Scripted modifications to RT's Database or LDAP Group Synchronization?

Not sure if this should go into RT-Users or RT-Devel, so I thought I’d
start here first. Please let me know if this should go to the other list.

I’m trying to find or create some way for LDAP group memberships to
appear in Request Tracker. Digging through the wiki and the
gossamer-threads site, the only thing I can find that looks like it will
do what I want is the rtimportldap.pl script, and it’s woefully out of
date by all appearances. Furthermore, this was written more with Active
Directory in mind. We are using Samba and a homegrown LDAP solution.

To that end, I’m trying to write a utility in Python to sync various
LDAP groups with their respective groups on RT. I know that RT is
written in perl, but I am much more familiar with Python and was hoping
I can continue using it. I have a utility that mostly works, but I’ve
hit a snag. I need to know how RT defines a user as “Privileged” in the
database. It appears that there’s a special group that there has to be
an entry in GroupMembers for membership in the unnamed group of type
"Privileged". Modifying this entry (and making sure that users aren’t
part of the “Unprivileged” group) seems to give them everything that
makes a Privileged user special, except that they don’t show up in the
Privileged Users list in Configuration -> Users… Are there some
database entries that I missed? I can’t seem to see anything obvious.

Thanks.

Johnathan Bell
Internet System Administrator, Baker College

Not sure if this should go into RT-Users or RT-Devel, so I thought I’d
start here first. Please let me know if this should go to the other
list.

I’m trying to find or create some way for LDAP group memberships to
appear in Request Tracker. Digging through the wiki and the
gossamer-threads site, the only thing I can find that looks like it
will
do what I want is the rtimportldap.pl script, and it’s woefully out of
date by all appearances. Furthermore, this was written more with
Active
Directory in mind. We are using Samba and a homegrown LDAP solution.

You’re probably better off extending or working from
http://search.cpan.org/~falcone/RT-Extension-LDAPImport-0.04/
which is decidedly more recent, but doesn’t support LDAP groups
because the client who sponsored it didn’t want them.

To that end, I’m trying to write a utility in Python to sync various
LDAP groups with their respective groups on RT. I know that RT is
written in perl, but I am much more familiar with Python and was
hoping
I can continue using it. I have a utility that mostly works, but I’ve
hit a snag. I need to know how RT defines a user as “Privileged” in
the
database. It appears that there’s a special group that there has to be
an entry in GroupMembers for membership in the unnamed group of type
"Privileged". Modifying this entry (and making sure that users aren’t
part of the “Unprivileged” group) seems to give them everything that
makes a Privileged user special, except that they don’t show up in the
Privileged Users list in Configuration -> Users… Are there some
database entries that I missed? I can’t seem to see anything obvious.

You really want to use one of the APIs, either the perl or REST one,
rather than trying to munge the DB directly.

-kevin

Kevin Falcone wrote:> On May 15, 2009, at 2:56 PM, Johnathan Bell wrote:

Not sure if this should go into RT-Users or RT-Devel, so I thought I’d
start here first. Please let me know if this should go to the other
list.

I’m trying to find or create some way for LDAP group memberships to
appear in Request Tracker. Digging through the wiki and the
gossamer-threads site, the only thing I can find that looks like it
will
do what I want is the rtimportldap.pl script, and it’s woefully out of
date by all appearances. Furthermore, this was written more with
Active
Directory in mind. We are using Samba and a homegrown LDAP solution.

You’re probably better off extending or working from
http://search.cpan.org/~falcone/RT-Extension-LDAPImport-0.04/
which is decidedly more recent, but doesn’t support LDAP groups
because the client who sponsored it didn’t want them.

To that end, I’m trying to write a utility in Python to sync various
LDAP groups with their respective groups on RT. I know that RT is
written in perl, but I am much more familiar with Python and was
hoping
I can continue using it. I have a utility that mostly works, but I’ve
hit a snag. I need to know how RT defines a user as “Privileged” in
the
database. It appears that there’s a special group that there has to be
an entry in GroupMembers for membership in the unnamed group of type
"Privileged". Modifying this entry (and making sure that users aren’t
part of the “Unprivileged” group) seems to give them everything that
makes a Privileged user special, except that they don’t show up in the
Privileged Users list in Configuration -> Users… Are there some
database entries that I missed? I can’t seem to see anything obvious.

You really want to use one of the APIs, either the perl or REST one,
rather than trying to munge the DB directly.

-kevin


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Ah, I was afraid that would be the answer. I suppose using the API is
more future-ready anyway. Thanks for the clear and concise answer. It
looks like the Perl API is documented in the RT::OnlineDocs extension,
is this the best way to access it? I also couldn’t find any
documentation for the REST API on the wiki, where would I find docs for
this?

Thanks.

Johnathan Bell
Internet System Administrator, Baker College

Ah, I was afraid that would be the answer. I suppose using the API is
more future-ready anyway. Thanks for the clear and concise answer. It
looks like the Perl API is documented in the RT::OnlineDocs extension,
is this the best way to access it?

perldoc /opt/rt3/lib/RT/*.pm is my preferred method

I also couldn’t find any
documentation for the REST API on the wiki, where would I find docs
for
this?

http://wiki.bestpractical.com/view/REST
/opt/rt3/bin/rt help

-kevin

Thanks, that works.On May 16, 2009, at 1:31 PM, Kevin Falcone wrote:

On May 16, 2009, at 8:11 AM, Johnathan Bell wrote:

Ah, I was afraid that would be the answer. I suppose using the API is
more future-ready anyway. Thanks for the clear and concise answer. It
looks like the Perl API is documented in the RT::OnlineDocs
extension,
is this the best way to access it?

perldoc /opt/rt3/lib/RT/*.pm is my preferred method

I also couldn’t find any
documentation for the REST API on the wiki, where would I find docs
for
this?

http://wiki.bestpractical.com/view/REST
/opt/rt3/bin/rt help

-kevin


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Johnathan Bell
Internet System Administrator, Baker College

Office Phone: 810-766-4097
Office Hours: 7A - 4P Eastern, M-F