Rt-mailgate fix

RT Developers
1

When using External Auth, I had a weird problem where rt-mailgate would
bomb with a 401 to the NoAuth areas (which I had properly excluded from
the Apache auth in the configs). I tracked this down to having a
trailing slash in the URL passed to rt-mailgate… Fixed by putting the
following above line 99 to chop it out if there. Yes, I know I could’ve
simply not passed the trailing slash, but that would require rewriting a
few dozen mail alias entries instead of a one line code fix. Feel free
to use, or not, as desired. :slight_smile:

if($opts{‘url’} =~ //$/) { chop $opts{‘url’}; }

Matthew Keller
Network and Security Analyst
Computing & Technology Services
State University of New York @ Potsdam
Potsdam, NY, USA
http://mattwork.potsdam.edu/

2

When using External Auth, I had a weird problem where rt-mailgate would
bomb with a 401 to the NoAuth areas (which I had properly excluded from
the Apache auth in the configs). I tracked this down to having a
trailing slash in the URL passed to rt-mailgate… Fixed by putting the
following above line 99 to chop it out if there. Yes, I know I could’ve
simply not passed the trailing slash, but that would require rewriting a
few dozen mail alias entries instead of a one line code fix. Feel free
to use, or not, as desired. :slight_smile:

What do your external auth rules look like?

-j

3

What do your external auth rules look like?

-j

Apache 2.2.something, using mod_auth_ldap for authentication. I
confirmed using lynx and wget that doing a GET on the URL that
rt-mailgate uses worked fine and never prompted for Auth… but for
whatever reason a POST to the double-slashed URL did. I think it’s
matching rule bug on Apache’s part, but fixing rt-mailgate was the path
of least resistance.

<Location /projects/rt>
RewriteEngine On
RedirectMatch permanent (.*)/$ $1/index.html
AddDefaultCharset UTF-8
SetHandler perl-script
PerlHandler RT::Mason

    AuthLDAPURL
    ldap://myldapserver/ou=People,o=myldaproot?uid
    AuthName "Tracking System"
    AuthType Basic
    AuthBasicProvider ldap
    require ldap-user me myself i

<LocationMatch “/projects/rt/(.*NoAuth)”>
# Disable auth
Satisfy Any
Allow from all

4

Apache 2.2.something, using mod_auth_ldap for authentication. I
confirmed using lynx and wget that doing a GET on the URL that
rt-mailgate uses worked fine and never prompted for Auth… but for
whatever reason a POST to the double-slashed URL did. I think it’s
matching rule bug on Apache’s part, but fixing rt-mailgate was the path
of least resistance.

    RedirectMatch permanent (.*)/$ $1/index.html

seems like it could be part of your issue as well…

5 
    RedirectMatch permanent (.*)/$ $1/index.html

seems like it could be part of your issue as well…

Ignore that. I’m on crack.

6

When using External Auth, I had a weird problem where rt-mailgate would
bomb with a 401 to the NoAuth areas (which I had properly excluded from
the Apache auth in the configs). I tracked this down to having a
trailing slash in the URL passed to rt-mailgate… Fixed by putting the
following above line 99 to chop it out if there. Yes, I know I could’ve
simply not passed the trailing slash, but that would require rewriting a
few dozen mail alias entries instead of a one line code fix. Feel free
to use, or not, as desired. :slight_smile:

if($opts{‘url’} =~ //$/) { chop $opts{‘url’}; }

Why not just

Remove the trailing slash if it’s there

$opts{‘url’} =~ s//$//;

Just a nitpick…

  • Dmitri.