, :p16, :p17, :p18)’) [for Statement “INSERT INTO Users (RealName, City, EmailAddress, State, Password, WorkPhone, Zip, id, LastUpdated, Organization, Creator, Gecos, LastUpdatedBy, Country, Address1, Created, Name, ExternalAuthId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)” with ParamValues: :p1=‘Bala Kalluri’, :p10=undef, :p11=“1”, :p12=‘external.bala.ka’, :p13=“1”, :p14=‘United States’, :p15=undef, :p16=‘2019-05-21 09:01:06’, :p17=‘external.bala.kalluri@usa.win.int.kn’, :p18=‘external.bala.kalluri@usa.win.int.kn’, :p2=undef, :p3=‘external.Bala.Kalluri@Kuehne-Nagel.com’, :p4=undef, :p5=‘NO-PASSWORD’, :p6=undef, :p7=undef, :p8=“4499839”, :p9=‘2019-05-21 09:01:06’] at /usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 586. (/usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm:586)
[3202] [Tue May 21 09:01:06 2019] [warning]: RT::Handle=HASH(0x2381c70) couldn’t execute the query ‘INSERT INTO Users (RealName, City, EmailAddress, State, Password, WorkPhone, Zip, id, LastUpdated, Organization, Creator, Gecos, LastUpdatedBy, Country, Address1, Created, Name, ExternalAuthId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)’ at /usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 599.
DBIx::SearchBuilder::Handle::SimpleQuery() called at /usr/local/share/perl5/DBIx/SearchBuilder/Handle.pm line 352
DBIx::SearchBuilder::Handle::Insert() called at /usr/local/share/perl5/DBIx/SearchBuilder/Handle/Oracle.pm line 154
DBIx::SearchBuilder::Handle::Oracle::Insert() called at /usr/local/share/perl5/DBIx/SearchBuilder/Record.pm line 1320
DBIx::SearchBuilder::Record::Create() called at /ds1/app/RT/RT4/sbin/…/lib/RT/Record.pm line 316
RT::Record::Create() called at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 188
RT::User::Create() called at /ds1/app/RT/RT4/sbin/…/lib/RT/LDAPImport.pm line 887
RT::LDAPImport::create_rt_user() called at /ds1/app/RT/RT4/sbin/…/lib/RT/LDAPImport.pm line 607
RT::LDAPImport::_import_user() called at /ds1/app/RT/RT4/sbin/…/lib/RT/LDAPImport.pm line 577
RT::LDAPImport::_import_users() called at /ds1/app/RT/RT4/sbin/…/lib/RT/LDAPImport.pm line 557
RT::LDAPImport::import_users() called at /ds1/app/RT/RT4/sbin/rt-ldapimport line 93 (/usr/local/share/perl5/Carp.pm:103)
[3202] [Tue May 21 09:01:06 2019] [warning]: Use of uninitialized value $args{“City”} in join or string at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 194. (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [warning]: Use of uninitialized value $args{“State”} in join or string at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 194. (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [warning]: Use of uninitialized value $args{“Address1”} in join or string at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 194. (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [warning]: Use of uninitialized value $args{“Zip”} in join or string at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 194. (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [warning]: Use of uninitialized value $args{“WorkPhone”} in join or string at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 194. (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [warning]: Use of uninitialized value $args{“Organization”} in join or string at /ds1/app/RT/RT4/sbin/…/lib/RT/User.pm line 194. (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [error]: Could not create a new user - City–RealName-Bala Kalluri-State–EmailAddress-external.Bala.Kalluri@Kuehne-Nagel.com-Gecos-external.bala.kalluri@usa.win.int.kn-Password-NO-PASSWORD-Country-United States-Address1–Zip–WorkPhone–Organization–Name-external.bala.kalluri@usa.win.int.kn-ExternalAuthId-external.bala.kalluri@usa.win.int.kn (/ds1/app/RT/RT4/sbin/…/lib/RT/User.pm:194)
[3202] [Tue May 21 09:01:06 2019] [error]: couldn’t create user_obj for external.bala.kalluri@usa.win.int.kn: Could not create user (/ds1/app/RT/RT4/sbin/…/lib/RT/LDAPImport.pm:890)
Starting group import
[3202] [Tue May 21 09:01:06 2019] [warning]: Not running a group import, configuration not set (/ds1/app/RT/RT4/sbin/…/lib/RT/LDAPImport.pm:1164)
Finished import

Doesn’t look like it due that whopping big “DBD::Oracle::st execute failed” in the first line. Looks like its trying to insert the user but with a field that we don’t have in our RT4 database (ExternalAuthId). Unless its something to do with using Oracle for the database (we use MySQL), I’m guessing that somewhere along the line you’ve still got bits of your pre-4.4 install in place that used the old plugin.

Is /ds1/app/RT/RT4/sbin/rt-ldapimport a path into your new RT 4.4 install, or the older installation you had before? Do you have any thing in your environment that redirects Perl to pick up libraries from the old installation rather than the new one? You need to use the path to the scripts that came with the new 4.4 installation, and the libraries that match. I’m afraid you’ll need to work out what those paths are for what you have installed on your machine, because we can’t tell you!

Hey Thanks all!!! this issue is resolved.After setting the cronjob I removed the ExternalAuthID mapping from RT_SiteConfig.pm file inside the LDAP ExternalSetting

Hi Team,
I got another issue here.Issue is : I need to add every time the new hires to certain group in active directory to sync them with RT, and by adding them to the group they get the privileged access automatically.
But before upgrade I was adding the new hires independently not to the certain group.Before upgrade I was not adding them to the groups, the people who need the privileged access are being added in the group, but now after I upgrade I am adding them to groups to reflect them in RT, if I add them independently(not to the group) they are not getting reflected in RT.
Could anyone please let me know how to configure so that the user will be synched to RT when added independently in active directory.