User info synchronization with LDAP

Hi all!

I installed RT3.4.5 with LDAP support as described at
http://wiki.bestpractical.com/index.cgi?LDAP. It’s working well, I can
login with my LDAP credentials.

Now, I’d like to synchronize the user info with my LDAP server. Any idea?

Thanks!

Jean-Francois

Hi Jean-Francois,

The way I went about it was to modify the User_Overlay.pm file subroutine called CanonicalizeUserInfo

Our new method for that is located in:
/local/lib/RT/User_Local.pm (this overtakes the original method version supplied with RT)

Basically we just do a LDAP look up of the user as they are being created and then it places this information into their profile.

If you need more detailed help let me know.

Thanks,

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448-----Original Message-----
From: Jean-Francois Levesque [mailto:jean-francois.levesque@savoirfairelinux.com]
Sent: Thursday, May 25, 2006 4:10 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] User info synchronization with LDAP

Hi all!

I installed RT3.4.5 with LDAP support as described at
http://wiki.bestpractical.com/index.cgi?LDAP. It’s working well, I can
login with my LDAP credentials.

Now, I’d like to synchronize the user info with my LDAP server. Any idea?

Thanks!

Jean-Francois
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html

I think LdapSummary page on the wiki has reference to a description
about how to sync LDAP->RT user accounts.On 5/26/06, tmaciak@ci.grand-rapids.mi.us tmaciak@ci.grand-rapids.mi.us wrote:

Hi Jean-Francois,

The way I went about it was to modify the User_Overlay.pm file subroutine called CanonicalizeUserInfo

Our new method for that is located in:
/local/lib/RT/User_Local.pm (this overtakes the original method version supplied with RT)

Basically we just do a LDAP look up of the user as they are being created and then it places this information into their profile.

If you need more detailed help let me know.

Thanks,

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448

-----Original Message-----
From: Jean-Francois Levesque [mailto:jean-francois.levesque@savoirfairelinux.com]
Sent: Thursday, May 25, 2006 4:10 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] User info synchronization with LDAP

Hi all!

I installed RT3.4.5 with LDAP support as described at
http://wiki.bestpractical.com/index.cgi?LDAP. It’s working well, I can
login with my LDAP credentials.

Now, I’d like to synchronize the user info with my LDAP server. Any idea?

Thanks!

Jean-Francois


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html

Best regards, Ruslan.

The synchronization is working but only at the first web login or at the
first time a user sends an email to RT. After that, the user info in RT
is not updated when the LDAP user info is changed.

I’d like to have a one-way sync from LDAP to RT every time a user login
or an email is received. How can I do that? How can I force RT to get
user info from LDAP?

Thanks for your help!

Jean-François

Ruslan Zakirov wrote:

Ah yes, this is a similar problem to what I have encountered. I still
Am trying to think of a decent way to combat it.

The way I have this system set up is that RT creates a user whether from an email coming in, or a ticket being created by a priv user for a new requestor.

Once the user is being created, the ldap info is searched and then that info is placed in the RT database under the users table into their profile.

This is generally fine because most people don’t change departments, phone numbers etc. that often so no need to call LDAP server every time every user
Logs in, or every time a ticket has a new requestor etc. - this would be a lot of lookups!

Now as an administrator I have added a button for Myself to use which will automatically update user info in the form for Modify the User -“Modify.html”. This works nicely for me, but not for anyone normal priv user.

However, just recently some of the managers have decided they want every priv user to be able to hit a button at any time which will refresh the the ticket requestors’ data from LDAP and update their profile. This I do not know how to do yet. I was thinking of doing a custom scrip to handle this, but how Would I interface a button push into setting off some sort of transaction On the main ticket page where it shows requestor information?? The other Thought that ran across my mind was just to have that button point to my Own .pl file which would then manually update the db after running a new Ldap query for the user which is passed to the .pl file from the button push. This seems is definitely possible, but isn’t really part of the
Existing framework that is in RT. I think I would rather go with the
Custom scrip part but I haven’t found any examples how to implement
A custom button push to set off the event.

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448From: Jean-Francois Levesque [mailto:jean-francois.levesque@savoirfairelinux.com]
Sent: Friday, May 26, 2006 9:50 AM
To: Ruslan Zakirov
Cc: Maciak, TJ; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User info synchronization with LDAP

The synchronization is working but only at the first web login or at the
first time a user sends an email to RT. After that, the user info in RT
is not updated when the LDAP user info is changed.

I’d like to have a one-way sync from LDAP to RT every time a user login
or an email is received. How can I do that? How can I force RT to get
user info from LDAP?

Thanks for your help!

Jean-François

Ruslan Zakirov wrote:

I think LdapSummary page on the wiki has reference to a description
about how to sync LDAP->RT user accounts.

Hi Jean-Francois,

The way I went about it was to modify the User_Overlay.pm file
subroutine called CanonicalizeUserInfo

Our new method for that is located in:
/local/lib/RT/User_Local.pm (this overtakes the original method
version supplied with RT)

Basically we just do a LDAP look up of the user as they are being
created and then it places this information into their profile.

If you need more detailed help let me know.

Thanks,

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448

-----Original Message-----
From: Jean-Francois Levesque
[mailto:jean-francois.levesque@savoirfairelinux.com]
Sent: Thursday, May 25, 2006 4:10 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] User info synchronization with LDAP

Hi all!

I installed RT3.4.5 with LDAP support as described at
http://wiki.bestpractical.com/index.cgi?LDAP. It’s working well, I can
login with my LDAP credentials.

Now, I’d like to synchronize the user info with my LDAP server. Any idea?

Thanks!

Jean-Francois


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html

M. Maciak,

We follow the same initial load procedure on the initial E-mail
into the system. Then, once a day we compare the timestamp on the
LDAP entries with those in RT. Any records that are more recent
are updated to the new information automatically. Maybe a process
like that would work for you.

KenOn Fri, May 26, 2006 at 10:08:18AM -0400, tmaciak@ci.grand-rapids.mi.us wrote:

Ah yes, this is a similar problem to what I have encountered. I still
Am trying to think of a decent way to combat it.

The way I have this system set up is that RT creates a user whether from an email coming in, or a ticket being created by a priv user for a new requestor.

Once the user is being created, the ldap info is searched and then that info is placed in the RT database under the users table into their profile.

This is generally fine because most people don’t change departments, phone numbers etc. that often so no need to call LDAP server every time every user
Logs in, or every time a ticket has a new requestor etc. - this would be a lot of lookups!

Now as an administrator I have added a button for Myself to use which will automatically update user info in the form for Modify the User -“Modify.html”. This works nicely for me, but not for anyone normal priv user.

However, just recently some of the managers have decided they want every priv user to be able to hit a button at any time which will refresh the the ticket requestors’ data from LDAP and update their profile. This I do not know how to do yet. I was thinking of doing a custom scrip to handle this, but how Would I interface a button push into setting off some sort of transaction On the main ticket page where it shows requestor information?? The other Thought that ran across my mind was just to have that button point to my Own .pl file which would then manually update the db after running a new Ldap query for the user which is passed to the .pl file from the button push. This seems is definitely possible, but isn?t really part of the
Existing framework that is in RT. I think I would rather go with the
Custom scrip part but I haven?t found any examples how to implement
A custom button push to set off the event.

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448

Do a search in the mailing list archives for a subject of “[rt-users]
Problem with update dept from ldap action in RT Essentials”. It was
begun in January of this year but the relevant portion (as I understand
your needs) may be in May.

DB

tmaciak@ci.grand-rapids.mi.us wrote:

Ah yes, this is a similar problem to what I have encountered. I still
Am trying to think of a decent way to combat it.

The way I have this system set up is that RT creates a user whether from an email coming in, or a ticket being created by a priv user for a new requestor.

Once the user is being created, the ldap info is searched and then that info is placed in the RT database under the users table into their profile.

This is generally fine because most people don’t change departments, phone numbers etc. that often so no need to call LDAP server every time every user
Logs in, or every time a ticket has a new requestor etc. - this would be a lot of lookups!

Now as an administrator I have added a button for Myself to use which will automatically update user info in the form for Modify the User -“Modify.html”. This works nicely for me, but not for anyone normal priv user.

However, just recently some of the managers have decided they want every priv user to be able to hit a button at any time which will refresh the the ticket requestors’ data from LDAP and update their profile. This I do not know how to do yet. I was thinking of doing a custom scrip to handle this, but how Would I interface a button push into setting off some sort of transaction On the main ticket page where it shows requestor information?? The other Thought that ran across my mind was just to have that button point to my Own .pl file which would then manually update the db after running a new Ldap query for the user which is passed to the .pl file from the button push. This seems is definitely possible, but isn’t really part of the
Existing framework that is in RT. I think I would rather go with the
Custom scrip part but I haven’t found any examples how to implement
A custom button push to set off the event.

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448

-----Original Message-----
From: Jean-Francois Levesque [mailto:jean-francois.levesque@savoirfairelinux.com]
Sent: Friday, May 26, 2006 9:50 AM
To: Ruslan Zakirov
Cc: Maciak, TJ; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User info synchronization with LDAP

The synchronization is working but only at the first web login or at the
first time a user sends an email to RT. After that, the user info in RT
is not updated when the LDAP user info is changed.

I’d like to have a one-way sync from LDAP to RT every time a user login
or an email is received. How can I do that? How can I force RT to get
user info from LDAP?

Thanks for your help!

Jean-François

Ruslan Zakirov wrote:

I think LdapSummary page on the wiki has reference to a description
about how to sync LDAP->RT user accounts.

Hi Jean-Francois,

The way I went about it was to modify the User_Overlay.pm file
subroutine called CanonicalizeUserInfo

Our new method for that is located in:
/local/lib/RT/User_Local.pm (this overtakes the original method
version supplied with RT)

Basically we just do a LDAP look up of the user as they are being
created and then it places this information into their profile.

If you need more detailed help let me know.

Thanks,

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448

-----Original Message-----
From: Jean-Francois Levesque
[mailto:jean-francois.levesque@savoirfairelinux.com]
Sent: Thursday, May 25, 2006 4:10 PM
To: rt-users@lists.bestpractical.com
Subject: [rt-users] User info synchronization with LDAP

Hi all!

I installed RT3.4.5 with LDAP support as described at
http://wiki.bestpractical.com/index.cgi?LDAP. It’s working well, I can
login with my LDAP credentials.

Now, I’d like to synchronize the user info with my LDAP server. Any idea?

Thanks!

Jean-Francois


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

We’re hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html

Drew Barnes
Applications Analyst
Raymond Walters College
University of Cincinnati

Ken,

Actually this probably would work out quite nicely.

Do you know by chance what the field name to look
On LDAP what the last updated timestamp was?

Also, do you just have this as a regular cron job
Or are you using the built in RT cron function?

T.J. Maciak

Internet/Intranet Developer
Department of IT
City of Grand Rapids
P: (616)456-3713
F: (616)456-3448From: Kenneth Marshall [mailto:ktm@is.rice.edu]
Sent: Friday, May 26, 2006 10:14 AM
To: Maciak, TJ
Cc: jean-francois.levesque@savoirfairelinux.com; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] User info synchronization with LDAP

M. Maciak,

We follow the same initial load procedure on the initial E-mail
into the system. Then, once a day we compare the timestamp on the
LDAP entries with those in RT. Any records that are more recent
are updated to the new information automatically. Maybe a process
like that would work for you.

Ken