Znuny:6.5.3 (and tested with 6.0.48 and otrs 5.0.42)
Debian 11.4
I have been trying to do an LDAP connection so that several hundred users in the customer.pl can log into the system without me having to create the accounts myself.
I set up a server free and copied the config.pm from a working ticket system. Also I have a second server (clone of the working system - OTRS 5.0.42) the Config.pm inside, this works until the Znuny update, after that not anymore.
Normally I would have to copy the /opt/otrs/Kernel/Config.pm from the working server and paste it or the following content:
(private settings of course hidden)
Code: Select all
# --
# Kernel/Config.pm - Config file for OTRS kernel
# Copyright (C) 2001-2015 xxx, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# -->> Most OTRS configuration should be done via the OTRS web interface
# and the SysConfig. Only for some configuration, such as database
# credentials and customer data source changes, you should edit this
# file. For changes do customer data sources you can copy the definitions
# from Kernel/Config/Defaults.pm and paste them in this file.
# Config.pm will not be overwritten when updating OTRS.
# --
package Kernel::Config;
use strict;
use warnings;
use utf8;
sub Load {
my $Self = shift;
# ---------------------------------------------------- #
# database settings #
# ---------------------------------------------------- #
# The database host
$Self->{'DatabaseHost'} = '127.0.0.1';
# The database name
$Self->{'Database'} = "otrsdb";
# The database user
$Self->{'DatabaseUser'} = "otrs";
# The password of database user. You also can use bin/otrs.CryptPassword.pl
# for crypted passwords
$Self->{'DatabasePw'} = 'Passwort';
# The database DSN for MySQL ==> more: "perldoc DBD::mysql"
$Self->{'DatabaseDSN'} = "DBI:mysql:database=$Self->{Database};host=$Self->{DatabaseHost}";
# The database DSN for PostgreSQL ==> more: "perldoc DBD::Pg"
# if you want to use a local socket connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};";
# if you want to use a TCP/IP connection
# $Self->{DatabaseDSN} = "DBI:Pg:dbname=$Self->{Database};host=$Self->{DatabaseHost};";
# The database DSN for Microsoft SQL Server - only supported if OTRS is
# installed on Windows as well
# $Self->{DatabaseDSN} = "DBI:ODBC:driver={SQL Server};Database=$Self->{Database};Server=$Self->{DatabaseHost},1433";
# The database DSN for Oracle ==> more: "perldoc DBD::oracle"
# $Self->{DatabaseDSN} = "DBI:Oracle://$Self->{DatabaseHost}:1521/$Self->{Database}";
#
# $ENV{ORACLE_HOME} = '/path/to/your/oracle';
# $ENV{NLS_DATE_FORMAT} = 'YYYY-MM-DD HH24:MI:SS';
# $ENV{NLS_LANG} = 'AMERICAN_AMERICA.AL32UTF8';
# ---------------------------------------------------- #
# fs root directory
# ---------------------------------------------------- #
$Self->{Home} = '/opt/otrs';
# ---------------------------------------------------- #
# insert your own config settings "here" #
# config settings taken from Kernel/Config/Defaults.pm #
# ---------------------------------------------------- #
# $Self->{SessionUseCookie} = 0;
# $Self->{CheckMXRecord} = 0;
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# data inserted by installer #
# ---------------------------------------------------- #
# $DIBI$
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
Name => 'LDAP Datenbank',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
# ldap host
Host => 'ldaps://xxxxx.de',
# ldap base dn
BaseDN => 'o=xxxx',
# search scope (one|sub)
SSCOPE => 'sub',
sizelimit => 0,
# The following is valid but would only be necessary if the
# anonymous user does NOT have permission to read from the LDAP tree
UserDN => 'cn=xxxxx,ou=xxx,o=xxxxx',
UserPw => 'xxxxxx',
# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
AlwaysFilter => '',
# if both your frontend and your LDAP are unicode, use this:
SourceCharset => 'utf-8',
DestCharset => 'utf-8',
# if your frontend is unicode and the charset of your
# ldap server is iso-8859-1, use these options.
# SourceCharset => 'iso-8859-1',
# DestCharset => 'utf-8',
# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
Params => {
port => 636,
timeout => 600,
async => 0,
version => 3,
},
},
# customer unique id
CustomerKey => 'cn',
# customer #
CustomerID => 'cn',
CustomerUserListFields => ['givenname', 'sn', 'mail'],
CustomerUserSearchFields => ['uid', 'cn', 'mail', 'givenname', 'sn', 'xxxxmailPreferredAddress'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 150000,
CustomerUserPostMasterSearchFields => ['xxxxmailPreferredAddress', 'mail', 'cn', 'sn'],
CustomerUserNameFields => ['givenname', 'sn'],
# show not own tickets in customer panel, CompanyTickets
CustomerUserExcludePrimaryCustomerID => 0,
# add an ldap filter for valid users (expert setting)
# CustomerUserValidFilter => '(!(description=locked))',
# administrator can't change customer preferences
AdminSetPreferences => 0,
# # cache time to live in sec. - cache any database queries
# CacheTTL => 0,
Map => [
# note: Login, Email and CustomerID are mandatory!
# var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'cn', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'xxxxmailPreferredAddress', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'cn', 0, 1, 'var', '', 0 ],
# [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
# [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var', '', 0 ],
# [ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var', '', 0 ],
# [ 'UserComment', 'Comment', 'description', 1, 0, 'var', '', 0 ],
],
};
# ---------------------------------------------------- #
# ---------------------------------------------------- #
# #
# end of your own config options!!! #
# #
# ---------------------------------------------------- #
# ---------------------------------------------------- #
}
Now when I try to log in with the ldap user, the message "Login failed! Username or password entered incorrectly."
- Thought I'd look in the /var/log/syslog, but no entry is found there
- With nmap "ldap server" ldap and ldapssl are "STATE: Open"
- Server restart didn't do anything either
It doesn't seem to change any settings in the frontend. WIe said, there is an existing successful config from another server.
Do I still need to change settings somewhere?
following hints:
- The LDAP settings only take effect when I enter it in the frontend
-> "Customer::Auth"
- Customer::AuthModule: Kernel::System::CustomerAuth::LDAP
- Customer::AuthModule::LDAP::BaseDN: o=xxxxx
- Customer::AuthModule::LDAP::Die: Disabled
- Customer::AuthModule::LDAP::Host: ldaps://xxxx.de
- Customer::AuthModule::LDAP::Params: port: 636, timeout: 120, version 3, async 0
- Customer::AuthModule::LDAP::SearchUserDN: cn=xxxxx,ou=xxxx,o=xx-xxxx
- Customer::AuthModule::LDAP::SearchUserPw: xxxxxxx
- Customer::AuthModule::LDAP::UID: cn
- Customer::AuthModule::Radius::Die: disabled
After that I can login to the customer.pl area in the frontend.
If I change something in the Config.pm afterwards, I can't log in via LDAP anymore, unless I set the setting correctly again.
If I change something in the Config.pm, the setting is not displayed/sync in the frontend.