Hi all.
I have installed a rt 3.6.7 on a Linux Server. Now the problem is that
authentication is against a LDAP server running on this system. As I
configured the system to use the login on the webaccess as well as login
on the rt I cannot give any admin permissions to anyone.
Which tables of the database have to be configured to give a user/group
admin permissions?
Thank you for your answer.
Best Chris
Doesn�t anybody know howto give a User/Group admin permissions by
editing the mysql database? Do you need more information?
I use the script “rtimportldap.pl” to import groups from ldap into the
mysql database. Now I want to be able to give a certain group admin
permissions. As I cannot login with user root I want to do it directly
in the database.
Best Chris
Christian Forjahn wrote:
http://wiki.bestpractical.com/view/RecoverSuperUserRights
Quoting Christian Forjahn christian.forjahn@collax.com:
Doesn´t anybody know howto give a User/Group admin permissions by
editing the mysql database? Do you need more information?I use the script “rtimportldap.pl” to import groups from ldap into the
mysql database. Now I want to be able to give a certain group admin
permissions. As I cannot login with user root I want to do it directly
in the database.Best Chris
Christian Forjahn wrote:
Hi all.
I have installed a rt 3.6.7 on a Linux Server. Now the problem is that
authentication is against a LDAP server running on this system. As I
configured the system to use the login on the webaccess as well as login
on the rt I cannot give any admin permissions to anyone.
Which tables of the database have to be configured to give a user/group
admin permissions?Thank you for your answer.
Best Chris
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Lawrence McAbee
X-PGP-Fingerprint: 1605 D207 E39D 4D7E 79C4 D65D 3EBC 365E BFA8 CC17
Hi Lawrence.
thanks for your answer. But when I understand correctly this gives
Superuser permissions to the user root. With our system I�m not able to
login as root. There is no apache access for this user. (a little
special system).
can I use the script the same way to give Superuser support to a Systemuser?
Best Chris
Lawrence McAbee wrote:
Thanks a lot.
That works perfectly.
Best Chris
Lawrence McAbee wrote:
the root user you log into RT with is entirely different than the box’s
root user. Following that you can get into RT and assign rights in the
web UI. Editing the database directly = VERY bad
Christian Forjahn wrote:
Hi Lawrence.
thanks for your answer. But when I understand correctly this gives
Superuser permissions to the user root. With our system I�m not able to
login as root. There is no apache access for this user. (a little
special system).
can I use the script the same way to give Superuser support to a Systemuser?Best Chris
Lawrence McAbee wrote:
RecoverSuperUserRights - Request Tracker Wiki
Quoting Christian Forjahn christian.forjahn@collax.com:
Doesn�t anybody know howto give a User/Group admin permissions by
editing the mysql database? Do you need more information?I use the script “rtimportldap.pl” to import groups from ldap into the
mysql database. Now I want to be able to give a certain group admin
permissions. As I cannot login with user root I want to do it directly
in the database.Best Chris
Christian Forjahn wrote:
Hi all.
I have installed a rt 3.6.7 on a Linux Server. Now the problem is that
authentication is against a LDAP server running on this system. As I
configured the system to use the login on the webaccess as well as login
on the rt I cannot give any admin permissions to anyone.
Which tables of the database have to be configured to give a user/group
admin permissions?Thank you for your answer.
Best Chris
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Drew Barnes
Applications Analyst
Network Resources Department
Raymond Walters College
University of Cincinnati
Drew Barnes wrote:
the root user you log into RT with is entirely different than the box’s
root user. Following that you can get into RT and assign rights in the
web UI. Editing the database directly = VERY bad
You are right. But the authentication is not rt�s authentication. I
login using the ldap server. As root and admin are not in ldap and
cannot be added i have to use a user. rt then uses the users loginname
as authentication method.
Is there a problem using the script to give a user superuser access. My
aim is to have a user that can grant other users/groups permission to
add queues etc.
Best Chris.
Christian,
I could do it in Oracle, if I wanted to take that risk. However, RT
maintains extremely sensitive and volatile relationships between various
tables to maintain consistency in the way those permissions work
throughout RT that I find it way too risky to mess with permissions on a
DataBase level. I find it easier, in the long term, to let RT do what RT
does best when it comes to keeping it’s own house in order. Also, I’m
not sure if mysql has the same DB tables as Oracle so my list of those
relationships may not help you. Sorry.
Kenn
LBNLOn 7/2/2008 2:07 AM, Christian Forjahn wrote:
Doesn�t anybody know howto give a User/Group admin permissions by
editing the mysql database? Do you need more information?I use the script “rtimportldap.pl” to import groups from ldap into the
mysql database. Now I want to be able to give a certain group admin
permissions. As I cannot login with user root I want to do it directly
in the database.Best Chris
Christian Forjahn wrote:
Hi all.
I have installed a rt 3.6.7 on a Linux Server. Now the problem is that
authentication is against a LDAP server running on this system. As I
configured the system to use the login on the webaccess as well as login
on the rt I cannot give any admin permissions to anyone.
Which tables of the database have to be configured to give a user/group
admin permissions?Thank you for your answer.
Best Chris
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Kenneth,
I found out that I have to write my own script like “rtimport.pl”. this
script involves a script to give groups SU permissions which is much
better for my needs. As it uses only rt-internal-scripts to edit the
database there should be no harm using it.
As I will also implement a groupmapping and groupsync I will publish it
after being tested. rtimport.pl’s groupsync is no solution for me as every
user found in ldap will be added to every group. What I need is a real
sync between ldap and rt’s database including SU permissions. I think it
should be finished tomorow.
Thanks everyone for the help.
Best Chris
Kenneth,
I found out that I have to write my own script like “rtimport.pl”. this
script involves a script to give groups SU permissions which is much
better for my needs. As it uses only rt-internal-scripts to edit the
database there should be no harm using it.
As I will also implement a groupmapping and groupsync I will publish it
after being tested. rtimport.pl’s groupsync is no solution for me as every
user found in ldap will be added to every group. What I need is a real
sync between ldap and rt’s database including SU permissions. I think it
should be finished tomorow.
Thanks everyone for the help.
Best Chris
Christian Forjahn wrote:
Kenneth,
I found out that I have to write my own script like “rtimport.pl”. this
script involves a script to give groups SU permissions which is much
better for my needs. As it uses only rt-internal-scripts to edit the
database there should be no harm using it.As I will also implement a groupmapping and groupsync I will publish it
after being tested. rtimport.pl’s groupsync is no solution for me as every
user found in ldap will be added to every group. What I need is a real
sync between ldap and rt’s database including SU permissions. I think it
should be finished tomorow.Thanks everyone for the help.
Best Chris
would like to take a peek at that when you get it done
thanx
sorry for the late reply. I sent the mail yesterday but it was only sent
to Drew. I didn�t reply to all.
Best Chris
Groupmapping script.
Hi there.
I have just finished the groupmapping script. For you it needs to be
adapted to your needs. It works like this: you have to know the groups
in LDAP that have access to rt3. You have to know the members of these
groups. The groups are added to rt3 if they have the permission.
Otherwise the groups will be disabled. Same way with the Users. Then the
Users will be added to the groups. In the last step admin permissions
are granted to the admin groups.
I hope it helps you too.
Best Chris
ldap_rt_group_sync.pl (3.43 KB)