OTRS-LDAP
Moderator: crythias
-
- Znuny newbie
- Posts: 42
- Joined: 13 Jan 2011, 09:40
- Znuny Version: 3.04
OTRS-LDAP
hi there,
i am new to otrs but have tried out few things. i have installed it on ubuntu 10.10/mysql and have windows 2003 active directory. i have read about active directory and otrs integration on wiki also. i want to configure agents with local database and customers with active directory. i have few questions on the configuration given as per wiki below. can you help me to understand those questions below?
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source', //question: can this be any name? if not, where do i get it?
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldap.example.com',
# ldap base dn
BaseDN => 'dc=example, dc=com', //question: what is dc? domain controller? can (NOT should) i use only one as com?
# search scope (one|sub)
SSCOPE => 'sub', //question: which one should i select? sub or one?
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=myaccount, OU=users, DC=example, DC=com', //question: what should i specify for CN, OU? where do i get it in active directory settings?
UserPw => 'verysecret',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' //question: how do i decide what to use?
# AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
# port => 389,
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
# customer unique id
CustomerKey => 'sAMAccountName', //question: should i just retain it as 'sAMAccountName'? where can i find this customerkey?
# customer #
CustomerID => 'mail', //question: should it be retained as mail? what is the significance?
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'givenname', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'], //question: do i need to change anything here or retain as givenname and sn?
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
CacheTTL => 120,
i am new to otrs but have tried out few things. i have installed it on ubuntu 10.10/mysql and have windows 2003 active directory. i have read about active directory and otrs integration on wiki also. i want to configure agents with local database and customers with active directory. i have few questions on the configuration given as per wiki below. can you help me to understand those questions below?
# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source', //question: can this be any name? if not, where do i get it?
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldap.example.com',
# ldap base dn
BaseDN => 'dc=example, dc=com', //question: what is dc? domain controller? can (NOT should) i use only one as com?
# search scope (one|sub)
SSCOPE => 'sub', //question: which one should i select? sub or one?
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=myaccount, OU=users, DC=example, DC=com', //question: what should i specify for CN, OU? where do i get it in active directory settings?
UserPw => 'verysecret',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' //question: how do i decide what to use?
# AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
# port => 389,
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
# customer unique id
CustomerKey => 'sAMAccountName', //question: should i just retain it as 'sAMAccountName'? where can i find this customerkey?
# customer #
CustomerID => 'mail', //question: should it be retained as mail? what is the significance?
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'givenname', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'], //question: do i need to change anything here or retain as givenname and sn?
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
CacheTTL => 120,
Re: OTRS-LDAP
you should brush up on LDAP and how servers query information.
referer to http://www.ldapman.org/articles/intro_to_ldap.html and take a gander at it. it will explain alot.
basically your domain is set up like a tree
Distinguished name
organizational unit
organizational unit
it looks similar to this. DC= just makes the DN (Distinguished name ) so if your domain was Foo.Barr it would be DC=Foo,DC=Barr
it will take a few days to get used too, leave sAMAccountname alone
referer to http://www.ldapman.org/articles/intro_to_ldap.html and take a gander at it. it will explain alot.
basically your domain is set up like a tree
Distinguished name
organizational unit
organizational unit
it looks similar to this. DC= just makes the DN (Distinguished name ) so if your domain was Foo.Barr it would be DC=Foo,DC=Barr
it will take a few days to get used too, leave sAMAccountname alone
-
- Znuny newbie
- Posts: 42
- Joined: 13 Jan 2011, 09:40
- Znuny Version: 3.04
Re: OTRS-LDAP
thank you gangaskan.
i am now configured ldap with otrs. i get all records but cannot see the data. see the attached file pls. although i have set the visible parameter as 1 in config. pm, i don't know why i cannot see the data when the records exist. when i search it with customer names i know, i get correct set of records but i cannot see them. see attached file pls. it will be grateful if you can help.
i am now configured ldap with otrs. i get all records but cannot see the data. see the attached file pls. although i have set the visible parameter as 1 in config. pm, i don't know why i cannot see the data when the records exist. when i search it with customer names i know, i get correct set of records but i cannot see them. see attached file pls. it will be grateful if you can help.
You do not have the required permissions to view the files attached to this post.
-
- Znuny newbie
- Posts: 42
- Joined: 13 Jan 2011, 09:40
- Znuny Version: 3.04
Re: OTRS-LDAP
nobody?
your expert tips/suggestions will be really helpful.
your expert tips/suggestions will be really helpful.
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: OTRS-LDAP
Does this mean that you can search an individual user and he shows up?fondofotrs wrote:when i search it with customer names i know, i get correct set of records
Did you notice any error messages in the logs regarding connection?
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
- Znuny newbie
- Posts: 42
- Joined: 13 Jan 2011, 09:40
- Znuny Version: 3.04
Re: OTRS-LDAP
correct. i can search the users and only those limited records show up. the only problem is that it does not display any data. which logs do i need to check for errrors. it does not throw any error while searching though.
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: OTRS-LDAP
the errors would be in the admin system log
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
Hello Crythias,
I am facing similar problems too. Would you be able to help pls? I see only one log file in /opt/otrs/var/log which is TicketCounter.log. Where is admin system log found?
Thanks.
Best Regards
Chetan
I am facing similar problems too. Would you be able to help pls? I see only one log file in /opt/otrs/var/log which is TicketCounter.log. Where is admin system log found?
Thanks.
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
Hello Crythias,
Sorry for previous question. I checked it in Admin System log but it doesn't give that error. It throws up error that it is not able to connect to mysql remotely when it tries to run cron jobs of GenericAgent, Pending jobs etc. See below pls-
Mon Jan 24 09:20:02 2011 error OTRS-otrs.GenericAgent.pl-10 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
Mon Jan 24 09:10:01 2011 error OTRS-PostMasterMailbox.pl-10 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
I am also getting error while connecting to MySQL using mysql management studio even after specifying its ip address and setting correct ssh connection. but i can connect using root@localhost via web browser and can access all options perfectly though. where do you think i am missing something?
Best Regards
Chetan
Sorry for previous question. I checked it in Admin System log but it doesn't give that error. It throws up error that it is not able to connect to mysql remotely when it tries to run cron jobs of GenericAgent, Pending jobs etc. See below pls-
Mon Jan 24 09:20:02 2011 error OTRS-otrs.GenericAgent.pl-10 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
Mon Jan 24 09:10:01 2011 error OTRS-PostMasterMailbox.pl-10 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
I am also getting error while connecting to MySQL using mysql management studio even after specifying its ip address and setting correct ssh connection. but i can connect using root@localhost via web browser and can access all options perfectly though. where do you think i am missing something?
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
Hello Crythias,
I thought of updating you that I am able to get it working now after changing the uid to sAMAccountName. I can see all the users now in the screen.
Hello fondofotrs, let me know if you need any help pls.
Best Regards
Chetan
I thought of updating you that I am able to get it working now after changing the uid to sAMAccountName. I can see all the users now in the screen.
Hello fondofotrs, let me know if you need any help pls.
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
There is one thing though. When I try to log in as customer, I am not able to do so. I tried logging as couple of customers with correct passwords, I wasn't able to. Am I missing something?
Best Regards
Chetan
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
Hello again. Do we need to give any specific customerkey or uid for ldap customers to log into OTRS? when i try to test logging in as ldap customers with their login and passwords, i am not able to log in. Appreciate if you can throw some light on this pls.
Best Regards
Chetan
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
I have tried it with different parameters. Can someone confirm that LDAP customers won't be able to log in if LDAP does not have emails specified in it? Also, when I search the customers in Admin, I also see all users. How do I filter? I have used AlwaysFilter => '(objectclass=user)' but not sure if that is sufficient since I am not very familiar with AD style.
Best Regards
Chetan
Best Regards
Chetan
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
-
- Moderator
- Posts: 10169
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: OTRS-LDAP
the field in UserLogin in the CustomerUser Map=> determines the login name.
http://wiki.otrs.org/index.php?title=Us ... _customers
http://wiki.otrs.org/index.php?title=Us ... _customers
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
- Znuny advanced
- Posts: 148
- Joined: 25 Oct 2010, 10:02
- Znuny Version: 3.2
- Location: Bangalore, India
Re: OTRS-LDAP
Thanks, Crythias. I have used it as sAMAccountName and it displayed the names only when I set it as sAMAccountName. If I set it to uid, it does show all the records but not the names. Is setting mail ids for each user mandatory in AD?
Best Regards
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Chetan
OTRS 3.06
ITSM 3.1
MySQL
Windows 7 Ultimate
Re: OTRS-LDAP
Guys,
i'm facing the same fondofotrs issue! (i can find the customers but their data are not mapped or better......row are showed but informations are empty)
I'm totally sure the map is correct (i was using the same config.pm on another working well installation)
Anyone that could help me?
i'm facing the same fondofotrs issue! (i can find the customers but their data are not mapped or better......row are showed but informations are empty)
I'm totally sure the map is correct (i was using the same config.pm on another working well installation)
Anyone that could help me?
Re: OTRS-LDAP
Done!
The issue was related to CustomerKey => 'sAMAccountName'.
This was working before 'cause it was AD; now that I use Domino to get from the data I had to use uid instead of sAMAccountName
Thanks everybody!
Emanuele
The issue was related to CustomerKey => 'sAMAccountName'.
This was working before 'cause it was AD; now that I use Domino to get from the data I had to use uid instead of sAMAccountName
Thanks everybody!
Emanuele