I've been tasked with evaluating OTRS 3.0b for use at our organisation and have run into a problem with LDAP integration. We have created a user for OTRS with a username of 'support'. I have a few questions:
1. What exactly is the purpose of this user (referenced in AuthModule::LDAP & CustomerUser::LDAP)? From reading the online documentation, it appears that this user exists solely to search the AD structure, is this the case?
2. Do we need to create separate users for the Agent search and the Customer search?
Customers will be authenticating with OTRS using their AD credentials, as will Agents. Agents will furthermore be authenticated by a check to see if the user logging on is a member of the 'Helpdesk' group in AD, if so it will log them in as an agent.
So far, the error I am receiving is this:
Code: Select all
[Fri Sep 24 11:39:20 2010][Error][Kernel::System::User::UserLookup][737] No UserID found for 'myuser'!
[Fri Sep 24 11:39:20 2010][Error][Kernel::System::Auth::LDAP::Auth][215] Search failed! Bad filter
My Config.pm is below (login details redacted):
Code: Select all
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc.domain.local';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain, dc=local';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=support,cn=Service Accounts, ou=dom, dc=domain, dc=local'};
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'password';
$Self->{CustomerUser} = {
Name => 'LDAP Data Source',
Module => 'Kernel::System::CustomerUser::LDAP',
Params => {
Host => 'dc.domain.local',
BaseDN => 'dc=domain, dc=local',
SSCOPE => 'sub',
# UID => 'support', # Test if UserDN doesn't work
UserDN => 'cn=support, cn=Service Accounts, ou=dom, dc=domain, dc=local',
UserPw => 'password',
AlwaysFilter => '',
# Net::LDAP params
Params => {
port => 389,
timeout => 120,
async => 0,
version => 3,
},
},
ReadOnly => 1,
CustomerKey => 'sAMAccountName',
# CUSTOMER FIELD MAPPINGS FOLLOW
CustomerID => 'mail',
CustomerUserListFields => ['cn', 'mail'],
CustomerUserSearchFields => ['cn', 'givenname', 'mail'],
CustomerUserSearchPrefix => '',
CustomerUserSearchSuffix => '*',
CustomerUserSearchListLimit => 250,
CustomerUserPostMasterSearchFields => ['mail'],
CustomerUserNameFields => ['givenname', 'sn'],
CustomerUserExcludePrimaryCustomerID => 0,
# CustomerUserValidFilter => '(!(description=locked))',
CacheTTL => 120,
Map => [
# [ 'UserSalutation', 'Title', 'title', 1, 0, 'var', '', 0 ],
[ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var', '', 0 ],
[ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var', '', 0 ],
[ 'UserLogin', 'Username', 'sAMAccountName', 1, 1, 'var', '', 0 ],
[ 'UserEmail', 'Email', 'mail', 1, 1, 'var', '', 0 ],
[ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var', '', 0 ],
[ 'UserPhone', 'Phone', 'telephoneNumber', 1, 0, 'var', '', 0 ],
],
};
Our system is: WS2003 domain & host, OTRS 3.0b