OTRS-LDAP

[fondofotrs]

hi there,
i am new to otrs but have tried out few things. i have installed it on ubuntu 10.10/mysql and have windows 2003 active directory. i have read about active directory and otrs integration on wiki also. i want to configure agents with local database and customers with active directory. i have few questions on the configuration given as per wiki below. can you help me to understand those questions below?

# CustomerUser
# (customer user ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Data Source', //question: can this be any name? if not, where do i get it?
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldap.example.com',
# ldap base dn
BaseDN => 'dc=example, dc=com', //question: what is dc? domain controller? can (NOT should) i use only one as com?
# search scope (one|sub)
SSCOPE => 'sub', //question: which one should i select? sub or one?
# # The following is valid but would only be necessary if the
# # anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'CN=myaccount, OU=users, DC=example, DC=com', //question: what should i specify for CN, OU? where do i get it in active directory settings?
UserPw => 'verysecret',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' //question: how do i decide what to use?
# AlwaysFilter => '',
# if your frontend is e. g. iso-8859-1 and the charset of your
# ldap server is utf-8, use these options.
# SourceCharset => 'utf-8',
# DestCharset => 'iso-8859-1',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
# port => 389,
port => 3268,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
# customer unique id
CustomerKey => 'sAMAccountName', //question: should i just retain it as 'sAMAccountName'? where can i find this customerkey?
# customer #
CustomerID => 'mail', //question: should it be retained as mail? what is the significance?
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'givenname', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'], //question: do i need to change anything here or retain as givenname and sn?
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
CacheTTL => 120,

[gangaskan]

you should brush up on LDAP and how servers query information.

referer to http://www.ldapman.org/articles/intro_to_ldap.html and take a gander at it. it will explain alot.


basically your domain is set up like a tree

Distinguished name
organizational unit
organizational unit

it looks similar to this. DC= just makes the DN (Distinguished name ) so if your domain was Foo.Barr it would be DC=Foo,DC=Barr


it will take a few days to get used too, leave sAMAccountname alone

[fondofotrs]

thank you gangaskan.

i am now configured ldap with otrs. i get all records but cannot see the data. see the attached file pls. although i have set the visible parameter as 1 in config. pm, i don't know why i cannot see the data when the records exist. when i search it with customer names i know, i get correct set of records but i cannot see them. see attached file pls. it will be grateful if you can help.

ldap-otrs-records.png

[fondofotrs]

nobody?
your expert tips/suggestions will be really helpful.

[crythias]

when i search it with customer names i know, i get correct set of records

Does this mean that you can search an individual user and he shows up?

Did you notice any error messages in the logs regarding connection?

[fondofotrs]

correct. i can search the users and only those limited records show up. the only problem is that it does not display any data. which logs do i need to check for errrors. it does not throw any error while searching though.

[crythias]

the errors would be in the admin system log

[chetannagaonkar]

Hello Crythias,

I am facing similar problems too. Would you be able to help pls? I see only one log file in /opt/otrs/var/log which is TicketCounter.log. Where is admin system log found?

Thanks.
Best Regards
Chetan

[chetannagaonkar]

Hello Crythias,

Sorry for previous question. I checked it in Admin System log but it doesn't give that error. It throws up error that it is not able to connect to mysql remotely when it tries to run cron jobs of GenericAgent, Pending jobs etc. See below pls-

Mon Jan 24 09:20:02 2011 error OTRS-otrs.GenericAgent.pl-10 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
Mon Jan 24 09:10:01 2011 error OTRS-PostMasterMailbox.pl-10 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

I am also getting error while connecting to MySQL using mysql management studio even after specifying its ip address and setting correct ssh connection. but i can connect using root@localhost via web browser and can access all options perfectly though. where do you think i am missing something?

Best Regards
Chetan

[chetannagaonkar]

Hello Crythias,

I thought of updating you that I am able to get it working now after changing the uid to sAMAccountName. I can see all the users now in the screen.

Hello fondofotrs, let me know if you need any help pls.

Best Regards
Chetan

[chetannagaonkar]

There is one thing though. When I try to log in as customer, I am not able to do so. I tried logging as couple of customers with correct passwords, I wasn't able to. Am I missing something?

Best Regards
Chetan

[chetannagaonkar]

Hello again. Do we need to give any specific customerkey or uid for ldap customers to log into OTRS? when i try to test logging in as ldap customers with their login and passwords, i am not able to log in. Appreciate if you can throw some light on this pls.

Best Regards
Chetan

[chetannagaonkar]

I have tried it with different parameters. Can someone confirm that LDAP customers won't be able to log in if LDAP does not have emails specified in it? Also, when I search the customers in Admin, I also see all users. How do I filter? I have used AlwaysFilter => '(objectclass=user)' but not sure if that is sufficient since I am not very familiar with AD style.

Best Regards
Chetan

[crythias]

the field in UserLogin in the CustomerUser Map=> determines the login name.

http://wiki.otrs.org/index.php?title=Us ... _customers

[chetannagaonkar]

Thanks, Crythias. I have used it as sAMAccountName and it displayed the names only when I set it as sAMAccountName. If I set it to uid, it does show all the records but not the names. Is setting mail ids for each user mandatory in AD?

[eturconi]

Guys,
i'm facing the same fondofotrs issue! (i can find the customers but their data are not mapped or better......row are showed but informations are empty)
I'm totally sure the map is correct (i was using the same config.pm on another working well installation)
Anyone that could help me?

[eturconi]

Done!
The issue was related to CustomerKey => 'sAMAccountName'.
This was working before 'cause it was AD; now that I use Domino to get from the data I had to use uid instead of sAMAccountName
Thanks everybody!
Emanuele