Quandry: secure parts of a ticket... should this bedone with related tickets? (fwd)

bedone with related tickets?

-----Original Message-----
From: Bruce Campbell [mailto:bruce_campbell@ripe.net]
Sent: Wednesday, December 18, 2002 12:37 AM
To: rt-devel@lists.fsck.com
Subject: Re: [rt-devel] quandry: secure parts of a ticket… should
this
bedone with related tickets?

Colleen wrote:

I have never used rtadmin and just now when I attempted to, I
received

the following error:

[root@bizarro bin]# ./rtadmin
Can’t locate RT/Interface/CLI.pm in @INC (@INC contains:
/usr/local/rt/etc /usr/local/rt/lib
/usr/lib/perl5/5.6.1/i386-linux

Is rtadmin setgid rt?
Is /usr/local/rt/lib/RT/Interface/CLI.pm present?
Does your suidperl work?

And a more subtle gotcha; is /usr/local/rt on a NFS-mounted partition
with
root-squash enabled, and is the directory set so that only the RT
user/group can access it?

For that matter, is /usr/local/rt/{etc,lib} the RT directories ?

this is the problem, I think
I moved rt to /web/sites/rt-dev/rt

I tried adding to the rtadmin file the line:

push(@INC,"/web/sites/rt-dev/rt/lib/RT/Interface/");

right above
use RT::Interface::CLI qw(CleanEnv LoadConfig DBConnect
GetCurrentUser GetMessageContent);

But this isn’t working, either.

Thanks for any and all help with this!

Colleen

Hi all,

this is the next update of rtimportldap.

–group option is replced with --groupadd

Added --groupbind options which synchronises the
RT group(s) with the LDAP persons returned by the filter.

See TAR attached and README below.

Regards,
Stanislav

$Id: rtimportldap.README,v 1.4 2002/12/19 10:40:08 stsiny Exp $
rtimportldap.pl:
The utility for importing the RT users from LDAP directory

Author: Stanislav Sinyagin ssinyagin@yahoo.com

This script is written as generic as possible, but tested
in Microsoft Active Directory/Exchange 2000 environment only.

The script does not care about passwords. Old users’ passwords
are not touched, and the new users are created without password.
Apache/mod_auth_ldap may be used for user authentication against
the LDAP server.

The script is reenterable: existing users are updated,
and non-existing ones are created. Thus, it may be used
every time you make changes in your LDAP directory.

Usage: ./rtimportldap.pl options…
Options ([M] means mandatory, [O] means optional):
–rc filename [O] read options from file
opt=value pairs one per line
–server hostname [M] LDAP server
–port port [O] LDAP TCP port. Default: 389
–ldapver 3|2 [O] LDAP version. Default: 3
–binddn dn [O] Bind DN
–bindpw password [O] Bind password
–basedn dn [M] Base DN
–filter filter [O] Search filter. Default:
(|(objectClass=organizationalPerson)(objectClass=person))
–uidattr attr [O] Username attribute. Default: “uid”
–map lattr:rattr [O] Mapping of LDAP to RT attribute
–groupadd groupname [O] Add the users to these groups
–groupbind groupname [O] Add the users to these groups and
delete members not found in LDAP
–disabled 1|0 [O] Set disabled. Default: 0
–privileged 1|0 [O] Set privileged. Default: 1
–help [O] This help message

The filter is automatically updated so that the UID attribute
is explicitly searched in the directory. This means that
the script may report zero entries found.

The script accepts more than one instance of --groupadd, --groupbind and --map
options.

Microsoft AD specifics:

Option “–uidattr sAMAccountName” is neccessary.

LDAP attribute ‘company’ is Microsoft-specific, not defined
in standard schemas that come with OpenLDAP. We map it to
’Organization’ RT attribute.

MS AD requires non-anonymous binding. In anonymous mode,
it shows only the topmost entry. For normal work, you
must bind as a valid domain or host user.

Copyright © 2002 Stanislav Sinyagin

rtimportldap.tar (20 KB)

this is the problem, I think
I moved rt to /web/sites/rt-dev/rt

I tried adding to the rtadmin file the line:

push(@INC,"/web/sites/rt-dev/rt/lib/RT/Interface/");

right above
use RT::Interface::CLI qw(CleanEnv LoadConfig DBConnect
GetCurrentUser GetMessageContent);

But this isn’t working, either.

Try using “/web/sites/rt-dev/rt/lib” instead of
"/web/sites/rt-dev/rt/lib/RT/Interface". You’ll probably also want
"/web/sites/rt-dev/rt/etc" in there, as well.

(darren)

Morality works best when chosen, not when mandated.
– Larry Wall