CentOS5InstallPlusSome
Unofficial Installation Guide
This is an unofficial installation guide. It may be outdated or apply only to very specific configurations and versions. The official and maintained installation steps for RT are in the README and UPGRADING documents included in the official .tar.gz packages.
| This page 'CentOS5InstallPlusSome' is tagged as OUTDATED |
| This page contains out of date and possibly misleading information or instructions such as installation methods or configuration examples that no longer apply. Please consider this warning when reading the page below. |
| If you have checked or updated this page and found the content to be suitable, please remove this notice by editing the page and remove the Outdated template tag. |
CentOS 5.4 + Active Directory 2003 + Exchange 2007 + Postfix + RT 3.8.7
This walkthrough is an accumulation of various documentation I found scattered around the interwebs. It also contains a lot of stuff that I figured out on my own. First off, I want to apologize to everyone that I may have taken solutions from and not given credit to, and on the same note I want to give a huge hug and drop props to these same people for having made this information available! My intention was to build a super clean, stream-lined server, without a bunch of garbage installed or laying around. I managed to pull it off! Because I have spent countless hours finding this info, researching and testing it, I want to make sure I put it all in one nice tidy wiki.
What has taken me days should now only take you a couple hours. ;)
WARNING: The operating system and application versions in the title above are what I am using for this write up. Please do not attempt to use the suggestions in this walkthrough on other/older versions. Even with newer versions, your mileage will vary. I grant no warranty and no one wants to sing the songs of the deep doo doo bird. Use at your own risk (what ever risk that may be). Also note that I turn off all un-required services and perform a couple config options that you might not do. So do not freak out on some of the system configs or settings I throw at you. If you don't like it, don't do it.
NOTE: In words, this walkthrough would appear very long. But would actually take no time to physically show someone. So I apologize for my attempts to include so much detail. I may generate an attached "speed run" page at a later date.
ASSUMPTIONS: This walkthrough assumes you are starting with a fresh install. You can most certainly jump forward if you already have a working RT system. But if you do not, and are working with a system that you have used other repos on and such... you may run into a dependency nightmare. But you can always try it out, and if the walkthrough works for you then, bonus! I am also assuming you love the vi editor.
TIP: - To open a file in vi just put "vi" before the file name ie. vi name-of-file.ext - To edit the file hit "i" - To save your changes and close the file hit ":wq" - To close a file without saving changes hit ":q!"
REQUIREMENTS: =
CentOS 5.4 i386 RT 3.8.7
PLUGIN:
RT::Authen::ExternalAuth-0.08
OPTIONALS:
Windows 2003 Active Directory Exchange Server 2007
HARDWARE:
I used a Dell R710 for one install and used virtual machines (vmware) on two other very different intel servers (slow and fast). Honestly I do not think this is going to matter. What did matter was getting a fast enough machine that I did not have to wait days on end for the Perl compilings to complete.
THE SCENARIO
The machine that is used for RT is internal with an address of 192.168.0.7. The AD server also performs as a DNS server and is on 192.168.0.5. The Exchange server is on 192.168.0.6. We have a couple other appliances that sit at the top of the IP space, but they do not need taken into account for this scenario. Looks like this;
Router -> Firewall -> Switch
|
- AD Server (192.168.0.5)
- Exchange Server (192.168.0.6)
- RT Server (192.168.0.7)
The outside world is able to send email to us and us to them. You should make sure this works (without the RT server) prior to proceeding. You can put the RT server on an external address and make it public to the world, however this is outside the scope of this document. As it stands for our setup, the outside world can generate tickets via email, but only internal staff can access the web GUI.
The companies domain on AD is internal.local, with two external domain names external-a.com and external-b.com. The exchange server is configured to answer and respond to mail for all three domains. The outside world can not send mail to internal.local (it is not routable on the interwebs). We are going to put our RT server on an internal address space and give it an internal name. The email delivery magic will be done using the internal DNS server, and then telling Exchange where to direct the desired mail.
CENTOS 5.4
- INSTALL
Download, Burn, and Install CentOS 5.4
Install and partition the system how ever you want. Be sure to give the machine a name and static internal IP address (disable IPV6 if you're not using it). When you get to the package selection screen, at the bottom is an option to customize the software selection. Choose "Customize now". The defaults are fine; however, we want to change just a couple things. Add/Remove the options in the following categories,
Desktop Environment
- leave as default
Applications
- select emacs - remove games and entertainment - remove office/productivity - drill into text-based internet and select lynx
Development
- select development libraries - select development tools
Servers
- drill into mail server, remove everything except postfix
Base System
- remove dialup networking support
Leave everything else defaults. We will add additional packages with the yum installer.
Once you click next, the system will verify dependencies, continue past that, and commence into the installation process. Go grab some coffee, smokes... find a vise.
Once the system is installed, you will need to walk through the "firstboot" options. I usually start off by disabling the firewall, and most certainly disable SELinux. Verify the time on the machine, create a normal user account, and let the machine reboot again.
- CONFIGURE
Read my warning above if you have not already!
NOTE: I use SecureCRT to access my linux boxes. You can use PuTTy or what ever client you prefer, just be conscious of how your client reacts to copy and pasting if you choose to do so.
Connect your SSH client to your new CentOS install (or log into the GUI if you opted to leave that in-tacked). Login with your normal user and su to root. Everything will be done as root, so if you want to setup sudo access go ahead.
su -
Edit the SSH config and disable root login from SSH.
EDIT: /etc/ssh/sshd_config CHANGE: #PermitRootLogin yes TO: PermitRootLogin no
Save your changes and restart the ssh daemon.
/etc/init.d/sshd restart
Now lets remove a bunch of stuff just so we can get to ground zero.
yum remove iptables-ipv6* pcsc* yum-update* pcmcia* wpa* alsa* \ oddjob* tom* ekiga* openoffice* gimp* yelp* dhcpv6* isdn* httpd* php* \ quota* up2date* rhythmbox* totem* openoffice* ird* vnc* hp* blue* sendmail*
Now lets turn off a bunch of services. You can edit this list if you'd like. Or you can just turn what ever you need back on later (we will be turning stuff on later). Some of these will error out if the application is not installed, but the error can be ignored. Drop this on the command line.
chkconfig --level 6543210 portmap off chkconfig --level 6543210 nfslock off chkconfig --level 6543210 netfs off chkconfig --level 6543210 autofs off chkconfig --level 6543210 cups off chkconfig --level 6543210 gpm off chkconfig --level 6543210 anacron off chkconfig --level 6543210 atd off chkconfig --level 6543210 avahi-daemon off chkconfig --level 6543210 firstboot off chkconfig --level 6543210 isdn off chkconfig --level 6543210 pcmcia off chkconfig --level 6543210 portmap off chkconfig --level 6543210 rpcifmapd off chkconfig --level 6543210 netfs off chkconfig --level 6543210 autofs off chkconfig --level 6543210 cups off chkconfig --level 6543210 rawdevices off chkconfig --level 6543210 irqbalance off chkconfig --level 6543210 cpuspeed off chkconfig --level 6543210 rpcgssd off chkconfig --level 6543210 rpcidmapd off chkconfig --level 6543210 mdmonitor off chkconfig --level 6543210 kudzu off chkconfig --level 6543210 xinetd off
Modify the hosts file.
EDIT: /etc/hosts CHANGE: 127.0.0.1 hostname localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 TO: 127.0.0.1 localhost.localdomain localhost 192.168.0.7 hostname.internal.local hostname
Modify modprobe.conf to disable IPv6
EDIT: /etc/modprobe.conf ADD: alias net-pf-10 off
Lets reboot the system for good measure.
reboot
Once the system is back online we will want to get it updated completely. We first need to make an adjustment to the CentOS repos.
EDIT: /etc/yum.repos.d/CentOS-Base.repo
Enable the centosplus repository.
CHANGE: enabled=0 To: enabled=1
Now lets clean up yum and start the update process.
yum clean all yum update -y
Once the update is finished, you will have received a new kernel. This will require another reboot. Before doing that lets make a couple changes.
Edit grub.conf and add selinux=0 (equals zero) to the kernel line. This will disable selinux at boot time.
CHANGE: kernel /vmlinuz-2.6.18-164.9.1.el5.centos.plus ro root=/dev/main/root rhgb quiet TO: kernel /vmlinuz-2.6.18-164.9.1.el5.centos.plus ro root=/dev/main/root rhgb quiet selinux=0
Save and close the file.
Now drop the following code in the console. This will alter the vim.sh profile so that the files we edit will be in full bloom (color).
cat > /etc/profile.d/vim.sh << "EOF" if [ -n "$BASH_VERSION" -o -n "$KSH_VERSION" -o -n "$ZSH_VERSION" ]; then # for bash and zsh, only if no alias is already set alias vi >/dev/null 2>&1 || alias vi=vim fi EOF
Ok. Lets reboot.
reboot
Now we are going to add the RPMforge repo. We are only going to use this repo for stuff we need. Not update the whole system with it, even though it may work flawless.
Get the repo rpm and install it.
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm rpm -Uvh rpmforge-release-0.3.6-1.el5.rf.i386.rpm CLEANUP: rm -f rpmforge-release-0.3.6-1.el5.rf.i386.rpm
Edit the following file and disable the repo.
EDIT: /etc/yum.repos.d/rpmforge.repo CHANGE: enabled = 1 TO: enabled = 0
We will enable this repo on the command line when required... like right now.
Lets install some basics before we get to RT. We will clean the cache one more time so things are fresh.
yum clean all
Install/Update the following applications. GraphVis and perl-Crypt-PasswdMD5 will be a requirement once we get to the RT install. The library libmhash will be updated through RPMforge as well. This install is going to give use everything we need for our web server setup.
yum install --enablerepo=rpmforge rpm* nmap expect vsftpd lynx \ net-snmp* ntp* subversion subversion-devel mysql mysql-server \ mysql-devel screen perl-Crypt-PasswdMD5 graphviz php-xml php-cli \ php-mhash php-ldap php-devel php-pdo php-imap php-readline \ php-ncurses php-soap php-snmp php-common php-mcrypt php-odbc \ php-mbstring php-gd php-bcmath php php-xmlrpc php-pear php-mysql \ php-dba mod_perl-devel mod_auth_mysql mod_perl mod_authz_ldap \ gd gd-devel gd-progs gcc* --exclude=gcc-java* --exclude=gcc4-java
Now we are going to load some perl modules without the RPMforge repo. RPMforge has a bunch of these modules all up-to-date but in an effort to keep the system as clean as possible, we are going to try and stick to the base repo as much as possible. This install is going to remedy some of the dependencies and satisfy some of the packages from the RT install.
yum install perl-DBI perl-XML-LibXML-Common perl-XML-NamespaceSupport \ perl-IO-Socket-INET6 perl-LDAP perl-IO-Socket-SSL \ perl-Config-General perl-Mozilla-LDAP perl-XML-Grove perl-DBD-MySQL \ perl-Digest-HMAC perl-TimeDate perl-IO-String perl-HTML-Parser \ perl-XML-LibXML perl-Crypt-SSLeay perl-libxml-perl perl-XML-Dumper \ perl-String-CRC32 perl-Convert-ASN1 net-snmp-perl perl-Compress-Zlib \ perl-Socket6 perl-XML-SAX perl-HTML-Tagset perl-IO-Zlib \ perl-Mail-POP3Client perl-Net-DNS perl-NKF perl-XML-Parser \ perl-XML-Simple perl-BSD-Resource perl-Digest-SHA1 perl-Net-IP \ perl-SGMLSpm perl-Geo-IP perl-XML-Twig perl-Net-SSLeay \ perl-MailTools perl-libwww-perl perl-URI
Remove some packages if they got installed.
yum remove bridge-utils perl-Sys-Virt libvirt
Now lets modify a couple files and verify that our system is running smooth.
First we will touch the web server
cd /etc/httpd/conf.d mkdir ../bak mv proxy_ajp.conf README squid.conf welcome.conf ../bak cd ../conf EDIT: httpd.conf
Make the following changes
- comment out # LoadModule suexec_module modules/mod_suexec.so - set ServerName to the IP address of the machine ServerName 192.168.0.7 - remove index.html.var from DirectoryIndex so it reads DirectoryIndex index.html - comment out # AddHandler type-map var # AddType text/html .shtml # AddOutputFilter INCLUDES .shtml
Save the file and close it. Then go back home...
cd ~
Lets start the web server and try to reach it with it's IP. We should get a empty autoindex, so lets put a folder there. We will actually use this folder as a placeholder later but lets make a folder called "ticket" in the web root.
/etc/init.d/httpd restart mkdir /var/www/html/ticket
Browse to server
http://192.168.0.7
Works? Fabuloso!!
reboot
ACTIVE DIRECTORY 2003
Lets tell the domain about our RT box.
Logon to your AD server and open "Active Directory Users and Computers" located in "Administrator Tools"
We are going to create an OU (organizational unit) and setup an ldap account and an RT Security Group (if you already have these or don't need them, then skip this step).
- right click your top level domain ie. internal.local - Select "new" and choose "Organizational Unit" - name the OU "Services" (or what ever you want) - right click the new OU and select "new" and choose "Group" - name the group "RT Users" (group scope = global and group type = security) - click apply and ok - right click the new "RT Users" group and add yourself as a member - click apply and ok - right click the new OU again and select "new" and choose "User" - name this user "ldap" (for the logon name, you can use whatever you want for the other fields) hit next - select a good password, remove the "user must change password" and select the "password never expires" and "user can not change pass" options, hit next
Close the "AD Users and Computers" and open the "DNS" snapin also located in "Administrator Tools"
- drill down into the "Forward Lookup Zones" - select and then right click on your domain (internal.local) and choose "New Host (A)" - give the hostname of your RT box (helpdesk) and then fill in the IP below that (192.168.0.7) - make sure "create associated pointer (PTR) record" is checked - click add host - right click on your domain again and choose "New Mail Exchanger (MX)" - put in your RT box hostname again (helpdesk) at the top - select the "Browse" button below and find then select your RT box "A" record (helpdesk.internal.local) - click ok - right click your top level DNS server name (not the domain internal.local but the AD server name above the Forward Lookup Zones) - choose "Clear Cache" - right click again - choose "Update Server Data Files" - right click again - select "All Tasks" and choose "Restart" (should only take a second or two depending on the size of your DNS tree)
Logoff AD server.
We are done here!
ACTIVE DIRECTORY SBS 2008
For those of you running Windows Small Business Server 2008 the procedure is slightly different:
- In "Active Directory Users and Computers" drill down to: <top level domain> -> MyBusiness -> Users - Right click SBSUsers and select "new" and choose "User" - name this user "ldap" (for the logon name, you can use whatever you want for the other fields) hit next - select a good password, remove the "user must change password" and select the "password never expires" and "user can not change pass" options, hit next
Close the "AD Users and Computers" and perform the DNS steps as described for AD 2003
EXCHANGE 2007
Lets tell the Exchange server where to send our mail.
Logon to your Exchange server and open the "Exchange Management Console"
- Under the "Organizational Configuration: select "Hub Transport" On the right pane select the "Send Connectors" tab - right click the blank space and choose "New Send Connector" - give the connector a name (the hostname of your RT box is a good one) - select "Custom" below the name field and click next - for "Address Space" click "Add" at the top - SMTP will be the "type" enter the full hostname and domain for address (helpdesk.internal.local) - click ok (leave the other options alone) then click next - ensure that "Use domain name system (DNS) "MX" records..." is chosen and click next - click next - click new
Now on the left pane select "Hub Transport" again under the "Server Configuration" category. On the right pane, bottom half, you should see a "RelayConnector". If you do not you may have to create one. If you have to create one do this...
- right click in the blank space in the lower pane and choose "New Receive Connector" - give it name (Relay) and choose "custom" below that, click next - edit the "All Available" entry that is pre-populated on the next screen - select "Specify and IP address" and give the IP address of your Exchange Server, then click "OK" - click next - remove the pre-populated entry and then click "Add" - enter the IP address of your RT server (192.168.0.7), then click "OK" -click next -click next -click new - right click the new Relay connector and choose "Properties" - in the middle you need to specify the the EXTERNAL DNS FQDN of your mail server. So if the outside world knows you as domain-a.com then you need to enter what the outside world sees for your MX records. Such as mail.domain-a.com. You will need to figure that part out on your own I am afraid.
Use DNS Stuff or an MX lookup site.
- select the "Authentication" tab at the top and remove all options from this tab. - select the "Permissions Group" tab at the top and only select "Anonymous Users" - click "Apply" - click "OK"
Now you can close the Exchange Management Console, and under "Administrator Tools" we need to open "Services"
Under services we need to restart the "Microsoft Exchange Transport" service. Should only take a few seconds.
Close your windows, and logoff.
We are done here too!
POSTFIX
Back on our RT server we need to edit the postfix application and also tell the machine where to send the mail. This part is where we determine the queues that will be setup in RT.
EDIT: /etc/postfix/main.cf
We only need to change a couple lines. Modify these lines in your file...
myhostname = helpdesk.internal.local mydomain = internal.local inet_interfaces = all mynetworks_style = host relayhost = exchange-server-hostname.$mydomain
Save the file and close it.
EDIT: /etc/aliases
Go to the bottom of the file and change root to be your address or someone that will manage the mail from this machine.
root: joe.dirt@internal.local
Now we will add the queue pipes to rt-mailgate. At the bottom of the aliases file add your queues by following this example...
# Request Tracker - Ticket System Queues rt-it: |"/opt/rt3/bin/rt-mailgate --queue IT --action correspond --url http://helpdesk/ticket/" rt-it-comment: |"/opt/rt3/bin/rt-mailgate --queue IT --action comment --url http://helpdesk/ticket/"
Save the file and exit.
Restart postfix and set new aliases file additions.
/etc/init.d/postfix restart newaliases
Now we just need to test it and make sure mail flows. We will do this by sending mail from an outlook account to our "normal" user account we are using on the RT box. Go ahead, send an email to normaluser@helpdesk.internal.local
The user account on your linux box should have got the email (unless the name is already in the aliases file like, support, or toor. Then the email would go to the root account we setup prior). As long as the normal user name is not in the aliases file, the mail will be delivered to the normal unix account we created in the beginning. By typing "mail" on the command line while logged in as the normal user (whom you sent mail to from outlook or gmail, etc. etc.), it should pop up a message saying you have new mail.
Check the sending of mail from your linux box through your exchange server,
echo "Bawitdaba da-bang da-bang diggy-diggy, diggy said to boogie, so up jump the boogie." \ | mail -s "RT RULEZ" you@domain-a.com
It works? Yea it does!!
RT 3.8.7
Turn on some services so next time we reboot everything comes up. We will get it all configured this time around. Lets also turn off some new ones we acquired through our updates, and installs.
chkconfig httpd on chkconfig mysqld on chkconfig postfix on chkconfig --level 6543210 iscsi off chkconfig --level 6543210 iscsid off
We need to get the file downloaded and unpacked.
wget http://download.bestpractical.com/pub/rt/release/rt-3.8.7.tar.gz gtar -xzf rt-3.8.7.tar.gz chown -R root.root rt-3.8.7 cd rt-3.8.7
Create an rt user and apply apache to the group.
mkdir /etc/skel_empty groupadd -g 200 rt useradd -g rt -u 200 -d /opt/rt3 -m -k /etc/skel_empty -s /sbin/nologin -c "RT" rt usermod -G rt apache rm -fR /opt/rt3 /etc/skel_empty
Lets start mysql and get it prepped.
/etc/init.d/mysqld start
Once it's started go ahead and see if you can access it (without a password).
mysql
If you get the sql command prompt, we are good to go. Otherwise something went wrong somewhere and you need to track it down.
exit
Before we configure RT lets get the perl base updated and configured nicely. First lets install a dependency app.
NCFTP: wget ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.4-linux-x86-glibc2.3-export.tar.gz gtar -xzf ncftp-3.2.3-linux-x86-glibc2.3-export.tar.gz chown -R root.root ncftp-3.2.3 cd ncftp-3.2.3 make install cd ../ rm -fR ncftp-3.2.3*
OK. On with the Perl show.
perl -MCPAN -e shell
You will need to answer some questions... the default are fine except for two spots that I like to change.
- set to follow Policy on building prerequisites (follow, ask or ignore)? [follow] - download mirrors, choose 2 or 3 mirrors
Now we will update CPAN. This will take a little while depending on your machine speed. It will ask a couple questions later in the update, so just make sure your around to hit the enter key or it won't move forward. Defaults are fine here as well.
install Bundle::CPAN
After the update is complete
reload cpan reload index
You will be asked another question... choose yes.
Always commit changes to config variables to disk? yes
The rest of the defaults are fine.
reload cpan reload index clean exit
It's time to let the fun begin! We should still be in the RT directory. If not...
cd ~/rt-3.8.7
Lets configure RT and fix dependencies.
./configure \ --with-db-type=mysql \ --with-db-dba=root \ --with-db-database=rt3 \ --with-db-host=localhost \ --with-db-rt-user=local \ --with-db-rt-pass=localpass \ --with-web-user=apache \ --with-web-group=apache \ --with-rt-group=rt \ --enable-graphviz \ --enable-gd make testdeps make fixdeps (or) PERL_MM_USE_DEFAULT=1 make fixdeps (accepts all defaults... thank you Kurt M.)
If you did not go with the PERL_MM_USE_DEFAULT=1 option then, give it a minute or so for a prompt to accept the default answer for a couple questions (install optional modules). Then you got about enough time for about one smoke... then be back around to accept the default on another question........... repeat.........
At the end of this process you may get a missing dependency such as
ICAL missing dependencies:
Data::ICal ...MISSING
Lets run the tests again.
make testdeps
You should find that all dependencies have been found. Amazing!! So we continue.
make install
Now we need to setup the RT_SiteConfig.pm. Here is a working config, you will need to change a few variables to suit your setup.
cat > /opt/rt3/etc/RT_SiteConfig.pm << "EOF"
######################
# Custom Site Config #
######################
Set($rtname , "Super Company");
Set($Organization , "helpdesk.internal.local");
Set($MinimumPasswordLength , "5");
Set($Timezone , 'US/Mountain');
#Set(@Plugins, qw(
# RT::Authen::ExternalAuth
# ));
Set($HomepageComponents, [qw(
QuickCreate
Quicksearch
MyAdminQueues
MySupportQueues
MyReminders
RefreshHomepage
Dashboards
)]);
Set($DatabaseType , 'mysql');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'local');
Set($DatabasePassword , 'localpass');
Set($DatabaseName , 'rt3');
Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);
Set($SendmailArguments , "-oi -t -f support\@helpdesk.internal.local");
Set($MaxAttachmentSize , 10000000);
Set($RTAddressRegexp , '^rt\@helpdesk.internal.local$');
Set($CorrespondAddress , 'no-reply@helpdesk.internal.local');
Set($CommentAddress , 'no-reply@helpdesk.internal.local');
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , "\"%s\" <%s>");
Set($UseFriendlyToLine , 1);
Set($FriendlyToLineFormat, "\"%s Ticket #%s\":;");
Set($NotifyActor, 0);
Set($RecordOutgoingEmail, 1);
Set($WebPath , "/ticket");
Set($WebPort , 80);
Set($WebBaseURL , "http://helpdesk");
Set($WebURL , $WebBaseURL . $WebPath . "/");
Set($MessageBoxWidth , 72);
Set($MessageBoxWrap, "HARD");
Set($MaxInlineBody, 13456);
Set($DefaultSummaryRows, 10);
Set($OldestTransactionsFirst, '1');
Set($ShowTransactionImages, 1);
Set($DateDayBeforeMonth , 0);
Set($AmbiguousDayInPast , 1);
#require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
#Set($AutoCreate, {Privileged => 1});
1;
EOF
Once you have the settings changed and the file updated. We need to initialize the database.
make initialize-database
Being that we did not set a password for the local machine. You can just hit enter when it prompts you for one.
Now we setup our cron jobs
crontab -e
Insert the following and then save and exit.
# RT Cron Jobs 0 0 * * * /opt/rt3/sbin/rt-email-digest -m daily 0 0 * * 0 /opt/rt3/sbin/rt-email-digest -m weekly 0 * * * * /opt/rt3/sbin/rt-email-dashboards
Now we need to setup apache to alias RT. You can use virtual hosts but again, that is out of the scope of this walkthrough.
Here is another copy and paste for ya.
cat > /etc/httpd/conf.d/rt3.conf << "EOF" Alias /ticket "/opt/rt3/share/html" PerlRequire /opt/rt3/bin/webmux.pl <Directory "/opt/rt3/share/html"> AllowOverride All Options ExecCGI FollowSymLinks RewriteEngine On RedirectMatch permanent (.*)/$ $1/index.html AddDefaultCharset UTF-8 SetHandler perl-script PerlHandler RT::Mason </Directory> EOF
Lets restart the apache server and see if we can see our site... drum roll..
/etc/init.d/httpd restart http://helpdesk/ticket
TU-DU!!!
User: root Pass: password
Now we need to add the external authentication plugin. I have yet another copy and past for you once we get through this part.
We need to tell Perl where the RT libraries are before we install this module.
export PERL5LIB=/opt/rt3/lib
Now we install the plugin.
perl -MCPAN -e 'install RT::Authen::ExternalAuth'
Now modify the settings below to fit your setup and put it in place. I should note that the original file that is installed right now has other options such as mysql and sso configs. We will back this up first. My config below has everything stripped from it except LDAP. Also note that we are not going to put all this in our original RT_SiteConfig file. We will call the file into our RT_SiteConfig with a "require" statement.
When using AD2003:
cp -a /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm \
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm.original
cat > /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm << "EOF"
Set($ExternalAuthPriority, [ 'My_LDAP' ] );
Set($ExternalInfoPriority, [ 'My_LDAP' ] );
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ad-server.internal.local',
'user' => 'cn=ldap,ou=Services,dc=internal,dc=local',
'pass' => 'ldapaccountpassword',
'base' => 'dc=internal,dc=local',
'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
# 'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'group' => 'cn=RT Users,ou=Services,dc=internal,dc=local',
'group_attr' => 'member',
'attr_match_list' => [ 'Name', 'EmailAddress' ],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
}
}
);
1;
EOF
When using SBS2008
cp -a /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm \
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm.original
cat > /opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm << "EOF"
Set($ExternalAuthPriority, [ 'My_LDAP' ]);
Set($ExternalInfoPriority, [ 'My_LDAP']);
Set($ExternalServiceUsesSSLorTLS, 0);
Set($AutoCreateNonExternalUsers, 0);
Set($ExternalSettings, {
'My_LDAP' => {
'type' => 'ldap',
'server' => 'ad-server.internal.local',
'user' => 'ldap',
'pass' => 'ldapaccountpassword',
'base' => 'ou=SBSUsers,ou=Users,ou=MyBusiness,dc=internal,dc=local',
'filter' => '(&(ObjectCategory=User)(ObjectClass=Person))',
'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',
'tls' => 0,
'ssl_version' => 3,
'net_ldap_args' => [ version => 3 ],
'attr_match_list' => [ 'Name',
'EmailAddress'
],
'attr_map' => { 'Name' => 'sAMAccountName',
'EmailAddress' => 'mail',
'Organization' => 'physicalDeliveryOfficeName',
'RealName' => 'cn',
'ExternalAuthId' => 'sAMAccountName',
'Gecos' => 'sAMAccountName',
'WorkPhone' => 'telephoneNumber',
'Address1' => 'streetAddress',
'City' => 'l',
'State' => 'st',
'Zip' => 'postalCode',
'Country' => 'co'
}
},
}
);
1;
EOF
Now we will edit the RT_SiteConfig.pm and un-comment the variables I have included previously.
EDIT:
/opt/rt3/etc/RT_SiteConfig.pm
CHANGE:
#Set(@Plugins, qw(
# RT::Authen::ExternalAuth
# ));
TO:
Set(@Plugins, qw(
RT::Authen::ExternalAuth
));
CHANGE:
#require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
#Set($AutoCreate, {Privileged => 1});
TO:
require "/opt/rt3/local/plugins/RT-Authen-ExternalAuth/etc/RT_SiteConfig.pm";
Set($AutoCreate, {Privileged => 1});
Save the file and exit. Restart the web service.
/etc/init.d/httpd restart
It's that time. Time to test out the integration. Login with your AD account that you added to the "RT User" security group.
http://helpdesk/ticket
TODO:
* Explain how to use Exchange contact cards to direct mail
and also allow the email queues to show up in the GAL.
* Add Sample RT Group/User Permission Tolopolgy
* Explain AutoCreate option
* Find a good form generator
* More... TBA
TALK: If you find flaws in this walkthrough by all means fix them. I would also appreciate sending me and e-mail and letting me know your thoughts, or just let me know how it worked for you. Good luck!!
Initial Author: Kenny Prickett (phatlix at superxero dot org) Initial Revision: 12/28/2009 Last Revision: 02/11/2010