Ubuntu 8.04.1

From Request Tracker Wiki
Revision as of 18:46, 8 October 2010 by BillCole (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Ubuntu 8.04.1 with RT 3.8.1 and LDAP with postfix as MTA working.

This is our First run to get RT 3.8.1 up and running on an Ubuntu 8.04.1 box. Please feel free to update and edit with more accurate information.

Download and unpack required files

After booting the Vmware Image and logging in as root, download and unpack the following package:

wget http://download.bestpractical.com/pub/rt/release/rt-3.8.1.tar.gz
tar -xvzf rt-3.8.1.tar.gz

After unpacking RT, run the following command in the newly created /rt-3.8.1 directory:


<!--Note that using rt.tar.gz instead of rt-3.8.1.tar.gz will download the latest version of RT, but this may mean changes in installation procedure.-->

Dependency installation

RT makes use of many CPAN modules and components external to the distributed package, and these must all be installed before installing RT. Note that these commands are run from the RT installation directory.

Note: if this is a fresh build of Ubuntu, it may not have unzip installed, at which point CPAN will not be properly configured and will fail the dependencies if any CPAN modules require unzip for extraction. You can test if you have unzip installed by running 'whereis unzip' from the shell prompt. If you've already completed the CPAN preferences, you can edit your myConfig.pm in your .cpan directory in your home directory.

Also, it's recommended that you run make as sudo command as some dependencies require elevated permissions to install.

First of all, check for already installed dependencies:

make testdeps

If there are unsatisfied dependencies, you will see complaints like "such-and-such not installed". To fix dependencies:

make fixdeps

Alternately, you can install missing items by hand. This is useful when 'make fixdeps' doesn't work, which can happen from time to time.

For example:
perl -MCPAN -e 'install DBD::mysql'
would install DBD::mysql.

Re-check to make sure everything was installed properly:

make testdeps

Create rt group == <!-- I don't know if this is needed, double check-->

Create a new Unix group called 'rt':

groupadd rt


from within the rt build directory, type:

make install

Post install Procedures

After RT has been successfully installed, a directory will have been created at /opt/rt3. There are several post installation procedures that need to take place before RT will function normally, however.

Replace RT_SiteConfig.pm

Make a copy of the default RT_SiteConfig.pm:

cp /opt/rt3/etc/RT_SiteConfig.pm RT_SiteConfig.old

Then replace the default RT_SiteConfig.pm with our pre-configured RT_SiteConfig.pm file:

Set($WebBaseURL,'http://help.example.com'); Set($WebPath,''); Set($DatabaseName , 'rt3'); Set($DatabaseType , 'mysql'); Set($DatabaseUser, "root"); Set($DatabasePassword , 'pass'); Set($rtname,'Ticket'); Set($Organization, 'example.com'); #Set(@Plugins,(qw(Extension::QuickDelete))); #Set(@Plugins,(qw(RT::FM))); #Set(@Plugins,(qw(RT::Authen::ExternalAuth))); Set($LogToFileNamed , "rt.log"); Set($LogToFile , 'debug');

Set($CorrespondAddress , 'support@example.com'); Set($CommentAddress , 'support-comment@example.com');

  1. $MailCommand = 'sendmailpipe'; #$SendmailArguments = "-oi -t"; #$SendmailPath = "/usr/sbin/sendmail";

Set($MailCommand , 'sendmail'); Set($SendmailArguments , "-bm -- support@help.example.com"); Set($SendmailPath, "/usr/sbin/exim4"); Set($NotifyActor, 1);

Set($Timezone , 'US/Pacific');

$WebURL = $WebBaseURL . $WebPath . "/";

  1. Set($WebExternalAuth , 1); #Set($WebFallbackToInternalAuth , true); #Set($WebExternalAuto , 1);
# The order in which the services defined in ExternalSettings
 # should be used to get information about users. This includes
 # RealName, Tel numbers etc, but also whether or not the user
 # should be considered disabled.
 # Once user info is found, no more services are checked.
 Set($ExternalInfoPriority, [
 # If this is set to true, then the relevant packages will
 # be loaded to use SSL/TLS connections. At the moment,
 # this just means "use Net::SSLeay;"
 Set($ExternalServiceUsesSSLorTLS, 0);
 # If this is set to 1, then users should be autocreated by RT
 # as internal users if they fail to authenticate from an
 # external service.
 Set($AutoCreateNonExternalUsers, 1);
 # These are the full settings for each external service as a HashOfHashes
 # Note that you may have as many external services as you wish. They will
 # be checked in the order specified in the Priority directives above.
 # e.g.
 Set($ExternalSettings, {
 # The type of service (db/ldap/cookie)
 'type' => 'ldap',
 # Should the service be used for authentication?
 'auth' => 1,
 # Should the service be used for information?
 'info' => 1,
 # The server hosting the service
 'server' => 'example.com',
 # If you can bind to your LDAP server anonymously youshould
 # remove the user and pass config lines, otherwisespecify them here:
 # The username RT should use to connect to the LDAP server

replace (user) with the user you want to bind with

'user' => 'CN=(user),CN=Users,DC=example,DC=com',
 # The password RT should use to connect to the LDAP server
 'pass' => 'password',
 # The LDAP search base
 'base' => 'dc=example,dc=com',
 # The filter to use to match RT-Users
 'filter' => '(objectclass=Person)',
 # The filter that will only match disabled users
 # 'd_filter' => '(serAccountControl:1.2.840.113556.1.4.803:=2)',
 'd_filter' => '(&(objectCategory=person)(objectClass=user)
 # Should we try to use TLS to encrypt connections?
 'tls' => 0,
 # What other args should I pass to Net::LDAP->new($host,@args)?
 'net_ldap_args' => [ version => 3 ],
 # Does authentication depend on group membership? What group name?
 'group' => '',
 # What is the attribute for the group object thatdetermines membership?
 'group_attr' => '',
 # The list of RT attributes that uniquely identify a user
 'attr_match_list' => [ 'Name',
 # The mapping of RT attributes on to LDAP attributes
 'attr_map' => { 'Name' => 'sAMAccountName',
 'EmailAddress' => 'mail',
 'Organization' => 'physicalDeliveryOfficeName',
 'RealName' => 'cn',
 'ExternalAuthId' => 'sAMAccountName',
 'Gecos' => 'sAMAccountName',
 'WorkPhone' => 'telephoneNumber',
 'Address1' => 'streetAddress',
 'City' => 'l',
 'State' => 'st',
 'Zip' => 'postalCode',
 'Country' => 'co'

Replace 000_default file

Make a copy of the default '000_default' file:

cp /etc/apache2/sites-enabled/000_default 000_default.old

Then replace the default '000_default' with our pre-configured '000_default' file:

NameVirtualHost * <VirtualHost *> ServerName help.com #ServerAdmin webmaster@help.com DocumentRoot /opt/rt3/share/html AddDefaultCharset UTF-8 PerlModule Apache::DBI PerlRequire /opt/rt3/bin/webmux.pl

<Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /opt/rt3/share/html> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all SetHandler perl-script PerlResponseHandler RT::Mason


ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory>

ErrorLog /var/log/apache2/error.log

  1. Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn

CustomLog /var/log/apache2/access.log combined ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from ::1/128


Initialize Database

After installing RT and replacing the RT_SiteConfig.pm file, and while still in the RT installation directory:

make initialize-database

Create Database User

After the database is initialized, You will need to create the database user and give it rights:

mysql -p 'password'
GRANT ALL PRIVILEGES ON rt3.* TO 'rt_user'@'localhost' IDENTIFIED BY 'rt_pass';

Drop DB if something goes wrong

If the make initialize-database fails, type:

make dropdb<!-- This needs to be expanded upon.  What causes problems and how to fix those problems"-->

Download/Install RT-Authen-ExternalAuth

After finishing the RT installation and configuration, we will need to install the LDAP plugin for RT in order to use RT with Active Directory credentials. Download and unpack the following file:

wget http://www.cpan.org/authors/id/F/FA/FALCONE/RT-Authen-ExternalAuth-0.06_02.tar.gz

Then, from the newly unpacked RT-Authen-ExternalAuth-0.06.02 directory, run:

perl Makefile.PL
make install

Configure Postfix and RT Mail

links I used: http://linuxnet.ca/postfix/dedicated_transport.html http://wiki.zimbra.com/index.php?title=Configuring_Postfix_to_work_with_piped_scripts

Configuration main.cf for postfix /etc/postfix/main.cf

  1. See /usr/share/postfix/main.cf.dist for a commented, more complete version
  1. Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no

  1. appending .domain is the MUA's job. append_dot_mydomain = no
  1. Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h

readme_directory = no

  1. TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  1. See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client.

myhostname = help.help.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = example.com , localhost relayhost = mynetworks = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_maps = hash:/etc/postfix/transport inet_protocols = all

Configuration for master.cf for postfix /etc/postfix/makster Added These lines

  1. rt rt-pipe unix - n n - - pipe
flags= user=support argv=/opt/rt3/bin/rt-mailgate --queue general --action correspond --url http://help.help.com/

rt-comment-pipe unix - n n - - pipe

flags= user=support argv=/opt/rt3/bin/rt-mailgate --queue general --action comment --url https://help.help.com/

Configuration of /etc/postfix/transport/

  1. Pipe transports for RT queues # YOU HAVE TO ADD THE PIPES TO /opt/zimbra/postfix/conf/master.cf if you want them to work!!! rt@help.help.com rt-pipe rt-comment@help.help.com rt-comment-pipe

Note: Make sure you run the db configure for the transport file after you edit it:

postmap /etc/postfix/transport

Steps for integrating RT

'''1. Configure the Postfix main.cf to handle an additional transport map'''

vi /etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

'''2. Create the transport map'''

vi /etc/postfix/transport and place the following lines at the top:
 # Pipe transports for RT queues
 # YOU HAVE TO ADD THE PIPES TO /opt/zimbra/postfix/conf/master.cf if you want them to work!!!
 rt@example.com     rt-pipe
 rt-comment@example.com     rt-comment-pipe

And then create the transport db by executing:

postmap /etc/postfix/transport

'''3. Define the pipe transports'''

The transport definitions 'rt-pipe' and 'rt-comment-pipe' must now be defined. Edit /etc/postfix/master.cf and add the following lines to the end of the file:

  1. rt rt-pipe unix - n n - - pipe
flags= user=www-data argv=/opt/rt3/bin/rt-mailgate --queue general --action correspond --url http://help.help.com/

rt-comment-pipe unix - n n - - pipe

flags= user=www-data argv=/opt/rt3/bin/rt-mailgate --queue general --action comment --url https://help.help.com/

Note that the 2nd line needs to be right under the first and must start with whitespace. Also make sure the user= line is pointing to a valid user with permissions to execute the script.

'''4. Restart Postfix and test'''

Execute the following commands:

postfix reload

Now, you should be able to email rt@help.help.com and receive a message back. grep for RT in /var/log/messages as well as tail /var/log/mail to watch for errors.

Debugging Mail on RT

links: http://sial.org/howto/rt/


Log locations

Key locations for debug log files


This contains most of the errors that RT throws. If your apache fails to start go here to look for clues.

<!-- Note that this should be not needed with new auth 0.6 but we'll keep around until we confirm === Apply Uservendor.pm Patch === http://www.gossamer-threads.com/lists/rt/users/77286

Autocreation works if you copy local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth to local/html/Callbacks/ExternalAuth/autohandler/Auth and apply the following patch to User_Vendor.pm:

  • Note: you will have to create the destination directory for this to work
cp /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth /opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth

--- local/lib/RT/User_Vendor.pm~ 2008-04-09 10:40:44.000000000 +0200 +++ ./local/lib/RT/User_Vendor.pm 2008-08-04 17:46:32.000000000 +0200 @@ -348,7 +348,7 @@ return (undef); }

- if ( $self->PrincipalObj->Disabled ) { + if ( $self->PrincipalObj and $self->PrincipalObj->Disabled ) { $RT::Logger->info("Disabled user " . $self->Name . " tried to log in" ); return (undef); -->


<!-- This should probably go in a different wiki for RT user manual-->

Updating Users from LDAP to privileged users

http://www.nabble.com/How-to-update-email-address-on-RT-Wiki--td20141025.html Configuration->Users->Find all users whose 'email' matches 'yourusersemail@help.com'