CentOS5InstallPlusSome

From Request Tracker Wiki
Jump to navigation Jump to search


Unofficial Installation Guide

This is an unofficial installation guide. It may be outdated or apply only to very specific configurations and versions. The official and maintained installation steps for RT are in the README and UPGRADING documents included in the official .tar.gz packages.




This page 'CentOS5InstallPlusSome' is tagged as OUTDATED
This page contains out of date and possibly misleading information or instructions such as installation methods or configuration examples that no longer apply. Please consider this warning when reading the page below.
If you have checked or updated this page and found the content to be suitable, please remove this notice by editing the page and remove the Outdated template tag.



CentOS 5.4 + Active Directory 2003 + Exchange 2007 + Postfix + RT 3.8.7

This walkthrough is an accumulation of various documentation I found scattered around the interwebs. It also contains a lot of stuff that I figured out on my own. First off, I want to apologize to everyone that I may have taken solutions from and not given credit to, and on the same note I want to give a huge hug and drop props to these same people for having made this information available! My intention was to build a super clean, stream-lined server, without a bunch of garbage installed or laying around. I managed to pull it off! Because I have spent countless hours finding this info, researching and testing it, I want to make sure I put it all in one nice tidy wiki.

What has taken me days should now only take you a couple hours. ;)

WARNING: The operating system and application versions in the title above are what I am using for this write up. Please do not attempt to use the suggestions in this walkthrough on other/older versions. Even with newer versions, your mileage will vary. I grant no warranty and no one wants to sing the songs of the deep doo doo bird. Use at your own risk (what ever risk that may be). Also note that I turn off all un-required services and perform a couple config options that you might not do. So do not freak out on some of the system configs or settings I throw at you. If you don't like it, don't do it.

NOTE: In words, this walkthrough would appear very long. But would actually take no time to physically show someone. So I apologize for my attempts to include so much detail. I may generate an attached "speed run" page at a later date.

ASSUMPTIONS: This walkthrough assumes you are starting with a fresh install. You can most certainly jump forward if you already have a working RT system. But if you do not, and are working with a system that you have used other repos on and such... you may run into a dependency nightmare. But you can always try it out, and if the walkthrough works for you then, bonus! I am also assuming you love the vi editor.

TIP:
- To open a file in vi just put "vi" before the file name
  ie. vi name-of-file.ext
- To edit the file hit "i"
- To save your changes and close the file hit ":wq"
- To close a file without saving changes hit ":q!"
REQUIREMENTS: =
CentOS 5.4 i386
RT 3.8.7
PLUGIN:
RT::Authen::ExternalAuth-0.08
OPTIONALS:
Windows 2003 Active Directory
Exchange Server 2007
HARDWARE:
I used a Dell R710 for one install and used virtual machines (vmware) on two other very different intel servers (slow and fast). Honestly I do not think this is going to matter. What did matter was getting a fast enough machine that I did not have to wait days on end for the Perl compilings to complete.

THE SCENARIO


The machine that is used for RT is internal with an address of 192.168.0.7. The AD server also performs as a DNS server and is on 192.168.0.5. The Exchange server is on 192.168.0.6. We have a couple other appliances that sit at the top of the IP space, but they do not need taken into account for this scenario. Looks like this;

Router -> Firewall -> Switch
                           |
                           - AD Server (192.168.0.5)
                           - Exchange Server (192.168.0.6)
                           - RT Server (192.168.0.7)

The outside world is able to send email to us and us to them. You should make sure this works (without the RT server) prior to proceeding. You can put the RT server on an external address and make it public to the world, however this is outside the scope of this document. As it stands for our setup, the outside world can generate tickets via email, but only internal staff can access the web GUI.

The companies domain on AD is internal.local, with two external domain names external-a.com and external-b.com. The exchange server is configured to answer and respond to mail for all three domains. The outside world can not send mail to internal.local (it is not routable on the interwebs). We are going to put our RT server on an internal address space and give it an internal name. The email delivery magic will be done using the internal DNS server, and then telling Exchange where to direct the desired mail.

CENTOS 5.4


  • INSTALL

Download, Burn, and Install CentOS 5.4

Install and partition the system how ever you want. Be sure to give the machine a name and static internal IP address (disable IPV6 if you're not using it). When you get to the package selection screen, at the bottom is an option to customize the software selection. Choose "Customize now". The defaults are fine; however, we want to change just a couple things. Add/Remove the options in the following categories,

Desktop Environment
- leave as default
Applications
- select emacs
- remove games and entertainment
- remove office/productivity
- drill into text-based internet and select lynx
Development
- select development libraries
- select development tools
Servers
- drill into mail server, remove everything except postfix
Base System
- remove dialup networking support

Leave everything else defaults. We will add additional packages with the yum installer.

Once you click next, the system will verify dependencies, continue past that, and commence into the installation process. Go grab some coffee, smokes... find a vise.

Once the system is installed, you will need to walk through the "firstboot" options. I usually start off by disabling the firewall, and most certainly disable SELinux. Verify the time on the machine, create a normal user account, and let the machine reboot again.

  • CONFIGURE
Read my warning above if you have not already!

NOTE: I use SecureCRT to access my linux boxes. You can use PuTTy or what ever client you prefer, just be conscious of how your client reacts to copy and pasting if you choose to do so.

Connect your SSH client to your new CentOS install (or log into the GUI if you opted to leave that in-tacked). Login with your normal user and su to root. Everything will be done as root, so if you want to setup sudo access go ahead.

su -

Edit the SSH config and disable root login from SSH.

EDIT:
   /etc/ssh/sshd_config
   
   CHANGE:
   #PermitRootLogin yes
   
   TO:
   PermitRootLogin no
   
   

Save your changes and restart the ssh daemon.

/etc/init.d/sshd restart

Now lets remove a bunch of stuff just so we can get to ground zero.

yum remove iptables-ipv6* pcsc* yum-update* pcmcia* wpa* alsa* \
oddjob* tom* ekiga* openoffice* gimp* yelp* dhcpv6* isdn* httpd* php* \
quota* up2date* rhythmbox* totem* openoffice* ird* vnc* hp* blue* sendmail*

Now lets turn off a bunch of services. You can edit this list if you'd like. Or you can just turn what ever you need back on later (we will be turning stuff on later). Some of these will error out if the application is not installed, but the error can be ignored. Drop this on the command line.

chkconfig --level 6543210 portmap off
chkconfig --level 6543210 nfslock off
chkconfig --level 6543210 netfs off
chkconfig --level 6543210 autofs off
chkconfig --level 6543210 cups off
chkconfig --level 6543210 gpm off
chkconfig --level 6543210 anacron off
chkconfig --level 6543210 atd off
chkconfig --level 6543210 avahi-daemon off
chkconfig --level 6543210 firstboot off
chkconfig --level 6543210 isdn off
chkconfig --level 6543210 pcmcia off
chkconfig --level 6543210 portmap off
chkconfig --level 6543210 rpcifmapd off
chkconfig --level 6543210 netfs off
chkconfig --level 6543210 autofs off
chkconfig --level 6543210 cups off
chkconfig --level 6543210 rawdevices off
chkconfig --level 6543210 irqbalance off
chkconfig --level 6543210 cpuspeed off
chkconfig --level 6543210 rpcgssd off
chkconfig --level 6543210 rpcidmapd off
chkconfig --level 6543210 mdmonitor off
chkconfig --level 6543210 kudzu off
chkconfig --level 6543210 xinetd off

Modify the hosts file.

EDIT:
   /etc/hosts
   
   CHANGE:
   127.0.0.1       hostname localhost.localdomain localhost
   ::1             localhost6.localdomain6 localhost6
   
   TO:
   127.0.0.1       localhost.localdomain     localhost
   192.168.0.7     hostname.internal.local   hostname
   
   

Modify modprobe.conf to disable IPv6

EDIT:
/etc/modprobe.conf

ADD:
alias net-pf-10 off

Lets reboot the system for good measure.

reboot

Once the system is back online we will want to get it updated completely. We first need to make an adjustment to the CentOS repos.

EDIT:
/etc/yum.repos.d/CentOS-Base.repo

Enable the centosplus repository.

CHANGE:
enabled=0

To:
enabled=1

Now lets clean up yum and start the update process.

yum clean all
yum update -y

Once the update is finished, you will have received a new kernel. This will require another reboot. Before doing that lets make a couple changes.

Edit grub.conf and add selinux=0 (equals zero) to the kernel line. This will disable selinux at boot time.

CHANGE:
kernel /vmlinuz-2.6.18-164.9.1.el5.centos.plus ro root=/dev/main/root rhgb quiet

TO:
kernel /vmlinuz-2.6.18-164.9.1.el5.centos.plus ro root=/dev/main/root rhgb quiet selinux=0

Save and close the file.

Now drop the following code in the console. This will alter the vim.sh profile so that the files we edit will be in full bloom (color).

cat > /etc/profile.d/vim.sh << "EOF"
if [ -n "$BASH_VERSION" -o -n "$KSH_VERSION" -o -n "$ZSH_VERSION" ]; then
  # for bash and zsh, only if no alias is already set
  alias vi >/dev/null 2>&1 || alias vi=vim
fi
EOF

Ok. Lets reboot.

reboot

Now we are going to add the RPMforge repo. We are only going to use this repo for stuff we need. Not update the whole system with it, even though it may work flawless.

Get the repo rpm and install it.

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

CLEANUP:
rm -f rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Edit the following file and disable the repo.

EDIT:
/etc/yum.repos.d/rpmforge.repo

CHANGE:
enabled = 1

TO:
enabled = 0

We will enable this repo on the command line when required... like right now.

Lets install some basics before we get to RT. We will clean the cache one more time so things are fresh.

yum clean all

Install/Update the following applications. GraphVis and perl-Crypt-PasswdMD5 will be a requirement once we get to the RT install. The library libmhash will be updated through RPMforge as well. This install is going to give use everything we need for our web server setup.

yum install --enablerepo=rpmforge rpm* nmap expect vsftpd lynx \
net-snmp* ntp* subversion subversion-devel mysql mysql-server \
mysql-devel screen perl-Crypt-PasswdMD5 graphviz php-xml php-cli \
php-mhash php-ldap php-devel php-pdo php-imap php-readline \
php-ncurses php-soap php-snmp php-common php-mcrypt php-odbc \
php-mbstring php-gd php-bcmath php php-xmlrpc php-pear php-mysql \
php-dba mod_perl-devel mod_auth_mysql mod_perl mod_authz_ldap \
gd gd-devel gd-progs gcc* --exclude=gcc-java* --exclude=gcc4-java

Now we are going to load some perl modules without the RPMforge repo. RPMforge has a bunch of these modules all up-to-date but in an effort to keep the system as clean as possible, we are going to try and stick to the base repo as much as possible. This install is going to remedy some of the dependencies and satisfy some of the packages from the RT install.

yum install perl-DBI perl-XML-LibXML-Common perl-XML-NamespaceSupport \
perl-IO-Socket-INET6 perl-LDAP perl-IO-Socket-SSL \
perl-Config-General perl-Mozilla-LDAP perl-XML-Grove perl-DBD-MySQL \
perl-Digest-HMAC perl-TimeDate perl-IO-String perl-HTML-Parser \
perl-XML-LibXML perl-Crypt-SSLeay perl-libxml-perl perl-XML-Dumper \
perl-String-CRC32 perl-Convert-ASN1 net-snmp-perl perl-Compress-Zlib \
perl-Socket6 perl-XML-SAX perl-HTML-Tagset perl-IO-Zlib \
perl-Mail-POP3Client perl-Net-DNS perl-NKF perl-XML-Parser \
perl-XML-Simple perl-BSD-Resource perl-Digest-SHA1 perl-Net-IP \
perl-SGMLSpm perl-Geo-IP perl-XML-Twig perl-Net-SSLeay \
perl-MailTools perl-libwww-perl perl-URI

Remove some packages if they got installed.

yum remove bridge-utils perl-Sys-Virt libvirt

Now lets modify a couple files and verify that our system is running smooth.

First we will touch the web server

cd /etc/httpd/conf.d
mkdir ../bak
mv proxy_ajp.conf README squid.conf welcome.conf ../bak
cd ../conf

EDIT:
httpd.conf

Make the following changes

- comment out
  # LoadModule suexec_module modules/mod_suexec.so

- set ServerName to the IP address of the machine
  ServerName 192.168.0.7

- remove index.html.var from DirectoryIndex so it reads
  DirectoryIndex index.html

- comment out
  # AddHandler type-map var
  # AddType text/html .shtml
  # AddOutputFilter INCLUDES .shtml

Save the file and close it. Then go back home...

cd ~

Lets start the web server and try to reach it with it's IP. We should get a empty autoindex, so lets put a folder there. We will actually use this folder as a placeholder later but lets make a folder called "ticket" in the web root.

/etc/init.d/httpd restart

mkdir /var/www/html/ticket

Browse to server

http://192.168.0.7

Works? Fabuloso!!

reboot

ACTIVE DIRECTORY 2003


Lets tell the domain about our RT box.

Logon to your AD server and open "Active Directory Users and Computers" located in "Administrator Tools"

We are going to create an OU (organizational unit) and setup an ldap account and an RT Security Group (if you already have these or don't need them, then skip this step).

- right click your top level domain ie. internal.local
- Select "new" and choose "Organizational Unit"
- name the OU "Services" (or what ever you want)

- right click the new OU and select "new" and choose "Group"
- name the group "RT Users" (group scope = global and group type = security)
- click apply and ok

- right click the new "RT Users" group and add yourself as a member
- click apply and ok

- right click the new OU again and select "new" and choose "User"
- name this user "ldap" (for the logon name, you can use whatever you want
  for the other fields) hit next
- select a good password, remove the "user must change password" and select
  the "password never expires" and "user can not change pass" options, hit next

Close the "AD Users and Computers" and open the "DNS" snapin also located in "Administrator Tools"

- drill down into the "Forward Lookup Zones"
- select and then right click on your domain (internal.local) and choose "New Host (A)"
- give the hostname of your RT box (helpdesk) and then fill in the IP below that (192.168.0.7)
- make sure "create associated pointer (PTR) record" is checked
- click add host

- right click on your domain again and choose "New Mail Exchanger (MX)"
- put in your RT box hostname again (helpdesk) at the top
- select the "Browse" button below and find then select your RT box "A" record
 (helpdesk.internal.local)
- click ok

- right click your top level DNS server name (not the domain internal.local but
  the AD server name above the Forward Lookup Zones)
- choose "Clear Cache"
- right click again
- choose "Update Server Data Files"
- right click again
- select "All Tasks" and choose "Restart" (should only take a second or two depending on
  the size of your DNS tree)

Logoff AD server.

We are done here!

ACTIVE DIRECTORY SBS 2008


For those of you running Windows Small Business Server 2008 the procedure is slightly different:

- In "Active Directory Users and Computers" drill down to: <top level domain> -> MyBusiness -> Users
- Right click SBSUsers and select "new" and choose "User"
- name this user "ldap" (for the logon name, you can use whatever you want
  for the other fields) hit next
- select a good password, remove the "user must change password" and select
  the "password never expires" and "user can not change pass" options, hit next

Close the "AD Users and Computers" and perform the DNS steps as described for AD 2003

EXCHANGE 2007


Lets tell the Exchange server where to send our mail.

Logon to your Exchange server and open the "Exchange Management Console"

- Under the "Organizational Configuration: select "Hub Transport"
  On the right pane select the "Send Connectors" tab
- right click the blank space and choose "New Send Connector"
- give the connector a name (the hostname of your RT box is a good one)
- select "Custom" below the name field and click next
- for "Address Space" click "Add" at the top
- SMTP will be the "type" enter the full hostname and domain for address
 (helpdesk.internal.local)
- click ok (leave the other options alone) then click next
- ensure that "Use domain name system (DNS) "MX" records..." is chosen and click next
- click next
- click new

Now on the left pane select "Hub Transport" again under the "Server Configuration" category. On the right pane, bottom half, you should see a "RelayConnector". If you do not you may have to create one. If you have to create one do this...

- right click in the blank space in the lower pane and choose "New Receive Connector"
- give it name (Relay) and choose "custom" below that, click next
- edit the "All Available" entry that is pre-populated on the next screen
- select "Specify and IP address" and give the IP address of your Exchange Server, then click "OK"
- click next
- remove the pre-populated entry and then click "Add"
- enter the IP address of your RT server (192.168.0.7), then click "OK"
-click next
-click next
-click new

- right click the new Relay connector and choose "Properties"
- in the middle you need to specify the the EXTERNAL DNS FQDN of your mail server.
  So if the outside  world knows you as domain-a.com then you need to enter what
  the outside world sees for your MX records. Such as mail.domain-a.com. You will
  need to figure that part out on your own I am afraid.

Use DNS Stuff or an MX lookup site.

- select the "Authentication" tab at the top and remove all options from this tab.
- select the "Permissions Group" tab at the top and only select "Anonymous Users"
- click "Apply"
- click "OK"

Now you can close the Exchange Management Console, and under "Administrator Tools" we need to open "Services"

Under services we need to restart the "Microsoft Exchange Transport" service. Should only take a few seconds.

Close your windows, and logoff.

We are done here too!

POSTFIX


Back on our RT server we need to edit the postfix application and also tell the machine where to send the mail. This part is where we determine the queues that will be setup in RT.

EDIT:
/etc/postfix/main.cf

We only need to change a couple lines. Modify these lines in your file...

myhostname = helpdesk.internal.local
mydomain = internal.local
inet_interfaces = all
mynetworks_style = host
relayhost = exchange-server-hostname.$mydomain

Save the file and close it.

EDIT:
/etc/aliases

Go to the bottom of the file and change root to be your address or someone that will manage the mail from this machine.

root:	joe.dirt@internal.local

Now we will add the queue pipes to rt-mailgate. At the bottom of the aliases file add your queues by following this example...

# Request Tracker - Ticket System Queues
 rt-it: |"/opt/rt3/bin/rt-mailgate --queue IT --action correspond --url http://helpdesk/ticket/"
 rt-it-comment: |"/opt/rt3/bin/rt-mailgate --queue IT --action comment --url http://helpdesk/ticket/"
 
 

Save the file and exit.

Restart postfix and set new aliases file additions.

/etc/init.d/postfix restart

newaliases

Now we just need to test it and make sure mail flows. We will do this by sending mail from an outlook account to our "normal" user account we are using on the RT box. Go ahead, send an email to normaluser@helpdesk.internal.local

The user account on your linux box should have got the email (unless the name is already in the aliases file like, support, or toor. Then the email would go to the root account we setup prior). As long as the normal user name is not in the aliases file, the mail will be delivered to the normal unix account we created in the beginning. By typing "mail" on the command line while logged in as the normal user (whom you sent mail to from outlook or gmail, etc. etc.), it should pop up a message saying you have new mail.

Check the sending of mail from your linux box through your exchange server,

echo "Bawitdaba da-bang da-bang diggy-diggy, diggy said to boogie, so up jump the boogie." \
 | mail -s "RT RULEZ" you@domain-a.com
 
 

It works? Yea it does!!

RT 3.8.7


Turn on some services so next time we reboot everything comes up. We will get it all configured this time around. Lets also turn off some new ones we acquired through our updates, and installs.

chkconfig httpd on
chkconfig mysqld on
chkconfig postfix on

chkconfig --level 6543210 iscsi off
chkconfig --level 6543210 iscsid off

We need to get the file downloaded and unpacked.

wget http://download.bestpractical.com/pub/rt/release/rt-3.8.7.tar.gz
gtar -xzf rt-3.8.7.tar.gz
chown -R root.root rt-3.8.7
cd rt-3.8.7

Create an rt user and apply apache to the group.

mkdir /etc/skel_empty
groupadd -g 200 rt
useradd -g rt -u 200 -d /opt/rt3 -m -k /etc/skel_empty -s /sbin/nologin -c "RT" rt
usermod -G rt apache
rm -fR /opt/rt3 /etc/skel_empty

Lets start mysql and get it prepped.

/etc/init.d/mysqld start

Once it's started go ahead and see if you can access it (without a password).

mysql

If you get the sql command prompt, we are good to go. Otherwise something went wrong somewhere and you need to track it down.

exit

Before we configure RT lets get the perl base updated and configured nicely. First lets install a dependency app.

NCFTP:
wget ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.4-linux-x86-glibc2.3-export.tar.gz
gtar -xzf ncftp-3.2.3-linux-x86-glibc2.3-export.tar.gz
chown -R root.root ncftp-3.2.3
cd ncftp-3.2.3
make install
cd ../
rm -fR ncftp-3.2.3*

OK. On with the Perl show.

perl -MCPAN -e shell

You will need to answer some questions... the default are fine except for two spots that I like to change.

- set to follow
Policy on building prerequisites (follow, ask or ignore)? [follow]

- download mirrors, choose 2 or 3 mirrors

Now we will update CPAN. This will take a little while depending on your machine speed. It will ask a couple questions later in the update, so just make sure your around to hit the enter key or it won't move forward. Defaults are fine here as well.

install Bundle::CPAN

After the update is complete

reload cpan
reload index

You will be asked another question... choose yes.

Always commit changes to config variables to disk? yes

The rest of the defaults are fine.

reload cpan
reload index
clean
exit

It's time to let the fun begin! We should still be in the RT directory. If not...

cd ~/rt-3.8.7

Lets configure RT and fix dependencies.

./configure \
--with-db-type=mysql \
--with-db-dba=root \
--with-db-database=rt3 \
--with-db-host=localhost \
--with-db-rt-user=local \
--with-db-rt-pass=localpass \
--with-web-user=apache \
--with-web-group=apache \
--with-rt-group=rt \
--enable-graphviz \
--enable-gd

make testdeps

make fixdeps
(or)
PERL_MM_USE_DEFAULT=1 make fixdeps (accepts all defaults... thank you Kurt M.)

If you did not go with the PERL_MM_USE_DEFAULT=1 option then, give it a minute or so for a prompt to accept the default answer for a couple questions (install optional modules). Then you got about enough time for about one smoke... then be back around to accept the default on another question........... repeat.........

At the end of this process you may get a missing dependency such as

ICAL missing dependencies:
       Data::ICal ...MISSING

Lets run the tests again.

make testdeps

You should find that all dependencies have been found. Amazing!! So we continue.

make install

Now we need to setup the RT_SiteConfig.pm. Here is a working config, you will need to change a few variables to suit your setup.

cat > /opt/rt3/etc/RT_SiteConfig.pm << "EOF"
   ######################
   # Custom Site Config #
   ######################
   
   Set($rtname , "Super Company");
   Set($Organization , "helpdesk.internal.local");
   Set($MinimumPasswordLength , "5");
   Set($Timezone , 'US/Mountain');
   
   #Set(@Plugins, qw(
   #                        RT::Authen::ExternalAuth
   #                 ));
   
   Set($HomepageComponents, [qw(
                                QuickCreate
                                Quicksearch
                                MyAdminQueues
                                MySupportQueues
                                MyReminders
                                RefreshHomepage
                                Dashboards
                               )]);
   
   Set($DatabaseType , 'mysql');
   Set($DatabaseHost   , 'localhost');
   Set($DatabaseRTHost , 'localhost');
   Set($DatabasePort , '');
   Set($DatabaseUser , 'local');
   Set($DatabasePassword , 'localpass');
   Set($DatabaseName , 'rt3');
   
   Set($OwnerEmail , 'root');
   Set($LoopsToRTOwner , 1);
   
   Set($SendmailArguments , "-oi -t -f support\@helpdesk.internal.local");
   
   Set($MaxAttachmentSize , 10000000);
   
   Set($RTAddressRegexp , '^rt\@helpdesk.internal.local$');
   Set($CorrespondAddress , 'no-reply@helpdesk.internal.local');
   Set($CommentAddress , 'no-reply@helpdesk.internal.local');
   
   Set($UseFriendlyFromLine , 1);
   Set($FriendlyFromLineFormat , "\"%s\" <%s>");
   Set($UseFriendlyToLine , 1);
   Set($FriendlyToLineFormat, "\"%s Ticket #%s\":;");
   
   Set($NotifyActor, 0);
   Set($RecordOutgoingEmail, 1);
   
   Set($WebPath , "/ticket");
   Set($WebPort , 80);
   Set($WebBaseURL , "http://helpdesk");
   Set($WebURL , $WebBaseURL . $WebPath . "/");
   
   Set($MessageBoxWidth , 72);
   Set($MessageBoxWrap, "HARD");
   
   Set($MaxInlineBody, 13456);
   Set($DefaultSummaryRows, 10);
   
   Set($OldestTransactionsFirst, '1');
   Set($ShowTransactionImages, 1);
   
   Set($DateDayBeforeMonth , 0);
   Set($AmbiguousDayInPast , 1);
   
   #require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
   #Set($AutoCreate,                        {Privileged => 1});
   
   1;
   EOF
   
   

Once you have the settings changed and the file updated. We need to initialize the database.

make initialize-database

Being that we did not set a password for the local machine. You can just hit enter when it prompts you for one.

Now we setup our cron jobs

crontab -e

Insert the following and then save and exit.

# RT Cron Jobs
   0 0 * * * /opt/rt3/sbin/rt-email-digest -m daily
   0 0 * * 0 /opt/rt3/sbin/rt-email-digest -m weekly
   0 * * * * /opt/rt3/sbin/rt-email-dashboards
   
   

Now we need to setup apache to alias RT. You can use virtual hosts but again, that is out of the scope of this walkthrough.

Here is another copy and paste for ya.

cat > /etc/httpd/conf.d/rt3.conf << "EOF"
Alias /ticket "/opt/rt3/share/html"

PerlRequire /opt/rt3/bin/webmux.pl

<Directory "/opt/rt3/share/html">
  AllowOverride All
  Options ExecCGI FollowSymLinks

  RewriteEngine On
  RedirectMatch permanent (.*)/$ $1/index.html
  AddDefaultCharset UTF-8
  SetHandler perl-script
  PerlHandler RT::Mason
</Directory>
EOF

Lets restart the apache server and see if we can see our site... drum roll..

/etc/init.d/httpd restart

http://helpdesk/ticket

TU-DU!!!

User: root
Pass: password

Now we need to add the external authentication plugin. I have yet another copy and past for you once we get through this part.

We need to tell Perl where the RT libraries are before we install this module.

export PERL5LIB=/opt/rt3/lib

Now we install the plugin.

perl -MCPAN -e 'install RT::Authen::ExternalAuth'

Now modify the settings below to fit your setup and put it in place. I should note that the original file that is installed right now has other options such as mysql and sso configs. We will back this up first. My config below has everything stripped from it except LDAP. Also note that we are not going to put all this in our original RT_SiteConfig file. We will call the file into our RT_SiteConfig with a "require" statement.

When using AD2003:

cp -a /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm \
   /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm.original
   
   
   cat > /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm << "EOF"
   Set($ExternalAuthPriority,           [ 'My_LDAP' ] );
   Set($ExternalInfoPriority,           [ 'My_LDAP' ] );
   Set($ExternalServiceUsesSSLorTLS,    0);
   Set($AutoCreateNonExternalUsers,     0);
   
   Set($ExternalSettings,      {
                        'My_LDAP'               =>  {
   
                        'type'                  =>  'ldap',
                        'server'                =>  'ad-server.internal.local',
                        'user'                  =>  'cn=ldap,ou=Services,dc=internal,dc=local',
                        'pass'                  =>  'ldapaccountpassword',
                        'base'                  =>  'dc=internal,dc=local',
   
                        'filter'                =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
                        'd_filter'              =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
   
                        'tls'                   =>  0,
   #                    'ssl_version'           =>  3,
   
                        'net_ldap_args'         => [    version =>  3           ],
                        'group'                 =>  'cn=RT Users,ou=Services,dc=internal,dc=local',
                        'group_attr'            =>  'member',
   
                        'attr_match_list'       => [   'Name', 'EmailAddress'   ],
                        'attr_map'              => {   'Name' => 'sAMAccountName',
                                                       'EmailAddress' => 'mail',
                                                       'Organization' => 'physicalDeliveryOfficeName',
                                                       'RealName' => 'cn',
                                                       'ExternalAuthId' => 'sAMAccountName',
                                                       'Gecos' => 'sAMAccountName',
                                                       'WorkPhone' => 'telephoneNumber',
                                                       'Address1' => 'streetAddress',
                                                       'City' => 'l',
                                                       'State' => 'st',
                                                       'Zip' => 'postalCode',
                                                       'Country' => 'co'
                                                   }
                                                   }
                               }
   );
   
   1;
   EOF
   
   

When using SBS2008

cp -a /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm \
   /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm.original
   
   
   cat > /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm << "EOF"
   Set($ExternalAuthPriority,  [   'My_LDAP' ]);
   Set($ExternalInfoPriority,  [   'My_LDAP']);
   Set($ExternalServiceUsesSSLorTLS,    0);
   Set($AutoCreateNonExternalUsers,    0);
   Set($ExternalSettings, {
                              'My_LDAP' =>  {
                                              'type'              =>  'ldap',
                                              'server'            =>  'ad-server.internal.local',
                                              'user'              =>  'ldap',
                                              'pass'              =>  'ldapaccountpassword',
                                              'base'              => 'ou=SBSUsers,ou=Users,ou=MyBusiness,dc=internal,dc=local',
                                              'filter'            =>  '(&(ObjectCategory=User)(ObjectClass=Person))',
                                              'd_filter'          =>  '(userAccountControl:1.2.840.113556.1.4.803:=2)',
                                              'tls'               =>  0,
                                              'ssl_version'       =>  3,
                                              'net_ldap_args'     => [    version =>  3   ],
                                              'attr_match_list'   => [    'Name',
                                                                          'EmailAddress'
                                                                     ],
                                              'attr_map'          =>  {   'Name' => 'sAMAccountName',
                                                                          'EmailAddress' => 'mail',
                                                                          'Organization' => 'physicalDeliveryOfficeName',
                                                                          'RealName' => 'cn',
                                                                          'ExternalAuthId' => 'sAMAccountName',
                                                                          'Gecos' => 'sAMAccountName',
                                                                          'WorkPhone' => 'telephoneNumber',
                                                                          'Address1' => 'streetAddress',
                                                                          'City' => 'l',
                                                                          'State' => 'st',
                                                                          'Zip' => 'postalCode',
                                                                          'Country' => 'co'
                                                                       }
                                             },
                              }
   );

   1;
   EOF
   
   


Now we will edit the RT_SiteConfig.pm and un-comment the variables I have included previously.

EDIT:
   /opt/rt3/etc/RT_SiteConfig.pm
   
   CHANGE:
   #Set(@Plugins, qw(
   #                        RT::Authen::ExternalAuth
   #                 ));
   
   TO:
   Set(@Plugins, qw(
                           RT::Authen::ExternalAuth
                    ));
   
   CHANGE:
   #require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
   #Set($AutoCreate,                        {Privileged => 1});
   
   TO:
   require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
   Set($AutoCreate,                        {Privileged => 1});
   
   

Save the file and exit. Restart the web service.

/etc/init.d/httpd restart

It's that time. Time to test out the integration. Login with your AD account that you added to the "RT User" security group.

http://helpdesk/ticket

TODO:
   * Explain how to use Exchange contact cards to direct mail
     and also allow the email queues to show up in the GAL.
   * Add Sample RT Group/User Permission Tolopolgy
   * Explain AutoCreate option
   * Find a good form generator
   * More... TBA
   

TALK:
If you find flaws in this walkthrough by all means fix them. I would also appreciate sending me
and e-mail and letting me know your thoughts, or just let me know how it worked for you.
Good luck!!

Initial Author: Kenny Prickett (phatlix at superxero dot org)
Initial Revision: 12/28/2009
Last Revision: 02/11/2010