I have searched for some threads on this question, but most date back
quite a while:

http://lists.fsck.com/pipermail/rt-users/2003-September/017079.html
http://lists.fsck.com/pipermail/rt-users/2003-June/014639.html

http://lists.bestpractical.com/pipermail/rt-users/2004-January/019992.ht
ml

But maybe I am missing something, so I thought I would ask and see if
there has been any patches/RT modules that have been released dealing
with users that are on different time zones.

Currently we primarily have users in the US, and in the UK (not
forgetting to mention some in the Netherlands, Germany, and France, and
soon probably Asia as well). Some sites have independent IT support (so
a localized instance of RT may suit the bill for some of these remote
sites). However, it would be very useful to have a method of expressing
the local time zone for users of a specific given region.

How do most of you handle users in different time zones? Is it perhaps:

• Creating multiple RT instances
• Creating a fork of a given file/library (maybe dealing with UTC
  manipulation in some form or another)
• External Module (I have looked via the GitHub code repository
  https://github.com/bestpractical/, but have not found anything there
  dealing with this issue directly)
• Time Offset via a Scrip

One of the threads above is performing a similar function via an RT
scrip, and I am thinking we could very likely do the same; I was just
wondering if there was something a bit more native to the application
itself (as in say via a user set preference options, perhaps similar to
the “locale” setting for the ‘date format’ option).

Any insight would be helpful.

Thanks,
Eli

There’s no need for elaborate schemes. Timezone, along with language, is
on the user About Me page.

Thomas

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas
Sibley Sent: Wednesday, April 20, 2011 10:44 AM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?

There’s no need for elaborate schemes. Timezone, along with language,
is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Eli
Guzman Sent: Wednesday, April 20, 2011 10:48 AM To: Thomas Sibley;
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?

----Original Message----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Thomas
Sibley Sent: Wednesday, April 20, 2011 10:44 AM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time
zone user preference available?

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About Me’
timezone preferences, however the change isn’t reflected on the
interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

I had the $Timezone variable in RT_SiteConfig.pm set to the following:
Set($Timezone , ‘US/Mountain’); but I commented this out (restarted
httpd services)to see if there was any change to the interface, but
nothing so far. Time is being synched via NTPD/system clock is not
currently set to UTC/and system TZ is set to Denver TZ (-0700 GMT).
Could I be missing something obvious here?

Thanks for any insights!

Regards,
Eli

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About Me’
timezone preferences, however the change isn’t reflected on the
interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume it
is showing in Mountain time

-kevin

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?> On Wed, Apr 20, 2011 at 01:25:41PM -0600, Eli Guzman wrote:

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About Me’
timezone preferences, however the change isn’t reflected on the
interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume it
is showing in Mountain time

-kevin

I had the $Timezone variable in RT_SiteConfig.pm set to the
following: Set($Timezone , ‘US/Mountain’); but I commented this out
(restarted httpd services)to see if there was any change to the
interface, but nothing so far. Time is being synched via NTPD/system
clock is not currently set to UTC/and system TZ is set to Denver TZ
(-0700 GMT). Could I be missing something obvious here?

Thanks for any insights!

Regards,
Eli

Hey Kevin,

Yes you are correct, it is showing that it is currently set Mountain TZ
(which was what the RT_SiteConfig was set to), and I went ahead and
changed the preference under the about me section to ‘Europe/London
+0100’, but for some reason the change has not taken effect.

Just not sure as to why, could this perhaps be related to the database
itself? Currently MySQL should be getting TZ data from the OS itself,
but I believe I can hard-set it in the my.ini file, not sure if this is
the preferred method for RT/or to be honest if it should matter if the
DB should be set to a specific TZ.

Regards,
Eli

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume it
is showing in Mountain time

-kevin

Yes you are correct, it is showing that it is currently set Mountain TZ
(which was what the RT_SiteConfig was set to), and I went ahead and
changed the preference under the about me section to ‘Europe/London
+0100’, but for some reason the change has not taken effect.

Changing timezones for me and saving and then navigating to a ticket
display page changes it for me locally. You can always try logging
out and back in if you suspect something wacky in your sessions.

Just not sure as to why, could this perhaps be related to the database
itself? Currently MySQL should be getting TZ data from the OS itself,
but I believe I can hard-set it in the my.ini file, not sure if this is
the preferred method for RT/or to be honest if it should matter if the
DB should be set to a specific TZ.

RT stores all data in UTC in the database, if it isn’t doing that, you
may have problems.

-kevin

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 20, 2011 2:44 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume
it is showing in Mountain time

-kevin

Yes you are correct, it is showing that it is currently set Mountain
TZ (which was what the RT_SiteConfig was set to), and I went ahead
and changed the preference under the about me section to
‘Europe/London +0100’, but for some reason the change has not taken
effect.

Changing timezones for me and saving and then navigating to a ticket
display page changes it for me locally. You can always try logging
out and back in if you suspect something wacky in your sessions.

Just not sure as to why, could this perhaps be related to the
database itself? Currently MySQL should be getting TZ data from the
OS itself, but I believe I can hard-set it in the my.ini file, not
sure if this is the preferred method for RT/or to be honest if it
should matter if the DB should be set to a specific TZ.

RT stores all data in UTC in the database, if it isn’t doing that,
you may have problems.

-kevin

Hey Kevin,

Thanks for the input, I checked MySQL and the database is currently
using the system time:

mysql -u root mysql -e “select distinct @@system_time_zone from user”

| @@system_time_zone |
| MDT |

So it looks as if the DB itself is using MDT for processing
transactional data.

RT stores all data in UTC in the database, if it isn’t doing that,
you may have problems.

So the question here would be, should I just set MySQL to run using UTC?

One thing I also noticed was the database output for one of the very
last transactions:

mysql> select id, LastUpdated from rt3.Tickets where id = ‘37464’;

| id | LastUpdated |
| 37464 | 2011-04-20 22:17:12 |
1 row in set (0.00 sec)

On the interface it shows the time as MDT (16:17:12), but on the
database it looks as if it is storing everything as UTC as you
mentioned. I have cleared the cache and mason_data out of tracker,
logged out of the interface and logged back in, and there has still been
no change to the TZ.

So I am at a bit of an impasse, it looks like RT is storing in UTC, but
the DB time is set for MDT (as per the system). Could forcing the DB to
use UTC solve the issue?

Thanks,
Eli

Hello,

Do you use mod_perl? Try “SetHandler modperl” instead of “SetHandler
perl-script” in apache’s config. Don’t forget to stop/start the
server.On Thu, Apr 21, 2011 at 12:14 AM, Eli Guzman eguzman@cvimellesgriot.com wrote:

----Original Message----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?

On Wed, Apr 20, 2011 at 01:25:41PM -0600, Eli Guzman wrote:

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About Me’
timezone preferences, however the change isn’t reflected on the
interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume it
is showing in Mountain time

-kevin

I had the $Timezone variable in RT_SiteConfig.pm set to the
following: Set($Timezone , ‘US/Mountain’); but I commented this out
(restarted httpd services)to see if there was any change to the
interface, but nothing so far. Time is being synched via NTPD/system
clock is not currently set to UTC/and system TZ is set to Denver TZ
(-0700 GMT). Could I be missing something obvious here?

Thanks for any insights!

Regards,
Eli

Hey Kevin,

Yes you are correct, it is showing that it is currently set Mountain TZ
(which was what the RT_SiteConfig was set to), and I went ahead and
changed the preference under the about me section to ‘Europe/London
+0100’, but for some reason the change has not taken effect.

Just not sure as to why, could this perhaps be related to the database
itself? Currently MySQL should be getting TZ data from the OS itself,
but I believe I can hard-set it in the my.ini file, not sure if this is
the preferred method for RT/or to be honest if it should matter if the
DB should be set to a specific TZ.

Regards,
Eli

Best regards, Ruslan.

Hello,

Do you use mod_perl? Try “SetHandler modperl” instead of “SetHandler
perl-script” in apache’s config. Don’t forget to stop/start the
server.

----Original Message----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time
zone user preference available?

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About
Me’ timezone preferences, however the change isn’t reflected on
the interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume
it is showing in Mountain time

-kevin

I had the $Timezone variable in RT_SiteConfig.pm set to the
following: Set($Timezone , ‘US/Mountain’); but I commented this out
(restarted httpd services)to see if there was any change to the
interface, but nothing so far. Time is being synched via
NTPD/system clock is not currently set to UTC/and system TZ is set
to Denver TZ (-0700 GMT). Could I be missing something obvious
here?

Thanks for any insights!

Regards,
Eli

Hey Kevin,

Yes you are correct, it is showing that it is currently set Mountain
TZ (which was what the RT_SiteConfig was set to), and I went ahead
and changed the preference under the about me section to
‘Europe/London +0100’, but for some reason the change has not taken
effect.

Just not sure as to why, could this perhaps be related to the
database itself? Currently MySQL should be getting TZ data from the
OS itself, but I believe I can hard-set it in the my.ini file, not
sure if this is the preferred method for RT/or to be honest if it
should matter if the DB should be set to a specific TZ.

Regards,
Eli

Hey Ruslan,

I can give that a try and let you know if it fixes the issue; thanks for
the input.

Regards,
Eli

----Original Message----
From: ruslan.zakirov@gmail.com [mailto:ruslan.zakirov@gmail.com] On
Behalf Of Ruslan Zakirov Sent: Wednesday, April 20, 2011 7:43 PM To:
Eli Guzman
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

Hello,

Do you use mod_perl? Try “SetHandler modperl” instead of “SetHandler
perl-script” in apache’s config. Don’t forget to stop/start the
server.

----Original Message----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time
zone user preference available?

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About
Me’ timezone preferences, however the change isn’t reflected on
the interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume
it is showing in Mountain time

-kevin

I had the $Timezone variable in RT_SiteConfig.pm set to the
following: Set($Timezone , ‘US/Mountain’); but I commented this
out (restarted httpd services)to see if there was any change to
the interface, but nothing so far. Time is being synched via
NTPD/system clock is not currently set to UTC/and system TZ is set
to Denver TZ (-0700 GMT). Could I be missing something obvious
here?

Thanks for any insights!

Regards,
Eli

Hey Kevin,

Yes you are correct, it is showing that it is currently set Mountain
TZ (which was what the RT_SiteConfig was set to), and I went ahead
and changed the preference under the about me section to
‘Europe/London +0100’, but for some reason the change has not taken
effect.

Just not sure as to why, could this perhaps be related to the
database itself? Currently MySQL should be getting TZ data from the
OS itself, but I believe I can hard-set it in the my.ini file, not
sure if this is the preferred method for RT/or to be honest if it
should matter if the DB should be set to a specific TZ.

Regards,
Eli

Hey Ruslan,

I can give that a try and let you know if it fixes the issue; thanks
for the input.

Regards,
Eli

Hey Ruslan,

I have mod_perl installed on the system:

[root@xxx ~]# yum list mod_perl
Loaded plugins: rhnplugin, security
Installed Packages
mod_perl.x86_64 2.0.4-6.el5
installed

However I was not using it directly with RT3, here is my
/etc/httpd/conf.d/rt3.conf:

Alias /ticket “/opt/rt3/share/html”

PerlRequire /opt/rt3/bin/webmux.pl

<Directory “/opt/rt3/share/html”>
AllowOverride All
Options ExecCGI FollowSymLinks

RewriteEngine On
RedirectMatch permanent (.*)/$ $1/index.html
AddDefaultCharset UTF-8
SetHandler perl-script
#SetHandler modperl ← Interface did not load – just a blank screen
PerlHandler RT::Mason

At first I tried reloading apache with the ‘SetHandler modperl’ line but
this caused RT3 not to load (just a blank screen) so as you can see I
commented out the line, and reloaded httpd services, the RT app was
returned to normal at that point.

So I am guessing that the RPM version I have installed of mod_perl is
not compatible with RT3, so this leaves me with being able to use
perl-script handler.

I did change the system time to just use UTC:

[root@xxx ~]# date
Fri Apr 22 00:10:12 UTC 2011

I reloaded MySQL services and this forced the database to use UTC
instead of MDT:

mysql> select distinct @@system_time_zone from user;
| @@system_time_zone |
| UTC |
1 row in set (0.00 sec)

Now the database shows the time as UTC, and so do tickets on the RT
interface as well. However, I am still unable to change to different
timezones for any user.

Could this be an inconsistency of using “SetHandler perl-script” rather
than ‘mod_perl’ in my RT3 specific Apache configuration? And if this is
the case, since I am unable to use the RPM version of mod_perl; should I
just build mod_perl from source and see if this corrects the problem?
Could something be missing from my main Apache configuration (meaning
/etc/httpd/conf/httpd.conf)? At the moment I am still somewhat stumped
on this one, if anyone has any other input I would appreciate it.

Best Regards,
Eli

Hello,

Look into logs for additional info about blank page.

You have several options:

• switch over fcgi
• figure out why modperl handler doesn’t work
• find/write patch for RT that uses Env::C in Date.pmOn Fri, Apr 22, 2011 at 4:27 AM, Eli Guzman eguzman@cvimellesgriot.com wrote:

----Original Message----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Eli
Guzman Sent: Wednesday, April 20, 2011 9:10 PM To: Ruslan Zakirov
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

----Original Message----
From: ruslan.zakirov@gmail.com [mailto:ruslan.zakirov@gmail.com] On
Behalf Of Ruslan Zakirov Sent: Wednesday, April 20, 2011 7:43 PM To:
Eli Guzman
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

Hello,

Do you use mod_perl? Try “SetHandler modperl” instead of “SetHandler
perl-script” in apache’s config. Don’t forget to stop/start the
server.

On Thu, Apr 21, 2011 at 12:14 AM, Eli Guzman eguzman@cvimellesgriot.com wrote:

----Original Message----
From: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Wednesday, April 20, 2011 2:01 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time
zone user preference available?

On Wed, Apr 20, 2011 at 01:25:41PM -0600, Eli Guzman wrote:

There’s no need for elaborate schemes. Timezone, along with
language, is on the user About Me page.

Thomas

Hey Thomas,

Thanks a bunch, somehow I missed that ;).

Eli

Not sure how common this issue is, but I have changed the ‘About
Me’ timezone preferences, however the change isn’t reflected on
the interface. See images below:

http://min.us/mDnN4uxnfqIBg#1

You’ve neglected to say:

What you set it to in About Me.
What time you expect to see.

I see something roughly 2 hours behind the current time, so assume
it is showing in Mountain time

-kevin

I had the $Timezone variable in RT_SiteConfig.pm set to the
following: Set($Timezone , ‘US/Mountain’); but I commented this
out (restarted httpd services)to see if there was any change to
the interface, but nothing so far. Time is being synched via
NTPD/system clock is not currently set to UTC/and system TZ is set
to Denver TZ (-0700 GMT). Could I be missing something obvious
here?

Thanks for any insights!

Regards,
Eli

Hey Kevin,

Yes you are correct, it is showing that it is currently set Mountain
TZ (which was what the RT_SiteConfig was set to), and I went ahead
and changed the preference under the about me section to
‘Europe/London +0100’, but for some reason the change has not taken
effect.

Just not sure as to why, could this perhaps be related to the
database itself? Currently MySQL should be getting TZ data from the
OS itself, but I believe I can hard-set it in the my.ini file, not
sure if this is the preferred method for RT/or to be honest if it
should matter if the DB should be set to a specific TZ.

Regards,
Eli

Hey Ruslan,

I can give that a try and let you know if it fixes the issue; thanks
for the input.

Regards,
Eli

Hey Ruslan,

I have mod_perl installed on the system:

[root@xxx ~]# yum list mod_perl
Loaded plugins: rhnplugin, security
Installed Packages
mod_perl.x86_64 2.0.4-6.el5
installed

However I was not using it directly with RT3, here is my
/etc/httpd/conf.d/rt3.conf:

Alias /ticket “/opt/rt3/share/html”

PerlRequire /opt/rt3/bin/webmux.pl

<Directory “/opt/rt3/share/html”>
AllowOverride All
Options ExecCGI FollowSymLinks

RewriteEngine On
RedirectMatch permanent (.*)/$ $1/index.html
AddDefaultCharset UTF-8
SetHandler perl-script
#SetHandler modperl ← Interface did not load – just a blank screen
PerlHandler RT::Mason

At first I tried reloading apache with the ‘SetHandler modperl’ line but
this caused RT3 not to load (just a blank screen) so as you can see I
commented out the line, and reloaded httpd services, the RT app was
returned to normal at that point.

So I am guessing that the RPM version I have installed of mod_perl is
not compatible with RT3, so this leaves me with being able to use
perl-script handler.

I did change the system time to just use UTC:

[root@xxx ~]# date
Fri Apr 22 00:10:12 UTC 2011

I reloaded MySQL services and this forced the database to use UTC
instead of MDT:

mysql> select distinct @@system_time_zone from user;
±-------------------+
| @@system_time_zone |
±-------------------+
| UTC |
±-------------------+
1 row in set (0.00 sec)

Now the database shows the time as UTC, and so do tickets on the RT
interface as well. However, I am still unable to change to different
timezones for any user.

Could this be an inconsistency of using “SetHandler perl-script” rather
than ‘mod_perl’ in my RT3 specific Apache configuration? And if this is
the case, since I am unable to use the RPM version of mod_perl; should I
just build mod_perl from source and see if this corrects the problem?
Could something be missing from my main Apache configuration (meaning
/etc/httpd/conf/httpd.conf)? At the moment I am still somewhat stumped
on this one, if anyone has any other input I would appreciate it.

Best Regards,
Eli

Best regards, Ruslan.

Hey Ruslan,

I actually was able to get the time zone to switch properly for users, I had to install the following two packages:

• Bundle::Apache2
• Apache2::Reload

I also made the following change to /etc/httpd/conf/httpd.conf:

PerlOptions +GlobalRequest

Once the httpd service was restarted I was immediately able to see the change - so thanks for the suggestions they certainly helped.

I have one more issue, I am working on and this is enabling the full SSO (auto-login) function of RT::Authen::LDAP, but I keep running into some issues. AD users are able to authenticated against AD, but the RT interface won’t automatically log them in. I think my RT_SiteConfig.pm (the one located at /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:

less /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm
Set($ExternalAuthPriority, [ ‘My_LDAP’ ] );
Set($ExternalInfoPriority, [ ‘My_LDAP’ ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);

Set($ExternalSettings, {
‘My_LDAP’ => {

                    'type'                  =>  'ldap',
                    'server'                =>  'IP-OF-SERVER',
                    'user'                  =>  'cvi-mg\ldap',  #'cn=ldap,cn=Services,dc=domain,dc=com', <--nw
                    'pass'                  =>  'userpassword',
                    'base'                  =>  'dc=domain,dc=com',

                    'filter'                =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
                    'd_filter'              =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',

                    'tls'                   =>  0,

‘ssl_version’ => 3,

                    'net_ldap_args'         => [    version =>  3           ],
                    'group'                 =>  'cn=RTUsers,ou=Services,dc=cvi-mg,dc=com',
                    'group_attr'            =>  'member',

                    'attr_match_list'       => [   'Name', 'EmailAddress'   ],
                    'attr_map'              => {   'Name' => 'sAMAccountName',
                                                   'EmailAddress' => 'mail',
                                                   'Organization' => 'physicalDeliveryOfficeName',
                                                   'RealName' => 'cn',
                                                   'ExternalAuthId' => 'sAMAccountName',
                                                   'Gecos' => 'sAMAccountName',
                                                   'WorkPhone' => 'telephoneNumber',
                                                   'Address1' => 'streetAddress',
                                                   'City' => 'l',
                                                   'State' => 'st',
                                                   'Zip' => 'postalCode',
                                                   'Country' => 'co'
                                               }
                                               }
                           }

);

1;

However, when a user who is part of the ‘RTUsersGroup’ within AD attempts to load the main RT page via any browser the following message gets generated by rt.log:

[Tue Apr 26 22:38:24 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)
[Tue Apr 26 22:38:24 2011] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Tue Apr 26 22:38:24 2011] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Tue Apr 26 22:38:24 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)

I have looked at the files mentioned above (ExternalAuth.pm, Doauth.pm, etc, etc) and have not been able to pinpoint the problem. My guess is that the credentials are either not being passed from LDAP to RT via the SSO check mentioned in this file ‘/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm’ starting in line 71:

 71         #############################################################
 72         ####################### SSO Check ###########################
 73         #############################################################
 74         if ($config->{'type'} eq 'cookie') {
 75             # Currently, Cookie authentication is our only SSO method
 76             $username = RT::Authen::ExternalAuth::DBI::GetCookieAuth($config);
 77         }
 78         #############################################################
 79
 80         # If $username is defined, we have a good SSO $username and can
 81         # safely bypass the password checking later on; primarily because
 82         # it's VERY unlikely we even have a password to check if an SSO succeeded.
 83         $pass_bypass = 0;
 84         if(defined($username)) {
 85             $RT::Logger->debug("Pass not going to be checked, attempting SSO");
 86             $pass_bypass = 1;
 87         } else {
 88
 89             # SSO failed and no $user was passed for a login attempt
 90             # We only don't return here because the next iteration could be an SSO attempt
 91             unless(defined($given_user)) {
 92                 $RT::Logger->debug("SSO Failed and no user to test with. Nexting");
 93                 next;
 94             }
 95
 96             # We don't have an SSO login, so we will be using the credentials given
 97             # on RT's login page to do our authentication.
 98             $username = $given_user;

So here is where it gets a bit dicey for me, I am not entirely certain if the value for the $username variable (line 76) is being properly passed by our AD server and fails the SSO check (line 92), and then immediately jumps to line 98 to wait for the authentication to be manually entered (this part works if credentials are entered manually, LDAP authentication goes through normally).

So my question is why is it nexting (as per the rt.log), and not picking up the user name from the operating environment (just as an FYI most of our users are on Windows XP, 7 clients, running IE8 and Mozilla Firefox 3.6+), and automatically picking up on the credentials for the user.

My guess is that I have something probably not set correctly within the RT_SiteCOnfig.pm (for RT::Authen::LDAP), or the issue could be a missing Perl component (probably not being called from httpd.conf) I have not thought of as of yet. But as I said this are just initial guesses - any input anyone can offer would be great.

Thanks,
EliFrom: ruslan.zakirov@gmail.com [mailto:ruslan.zakirov@gmail.com] On Behalf Of Ruslan Zakirov
Sent: Thursday, April 21, 2011 8:51 PM
To: Eli Guzman
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

Hello,

Look into logs for additional info about blank page.

You have several options:

• switch over fcgi
• figure out why modperl handler doesn’t work
• find/write patch for RT that uses Env::C in Date.pm

I have one more issue, I am working on and this is enabling the full
SSO (auto-login) function of RT::Authen::LDAP, but I keep running
into some issues. AD users are able to authenticated against AD, but
the RT interface won’t automatically log them in. I think my
RT_SiteConfig.pm (the one located at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:

This should really be a separate email to the list, but you don’t
appear to be running the current release of RT::Authen::ExternalAuth

Please provide your RT and extension versions

-kevin

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Thursday, April 28, 2011 9:08 PM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?> On Thu, Apr 28, 2011 at 02:10:20PM -0600, Eli Guzman wrote:

I have one more issue, I am working on and this is enabling the full
SSO (auto-login) function of RT::Authen::LDAP, but I keep running
into some issues. AD users are able to authenticated against AD, but
the RT interface won’t automatically log them in. I think my
RT_SiteConfig.pm (the one located at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:

This should really be a separate email to the list, but you don’t
appear to be running the current release of RT::Authen::ExternalAuth

Please provide your RT and extension versions

-kevin

Hey Kevin,

I am currently running RT-Authen-ExternalAuth 0.8_01, and RT 3.89:

cpan -l output

lib::RT::Authen::ExternalAuth 0.08_01
lib::RT::Authen::ExternalAuth::DBI undef
lib::RT::Authen::ExternalAuth::LDAP undef
lib::RT::Authen::ExternalAuth::DBI::Cookie undef
blib::lib::RT::Authen::ExternalAuth 0.08_01

I thought I was at the latest version for RT-Authen-ExternalAuth, has
another release been made available? If this is the case I can download
and install if needed.

Just to recap: LDAP authentication works, the SSO piece (the automatic
logon into the interface) fails.

This is essentially the last piece we have before finishing up this
setup so any advice you may have could be very useful to us.

Regards,
–Eli

Hi,

Just to recap: LDAP authentication works, the SSO piece (the automatic
logon into the interface) fails.

on my RT 3.8.8, the only Way to have SSO working is to use firefox (wich
writes the cookie corerctly)
I’ve not been able to have Internet Explorer write the cookie, so i’m
using firefox 4.0.

Rapha�l
" Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caract�re priv�. S’ils ne vous sont
pas destin�s, nous vous signalons qu’il est strictement interdit de les
divulguer, de les reproduire ou d’en utiliser de quelque mani�re que ce
soit le contenu. Si ce message vous a �t� transmis par erreur, merci d’en
informer l’exp�diteur et de supprimer imm�diatement de votre syst�me
informatique ce courriel ainsi que tous les documents qui y sont attach�s."

" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system."

I have one more issue, I am working on and this is enabling the full
SSO (auto-login) function of RT::Authen::LDAP, but I keep running
into some issues. AD users are able to authenticated against AD, but
the RT interface won’t automatically log them in. I think my
RT_SiteConfig.pm (the one located at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:

This should really be a separate email to the list, but you don’t
appear to be running the current release of RT::Authen::ExternalAuth

Please provide your RT and extension versions

-kevin

Hey Kevin,

I am currently running RT-Authen-ExternalAuth 0.8_01, and RT 3.89:

cpan -l output

lib::RT::Authen::ExternalAuth 0.08_01
lib::RT::Authen::ExternalAuth::DBI undef
lib::RT::Authen::ExternalAuth::LDAP undef
lib::RT::Authen::ExternalAuth::DBI::Cookie undef
blib::lib::RT::Authen::ExternalAuth 0.08_01

I thought I was at the latest version for RT-Authen-ExternalAuth, has
another release been made available? If this is the case I can download
and install if needed.

Just to recap: LDAP authentication works, the SSO piece (the automatic
logon into the interface) fails.

RT-Authen-ExternalAuth doesn’t provide spnego/sso for IE
you have to configure something like mod_auth_kerb for that

-kevin

Thanks for the information Raphaël. I have tried SSO with Firefox 4 as well, and the LDAP authentication piece works but I have been unable to get the SSO piece working properly. Same error gets generated in FF4 as it does in IE8:

[Mon May 2 16:16:37 2011] [debug]: Attempting to use external auth service: My_LDAP (/opt/rt3/local/plugins/RT-uthen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon May 2 16:16:37 2011] [debug]: SSO Failed and no user to test with. Nexting (/opt/rt3/local/plugins/RT-Authn-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon May 2 16:16:37 2011] [debug]: Autohandler called ExternalAuth. Response: (0, No User) (/opt/rt3/local/plugns/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)

I am running 3.8.9 rather than 3.8.8, so that may be the key difference (besides being on RHEL 5.6). If you don’t mind me asking what version of RT::Authen:ExternalAuth are you currently running (and on what server platform)? Not sure if you are on an earlier/later version, but if you are on a later version this may be useful information, as I may just need to upgrade it.

Thanks,
EliFrom: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Raphaël MOUNEYRES
Sent: Monday, May 02, 2011 1:31 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

Hi,

Just to recap: LDAP authentication works, the SSO piece (the automatic
logon into the interface) fails.

on my RT 3.8.8, the only Way to have SSO working is to use firefox (wich writes the cookie corerctly)
I’ve not been able to have Internet Explorer write the cookie, so i’m using firefox 4.0.

Raphaël

[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Kevin
Falcone Sent: Monday, May 02, 2011 9:40 AM To:
rt-users@lists.bestpractical.com Subject: Re: [rt-users] Is a time zone
user preference available?> On Fri, Apr 29, 2011 at 01:58:16PM -0600, Eli Guzman wrote:

On Thu, Apr 28, 2011 at 02:10:20PM -0600, Eli Guzman wrote:

I have one more issue, I am working on and this is enabling the
full SSO (auto-login) function of RT::Authen::LDAP, but I keep
running into some issues. AD users are able to authenticated
against AD, but the RT interface won’t automatically log them in. I
think my RT_SiteConfig.pm (the one located at
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc) is correct:

This should really be a separate email to the list, but you don’t
appear to be running the current release of RT::Authen::ExternalAuth

Please provide your RT and extension versions

-kevin

Hey Kevin,

I am currently running RT-Authen-ExternalAuth 0.8_01, and RT 3.89:

cpan -l output

lib::RT::Authen::ExternalAuth 0.08_01
lib::RT::Authen::ExternalAuth::DBI undef
lib::RT::Authen::ExternalAuth::LDAP undef
lib::RT::Authen::ExternalAuth::DBI::Cookie undef
blib::lib::RT::Authen::ExternalAuth 0.08_01

I thought I was at the latest version for RT-Authen-ExternalAuth, has
another release been made available? If this is the case I can
download and install if needed.

Just to recap: LDAP authentication works, the SSO piece (the
automatic logon into the interface) fails.

RT-Authen-ExternalAuth doesn’t provide spnego/sso for IE you have to
configure something like mod_auth_kerb for that

-kevin

This is essentially the last piece we have before finishing up this
setup so any advice you may have could be very useful to us.

Regards,
–Eli

Thanks once again for all of the input, IE is indeed the primary browser
here, but we do have users using Mozilla Firefox 4 as well. I have tried
logging in within FF4, and I get the same errors as I do in IE. I think
that there is some basic link not taking place between IE(FF4) and RT
(RT::Auth*), which is interesting (or rather odd) since as I mentioned
before, I am able to login using LDAP directly (though unable I may be
of passing the SSO check itself). I read on a previous message that
RT::Auth* was now at 0.08_02 (not sure if this is correct)? Perhaps I
should use this version with RT 3.89 and see if this fixes the issue.

You mentioned mod_auth_kerb, and I actually do have mod_auth_kerb
installed for Apache2, so I’m thinking this could be another likely way
to go (would this work for FF4 as well?). I’ve also used Likewise Open
to physically join the server to our primary domain controller, but this
has not made much of a difference (yet) - although I am sure that a
separate connector has to probably be setup within Likewise for RT (but
I am at the moment not familiar with this option). As another feasible
option for SSO, would it be better to just use an AD synchronized
OpenLDAP server, using something like a DBI Authentication module?

Regards,
Eli

In fact it does work with FF4, even if the same “SSO Failed and no user to
test with. Nexting” message appears in my logs… i’m just living with it
my version of RT::Authen:ExternalAuth is 0.08 running on a Mandriva 2010
i have not tested with later versions of authen plugin (maybe i should)

Rapha�l

“Eli Guzman” eguzman@cvimellesgriot.com
02/05/2011 20:06

A
Rapha�l MOUNEYRES raphael.mouneyres@sagemcom.com,
rt-users@lists.bestpractical.com
cc

Objet
RE: [rt-users] Is a time zone user preference available?

Thanks for the information Rapha�l. I have tried SSO with Firefox 4 as
well, and the LDAP authentication piece works but I have been unable to
get the SSO piece working properly. Same error gets generated in FF4 as it
does in IE8:

[Mon May 2 16:16:37 2011] [debug]: Attempting to use external auth
service: My_LDAP
(/opt/rt3/local/plugins/RT-uthen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Mon May 2 16:16:37 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt3/local/plugins/RT-Authn-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Mon May 2 16:16:37 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt3/local/plugns/RT-Authen-ExternalAuth/html/Elements/DoAuth:26)

I am running 3.8.9 rather than 3.8.8, so that may be the key difference
(besides being on RHEL 5.6). If you don’t mind me asking what version of
RT::Authen:ExternalAuth are you currently running (and on what server
platform)? Not sure if you are on an earlier/later version, but if you are
on a later version this may be useful information, as I may just need to
upgrade it.

Thanks,
EliFrom: rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Rapha�l
MOUNEYRES
Sent: Monday, May 02, 2011 1:31 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Is a time zone user preference available?

Hi,

Just to recap: LDAP authentication works, the SSO piece (the automatic
logon into the interface) fails.

on my RT 3.8.8, the only Way to have SSO working is to use firefox (wich
writes the cookie corerctly)
I’ve not been able to have Internet Explorer write the cookie, so i’m
using firefox 4.0.

Rapha�l

" Ce courriel et les documents qui lui sont joints peuvent contenir des
informations confidentielles ou ayant un caract�re priv�. S’ils ne vous sont
pas destin�s, nous vous signalons qu’il est strictement interdit de les
divulguer, de les reproduire ou d’en utiliser de quelque mani�re que ce
soit le contenu. Si ce message vous a �t� transmis par erreur, merci d’en
informer l’exp�diteur et de supprimer imm�diatement de votre syst�me
informatique ce courriel ainsi que tous les documents qui y sont attach�s."

" This e-mail and any attached documents may contain confidential or
proprietary information. If you are not the intended recipient, you are
notified that any dissemination, copying of this e-mail and any attachments
thereto or use of their contents by any means whatsoever is strictly
prohibited. If you have received this e-mail in error, please advise the
sender immediately and delete this e-mail and all attached documents
from your computer system."