Customer LDAP Authentication Active Directory 2003

[TBird]

Hey guys Can some help me ? The problem is clasical, i can login with agent, but i can`t with customer.
In the end, i want to login via LDAP with customer only. So i use a script ( OTRS CUSTOMER ACTIVE DIRECTORY SCRIPT CREATOR )
to make the Config.pm. So this is the config... :

Code: Select all

#-------------------------------------------------------------------------------------------#
# Customer Authentication #
#-------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = 'x.x.x.x';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=xxxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=otrscustomer,CN=Users,DC=Company,DC=tld';
# only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'ldap_ticket';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'xxxxxx';
#-------------------------------------------------------------------------------------------# 
# Customerdata #
#-------------------------------------------------------------------------------------------#
$Self->{CustomerUser1} = {
Name => 'xxxx.com',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'x.x.x.x',
BaseDN => 'CN=Ldap,OU=xxxx,DC=xxxx,DC=com',
SSCOPE => 'sub',
UserDN => 'ldap_ticket',
UserPw => 'xxxxx',
AlwaysFilter => '(&)',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [	
#['UserSalutation', 'Title', 'title', '1', '0', 'var'], 
['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'], 
['UserLastname', 'Lastname', 'sn', '1', '1', 'var'], 
['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'], 
['UserEmail', 'Email', 'mail', '1', '1', 'var'], 
['UserCustomerID', 'CustomerID', 'mail', '0', '1', 'var'], 
#['UserPhone', 'Phone', 'telephonenumber', '1', '0', 'var'], 
#['UserAddress', 'Address', 'postaladdress', '1', '0', 'var'], 
#['UserComment', 'Comment', 'description', '1', '0', 'var'], 

],
};

#-------------------------------------------------------------------------------------------#
# Company1 End #
#-------------------------------------------------------------------------------------------#

with this config, when i try to login on customer.pl i have the clasical error :

First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
CustomerUser: user.user authentication failed, no LDAP group entry foundGroupDN='ou=xxx,dc=xxxxx,dc=com', Filter='(memberUid=user.user)'! (REMOTE_ADDR: 192.168.1.17).


Now i did`t understand from the last` post`s how can i make`it run ? Please help



crythias - answerd me...

SearchUser credentials

Also, create your own topic so we can address your request more personal-like.


But the problem is that i`m new in this and i don`t know what i need to make. Someone can explain for Dummies ?






So the version of otrs, is 3.1.7, running under debian wheezy.

Mod Note: Don't ask questions in HowTos

[crythias]

Already answered, but here it is again:

TBird wrote:
First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

These don't work:

Code: Select all

$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'ldap_ticket';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'xxxxxx';

Code: Select all

UserDN => 'ldap_ticket',
UserPw => 'xxxxx',

Then:

Code: Select all

CustomerUser: user.user authentication failed, no LDAP group entry foundGroupDN='ou=xxx,dc=xxxxx,dc=com', Filter='(memberUid=user.user)'

try "member" instead of "memberUid" and

Code: Select all

BaseDN => 'CN=Ldap,OU=xxxx,DC=xxxx,DC=com',

BaseDN needs to be an OU or a DC, but not a CN



There are so many things to address here, that you should take a look at the three document links in the HowTo link I provided. It's really important to understand what's going on.

And, thanks, but I respectfully decline a cold bear(poartă) but beer(bere) could be nice!

[TBird]

)))))))))))))))

I can`t stop laughing, it was a mistake Sorry.
Now i'm trying the new settings Thx

[TBird]

Code: Select all

# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2011 xxx, http://otrs.org/
# --
# $Id: Config.pm.dist,v 1.25 2011/09/16 10:58:28 mg Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
#  Note:
#
#  -->> OTRS does have a lot of config settings. For more settings
#       (Notifications, Ticket::ViewAccelerator, Ticket::NumberGenerator,
#       LDAP, PostMaster, Session, Preferences, ...) see
#       Kernel/Config/Defaults.pm and copy your wanted lines into "this"
#       config file. This file will not be changed on update!
#
# --

package Kernel::Config;

use utf8;

BEGIN {
    if (-f '/etc/otrs/database.pm') {
      require '/etc/otrs/database.pm';
      if ($dbtype eq 'pgsql') {
          $dbport ||= '5432';
          our $dsn = "DBI:Pg:dbname";
      }
      else {
          $dbport ||= '3306';
          our $dsn = "DBI:mysql:database";
      }
    }
}

sub Load {
    my $Self = shift;
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #         Start of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # database settings                                    #
    # ---------------------------------------------------- #
    # DatabaseHost
    # (The database host.)
    $Self->{DatabaseHost} = $dbserver || 'localhost';
    # Database
    # (The database name.)
    $Self->{Database} = $dbname || 'otrs';
    # DatabaseUser
    # (The database user.)
    $Self->{DatabaseUser} = $dbuser || 'otrs';
    # DatabasePw
    # (The password of database user. You also can use bin/otrs.CryptPassword.pl
    # for crypted passwords.)
    $Self->{DatabasePw} = $dbpass;
    # DatabaseDSN
    # (The database DSN for MySQL ==> more: "man DBD::mysql")
    $Self->{DatabaseDSN} =  "$dsn=$Self->{Database};host=$Self->{DatabaseHost};port=$dbport;";

    # (The database DSN for PostgreSQL ==> more: "man DBD::Pg")
    # if you want to use a local socket connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
    # if you want to use a tcpip connection
#    $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
    # if you have PostgresSQL 8.1 or earlier, activate the legacy driver with this line:
#    $Self->{DatabasePostgresqlBefore82} = 1;

    # ---------------------------------------------------- #
    # fs root directory
    # ---------------------------------------------------- #
    $Self->{Home} = '/usr/share/otrs';

    # ---------------------------------------------------- #
    # insert your own config settings "here"               #
    # config settings taken from Kernel/Config/Defaults.pm #

    # Customer Authentication #
#-------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'DC=xx-xxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=otrscustomer,CN=Users,DC=Company,DC=tld';
# only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
$Self->{'Customer::AuthModule::LDAP::UserDN'} = 'ldap_ticket';
$Self->{'Customer::AuthModule::LDAP::UserPw'} = 'xxxxxxxx';
#-------------------------------------------------------------------------------------------#
# Customerdata #
#-------------------------------------------------------------------------------------------#
$Self->{CustomerUser1} = {
Name => 'otrs ticket',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.0.1',
BaseDN => 'CN=Ldap,OU=xxx,DC=xx-xxx,DC=com',
SSCOPE => 'sub',
UserDN => 'ldap_ticket',
UserPw => 'xxxxx',
AlwaysFilter => '(&)',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
Map => [
#['UserSalutation', 'Title', 'title', '1', '0', 'var'],
['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
['UserEmail', 'Email', 'mail', '1', '1', 'var'],
['UserCustomerID', 'CustomerID', 'mail', '0', '1', 'var'],
#['UserPhone', 'Phone', 'telephonenumber', '1', '0', 'var'],
#['UserAddress', 'Address', 'postaladdress', '1', '0', 'var'],
#['UserComment', 'Comment', 'description', '1', '0', 'var'],

],
};

#-------------------------------------------------------------------------------------------#
# Company1 End #
#-------------------------------------------------------------------------------------------#


    # ---------------------------------------------------- #
    # $Self->{SessionUseCookie} = 0;
    # $Self->{CheckMXRecord} = 0;

    # ---------------------------------------------------- #
    # switch off the web based installer for the Debian package
    $Self->{SecureMode} = 1;

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$

    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    #           End of your own config options!!!          #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
}

# ---------------------------------------------------- #
# needed system stuff (don't edit this)                #
# ---------------------------------------------------- #
use strict;
use warnings;

use vars qw(@ISA $VERSION);
$VERSION = qw($Revision: 1.25 $)[1];

use Kernel::Config::Defaults;
push (@ISA, 'Kernel::Config::Defaults');

# -----------------------------------------------------#

1;
 

This is the config used now.... and the error is the same. I don`t know where can i change the fillter from memberUID to member like you sayd.....

[crythias]

Customer::AuthModule: what it should be:

Code: Select all

$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '192.168.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=xx-xxx,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'OU=OTRS Customers,OU=Users,DC=Company,DC=tld';
#$Self->{'Customer::AuthModule::LDAP::AccessAttr1'} = 'member';
# only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'ldap_ticket';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'xxxxxxxx'; 

If you're getting First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Then you're not using a SearchUser ... (your code said "User" instead of "SearchUser" and didn't include the "1"

CustomerUser: what it should be:

Code: Select all

$Self->{CustomerUser1} = {
   Name => 'otrs ldap1',
   Module => 'Kernel::System::CustomerUser::LDAP',
   Params => {
      Host => '192.168.0.1',
      BaseDN => 'OU=xxx,DC=xx-xxx,DC=com',
      SSCOPE => 'sub',
      UserDN => 'ldap_ticket',
      UserPw => 'xxxxx',
      AlwaysFilter => '',
   },
   CustomerKey => 'sAMAccountName',
   CustomerID => 'mail',
   CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
   CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
   CustomerUserPostMasterSearchFields => ['mail'],
   CustomerUserNameFields => ['givenname', 'sn'],
   Map => [
      #['UserSalutation', 'Title', 'title', '1', '0', 'var'],
      ['UserFirstname', 'Firstname', 'givenname', '1', '1', 'var'],
      ['UserLastname', 'Lastname', 'sn', '1', '1', 'var'],
      ['UserLogin', 'Login', 'sAMAccountName', '1', '1', 'var'],
      ['UserEmail', 'Email', 'mail', '1', '1', 'var'],
      ['UserCustomerID', 'CustomerID', 'mail', '0', '1', 'var'],
      #['UserPhone', 'Phone', 'telephonenumber', '1', '0', 'var'],
      #['UserAddress', 'Address', 'postaladdress', '1', '0', 'var'],
      #['UserComment', 'Comment', 'description', '1', '0', 'var'],
   ],
}; 

[TBird]

So the error is the same :

Sat Jun 1 19:47:01 2013 error OTRS-CGI-10 First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Sat Jun 1 19:47:01 2013 notice OTRS-CGI-10 CustomerUser: user.user authentication failed, no LDAP group entry foundGroupDN='ou=xxxx,dc=xx-xxxp,dc=com', Filter='(memberUid=user.user)'!
(REMOTE_ADDR: 192.168.30.17).

# Customer Authentication #
#-------------------------------------------------------------------------------------------#
$Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::LDAP';
$Self->{'Customer::AuthModule::LDAP::Host1'} = '192.168.0.1';
$Self->{'Customer::AuthModule::LDAP::BaseDN1'} = 'DC=xxx-xxxp,DC=com';
$Self->{'Customer::AuthModule::LDAP::UID1'} = 'sAMAccountName';
#$Self->{'Customer::AuthModule::LDAP::GroupDN1'} = 'CN=otrscustomer,CN=Users,DC=Company,DC=tld';
# only Member of this group are allowed to login, erase the commentsymbol(#) to enable filtering
$Self->{'Customer::AuthModule::LDAP::SearchUserDN1'} = 'ldap_ticket';
$Self->{'Customer::AuthModule::LDAP::SearchUserPw1'} = 'xxxxxx';

# Customerdata #
#-------------------------------------------------------------------------------------------#
$Self->{CustomerUser1} = {
Name => 'otrs_ldap1',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => '192.168.0.1',
BaseDN => 'CN=Ldap,OU=XXX,DC=XXXp-XXp,DC=com',
SSCOPE => 'sub',
UserDN => 'ldap_ticket',
UserPw => 'xxxxx',
AlwaysFilter => '(&)',
},
CustomerKey => 'sAMAccountName',
CustomerID => 'mail',
CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],



what is wrong here ? (

if it help`s you, i can paste a config with can i login as agent only.... via LDAP

[crythias]

First bind failed is search user credentials.
This means the username and password do not work.

[crythias]

CustomerUser: user.user authentication failed, no LDAP group entry foundGroupDN='ou=xxxx,dc=xx-xxxp,dc=com', Filter='(memberUid=user.user)

uncomment the AccessAttr1 line

Also, are you trying to do this both within SysConfig and Config.pm?

This error message indicates attempt at authentication for a GroupDN that is not listed in your Config.pm

and your CustomerUser BaseDN should probably not be a CN

[TBird]

I finally managed to connect .
Thx.
Now i`m trying the HTTPBasic auth mode...