Hi

I have just installed rt on my RH9 machine and i have some probleme to
manage my user.
As they already exist in my ldap database i would like to use it
I have set the following value in my config file and it works quite
nice.
Set($WebExternalAuth,1); Set($WebExternalAuto , 1);

Nevertheless i have two little problems.
All my user are privileged. How can i make rt create these users as
non privileged?
I would like to get some information from my ldap server to the rt
database like the real name of user and the email adress.

It would be nice if it was been at the creation of the account.

Does someone know how to do that?

thanks in advance for any help

I had done it.
I will prepare tomorrow the patches in diff format and give you the
modified file for the import.

I have this exactly like you want, unpriviledged users at first, and all
infos imported by ldap… Well not all infos, but you will see.

Samuel-----Original Message-----
From: Eric Doutreleau [mailto:Eric.Doutreleau@int-evry.fr]
Sent: Monday,15 September,2003 17:23
To: rt-users@lists.fsck.com

Hi

I have just installed rt on my RH9 machine and i have some probleme to
manage my user.
As they already exist in my ldap database i would like to use it I have
set the following value in my config file and it works quite
nice.

Set($WebExternalAuth,1);
Set($WebExternalAuto , 1);

Nevertheless i have two little problems.
All my user are privileged. How can i make rt create these users as non
privileged?
I would like to get some information from my ldap server to the rt
database like the real name of user and the email adress.

It would be nice if it was been at the creation of the account.

Does someone know how to do that?

thanks in advance for any help
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

Eric Doutreleau wrote:

Hi

I have just installed rt on my RH9 machine and i have some probleme to
manage my user.
As they already exist in my ldap database i would like to use it
I have set the following value in my config file and it works quite
nice.
Set($WebExternalAuth,1); Set($WebExternalAuto , 1);

Nevertheless i have two little problems.
All my user are privileged. How can i make rt create these users as
non privileged?
I would like to get some information from my ldap server to the rt
database like the real name of user and the email adress.

It would be nice if it was been at the creation of the account.

Does someone know how to do that?

Here are the modifications I made to html/autohandler to support LDAP
lookups into our Active Directory system.

sub LookupLdapUserInfo {
use Net::LDAP;
use Net::LDAP::Constant qw(LDAP_SUCCESS);

use constant LDAP => q(<your LDAP server);
use constant LDAP_PORT => q(389);
use constant LDAP_BASE => q();
use constant LDAP_UID => q();
use constant LDAP_CN => q(cn);

my ($user) = @_;

my $ldap = new Net::LDAP(LDAP, port => LDAP_PORT)
or return undef;

my $mesg = $ldap->bind(, password => );
return undef unless $mesg->code == LDAP_SUCCESS;

my $filter = “@{[ LDAP_UID ]}=$user”;

$mesg = $ldap->search(base => LDAP_BASE,
filter => $filter,
attrs => [ LDAP_CN ]);
return undef unless ($mesg->code == LDAP_SUCCESS);

if ($mesg->count != 1 ||
($mesg->first_entry->get_value(LDAP_CN))[0] eq ‘’) {
return undef;
}

my $cn = $mesg->first_entry->get_value(LDAP_CN);

$mesg = $ldap->unbind();

return $cn;
}

now find the block that starts with:

If RT is configured for external auth, let’s get REMOTE_USER

elsif ($RT::WebExternalAuth and length($ENV{‘REMOTE_USER’})) {

there is a chunk that looks like:
if ($val) {
$UserObj->SetPrivileged(1);

set the 1 to 0 and people default to unprivileged.

Inside this if block you add the call to the LookupLdapUserInfo().

For maintenance, you can place any modified file in local/html instead
of share/html. The Mason looks in local first then in share for any file.

As they already exist in my ldap database i would like to use it
I have set the following value in my config file and it works quite
nice.
Set($WebExternalAuth,1); Set($WebExternalAuto , 1);

Nevertheless i have two little problems.
All my user are privileged. How can i make rt create these users as
non privileged?
I would like to get some information from my ldap server to the rt
database like the real name of user and the email adress.

It would be nice if it was been at the creation of the account.

The WebExternalAuto function includes this feature. It’s easy to
use. (though should probably be mentioned in the config file, oops)
The attributes new AutoCreated users are created with are defined by
Interface/Web.pm’s WebExternalAutoInfo. You should be able to override
that function using the overlay system.

create a local/lib/Interface/Web_local.pm with your version of the
function. You might want to crib off the old one to see how it likes
it’s hash.

at least I think Interface/Web supports the overlay system.

seph

Hi thanks for the tips

I can make it work if i edit the original source Web.pm

but i m not able to make it work through the overlay feature.
what path should i use for the file?Le lun 15/09/2003 à 19:10, seph a écrit :

As they already exist in my ldap database i would like to use it
I have set the following value in my config file and it works quite
nice.
Set($WebExternalAuth,1); Set($WebExternalAuto , 1);

Nevertheless i have two little problems.
All my user are privileged. How can i make rt create these users as
non privileged?
I would like to get some information from my ldap server to the rt
database like the real name of user and the email adress.

It would be nice if it was been at the creation of the account.

The WebExternalAuto function includes this feature. It’s easy to
use. (though should probably be mentioned in the config file, oops)
The attributes new AutoCreated users are created with are defined by
Interface/Web.pm’s WebExternalAutoInfo. You should be able to override
that function using the overlay system.

create a local/lib/Interface/Web_local.pm with your version of the
function. You might want to crib off the old one to see how it likes
it’s hash.

at least I think Interface/Web supports the overlay system.

seph

---

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

I can make it work if i edit the original source Web.pm

but i m not able to make it work through the overlay feature.

It’s possible the stock 3.0.5 Web.pm doesn’t support the overlay
mechanism.

what path should i use for the file?

I’m pretty sure it’s /local/lib/Interface/Web_local.pm but my
rt server is down, so I can’t dig up the overlay syntax.

seph

Well i put my Web_Local.pm in the /lib/Interface/RT/ with
the modified procedure and it works like a charm.

Thank u

Right now i have the same problem with user autocreated when they send
mail.
They are created with the userid = to their email and i want to
use the ldap userid.

Have any clue what file i should overlay to do that?

Thanks in advance for any helpLe mar 16/09/2003 à 16:58, seph a écrit :

I can make it work if i edit the original source Web.pm

but i m not able to make it work through the overlay feature.

It’s possible the stock 3.0.5 Web.pm doesn’t support the overlay
mechanism.

what path should i use for the file?

I’m pretty sure it’s /local/lib/Interface/Web_local.pm but my
rt server is down, so I can’t dig up the overlay syntax.

seph

I modified Email.pm so that if the submitter is from my domain, it strips
the domain extension off before creating the user. LDAP auth via apache
works like a charm now. I also lowercased everything to prevent creating
duplicate accounts.

HTH,

GregOn Tue, 16 Sep 2003 17:36:48 +0200, Eric Doutreleau <Eric.Doutreleau@int- evry.fr> wrote:

Well i put my Web_Local.pm in the /lib/Interface/RT/ with
the modified procedure and it works like a charm.

Thank u

Right now i have the same problem with user autocreated when they send
mail.
They are created with the userid = to their email and i want to
use the ldap userid.

Have any clue what file i should overlay to do that?

Thanks in advance for any help

Le mar 16/09/2003 à 16:58, seph a écrit :

I can make it work if i edit the original source Web.pm

but i m not able to make it work through the overlay feature.

It’s possible the stock 3.0.5 Web.pm doesn’t support the overlay
mechanism.

what path should i use for the file?

I’m pretty sure it’s /local/lib/Interface/Web_local.pm but my
rt server is down, so I can’t dig up the overlay syntax.

seph

---

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

On that Redhat 9 build:

Getting closer…
Red Hat 9.
mysql 4.0.14
RT 3.0.5
Apache 1.3.28 - recompiled system
mod-perl 1.28 - recompiled system EVERYTHING=1
CPAN 1.76

I had to download and install the source code,
and custom compile most everything to get it into
the correct configuration.

But, alas, rt_user identity still fighting me…
This used to be a config.pm problem,
any ideas on 3.0.5 ?

DBI connect(‘dbname=rt3;host=rtserver.antient.org’,‘rt_user’,…)
failed: Access denied for user: ‘rt_user@rtserver.antient.org’ (Using password: YES)
at /usr/lib/perl5/site_perl/5.8.0/DBIx/SearchBuilder/Handle.pm line 132
[Wed Sep 17 11:30:59 2003] [error] Connect Failed Access denied for user: ‘rt_user@rtserver.antient.org’
(Using password: YES)
at /opt/rt3/lib/RT.pm line 149

It’s your db and your hosts file, your rt_user account in mysql is
probably rt_user@localhost not rt_user@rtserver.antient.org.

Go into mysql and do a select * from user;

You should see where the account is able to login from. You will have to
add rt_user@yourservername

Michael-----Original Message-----
From: Richard Irving [mailto:rirving@onecall.net]
Posted At: Wednesday, September 17, 2003 12:36 PM
Posted To: RT
Conversation: [rt-users] Getting closer
Subject: [rt-users] Getting closer

On that Redhat 9 build:

Getting closer…
Red Hat 9.
mysql 4.0.14
RT 3.0.5
Apache 1.3.28 - recompiled system
mod-perl 1.28 - recompiled system EVERYTHING=1
CPAN 1.76

I had to download and install the source code,
and custom compile most everything to get it into
the correct configuration.

But, alas, rt_user identity still fighting me…
This used to be a config.pm problem,
any ideas on 3.0.5 ?

DBI connect(‘dbname=rt3;host=rtserver.antient.org’,‘rt_user’,…)
failed: Access denied for user: ‘rt_user@rtserver.antient.org’ (Using
password: YES)
at /usr/lib/perl5/site_perl/5.8.0/DBIx/SearchBuilder/Handle.pm line 132
[Wed Sep 17 11:30:59 2003] [error] Connect Failed Access denied for
user: ‘rt_user@rtserver.antient.org’
(Using password: YES)
at /opt/rt3/lib/RT.pm line 149

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

On that Redhat 9 build:

Getting closer…
[snip]
But, alas, rt_user identity still fighting me…
This used to be a config.pm problem,
any ideas on 3.0.5 ?

DBI connect(‘dbname=rt3;host=rtserver.antient.org’,‘rt_user’,…)
failed: Access denied for user: ‘rt_user@rtserver.antient.org’ (Using
password: YES)
at /usr/lib/perl5/site_perl/5.8.0/DBIx/SearchBuilder/Handle.pm line 132
[Wed Sep 17 11:30:59 2003] [error] Connect Failed Access denied for
user: ‘rt_user@rtserver.antient.org’
(Using password: YES)
at /opt/rt3/lib/RT.pm line 149

Are You really connecting to a remote database server? if that is not
the case, try setting the dbhost name to ‘localhost’. MySQL
differentiates between rt_user@localhost and rt_user@<dns_name>.

Regards,
Harald