ich verzweifle seit Tagen an der Konfiguration von SSO via LDAP/Kerberos und Znuny 6.4.5. LDAP-Anmeldung funktioniert ohne Probleme.
Das OTRS-Log gibt lediglich Need "UserLogin or UserID!" bzw. "Need User!" aus.
Die unterschiedlichen Einträge im Forum zu dieser Fehlermeldung habe ich bereits durchgearbeitet. Irgendwo hakt es allerdings noch.
Anbei meine Config, vielleicht sieht jemand den Fehler, den ich nicht sehe....
Config.pm
Code: Select all
# ---------------------------------------------------- #
# LDAP Setting for Agents
# ---------------------------------------------------- #
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::ReplaceRegExp'} ='@domain.LOCAL';
$Self->{'AuthModule2'} = 'Kernel::System::Auth::LDAP';
# $Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::Host2'} = 'domaingdc1.domain.local';
$Self->{'AuthModule::LDAP::BaseDN2'} = 'dc=domain,dc=local';
$Self->{'AuthModule::LDAP::UID2'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN2'} = 'CN=ROL_domainG_OTRS_Agents,OU=Rollen,OU=Gruppen,OU=domainG,OU=domain,DC=domain,DC=local';
$Self->{'AuthModule::LDAP::AccessAttr2'} = 'member';
$Self->{'AuthModule::LDAP::SearchUserDN2'} = 'domainG_Dienst.OTRS';
$Self->{'AuthModule::LDAP::SearchUserPw2'} = 'xyz';
$Self->{'AuthModule::LDAP::AlwaysFilter2'} = '';
$Self->{'AuthModule::LDAP::Params2'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
Code: Select all
# --
# added for OTRS (http://otrs.org/)
# --
ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"
<IfModule mod_perl.c>
# Setup environment and preload modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl
# Reload Perl modules when changed on disk
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload
# general mod_perl2 options
<Location /otrs>
# ErrorDocument 403 /otrs/customer.pl
ErrorDocument 403 /otrs/index.pl
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
PerlOptions +ParseHeaders
PerlOptions +SetupEnv
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
</Location>
# mod_perl2 options for GenericInterface
<Location /otrs/nph-genericinterface.pl>
PerlOptions -ParseHeaders
</Location>
</IfModule>
LoadModule auth_kerb_module usr/lib/apache2/modules/mod_auth_kerb.so
<Directory "/opt/otrs/bin/cgi-bin/">
AllowOverride None
AuthType Kerberos
AuthName "OTRS"
Krb5Keytab /etc/krb5.keytab
KrbAuthRealms DOMAIN.LOCAL
KrbServiceName HTTP/helpdesk.domain.local@DOMAIN.LOCAL
KrbMethodNegotiate on
KrbSaveCredentials off
KrbMethodK5Passwd on
KrbLocalUserMapping on
Require valid-user
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
<Directory "/opt/otrs/var/httpd/htdocs/">
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_filter.c>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json
</IfModule>
</IfModule>
# Make sure CSS and JS files are read as UTF8 by the browsers.
AddCharset UTF-8 .css
AddCharset UTF-8 .js
# Set explicit mime type for woff fonts since it is relatively new and apache may not know about it.
AddType application/font-woff .woff
</Directory>
</Directory>
# Allow access to public interface for unauthenticated requests on systems with set-up authentication.
# Will work only for RegistrationUpdate, since page resources are still not be loaded.
# <Location /otrs/public.pl>
# <IfModule mod_version.c>
# <IfVersion < 2.4>
# Order allow,deny
# Allow from all
# </IfVersion>
# <IfVersion >= 2.4>
# Require all granted
# </IfVersion>
# </IfModule>
# <IfModule !mod_version.c>
# Order allow,deny
# Allow from all
# </IfModule>
# </Location>
<IfModule mod_headers.c>
# Cache css-cache for 30 days
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css-cache">
<FilesMatch "\.(css|CSS)$">
Header set Cache-Control "max-age=2592000, must-revalidate"
</FilesMatch>
</Directory>
# Cache css thirdparty for 4 hours, including icon fonts
<Directory "/opt/otrs/var/httpd/htdocs/skins/*/*/css/thirdparty">
<FilesMatch "\.(css|CSS|woff|svg)$">
Header set Cache-Control "max-age=14400, must-revalidate"
</FilesMatch>
</Directory>
# Cache js-cache for 30 days
<Directory "/opt/otrs/var/httpd/htdocs/js/js-cache">
<FilesMatch "\.(js|JS)$">
Header set Cache-Control "max-age=2592000, must-revalidate"
</FilesMatch>
</Directory>
# Cache js thirdparty for 4 hours
<Directory "/opt/otrs/var/httpd/htdocs/js/thirdparty/">
<FilesMatch "\.(js|JS)$">
Header set Cache-Control "max-age=14400, must-revalidate"
</FilesMatch>
</Directory>
</IfModule>
# Limit the number of requests per child to avoid excessive memory usage
MaxRequestsPerChild 4000
error.log
Danke,[Mon Feb 20 15:19:39.138340 2023] [deflate:debug] [pid 416654] mod_deflate.c(854): [client 172.18.1.1:63260] AH01384: Zlib: Compressed 10446 to 3480 : URL /otrs/index.pl, referer: https://server.domain.local/otrs/index. ... sponseID=1
[Mon Feb 20 15:19:39.456837 2023] [ssl:debug] [pid 416654] ssl_engine_kernel.c(415): [client 172.18.1.1:63260] AH02034: Subsequent (No.2) HTTPS request received for child 11 (server server.domain.local:443), referer: https://server.domain.local/otrs/index. ... eID=194574
[Mon Feb 20 15:19:39.456910 2023] [authz_core:debug] [pid 416654] mod_authz_core.c(817): [client 172.18.1.1:63260] AH01626: authorization result of Require all granted: granted, referer: https://server.domain.local/otrs/index. ... eID=194574
[Mon Feb 20 15:19:39.456914 2023] [authz_core:debug] [pid 416654] mod_authz_core.c(817): [client 172.18.1.1:63260] AH01626: authorization result of <RequireAny>: granted, referer: https://server.domain.local/otrs/index. ... eID=194574
[Mon Feb 20 15:19:39.456933 2023] [auth_gssapi:debug] [pid 416654] mod_auth_gssapi.c(727): [client 172.18.1.1:63260] GSSapiImpersonate not On, skipping impersonation., referer: https://server.domain.local/otrs/index. ... eID=194574
[Mon Feb 20 15:19:39.667073 2023] [deflate:debug] [pid 416654] mod_deflate.c(854): [client 172.18.1.1:63260] AH01384: Zlib: Compressed 69280 to 11412 : URL /otrs/index.pl, referer: https://server.domain.local/otrs/index. ... eID=194574
[Mon Feb 20 15:19:39.846471 2023] [ssl:debug] [pid 416654] ssl_engine_kernel.c(415): [client 172.18.1.1:63260] AH02034: Subsequent (No.3) HTTPS request received for child 11 (server server.domain.local:443), referer: https://server.domain.local/otrs/index. ... eID=194575
[Mon Feb 20 15:19:39.846530 2023] [authz_core:debug] [pid 416654] mod_authz_core.c(817): [client 172.18.1.1:63260] AH01626: authorization result of Require all granted: granted, referer: https://server.domain.local/otrs/index. ... eID=194575
[Mon Feb 20 15:19:39.846534 2023] [authz_core:debug] [pid 416654] mod_authz_core.c(817): [client 172.18.1.1:63260] AH01626: authorization result of <RequireAny>: granted, referer: https://server.domain.local/otrs/index. ... eID=194575
[Mon Feb 20 15:19:39.846554 2023] [auth_gssapi:debug] [pid 416654] mod_auth_gssapi.c(727): [client 172.18.1.1:63260] GSSapiImpersonate not On, skipping impersonation., referer: https://server.domain.local/otrs/index. ... eID=194575
[Mon Feb 20 15:19:39.877880 2023] [deflate:debug] [pid 416654] mod_deflate.c(854): [client 172.18.1.1:63260] AH01384: Zlib: Compressed 1512 to 831 : URL /otrs/index.pl, referer: https://server.domain.local/otrs/index. ... eID=194575
ANSY