Hi all,
We have RT4.0 with RT::Authen::ExternalAuth. In attr_match_list section
we have:
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
],
‘attr_map’ => { ‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
}
However, on our ldap (openldap) a typical user has a uid and cn. For
instance, my info on the ldap is:
dn: uid=hossein,ou=People,o=TRIUMF
uid: hossein
cn: Hossein Rafighi
sn: Rafighi
mail: hossein@triumf.ca
mail: Hossein.Rafighi@triumf.ca
givenName: Hossein
Is it possible to alter the attr_match, attr_map, or any other attribute
in RT to authenticate based on uid or cn, and not just uid? I tried
changing various settings, but to no avail.
Many thanks,
Hossein
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ || _ \ | || | | || _/ || __|TRIUMF, 4004 Wesbrook Mall
| | | || ) | | | | | || || |__ Vancouver BC, CANADA, V6T 2A3
| | | _ / | | | _/ || _/ || |Voice: (604) 222-1047
| | | | \ \ | | | || | | || | Fax: (604) 222-1074
|| || _|_| _/ || |||_| Website: http://www.triumf.ca
Hi all,
We have RT4.0 with RT::Authen::ExternalAuth. In attr_match_list
section we have:
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
],
You really don’t want RealName there, otherwise
RT::Authen::ExternalAuth will disallow two people named Bob Smith.
‘attr_map’ => { ‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
}
However, on our ldap (openldap) a typical user has a uid and cn. For
instance, my info on the ldap is:
dn: uid=hossein,ou=People,o=TRIUMF
uid: hossein
cn: Hossein Rafighi
sn: Rafighi
mail: hossein@triumf.ca
mail: Hossein.Rafighi@triumf.ca
givenName: Hossein
Is it possible to alter the attr_match, attr_map, or any other
attribute in RT to authenticate based on uid or cn, and not just
uid? I tried changing various settings, but to no avail.
You’d have to extend the module to use more than just the Name in the
query it runs for DN. There’s a branch in the repo for refactoring
some of that code, but it concentrates on alternate email addresses
not alternate uids. It may make doing what you want easier though.
-kevin
Hi Kevin,
Much appreciated. Using alternate email addresses instead of alternate
uids sounds even better. Is this url:
http://requesttracker.wikia.com/wiki/AutoCreateAndCanonicalizeUserInfo
what I need? If not, can you please point me to a page where
step-by-step instruction is.
Again, many thanks…
HosseinOn 9/13/2011 2:42 PM, Kevin Falcone wrote:
On Tue, Sep 13, 2011 at 12:04:44PM -0700, Hossein Rafighi wrote:
Hi all,
We have RT4.0 with RT::Authen::ExternalAuth. In attr_match_list
section we have:
‘attr_match_list’ => [ ‘Name’,
‘EmailAddress’,
‘RealName’,
],
You really don’t want RealName there, otherwise
RT::Authen::ExternalAuth will disallow two people named Bob Smith.
‘attr_map’ => { ‘Name’ => ‘uid’,
‘EmailAddress’ => ‘mail’,
‘RealName’ => ‘cn’,
}
However, on our ldap (openldap) a typical user has a uid and cn. For
instance, my info on the ldap is:
dn: uid=hossein,ou=People,o=TRIUMF
uid: hossein
cn: Hossein Rafighi
sn: Rafighi
mail: hossein@triumf.ca
mail: Hossein.Rafighi@triumf.ca
givenName: Hossein
Is it possible to alter the attr_match, attr_map, or any other
attribute in RT to authenticate based on uid or cn, and not just
uid? I tried changing various settings, but to no avail.
You’d have to extend the module to use more than just the Name in the
query it runs for DN. There’s a branch in the repo for refactoring
some of that code, but it concentrates on alternate email addresses
not alternate uids. It may make doing what you want easier though.
-kevin
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ || _ \ | || | | || _/ || __|TRIUMF, 4004 Wesbrook Mall
| | | || ) | | | | | || || |__ Vancouver BC, CANADA, V6T 2A3
| | | _ / | | | _/ || _/ || |Voice: (604) 222-1047
| | | | \ \ | | | || | | || | Fax: (604) 222-1074
|| || _|_| _/ || |||_| Website: http://www.triumf.ca
Much appreciated. Using alternate email addresses instead of alternate uids sounds even
better. Is this url: [1]http://requesttracker.wikia.com/wiki/AutoCreateAndCanonicalizeUserInfo
what I need? If not, can you please point me to a page where step-by-step instruction is.
Nope, that page is about 5 years out of date and won’t work with any
modern version of RT. Thanks for pointing it out, I’ve added the
relevant warning flags.
As I mentioned, it’s a branch in the github repo for
RT-Authen-ExternalAuth. There are no step by step instructions for
setting it up. You’d need to be comfortable making a git clone and
switching branches and reading the updated documentation. You can
find the github repo GitHub - bestpractical/rt-authen-externalauth
-kevin
Hi rt-users,
I’ve the following issue… we would like to create a kind of “sub-list” for a custom field.
So there should be a kind of mechanism that if a certain value within the drop down list is chosen, an additional custom field appears in the View as new drop down list.
To be more specific we need to let an additional custom field (with certain values) appear in case the value “service” is chosen from the already existing Drop Down box.
Any Ideas how this can be realized?
Thanks an regards
Gianfranco
Create two custom fields and set ‘based on’ for one of them.
Regards, Ruslan. From phone.
Hi rt-users,
I’ve the following issue… we would like to create a kind of “sub-list”
for a custom field.
So there should be a kind of mechanism that if a certain value within the
drop down list is chosen, an additional custom field appears in the View as
new drop down list.
To be more specific we need to let an additional custom field (with
certain values) appear in case the value “service” is chosen from the
already existing Drop Down box.
Thanks Ruslan,
I tried this already but this does not solve my problem. I need the relationship between the a single value of the original custom field and the new custom field.From: ruslan.zakirov@gmail.com [mailto:ruslan.zakirov@gmail.com] On Behalf Of Ruslan Zakirov
Sent: Wednesday, September 14, 2011 11:26 AM
To: Rossi, Gianfranco
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Custom Field Sub-list
Create two custom fields and set ‘based on’ for one of them.
Regards, Ruslan. From phone.
Usually when you select a Custom Field in the “based on” list the Category column changes to Drop Down boxes and you can select one of the CF values from the CF that you based it on. So if you have a CF with a list of services and you base another CF on it, then you can create Values that are based on those services. In the ticket, when you select the Service the second CF will just show the Values based on that service.
Not sure if I explained that well, but it sounds like that is what you are looking for. Unfortunately this CF will not appear, it has to already be there and you need to add both CFs to the Queue.
Chris
PGP.sig (475 Bytes)
Hi Kevin,
Much appreciate the help. I’ll have to setup a testbed and give it a try.
Cheers,
HosseinOn 9/13/2011 3:47 PM, Kevin Falcone wrote:
As I mentioned, it’s a branch in the github repo for
RT-Authen-ExternalAuth. There are no step by step instructions for
setting it up. You’d need to be comfortable making a git clone and
switching branches and reading the updated documentation. You can find
the github repo
GitHub - bestpractical/rt-authen-externalauth -kevin
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ || _ \ | || | | || _/ || __|TRIUMF, 4004 Wesbrook Mall
| | | || ) | | | | | || || |__ Vancouver BC, CANADA, V6T 2A3
| | | _ / | | | _/ || _/ || |Voice: (604) 222-1047
| | | | \ \ | | | || | | || | Fax: (604) 222-1074
|| || _|_| _/ || |||_| Website: http://www.triumf.ca
Hi,
I modified the subject line to multiple email addresses. I just received
an email off the list that was advising me to do the following to
achieve what I want. I should emphasize that my users are all in one
domain. Sine both John.Doe@triumf.ca and jdoe@triumf.ca are the same
person I want him to be able to submit a ticket and reply to his ticket
no matter which email address his “From:” is set to. Also if possible, I
want him to be able to use either John Doe, or jdoe as username to login
to the web interface.
The advise is to enable the following:
Set($CanonicalizeEmailAddressMatch ,
‘(^rt@triumf.ca).(cc.)?cn.ca$’);
Set($CanonicalizeEmailAddressReplace , ‘uid.ca’);
Any ideas?
HosseinOn 9/13/2011 3:47 PM, Kevin Falcone wrote:
On Tue, Sep 13, 2011 at 03:18:16PM -0700, Hossein Rafighi wrote:
Much appreciated. Using alternate email addresses instead of alternate uids sounds even
better. Is this url: [1]http://requesttracker.wikia.com/wiki/AutoCreateAndCanonicalizeUserInfo
what I need? If not, can you please point me to a page where step-by-step instruction is.
Nope, that page is about 5 years out of date and won’t work with any
modern version of RT. Thanks for pointing it out, I’ve added the
relevant warning flags.
As I mentioned, it’s a branch in the github repo for
RT-Authen-ExternalAuth. There are no step by step instructions for
setting it up. You’d need to be comfortable making a git clone and
switching branches and reading the updated documentation. You can
find the github repo GitHub - bestpractical/rt-authen-externalauth
-kevin
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ || _ \ | || | | || _/ || __|TRIUMF, 4004 Wesbrook Mall
| | | || ) | | | | | || || |__ Vancouver BC, CANADA, V6T 2A3
| | | _ / | | | _/ || _/ || |Voice: (604) 222-1047
| | | | \ \ | | | || | | || | Fax: (604) 222-1074
|| || _|_| _/ || |||_| Website: http://www.triumf.ca
Hi,
I modified the subject line to multiple email addresses. I just
received an email off the list that was advising me to do the
following to achieve what I want. I should emphasize that my users
are all in one domain. Sine both John.Doe@triumf.ca and
jdoe@triumf.ca are the same person I want him to be able to submit a
ticket and reply to his ticket no matter which email address his
“From:” is set to. Also if possible, I want him to be able to use
either John Doe, or jdoe as username to login to the web interface.
The advise is to enable the following:
Set($CanonicalizeEmailAddressMatch ,
‘(^rt@triumf.ca).(cc.)?cn.ca$’);
Set($CanonicalizeEmailAddressReplace , ‘uid.ca’);
If you can write a regular expression to rewrite John.Doe to jdoe
consistently across your userbase, then you can use that option.
Normally, it’s used to normalize people who write from @host.domain.tld
and @domain.tld to all come from @domain.tld.
Your proposed settings don’t look like they would do what you propose.
Have you reviewed the documentation in RT4?
-kevin
I thought it sounded to good to be true! Your explanations makes sense.
As for reading the documentation, I’ve looked at everything in the /docs
directory of the RT tarball, but nothing substantial to what I want.
HosseinOn 9/14/2011 10:55 AM, Kevin Falcone wrote:
On Wed, Sep 14, 2011 at 10:42:02AM -0700, Hossein Rafighi wrote:
Hi,
I modified the subject line to multiple email addresses. I just
received an email off the list that was advising me to do the
following to achieve what I want. I should emphasize that my users
are all in one domain. Sine both John.Doe@triumf.ca and
jdoe@triumf.ca are the same person I want him to be able to submit a
ticket and reply to his ticket no matter which email address his
“From:” is set to. Also if possible, I want him to be able to use
either John Doe, or jdoe as username to login to the web interface.
The advise is to enable the following:
Set($CanonicalizeEmailAddressMatch ,
‘(^rt@triumf.ca).(cc.)?cn.ca$’);
Set($CanonicalizeEmailAddressReplace , ‘uid.ca’);
If you can write a regular expression to rewrite John.Doe to jdoe
consistently across your userbase, then you can use that option.
Normally, it’s used to normalize people who write from @host.domain.tld
and @domain.tld to all come from @domain.tld.
Your proposed settings don’t look like they would do what you propose.
Have you reviewed the documentation in RT4?
-kevin
On 9/13/2011 3:47 PM, Kevin Falcone wrote:
On Tue, Sep 13, 2011 at 03:18:16PM -0700, Hossein Rafighi wrote:
Much appreciated. Using alternate email addresses instead of alternate uids sounds even
better. Is this url: [1]http://requesttracker.wikia.com/wiki/AutoCreateAndCanonicalizeUserInfo
what I need? If not, can you please point me to a page where step-by-step instruction is.
Nope, that page is about 5 years out of date and won’t work with any
modern version of RT. Thanks for pointing it out, I’ve added the
relevant warning flags.
As I mentioned, it’s a branch in the github repo for
RT-Authen-ExternalAuth. There are no step by step instructions for
setting it up. You’d need to be comfortable making a git clone and
switching branches and reading the updated documentation. You can
find the github repo GitHub - bestpractical/rt-authen-externalauth
RT Training Sessions (http://bestpractical.com/services/training.html)
- Chicago, IL, USA — September 26& 27, 2011
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Melbourne VIC, Australia — November 28& 29, 2011
- Barcelona, Spain — November 28& 29, 2011
_____ _____ _____ _ _ _ _ ____ Hossein Rafighi
|_ || _ \ | || | | || _/ || __|TRIUMF, 4004 Wesbrook Mall
| | | || ) | | | | | || || |__ Vancouver BC, CANADA, V6T 2A3
| | | _ / | | | _/ || _/ || |Voice: (604) 222-1047
| | | | \ \ | | | || | | || | Fax: (604) 222-1074
|| || _|_| _/ || |||_| Website: http://www.triumf.ca
I thought it sounded to good to be true! Your explanations makes sense.
As for reading the documentation, I’ve looked at everything in the /docs directory of the RT
tarball, but nothing substantial to what I want.
Documentation for configuration options such as
$CanonicalizeEmailAddressMatch is in RT_Config.pm
-kevin