But with no success. I have a working LDAP authentication against an old on premise windows 2008 server today but I want to use azure AD DS instead.
The error message I'm getting is:
Code: Select all
May 6 09:25:52 otrs2 OTRS-CGI-10[31954]: [Error][Kernel::System::Auth::LDAP::Auth][Line:175]: Can't connect to ldaps://ldaps.hostnametoldapserver.se:636:
May 6 09:25:52 otrs2 OTRS-CGI-10[31954]: [Notice][Kernel::System::Auth::DB::Auth] User: username@hostnametoldapserver.se doesn't exist or is invalid!!! (REMOTE_ADDR: 192.168.1.133)
This is part of my Config.pm (with hostname and bind password replaced of course). I'm not using groupDN, that's why that's commented out.
Code: Select all
my $Host = 'ldaps://ldaps.hostnametoldapserver.se:636';
my $BaseDN = 'OU=AADDC Users,DC=hostnametoldapserver,DC=se';
my $GroupDN = 'CN=OTRS-agents,OU=AADDC Users,DC=domain,DC=no';
my $BindUser = 'otrs-ldap@hostnametoldapserver.se';
my $BindPassword = 'the bind password';
my $VerifyCertificate = 'require'; # use 'require' if you want otrs to require a spesific certificate.
#my $CertFile = '/path/to/sertificate.pem'; # You can use the commandline tool openssl to convert or download relevant certificate.
my $CertFile = '/opt/otrs/Kernel/ldapserver.pem'; # You can use the commandline tool openssl to convert or download relevant certificate.
# --------------------------------------------------- #
# Agent authentication settings #
# (enable agent autentification and where to find #
# those agents) #
# ---------------------------------------------------
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = $Host;
$Self->{'AuthModule::LDAP::BaseDN'} = $BaseDN;
$Self->{'AuthModule::LDAP::UID'} = 'userPrincipalName';
#---------------------------------------------------------------------#
#GroupDN
#$Self->{'AuthModule::LDAP::GroupDN'} = $GroupDN;
# $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
# $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
#---------------------------------------------------------------------#
This is output from that:
Code: Select all
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=*.hostnametoldapserver.se
i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
... removed ...
-----END CERTIFICATE-----
subject=/CN=*.hostnametoldapserver.se
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 5120 bytes and written 459 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 030D0000C65BDA363EF87C0FDCBF0D575B8ECE3B84B302B5324A223A69098EC9
Session-ID-ctx:
Master-Key: FA38A53B634B5540A36C1D3F9A07F28FDB6B56A05F0AE0A52D987FFAF28AE1D97F74269800EDE32DB1D31134EC617A12
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1714980880
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Anyone who can help? Is there something specific I should think about?